Chapter 18 OpenSSH: Secure Network Communication

1
Chapter 18 OpenSSH Secure Network Communication

• About OpenSSH
• How OpenSSH Works
• OpenSSH Clients
• JumpStart Using ssh and scp
• sftp A Secure FTP Client
• Configuration Files
• sshd OpenSSH Server
• JumpStart Starting the sshd Daemon
• Authorized Keys Automatic Login
• Command Line Options
• Troubleshooting
• Tunneling/Port Forwarding

2
About OpenSSH

• SSH1 versus SSH2
• What is ssh?
• X11 forwarding

3
/etc/ssh Gobal Files

• moduli - key exchange information
• ssh_config global config file
• sshd_config ssh daemon config file
• ssh_host_dsa_key or ssh_dsa_ke.pub DSA host
  keys (can also be rsa instead of dsa)
• ssh_known_hosts allowed known ssh hosts
• sshrc startup file with initialization routines

4
./ssh User Files

• authorized_keys login without password
• config users private ssh config file
• environment login environment files executed
  when a user logs into ssh
• id_dsa, id_dsa.pub user authentication DSA keys
  generated by ssh-keygen (also rsa)
• known_hosts contains public keys of hosts user
  has connected to
• rc contains initialization routines

5
How OpenSSH Works

• Establishes encrypted connection
• Authenticates user
• Negotiates using 2 pairs
• Host key pair generated by sshd
• Session key pair that changes hourly
• Verifies that the server is correct server
• Client copies server public key to compare in
  later sessions
• Client generates random key, encrypts it with the
  server public key and session key
• Server decrypts with its private key

6
OpenSSH Clients

• Need openssh and openssh-clients
• Download and install with yum, up2date,or apt-get
  (synaptics)

7
JumpStart Using ssh
8
ssh Connect to and Execute Commands on a Remote
System
9
scp Copying a File from/to a Remote System
10
Using scp

• Copies a file from or to a remote system
• scp user_at_fromhostfile user_at_tohostfilename
• Example
• scp ray_at_gnixvi.doc ray_at_geckovi.doc
• scp v ray_at_gnixvi.doc vi.doc

11
sftp A Secure FTP Client

• Provided with openssh, a secure alternative to
  ftp
• Use ? To get help on ftp commands

12
sft example
13
Configuration Files

• -/.ssh/config
• .ssh/config is your own client local file, it is
  read first and over-rides any entry in the global
  file
• /etc/ssh/ssh_config
• This is the global file that uses defaults not
  set in your .ssh/config file

14
sshd OpenSSH Server

• Prerequisites openssh and openssh-server
• /sbin/service sshd start
• Authorized Keys automatic user login
• ssh-keygen t rsa (or dsa) generates keys
• Copy /.ssh/id_rsa.pub to /.ssh/authorized_keys
  for no password login

15
Command Line Options

• /etc/ssh/sshd_config Configuration File

16
Troubleshooting

• Check log files /var/log/secure
• Or /var/log/messages
• Use verbose mode
• ssh v grape

17
Tunneling/Port Forwarding

• Forwarding X11 allows use of xterms and
  xapplications on your system that start and run
  on the remote system but are displayed on your
  system
• Port forwarding
• -L forwards local port to a remote computer
• -R forwards remote port to a local computer
• ssh N L -R local-portremote-hostremote-port
  target

18
Any Questions?