HP World 2005 Securing your Unix environment with HP Secure Shell
Description:
The environment is slightly different than what it ... boot the wrong system ... cat id_dsa.pub (just taking a look) Public Key Exchange: Home directory ... – PowerPoint PPT presentation
Title: HP World 2005 Securing your Unix environment with HP Secure Shell
1 HP World 2005 Securing your Unix environment with HP Secure Shell
Steven E Protter
Senior Systems Administrator
I.S.N. Corporation
2 Secure Shell Presentation Outline 1
Presenter information
Qualifications and experience.
Warning ?!!
How he got here.
What is HP Secure Shell
Advantages
Challenges
Components
3 Secure Shell Presentation Outline 2
Where do I get HP Secure Shell
How do I install HP Secure Shell
Why should I use HP Secure Shell
4 Secure Shell Presentation Outline 3
Step by step for installation and exchange of public keys.
Downloading the software.
Installation.
Exchanging public keys.
Questions and (hopefully) answers
5 Getting Started 6 Qualifications and Experience 1
10 years of systems administration work on HP-UX 10.20, 11 and 11i v1
Actual Experience with a disaster involving major loss of data.
Five years of experience as a Linux administrator
HP-UX CSA (Can pass a multiple choice examination)
Two major Unix OS/Hardware conversions.
7 Qualifications and Experience 2
14 ½ Years _at_ the Jewish United Fund
Experience as a programmer.
Systems Analyst
Software AG and Oracle DBA
HP-UX Administrator
Married 10 years to a Russian American
Recently moved to Israel
8 Warning! Try this at your shop!
I do not have complete knowledge on topic
Nobody can, its two complex.
Have made this work in a mixed HP-UX/Linux environment.
Can only understand Russian accented English.
This is something you want to try at home.
9 How Steve Protter Got here
Found a call for presentations at http//forums.itrc.hp.com
Sent in two suggestions
Both were accepted
Flew from Tel Aviv to Newark, NJ
Drove from Connecticut to San Francisco
Made several consulting stops in route
10 What is HP Secure Shell?
Hewlett-Packards port of openssh
Open source product
More information _at_ http//www.openssh.org
11 More Information 12 Advantages of HP Secure Shell?
Hewlett-Packards Port of openssh
Some bugs were fixed prior to HP release.
Released in depot format
Port insures smooth operation with HP-UX
Replaces insecure products such as rsh and remesh
Session and passwords are encrypted
13 Challenges of HP Secure Shell?
Sometimes you have to wait for it.
The environment is slightly different than what it replaces.
You can not completely remove the old protocols and still do Ignite Imaging.
To be announced.
14 Secure Shell Components 1
ssh Secure Shell
Replaces rsh, rexec, remesh, telnet
sftp Secure file transfer protocol
Common command set with ftp
Knows the difference between binary and ascii files
No mput
Scriptable
15 Secure Shell Components 2
scp Secure copy
Replaces rcp
Can copy large file systems
Makes my life easier
16 How to get HP Secure Shell
Core OS It is/may be an install option
Application CD Released every 6 months
http//www.hp.com/go/software
17 http//www.hp.com/go/software 18 http//www.hp.com/go/software 19 How to get HP Secure Shell 20 How to get HP Secure Shell 21 How to get HP Secure Shell 22 How to get HP Secure Shell 23 How to get HP Secure Shell
Use sftp to copy it to HP-9000 server or use a web browser on the box for download.
Wed Jun 1 163746 2005/home/secsh
8460 ll
total 16420
-rw-r--r-- 1 root sys 8407040 Jun 1 2348 T1471AA_A.04.00.000_HP-UX_B.11.11_3264.de pot
24 Before you install
Read the installation instructions
Not because you dont know how to swinstall.
Because there may be patch recommendations and other helpful information.
27 The command line is the Systems Administrators best friend. Steven E Protter Senior Systems Administrator ISN Corporation 28 Because someday it may be all you have. Steven E Protter Senior Systems Administrator ISN Corporation 29 Situations with no GUI tools
Single User Mode (hpux is)
LM mode (hpux lm)
30 Public Key Exchange
Advantages
Ease of administration
More secure than typing passwords
You dont have to remember passwords
Works over multiple operating systems
31 Public Key Exchange
Challenges
You may someday boot the wrong system
If a root password is compromised on one system root access is granted on all systems with public key exchange.
32 Public Key Exchange
Tricks (ways to stay out of trouble)
Change the prompt to include system name
Set terminal color in the environment profile
33 Public Key Exchange Change prompt
PS1
8476 echo PS1
Wed Jun 1 163746 2005PWD !
In /etc/profile
ENV/.kshrc
34 Public Key Exchange Change prompt
vi /.kshrc
PS1date -u c echo LOGNAME_at_hostname PWD
! '
35 Public Key Exchange Change prompt
A prompt that lets you know where you are
Thu Jun 2 135010 2005root_at_eilat /root/
1158
36 Public Key Exchange Generate keys
ssh-keygen -t dsa.
Press ltENTERgt for the next 3 questions
This creates a directory called .ssh
cd .ssh
37 Public Key Exchange
ls la
-rw------- 1 root sys 668 Jun 2 0903 id_dsa
-rw-r----- 1 root sys 600 Jun 2 0903 id_dsa.pub
cat id_dsa.pub (just taking a look)
38 Public Key Exchange Home directory permissions
1168 env grep HOME
HOME/root/
Thu Jun 2 135010 2005root_at_eilat /root/.ssh
1169 chmod 755 HOME
Thu Jun 2 135010 2005root_at_eilat /root/.ssh
39 Public Key Exchange Host setup
ssh hpweb
The authenticity of host 'hpweb (192.168.0.70)' can't be established.
RSA key fingerprint is 971dcbbfb3549f5412 8f2f3aaab9107c.
Are you sure you want to continue connecting (yes/no)?
yes ltentergt
Warning Permanently added 'hpweb,192.168.0.70' (RSA) to the list of known hosts.
Password
40 Public Key Exchange Host setup
cd .ssh
scp p eilat/PWD/id_dsa.pub authorized_keys
ltGenerate a public key on second hostgt
cat id_dsa.pub gtgt authorized_keys
chmod 644 authorized_keys ltoptional depending on umaskgt
scp p authorized_keys eilat/PWD
41 Public Key Exchange Host setup
ls la before and after
-rw-r----- 1 root sys 600 Jun 2 0903 authorized_keys
-rw-r----- 1 root sys 2020 Nov 21 2004 id.dat
-rw------- 1 root sys 668 Apr 26 0456 id_dsa
-rw-r--r-- 1 root sys 600 Apr 26 0456 id_dsa.pub
-rw-r--r-- 1 root sys 3339 May 8 0034 known_hosts
-rw------- 1 root sys 1024 Feb 13 2004 prng_seed
8494 cat id_dsa.pub gtgt authorized_keys
Thu Jun 2 142020 2005/root/.ssh
-rw-r----- 1 root sys 1200 Jun 2 0921 authorized_keys
-rw-r----- 1 root sys 2020 Nov 21 2004 id.dat
-rw------- 1 root sys 668 Apr 26 0456 id_dsa
-rw-r--r-- 1 root sys 600 Apr 26 0456 id_dsa.pub
-rw-r--r-- 1 root sys 3339 May 8 0034 known_hosts
-rw------- 1 root sys 1024 Feb 13 2004 prng_seed
42 Public Key Exchange Host setup
scp p authorized_keys eilat/PWD
You will be prompted for a password.
Try it again, you should not be prompted for a password.
DONE! ?
43 Public Key Exchange Summary
Permissions are crucial.
If prompted for a password when you think you should not be prompted, go back and check permissions
44 Questions (Hopefully) Answers 45 More Information
PowerShow.com is a leading presentation sharing website. It has millions of presentations already uploaded and available with 1,000s more being uploaded by its users every day. Whatever your area of interest, here you’ll be able to find and view presentations you’ll love and possibly download. And, best of all, it is completely free and easy to use.
You might even have a presentation you’d like to share with others. If so, just upload it to PowerShow.com. We’ll convert it to an HTML5 slideshow that includes all the media types you’ve already added: audio, video, music, pictures, animations and transition effects. Then you can share it with your target audience as well as PowerShow.com’s millions of monthly visitors. And, again, it’s all free.
About the Developers
PowerShow.com is brought to you by CrystalGraphics, the award-winning developer and market-leading publisher of rich-media enhancement products for presentations. Our product offerings include millions of PowerPoint templates, diagrams, animated 3D characters and more.