Your SlideShare is downloading. ×
Formation ssh
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Formation ssh

254
views

Published on

Pour tout savoir sur SSH

Pour tout savoir sur SSH

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
254
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IntroductionAuthentification Tunnel Divers Secure SHell Nicolas Ledez15 septembre 2008 Nicolas Ledez Secure SHell
  • 2. Introduction Authentification Tunnel DiversPlan 1 Introduction 2 Authentification 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
  • 3. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversHistorique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
  • 4. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 1/2 Authentification Chiffrement Intégrité Nicolas Ledez Secure SHell
  • 5. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 2/2 Login distant Transfert de fichier Exécution de commande distante Clés et agents Redirection de ports VPN Nicolas Ledez Secure SHell
  • 6. Clé/chiffrement symétrique
  • 7. Clé/chiffrement asymétrique
  • 8. Chiffrement dans ssh
  • 9. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingPassword ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
  • 10. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingClés ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
  • 11. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 1/2 Nicolas Ledez Secure SHell
  • 12. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 13. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 1/2 Nicolas Ledez Secure SHell
  • 14. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 15. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 1/2 Nicolas Ledez Secure SHell
  • 16. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 2/2 Nicolas Ledez Secure SHell
  • 17. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 1/4 Nicolas Ledez Secure SHell
  • 18. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 2/4 Nicolas Ledez Secure SHell
  • 19. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 3/4 Nicolas Ledez Secure SHell
  • 20. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
  • 21. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Remote Nicolas Ledez Secure SHell
  • 22. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
  • 23. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
  • 24. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting.config et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
  • 25. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingTimeout ConnectTimeout Nicolas Ledez Secure SHell
  • 26. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingAuthentification ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
  • 27. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingCaractère d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
  • 28. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
  • 29. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
  • 30. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
  • 31. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
  • 32. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingConclusion Conclusion Nicolas Ledez Secure SHell
  • 33. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingBibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The Definitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
  • 34. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingQuestions Questions ? Nicolas Ledez Secure SHell