IntroductionAuthentification         Tunnel         Divers  Secure SHell     Nicolas Ledez15 septembre 2008 Nicolas Ledez  ...
Introduction                         Authentification                                  Tunnel                              ...
Introduction                       Authentification   Historique et fonctionnalités                                Tunnel  ...
Introduction                       Authentification   Historique et fonctionnalités                                Tunnel  ...
Introduction                      Authentification   Historique et fonctionnalités                               Tunnel   C...
Clé/chiffrement symétrique
Clé/chiffrement asymétrique
Chiffrement dans ssh
Introduction   Password                 Authentification   Clés                          Tunnel   SSH-Agent                ...
Introduction   Password                   Authentification   Clés                            Tunnel   SSH-Agent            ...
Introduction   Password                Authentification   Clés                         Tunnel   SSH-Agent                  ...
Introduction   Password                   Authentification   Clés                            Tunnel   SSH-Agent            ...
Introduction   Password                  Authentification   Clés                           Tunnel   SSH-Agent              ...
Introduction   Password                   Authentification   Clés                            Tunnel   SSH-Agent            ...
Introduction   Local             Authentification   Remote                      Tunnel   Dynamiques                      Di...
Introduction   Local             Authentification   Remote                      Tunnel   Dynamiques                      Di...
Introduction   Local            Authentification   Remote                     Tunnel   Dynamiques                     Diver...
Introduction   Local            Authentification   Remote                     Tunnel   Dynamiques                     Diver...
Introduction   Local            Authentification   Remote                     Tunnel   Dynamiques                     Diver...
Introduction   Local                      Authentification   Remote                               Tunnel   Dynamiques      ...
Introduction   Local         Authentification   Remote                  Tunnel   Dynamiques                  Divers   X11Re...
Introduction   Local                     Authentification   Remote                              Tunnel   Dynamiques        ...
Introduction   Local                  Authentification   Remote                           Tunnel   Dynamiques              ...
Introduction   Timeout                   Authentification   Authentification                            Tunnel   Caractère d...
Introduction   Timeout                   Authentification   Authentification                            Tunnel   Caractère d...
Introduction   Timeout                    Authentification   Authentification                             Tunnel   Caractère...
Introduction   Timeout                   Authentification   Authentification                            Tunnel   Caractère d...
Introduction   Timeout                         Authentification   Authentification                                  Tunnel  ...
Introduction   Timeout                  Authentification   Authentification                           Tunnel   Caractère d’é...
Introduction   Timeout                     Authentification   Authentification                              Tunnel   Caractè...
Introduction   Timeout                       Authentification   Authentification                                Tunnel   Car...
Introduction   Timeout               Authentification   Authentification                        Tunnel   Caractère d’échappe...
Introduction   Timeout                       Authentification   Authentification                                Tunnel   Car...
Introduction   Timeout                Authentification   Authentification                         Tunnel   Caractère d’échap...
Upcoming SlideShare
Loading in...5
×

Formation ssh

272

Published on

Pour tout savoir sur SSH

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
272
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Formation ssh

  1. 1. IntroductionAuthentification Tunnel Divers Secure SHell Nicolas Ledez15 septembre 2008 Nicolas Ledez Secure SHell
  2. 2. Introduction Authentification Tunnel DiversPlan 1 Introduction 2 Authentification 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
  3. 3. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversHistorique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
  4. 4. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 1/2 Authentification Chiffrement Intégrité Nicolas Ledez Secure SHell
  5. 5. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 2/2 Login distant Transfert de fichier Exécution de commande distante Clés et agents Redirection de ports VPN Nicolas Ledez Secure SHell
  6. 6. Clé/chiffrement symétrique
  7. 7. Clé/chiffrement asymétrique
  8. 8. Chiffrement dans ssh
  9. 9. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingPassword ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
  10. 10. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingClés ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
  11. 11. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 1/2 Nicolas Ledez Secure SHell
  12. 12. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  13. 13. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 1/2 Nicolas Ledez Secure SHell
  14. 14. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  15. 15. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 1/2 Nicolas Ledez Secure SHell
  16. 16. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 2/2 Nicolas Ledez Secure SHell
  17. 17. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 1/4 Nicolas Ledez Secure SHell
  18. 18. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 2/4 Nicolas Ledez Secure SHell
  19. 19. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 3/4 Nicolas Ledez Secure SHell
  20. 20. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
  21. 21. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Remote Nicolas Ledez Secure SHell
  22. 22. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
  23. 23. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
  24. 24. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting.config et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
  25. 25. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingTimeout ConnectTimeout Nicolas Ledez Secure SHell
  26. 26. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingAuthentification ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
  27. 27. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingCaractère d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
  28. 28. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
  29. 29. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
  30. 30. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
  31. 31. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
  32. 32. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingConclusion Conclusion Nicolas Ledez Secure SHell
  33. 33. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingBibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The Definitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
  34. 34. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingQuestions Questions ? Nicolas Ledez Secure SHell
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×