Formation ssh

296
-1

Published on

Pour tout savoir sur SSH

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
296
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Formation ssh

  1. 1. IntroductionAuthentification Tunnel Divers Secure SHell Nicolas Ledez15 septembre 2008 Nicolas Ledez Secure SHell
  2. 2. Introduction Authentification Tunnel DiversPlan 1 Introduction 2 Authentification 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
  3. 3. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversHistorique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
  4. 4. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 1/2 Authentification Chiffrement Intégrité Nicolas Ledez Secure SHell
  5. 5. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique DiversFonctionnalités 2/2 Login distant Transfert de fichier Exécution de commande distante Clés et agents Redirection de ports VPN Nicolas Ledez Secure SHell
  6. 6. Clé/chiffrement symétrique
  7. 7. Clé/chiffrement asymétrique
  8. 8. Chiffrement dans ssh
  9. 9. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingPassword ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
  10. 10. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingClés ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
  11. 11. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 1/2 Nicolas Ledez Secure SHell
  12. 12. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingSSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  13. 13. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 1/2 Nicolas Ledez Secure SHell
  14. 14. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwardingAgent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  15. 15. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 1/2 Nicolas Ledez Secure SHell
  16. 16. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Tunnel 2/2 Nicolas Ledez Secure SHell
  17. 17. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 1/4 Nicolas Ledez Secure SHell
  18. 18. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 2/4 Nicolas Ledez Secure SHell
  19. 19. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 3/4 Nicolas Ledez Secure SHell
  20. 20. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
  21. 21. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Remote Nicolas Ledez Secure SHell
  22. 22. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
  23. 23. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
  24. 24. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting.config et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
  25. 25. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingTimeout ConnectTimeout Nicolas Ledez Secure SHell
  26. 26. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingAuthentification ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
  27. 27. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingCaractère d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
  28. 28. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
  29. 29. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
  30. 30. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
  31. 31. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingScripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
  32. 32. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingConclusion Conclusion Nicolas Ledez Secure SHell
  33. 33. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingBibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The Definitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
  34. 34. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers ScriptingQuestions Questions ? Nicolas Ledez Secure SHell
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×