SlideShare a Scribd company logo

Formation ssh

Nicolas Ledez
Nicolas Ledez

This document provides an overview of Secure Shell (SSH) including its history, functionality, authentication methods using passwords and keys, tunneling capabilities, and use of scripts. SSH was created in 1995 by Tatu Ylönen as a secure replacement for services like Telnet. It allows for encrypted connections, remote command execution, and file transfers between hosts. Authentication can be done using passwords, public/private key pairs, and SSH agents that cache keys. Tunnels can be created to forward ports and X11 connections. Scripting with SSH using tools like Expect is also covered.

Technology
1 of 34
Download to read offline
Introduction Authentification Tunnel Divers Secure SHell Nicolas Ledez 15 septembre 2008 Nicolas Ledez Secure SHell
Introduction Authentification Tunnel Divers Plan 1 Introduction 2 Authentification 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Historique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Fonctionnalités 1/2 Authentification Chiffrement Intégrité Nicolas Ledez Secure SHell
Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Fonctionnalités 2/2 Login distant Transfert de fichier Exécution de commande distante Clés et agents Redirection de ports VPN Nicolas Ledez Secure SHell
Clé/chiffrement symétrique
Clé/chiffrement asymétrique
Chiffrement dans ssh
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Password ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Clés ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 1/2 Nicolas Ledez Secure SHell
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 1/2 Nicolas Ledez Secure SHell
Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Tunnel 1/2 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Tunnel 2/2 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 1/4 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 2/4 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 3/4 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Remote Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting .config et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Timeout ConnectTimeout Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Authentification ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Caractère d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Conclusion Conclusion Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Bibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The Definitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Questions Questions ? Nicolas Ledez Secure SHell

Recommended

Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
SSH
SSHSSH
SSH
Zach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Ssh
SshSsh
SshRaghu nath
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios
 
Switcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart Contracts
Switcheo
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
Giovanni Bechis
 

Recommended

Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
SSH
SSHSSH
SSH
Zach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Ssh
SshSsh
SshRaghu nath
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios
 
Switcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart Contracts
Switcheo
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
Giovanni Bechis
 
Vpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tếVpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tế
laonap166
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)
Patricia Aas
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
Tiago Cruz
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacks
Cyber Security Alliance
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSLZhi Guan
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
Pino deCandia
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
Kaustubh Joshi
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
Giuseppe Trotta
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
Jaime Sánchez
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
AmiraMohamedGalal
 
Race car security system
Race car security systemRace car security system
Race car security systemcabreraracing
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizoXiris Rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDainerCruz
 
γκουέρνικα
γκουέρνικαγκουέρνικα
γκουέρνικα
prasino
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slides
Flat Classrooms
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on Blogging
Compendium
 

More Related Content

What's hot

Vpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tếVpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tế
laonap166
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)
Patricia Aas
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
Tiago Cruz
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSLZhi Guan
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
Pino deCandia
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
Kaustubh Joshi
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
Giuseppe Trotta
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
Jaime Sánchez
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
AmiraMohamedGalal
 

What's hot (16)

Vpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tếVpn site to site 2 asa qua gpon ftth thực tế
Vpn site to site 2 asa qua gpon ftth thực tế
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Secure shell
Secure shellSecure shell
Secure shell
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacks
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
 

Viewers also liked

Race car security system
Race car security systemRace car security system
Race car security systemcabreraracing
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizoXiris Rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDainerCruz
 
γκουέρνικα
γκουέρνικαγκουέρνικα
γκουέρνικα
prasino
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slides
Flat Classrooms
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on Blogging
Compendium
 
1.5 infinite geometric series
1.5 infinite geometric series1.5 infinite geometric series
1.5 infinite geometric seriesGary Ball
 
Domino must gather information
Domino must gather informationDomino must gather information
Domino must gather information
Chris Sparshott
 

Viewers also liked (8)

Race car security system
Race car security systemRace car security system
Race car security system
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pc
 
γκουέρνικα
γκουέρνικαγκουέρνικα
γκουέρνικα
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slides
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on Blogging
 
1.5 infinite geometric series
1.5 infinite geometric series1.5 infinite geometric series
1.5 infinite geometric series
 
Domino must gather information
Domino must gather informationDomino must gather information
Domino must gather information
 

Similar to Formation ssh

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
NigussMehari4
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
Jean-Marie Renouard
 
Security and dev ops for high velocity organizations
Security and dev ops for high velocity organizationsSecurity and dev ops for high velocity organizations
Security and dev ops for high velocity organizations
Chef
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
Giovanni Bechis
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)
Maarten Mulders
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)
Maarten Mulders
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
Marc Cluet
 
InSpec Keynote at ChefConf
InSpec Keynote at ChefConfInSpec Keynote at ChefConf
InSpec Keynote at ChefConf
Christoph Hartmann
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
Maarten Mulders
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
Tiago Henriques
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
morisson
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
Matt Ray
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
devopsdaysaustin
 
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
Jan Löffler
 

Similar to Formation ssh (20)

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
Security and dev ops for high velocity organizations
Security and dev ops for high velocity organizationsSecurity and dev ops for high velocity organizations
Security and dev ops for high velocity organizations
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
InSpec Keynote at ChefConf
InSpec Keynote at ChefConfInSpec Keynote at ChefConf
InSpec Keynote at ChefConf
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
 
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
 
dotCloud and go
dotCloud and godotCloud and go
dotCloud and go
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 

Formation ssh

  • 1. Introduction Authentification Tunnel Divers Secure SHell Nicolas Ledez 15 septembre 2008 Nicolas Ledez Secure SHell
  • 2. Introduction Authentification Tunnel Divers Plan 1 Introduction 2 Authentification 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
  • 3. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Historique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
  • 4. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Fonctionnalités 1/2 Authentification Chiffrement Intégrité Nicolas Ledez Secure SHell
  • 5. Introduction Authentification Historique et fonctionnalités Tunnel Clé/chiffrement symétrique et asymétrique Divers Fonctionnalités 2/2 Login distant Transfert de fichier Exécution de commande distante Clés et agents Redirection de ports VPN Nicolas Ledez Secure SHell
  • 9. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Password ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
  • 10. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Clés ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
  • 11. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 1/2 Nicolas Ledez Secure SHell
  • 12. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 13. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 1/2 Nicolas Ledez Secure SHell
  • 14. Introduction Password Authentification Clés Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 15. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Tunnel 1/2 Nicolas Ledez Secure SHell
  • 16. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Tunnel 2/2 Nicolas Ledez Secure SHell
  • 17. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 1/4 Nicolas Ledez Secure SHell
  • 18. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 2/4 Nicolas Ledez Secure SHell
  • 19. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 3/4 Nicolas Ledez Secure SHell
  • 20. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
  • 21. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Remote Nicolas Ledez Secure SHell
  • 22. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
  • 23. Introduction Local Authentification Remote Tunnel Dynamiques Divers X11 X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
  • 24. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting .config et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
  • 25. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Timeout ConnectTimeout Nicolas Ledez Secure SHell
  • 26. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Authentification ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
  • 27. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Caractère d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
  • 28. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
  • 29. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
  • 30. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
  • 31. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Scripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
  • 32. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Conclusion Conclusion Nicolas Ledez Secure SHell
  • 33. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Bibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The Definitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
  • 34. Introduction Timeout Authentification Authentification Tunnel Caractère d’échappement Divers Scripting Questions Questions ? Nicolas Ledez Secure SHell