The document provides an overview of SSH (Secure Shell), including what it is, its history and architecture, how to install and configure it, use public-key authentication and agent forwarding, and set up port forwarding tunnels. SSH allows securely executing commands, transferring files, and accessing systems behind firewalls.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
The Network File System (NFS) is the most widely used network-based file system. NFS’s initial simple design and Sun Microsystems’ willingness to publicize the protocol and code samples to the community contributed to making NFS the most successful remote access file system. NFS implementations are available for numerous Unix systems, several Windows-based systems, and others.
Introduction to users and groups in Linux. We will explore how to set user expiry information and force user password change after certain period of time. We will be also providing different permission to users and groups and restricting users and groups operations using sudoers file
Basically this presentation is about securing our wifi(wireless fiedielty)this is about penetration on wifi using aircrack-ng tutorial.(wifi hacking tuutorial)
This presentation Briefly Describe the DHCP Protocol operations in General . It Will Be more beneficial to Computer Science Engineering Students who Studies Advanced Computer Networks in their .DHCP is one of their topic in the prescribed Syllabus
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
The Network File System (NFS) is the most widely used network-based file system. NFS’s initial simple design and Sun Microsystems’ willingness to publicize the protocol and code samples to the community contributed to making NFS the most successful remote access file system. NFS implementations are available for numerous Unix systems, several Windows-based systems, and others.
Introduction to users and groups in Linux. We will explore how to set user expiry information and force user password change after certain period of time. We will be also providing different permission to users and groups and restricting users and groups operations using sudoers file
Basically this presentation is about securing our wifi(wireless fiedielty)this is about penetration on wifi using aircrack-ng tutorial.(wifi hacking tuutorial)
This presentation Briefly Describe the DHCP Protocol operations in General . It Will Be more beneficial to Computer Science Engineering Students who Studies Advanced Computer Networks in their .DHCP is one of their topic in the prescribed Syllabus
A website is a mirror of an organization. It is a real way of expressing what an organization believes by reflecting the organization’s mission and vision to its users. Days are gone when we used to build up static website which was a bit difficult to update, modify or make any change. All these difficulties show the way to capitalize dynamic website. A Content Management System (CMS) as a dynamic one helps any novice to create, modify, update and publish the content of webpage without having much of technical knowledge. Now a days library and Information Science professionals can take the advantages of using various open source CMS, Joomla as for example, for developing their website. Joomla is being widely used CMS all over the world to manage the content of the website. It has also been using in the case of website development of a number of libraries and information centers to inform the available services, create user accounts, manage back end database, provide virtual library service, highlight new arrivals, and bring any modification on regular basis. The present paper discusses the significance/application of CMS/Joomla in present-day’s digital library environment
A presentation+class delivered to a PHP developer group at Brown University that discussed Web Application Security with a heavy emphasis on PHP, and discussed security in the SDLC, and showed with some examples what to do and not do
This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE v1.0.pdf, was made after some brainstorming
with some friends. The techniques used are not new and the tools readily available for download. The purpose of the discussion however
is to debate how internal enterprise resources might be (in)adversely exposed to the internet by in an insider using a combination of common techniques such as SSH and SSL.
Practical Example of grep command in unixJavin Paul
Grep command is one of most useful command in unix. having mastery in Grep and find means your productivity will be very high in unix. these grep command tutorials contains some examples of grep command in unix. It teaches how to leverage power of grep command in unix or linux. This presentation contains some of most useful example of grep command in unix.
for more tutorial see my blog
http://javarevisited.blogspot.com/2011/03/10-find-command-in-unix-examples-basic.html
http://javarevisited.blogspot.com/2011/06/10-examples-of-grep-command-in-unix-and.html
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
This course provides you with skills to
* Develop sed and awk scripts
* Use sed and awk to automate common tasks
* Use sed and awk to create formatted reports
Prerequisites
* Basic understanding of UNIX / Linux Operating System
* Knowledge of basic UNIX / Linux commands
Intended Audience
* System Administrators, Testing Professionals, and Software Developers working in the UNIX / Linux environment
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on.
This talk will explain the most interesting features of ssh and some info about future developments.
install hadoop in windows using maven and windows sdk and visual c++ compiler.
To install hadoop on windows see below link step by step guidance.
From version 2.3 hadoop suppot windows also but by default it supports linux and other version. to install in windows need to compile the hadoop source in native windows sdk and then that hadoop distribution generated can be used to run hadoop in windows.
hadoop installation on windows
10. SSH - Generic term used for SSH protocols ssh - Client command for running remote command sshd - Server program SSH-1 - Version 1 of the protocol SSH-2 - Version 2 of the protocol OpenSSH - Product from open BSD project Terminology
12. SSH Architecture The brown fox jumped over the cow The brown fox jumped over the cow Anw@dc%9r&6cbditop*dekisn@h Network ??? ssh client ssh server Authentication
13. SSH Layers Ethernet Network Access Layer IP Internet Layer TCP Transport Layer ssh-transport Initial key exchange and server authentication, setup encryption ssh-userauth User authentication using public key, password, host based, etc. ssh-connection Session multiplexing, X11 and port forwarding, remote command execution, SOCKS proxy, etc. Application Layer
19. You may download the source from http://www.openssh.com/ Read installation instructions to check if you have pre-requisite packages and libraries. Downloading Source Code
24. sshd.pid - Server's PID is stored in this file System wide configuration files
25.
26. config - Client configuration file User specific configuration files
27.
28. IMPORTANT The ~/.ssh directory and the files in it must be owned by user and must be unreadable by anybody else. The ssh server will simply ignore the files with incorrect permissions. chmod -R og= ~/.ssh Configuration Permissions
32. shahhe@kubuntu1:~$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/shahhe/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/shahhe/.ssh/id_dsa. Your public key has been saved in /home/shahhe/.ssh/id_dsa.pub. The key fingerprint is: 99:51:ac:02:10:0c:d4:55:09:cc:86:36:cf:59:d0:33 Generating key pairs
36. shahhe@kubuntu1:~$ ssh [email_address] Last login: Mon Jun 18 21:26:33 2007 from d47-69-253-190. * Problems? Questions? Email: [email_address] * Type "whatsup" to see information posted to our "What's Up?" page. You have mail. You have 17 read messages. You have no new mail. /home/customer/shah {shah@typhoon} 1> Logging into remote system
43. Options for authorized_keys2 file Disable X11 forwarding no-x11-forwarding Do not allocate TTY no-pty Disable port forwarding no-port-forwarding Disable forwarding agent no-agent-forwarding Limit incoming hosts from="host or ip address" Set environment variable environment="variable=value" Specify a force command command="command name" Meaning Option
49. You want to login to the computer at work from your home computer or from from hotel while traveling. The computer at work is behind the firewall so you cannot connect to it directly. You are allowed to connect to a bastion host, but are not allowed to store private keys on it. What can you do? Agent forwarding
50. Agent Forwarding ssh ssh sshd (proxy agent) sshd ssh Login ssh Work Bastion Home
51. The configuration is stored in /etc/ssh/sshd_config file. Port 46464 Protocol 2 PasswordAuthentication no ForwardX11 yes ForwardAgent yes Compression no sshd configuration on bastion host
52. The configuration is stored in ~/.ssh/tunnel.cfg file. Host * ForwardX11 yes ForwardAgent yes NoHostAuthenticationForLocalhost yes User RemoteUser IdentityFile /home/LocalUser/.ssh/work_dsa Host bastionhost HostName 69.2.50.60 Port 46464 LocalForward 10001 10.60.80.101:22 ssh tunnel configuration on home system
53. The configuration is stored in ~/.ssh/config file. Host * ForwardX11 yes ForwardAgent yes NoHostAuthenticationForLocalhost yes IdentityFile /home/LocalUser/.ssh/work_dsa Host portmap HostName localhost port 10001 LocalForward 18080 10.60.80.101:22 LocalForward 18081 10.60.80.102:22 Host host1 User RemoteUser HostName localhost Port 18080 Host host2 User RemoteUser HostName localhost Port 18081 ssh client configuration on home system
57. Environment variables /dev/pts/48 Name of TTY SSH_TTY 10.90.10.107 45756 22 Client socket information SSH_CLIENT /tmp/ssh-FcRCI22249/agent.22249 Path to socket SSH_AUTH_SOCK 10.90.10.107 45756 10.90.10.182 22 Client and server socket information SSH_CONNECTION Example Meaning Variable
65. http://www.openssh.com/ http://fuse.sourceforge.net/sshfs.html Barrett, D., Silverman, R., & Byrnes, R. (2005). SSH The Definitive Guide, Second Edition. O'Reilly Media, Inc. SSH FAQ http://www.employees.org/~satch/ssh/faq/ssh-faq.html Excellent agent forwarding tutorial http://unixwiz.net/techtips/ssh-agent-forwarding.html Turotial on building OpenSSH http://unixwiz.net/techtips/openssh.html Resources
Editor's Notes
He designed the protocol because of a password-sniffing attack at the university. The goal was to replace telnet, rlogin, rsh commands. He documented SSH1 as an IETF internet draft. SSH-2 features both security and feature improvements over SSH-1. New features of SSH-2 include the ability to run any number of shell sessions over a single SSH connection. SCS sells its SSH products under the name Tectia There are dozens of SSH implementations but OpenSSH it the most used version.
SSH-1 Original protocol, it has serious limitation. Not recommended anymore. SSH-2 Version 2 of the protocol. Currently in use. Most common protocol in use. Defined by draft standards of IETF SECSH working group.
Once an SSH client contacts a server, key information is exchanged so that the two systems can correctly construct the transport layer. The following steps occur during this exchange: Keys are exchanged The public key encryption algorithm is determined The symmetric encryption algorithm is determined The message authentication algorithm is determined The hash algorithm to be used is determined During the key exchange, the server identifies itself to the client with a unique host key. If the client has never communicated with this particular server before, the server's key will be unknown to the client and it will not connect. OpenSSH gets around this problem by accepting the server's host key after the user is notified and verifies the acceptance of the new host key. In subsequent connections, the server's host key is checked against the saved version on the client, providing confidence that the client is indeed communicating with the intended server. If, in the future, the host key no longer matches, the user must remove the client's saved version before a connection can occur. Once the transport layer has constructed a secure tunnel to pass information between the two systems, the server tells the client the different authentication methods supported, such as using a private key-encoded signature or typing a password. The client then tries to authenticate itself to the server using one of these supported methods. SSH servers and clients can be configured to allow different types of authentication, which gives each side the optimal amount of control. The server can decide which encryption methods it will support based on its security model, and the client can choose the order of authentication methods to attempt from among the available options. Thanks to the secure nature of the SSH transport layer, even seemingly insecure authentication methods, such as a host and password-based authentication, are safe to use.
Uses public/private key. OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms. These are patent free. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets. The authentication methods are: .rhosts together with RSA based host authentication, pure RSA authentication, one-time passwords with s/key, and finally authentication using Kerberos.
For more configuration parameters read INSTALL file or run configure --help --disable-suid-ssh To prevent a local root compromise if a vulnerability is found with the ssh(1) command, do not install OpenSSH with the setuid bit. The setuid bit is only needed for regression to the rsh protocol, which is disabled by the following option. --without-rsh This argument prevents the regression to the insecure rsh protocol if you are unable to connect by using the Secure Shell protocol.
Private key represents your identity for outgoing connection. Client users the private key. Public key represents your identity to incoming connection. Client sends private key to the server, server then matches it with public key, according to cryptographic test, authentication succeeds and connection is allowed. Private key must be protected, public key do not need to be secret, it cannot be used to break into an account.
Using ssh-agent saves you from typing your passphrase repeatedly.
Starts xterm (X11 application) on the remote system and displays on client display. -X enables X11 forwarding. Does not use . Xauthority file and attacker may be able to monitor key strokes. -Y enables trusted X11 forwarding. Uses . Xauthority file.
sshfs is based on FUSE - userspace file system framework. Do not run is as root, run it as a user.