Remote Accesserver, Introduction(Part1).pptx

Linux System Administration II
YEAR 3, SEMESTER 2
Lecture: Phouk Channkrissna,
Mobile: 0966665363/017665359,
Email: channkrissna@gmail.com

Remote Access Server
Backup and Recovery
Content:
• Cryptography
• Remote Access Overview
• Remote Access Server(RAS)
• Protocol Overview
• Remote Access Protocol
• Encryption key management
• Private and Public Keys
• Secure Shell (SSH) Protocol
• Secure Shell (SSH) Connection
• SSH Alias
• SSH Alias Configuration
• SCP protocol
• SCP Configuration
• SFTP Configuration
• Rsync Overview
• The advantages of rsync
• RSYNC Command
• SSHFS Overview
• FUSE Overview
• Benefit of SSHFS Function
• SSHFS Command
• Get start sshfs from Linux in window
Backup and Recovery
Remote Access Server

After finishing this lesson student will :
• Understand on the data security in server
• Understand on the flow SSH connect
• Understand on the flow Key pair connect
• Understand on the flow SCP connect
• Understand on the flow SFTP connect
• Understand on the flow SSHFS connect
• Understand on the flow RSYNC connect
• Configure SSH
• Configure SCP
• Configure SFTP
• Configure SSHFS
• Configure RSYNC

Data security
4
What is data security?
Data security refers to the process of protecting data from unauthorized access and data
corruption throughout its lifecycle. Data security includes data encryption, hashing,
tokenization, and key management practices that protect data across all applications and
platforms.
Plantext Encrypt Ciphertext Descript Plantext

Data encryption
5
Encryption involves securing your data with a cryptographic algorithm and a key. Data should be
encrypted at rest (in storage) and in-flight (e.g. when you transfer it from the user device to the
backend).

Basic Terminology
6
Encryption is the process of encoding message so that its meaning is not obvious
Decryption is the reverse process, transforming an encrypted message back into the normal,
original form
Cryptosystem is a system for encryption and decryption is call cryptosystem
Plaintext is the term used to refer to the information in plain language that the sender desires
to send to one or more receiving computers or individuals. Also referred to as cleartext,
plaintext is commonly referred to as the input to a cipher or encryption algorithm. The term
cleartext can also refer to sounds, images, or other multimedia information that is transmitted
without encryption
Cipher Text : is what encryption algorithms, or ciphers, transform an original message into.

Cryptography Algorithm
7
Hidden Writing: Cryptography is the science of keeping information secure by transforming it
into form that unintended recipients cannot understand. In cryptography, an original human
readable message, referred to as plaintext, is changed by means of an algorithm, or series of
mathematical operations, into something that to an uninformed observer would look like
gibberish; this gibberish is called ciphertext.
Mainly used to protect information: Cryptographic systems require some method for the
intended recipient to be able to make use of the encrypted message __ usually, though not
always, by transforming the ciphertext back into plaintext.
Ensure security of communication over insecure medium.

Diagram
8
Secret Key
Institute Encrypt
#SE^@!
Da6239
Decrypt Institute
plaintext plaintext
Gibberish or ciphertext

Symmetric encryption
9
In symmetric encryption, you use the same key for both encryption and decryption of your data
or message. Taking the example I gave above, sending a secure message to your granny, both
of you need to have the same key in order to encrypt and decrypt the messages that you may
exchange with each other.

Asymmetric encryption
10
Asymmetric encryption is quite the opposite to the symmetric encryption as it uses not one key
but a pair of keys: a private one and a public one. You use one to encrypt your data, which is
called public key, and the other to decrypt the encrypted message, which is called the private
key.

Asymmetric encryption
11
Window Linux
cd ~/.ssh
ssh-keygen
ssh-copy-id –i ~/.ssh/student.pub user@192.168.1.17
ssh –I ~/.ssh/student user@192.168.168.1.7
Practice

Remote Access Overview
12
Remote access is an efficient and comfortable way for corporate IT personnel to remotely connect to server
interfaces to control server, network, resource, transfer data, share resource, troubleshoot issues, etc. Generally,
it is widely used in the corporates due to the reason that it provides easy accessibility to a host, device or a
network from a remote distance but it also supports the access to every network networks.

Remote Access
Server(RAS)
13
A remote access server is a type of server that provides a suite of services to remotely connected hosts
over a network or the Internet. It operates as a remote gateway or central server that connects remote
users with an host's internal local area network (LAN).
A RAS includes specialized server software used for remote connectivity. This software is designed to
provide authentication, connectivity and resource access services to connecting users.
A RAS is deployed within an host and directly connected with the host’s internal network and systems.
Once connected with a RAS, a user can access his or her data, desktop, application, print and/or other
supported services

Protocol Overview
16
protocol is a set of rules for formatting and processing data. Network protocols are like a common
language for computers. The computers within a network may use vastly different software and
hardware; however, the use of protocols enables them to communicate with each other regardless.
Example:
Server
HTTP
SCP
RDP
SSH
Unix-based
Request
Window
HTTP
SCP
RDP
SSH
Response
HTTP
SCP
RDP
SSH

Remote Access Protocol
17
Remote protocols are a set data structures that dictate how devices exchange data across
networks and can be equated to application that two devices must understand for seamless
communication of information or resource.
Server
HTTP
SCP
RDP
SSH
Linux Server
Connect
HTTP
SCP
RDP
SSH

Remote Access Protocol
18
Remote access, also known as remote authentication by login or key, is the ability to access the
host from a remote location. It enables user to change resource located on user’s device from
anywhere in the world. This ability is handy for offsite workers, travelers, and those who work
out of office
There are several ways to set up remote access protocol:
1. Remote console
• RDP(Remote Desktop Protocol)
• SSH Protocol (Secure Shell Protocol)
• VPN (virtual private network)
• Telnet (Teletype Network)
2. Remote File
Rsync (Remote Sync)
FTP (File Transfer Protocol)
SFTP (Secure File Transfer Protocol)
SCP (Secure Copy Protocol)
SSHFS (Secure Shell File System )

Private and Public Keys
20
Private keys: Your private key, as the name states, is yours and it must be kept private, as it’s the only key that
can decrypt any message that was encrypted with your public key.
Public keys: Public keys as, yet again, the name states, are public and thus no security is required because of it
should publicly available and can be passed over the internet. The public key is used to encrypt a message that
can only be decrypted using, as I written above, its private counterpart.

Secure Shell (SSH)
Protocol
21
SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote
servers over the Internet or LAN Network. An inherent feature of ssh is that the communication between the two
computers is encrypted meaning that it is suitable for use on insecure networks. SSH is often used to "login" and
perform operations on remote computers but it may also be used for transferring data. SSH is often used to “Key
Pairs“ instead authentication by password and use

Secure Shell (SSH)
Connection
22
In order to establish an SSH connection, user need two components: a client and the
corresponding server-side component. An SSH client is an application user install on the computer
which user will use to connect to another computer or a server. The client uses the provided
remote host information to initiate the connection and if the credentials are verified, establishes
the encrypted connection.
On the server’s side, there is a component called an SSH daemon that is constantly listening to a
specific TCP/IP port for possible client connection requests. Once a client initiates a connection, the
SSH daemon will respond with the software and the protocol versions it supports and the two will
exchange their identification data. If the provided credentials are correct, SSH creates a new
session for the appropriate environment.

Secure Shell (SSH)
23
SSH Protocol Installation SSH Protocol Installation
Authentication
User and password
Private and Public Keys

24
Private and Public key
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Public key
~/.ssh/authorized_keys
Send Public Key To Server
Public key
~/.ssh/know_hosts
Private and Public key
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
CLIENT SERVER
Send Public Key To Client
Authentication by Cryptographic Key

How to connect ?
25
SYNTAX: ssh [OPTIONS] [USER@]:HOST
ssh: appication
[OPTIONS] : can use port or key ..
USER: it is credential user in server
HOST: it is server by IP and domain
Example
ssh -p 23 user1@1921.68.10.1
ssh -i key.pub user2@122.122.122.122
ssh user3@ssh-server.com

Window Connect SSH
Linux Server
27
Client: For Windows machines, you can install Git Bash or any other client of your choice to gain access to a
server..
Server: In order to accept SSH connections, a machine needs to have the server-side part of the SSH software
toolkit.
*install Git Bash
*install SSH Server
sudo apt-get install openssh-server
*check the ssh status is run or not
sudo service ssh status
sudo service ssh start
* Install firewall and allow authentication
sudo apt install ufw
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow 22

Secure Shell (SSH)
28
1. Key pair is created (typically by the user). This is typically done with ssh-keygen.
2. Private key stays with the user (and only there), while the public key is sent to the server. Typically with
the ssh-copy-id utility.
3. Server stores the public key (and "marks" it as authorized).
4. Server will now allow access to anyone who can prove they have the corresponding private key.
Authentication
client Server
Public key Private key Public key
Send Public key to server
ssh-copy-id -i ~/.ssh/public_key user@server)
Public key will store in file
~/.ssh/authorized_keys called
authorized
Connect to server
ssh -i .ssh/public_key user@server
match key between private key and public key?

Secure Shell (SSH)
30
Command Tip
Create user client1 and client2 in server
sudo adduser client2
sudo adduser client2
Generate Key In window for user client1 and client2 (use application git bash)
cd .ssh
ssk-keygen.exe (client1)
ssk-keygen.exe (client2)
Copy public key to server (client1 and client2)
cd ~/.ssh
ssh-copy-id -i client1.pub client1@IP
ssh-copy-id -i client2.pub client2@IP
cd ~/.ssh
ssh -i client1 client1@IP
ssh -i client2 client2@IP

31
Practice
Client Server
SSH Authentication No
Password
cd .ssh
ssh-keygen
ssh-copyid -i publickey user@server_ip
ssh -i privatekey user@server_ip
Private key Public Key

SSH Alias
32
If user frequently access a lot of different remote systems via SSH, this trick will save user some time. user can
create SSH alias to frequently-accessed systems via SSH. This way user need not to remember all the different
usernames, hostnames, ssh port numbers and IP addresses etc. Additionally, It avoids the need to repetitively
type the same username/hostname, ip address, port no whenever you SSH into a Linux server(s).
ssh user1234@1921.68.10.2.1
ssh -p 9124 da-0139@192.168.10.234
ssh –p 1931 pi-193n13@adan.vm.addad.com
In control multi server maybe believe most of the newbie Linux users and/or admins would SSH into a remote
system this way. However, If user SSH into multiple different systems, remembering all hostnames/ip addresses,
usernames is bit difficult unless user write them down in a paper or save them in a text file. No worries! This can
be easily solved by creating an alias(or shortcut) for SSH connections.

SSH Alias Configuration
35
1). Using SSH Config File
We can use SSH default configuration file to
create SSH alias. To do so,
edit ~/.ssh/config file (If this file doesn't exist, just
create one).
Connection: ssh hostname

SSH Alias Configuration
(continue)
36
1). Using bash alias
This is quick and dirty way to create SSH aliases for faster communication. user can use the alias
command to make this task much easier(If this file doesn't exist, just create one). This file
(.bashrc) store in each users command: vim ~/.bashrc (edit file)
source ~/.bashrc (save alias command)

Secure Shell (SSH)
38
Create user client1 and client2 in server
sudo adduser com-system
sudo adduser com-network
sudo adduser com-database
Generate Key In window for user com-system, com-network and com-database
cd .ssh
ssk-keygen.exe (com-system)
ssk-keygen.exe (com-network)
ssk-keygen.exe (com-database)
cd ~/.ssh
ssh-copy-id -i client1.pub com-system@IP
ssh-copy-id -i client2.pub com-data@IP
ssh-copy-id -i client2.pub com-network@IP

SCP protocol
39
Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote
host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both
the Secure Copy Protocol and the program itself.
The easiest of these are scp or secure copy. While cp is for copying local files, scp is for remote file transfer where
both uses almost the same syntax. The main difference is that with scp you'll have to specify the remote host's
DNS name or IP address and provide login credential for the command to work. You can both scp files from local
to remote and local to remote.

SCP Configuration
40
SSH or Secure Shell is a protocol that allows a secure way to access remote computer. SSH implementation
comes with scp utility for remote file transfer that utilizes SSH protocol. SSH for file transfer is also utilized by
other applications such as sftp, rsync and sshfs which can make use of SSH to secure its network transaction.
All these applications allow us to copy our files from local to remote server and to copy files from remote server
to our local machine. Below are examples on how to use these applications for files transfers based on this
setup:
Local Server Remote Server
SSH Protocol for file copy
Protocol copy: SCP, SFTP,
Encrypted Tunnel
Authentication
User and password
Key Pair

SSH Protocol Client
41
SCP Client SCP Server
SSH Protocol Server
SCP DATA
Private Key Public Key
scp –i /d/key/scp-client /d/client-data/* scp-user@IP:~/server-data
Practice

Secure Shell (SSH)
42
Command Tip SCP
In Window
cd /d
mkdir client-data
cd client-data
touch file{1..10}.txt
cd ..
mdkdir key
cd /d/key
ssk-keygen (key name is scp)
ssh-copyid -i /d/key/scp.pub scp-client@your_ip
In Linux
sudo adduser scp-user
sudo login scp-user
mkdir scp-data
chmod a+rwx scp-data
scp –i /d/key/scp-client /d/client-data/* scp-user@IP:~/scp-data

SFTP Protocol
43
Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP) and a part of the SSH
Protocol for easy data transfer and data access over a Secure Shell (SSH) data stream. SFTP is also known as SSH
File Transfer Protocol. It provides a secure connection to transfer files and traverse the filesystem on both the
local and remote system. Encryption in SFTP is done using SSH connection, where files can be transferred using
WinSCP and SFTP client.

SFTP Configuration
44
SFTP works by using a secure shell data stream. It establishes a secure connection and then
provides a higher level of protection for data while transferring it. It uses different
encryptions that help move the data and ensure that data is unread, which is being
processed. The SSH keys must be created in advance, and it helps to avoid fraud people
from connecting to the server. SFTP works in a client-server architecture. In the case of the
server, the data is usually present on the server. Though this server can be at a different
location, the client can easily access the data by sending the request. When a user clicks on
a file, this request is traversed through the network and ultimately reaches the server. This
data is then sent to the server, which is requesting the data. The user will eventually get the
file and make changes as per their needs. The SFTP ensures that all files are transferred in

get remoteFile localFile
get -r Directory
get -Pr Directory
put remoteFile localFile
put -r Directory
put -Pr Directory
Transferring Remote to the Local Transferring Local to the Remote
SCP
SSH
Download
upload

Command Tip
Remote Server
sudo adduser sftp-user
sudo login sftp-user
mkdir ~/sfpt-server;touch ~/sftp-server/server{1..10}.ser
cd ~/.ssh
ssh-keygen (sftp-key)
cat ~/.ssh/sftp-key.pub > ~/.ssh/authorized_keys
Local settin key:
mkdir ~/sftp-client;touch ~/sftp-client/client{1..5}.cli
scp sftp-user@IP:~/.ssh/sftp-key ~/.ssh/sftp-key.pem
chmod 400 ~/.ssh/sftp-key.pem
Remote from local to server
cd ~
sftp –i ~/.ssh/sftp-key.pem sftp-user@IP
sftp>get sftp-server/*.ser sftp-client/
sftp>put sftp-client/*.cli sftp-server

Rsync Overview
49
rsync stands for Remote Sync. The rsync function lets user transfer and synchronize data between different
machines and across networked machine by comparing the modification times and sizes of files. Using the
Secure Shell (SSH) protocol, user can copy user’s files securely to another location. It provides fast
incremental file transfer by transferring only the differences between the source and the destination. Rsync can
be used for mirroring data, incremental backups, copying files between systems, and as a replacement for scp ,
sftp , and cp commands
RSYNC
Recovery Backup

The advantages of rsync
51
 It uses both compression and decompression while sending and receiving files.
 It efficiently copies and sync files to or from a remote system.
 Supports archive file (owners, groups and permissions).
 It’s faster than scp (Secure Copy) because rsync uses remote-update protocol which allows to
transfer just the differences between two sets of files. First time, it copies the whole content of a
file or a directory from source to destination but from next time, it copies only the changed blocks
and bytes to the destination.
 Rsync consumes less bandwidth as it uses compression and decompression method while
sending and receiving data both end point.

52
RSYNC Command
Syntax: rsync [OPTION] SRC [USER@]HOST:DEST
SRC - Source directory.
DEST - Destination directory.
USER - Remote username.
HOST - Remote hostname or IPAddress
OPTION - The rsync options .
-v, –verbose : Verbose output
-a, –archive: Archive files and directory while synchronizing
-r, –recursive: Sync files and directories recursivelyn
-u, –update: Update new and old file between source and destine
-e, –rsh=COMMAND: mention the remote shell to use in rsync
-z, –compress: compress file data during the transfer
--progress: show the sync progress during transfer
--delete: rsync deletes extraneous files from the destination location. It is useful for mirroring.

53
Practice
rsync
student1 student2
server-data
***backup file from student1 and student2 into server-data for every in 1 minute

1).Create 3 Users
sudo adduser server-data
sudo adduser student1
sudo adduser student2
2). Install remote access in server-data
User server-data
sudo login server-data
mkdir ~/DATA
touch ~/rsyncd.log
vim ~/rsync.sh
#!/bin/bash
rsync -e "ssh -i ~/.ssh/student1" -auzrv student1@127.0.0.1:~/student001-data/* ~/DATA
--log-file=$HOME/.rsyncd.log
rsync -e "ssh -i ~/.ssh/student2" -auzrv student2@127.0.0.1:~/student002-data/* ~/DATA
--log-file=$HOME/.rsyncd.log

cd ~/.ssh
ssh-keygen (student1)
ssh-keygen (student2)
ssh-copy-id ~/.ssh/student1.pub student1@127.0.0.1
ssh-copy-id ~/.ssh/student2.pub student2@127.0.0.1
3). Create folder and file in student1, student2
User student1
sudo login student1
mkdir ~/student001-data
touch ~/student001-data /student001-{1..10}
User student2
sudo login student2
mkdir ~/student002-data
touch ~/student002-data /student002-{1..10}
4).Create schedule to allow backup every in 1minutes
sudo login server-data
crontab -e
append script as below: * * * * * bash ~/rsync.sh

SSHFS Overview
56
SSHFS (SSH Filesystem) is a filesystem client based on FUSE for mounting remote directories over an SSH
connection. SSHFS is using the SFTP protocol, which is a subsystem of SSH and it is enabled by default on
most SSH servers.
When compared to other network file system protocols such as NFS and Samba the advantage of SSHFS is
that it does not require any additional configuration on the server side. To use SSHFS you only need SSH
access to the remote server.
Because SSHFS uses SFTP , all transmitted data between the server and the client must be encrypted and
decrypted. This results with a slightly degraded performance compared to NFS, and higher CPU usage on the
client and server.

SSHFS Get Start
58
SSHFS itself is a file system in
user space (FUSE) that uses
the SSH File Transfer Protocol
(SFTP) to mount a remote file
system. The sshfs command is
a client tool for using SSHFS to
mount a remote file system from
another server locally on your
machine.
Drive: M:
/DATA

Benefit of SSHFS Function
59
 Backup
 Mirror Data
 Live Data
 Share file in different OS.
 user can seamlessly interact with remote files being securely served over SSH
 Classify asset into storage online.

SSHFS Command
60
Install sshfs
sudo apt install sshfs
Mounting
sshfs [user@]host:[dir] mountpoint [-o options]
-o port=number
-o compression=yes
-o IdentityFile=~/.ssh/id_rsa
-o nonempty
-o auto_unmount
Unmounting
sudo umount mountpoint
Example in ubuntu:
sshfs user@IP:~/file sshfs/ -o IdentityFile=~/.ssh/key -o compression=yes -o
port=9119 -o nonempty compression=yes

SSHFS Command
61
Install sshfs
Mounting
sshfs [user@]host:[dir] mountpoint [-o options]
-o port=number
-o compression=yes
-o IdentityFile=~/.ssh/id_rsa
-o nonempty
-o auto_unmount
Unmounting
sudo umount mountpoint
Example in ubuntu:
sshfs user@IP:~/file sshfs/ -o IdentityFile=~/.ssh/key -o compression=yes -o
port=9119 -o nonempty compression=yes

Practice
SSHFS
Drive M:
Window
Drive (M:)
/DATA
/DATA
Linux (ubuntu server)
mount
Server: yourIP_In_linux
User: sshfs
Password: 123
Install winsfp and sshfs-win
Download winsfp for installation in window
Download sshfs-win for installation in window
Set Path Dependency
set PATH=C:Program FilesSSHFS-Winbin;%PATH%
sudo adduser sshfs
sudo mkdir /DATA
sudo chmod 777 /DATA

Example in window
set PATH=C:Program FilesSSHFS-Winbin;%PATH%
sshfs sshfs@192.168.7.24:/DATA Z: -oreconnect -odebug -osshfs_debug -
ologlevel=debug -oallow_root -oallow_other -ocompression=yes -ononempty -
odefault_permissions -oumask=100
.
Get start sshfs from Linux
in window

Practice
**Create folder student name ( such as: duong_piseth, chan_dara, chom_narin) in home directory
**Create key pair (Private and public key) as the student name (such as, chom_narin.pub, chom_narin
sshfs -o IdentityFile=~/.ssh/studet_key -o -o nonempty sshfs-user@IP:/DATA /home/student/DATA/
SSHFS
server
STUDENT_DATA
/home/student/DATA
/DATA
student
STUDENT_NAME
mount
Server: yourIP
User: sshfs
Password: 123

Practice
Create User:
sudo adduser serve
sudo adduser student
sudo mkdir /DATA
sudo chmod 777 /DATA
Login into user student
sudo login student
mkdir key DATA
cd key
ssh-keygen (keyname is studetkey)
sshfs -o IdentityFile=~/key/studentkey -o nonempty sshfs@IP:/DATA /home/student/DATA/

124.248.191.29
sq5@192.168.10.10
sq.krissna.com
sq5@sq.krissna.com
SSH SCP SFTP
SSH, SCP, SSHFS,
RSYNC,SFTP
Practice

Practice
SSH,SCP,SFTP and RSYNC
CLIENT SERVER
Authentication
ssh sq5@sq.krissna.com -p 7788
User: sq5
Password: sq5
mkdir ~/key ~/data

Practice
CLIENT SERVER
SSH Protocol
Client
cd key
ssh-keygen (key pair name is student’s name)
ssh-copy-id -i ~/key/student-name.pub sq5@sq.krissna.com -p 7788
ssh -i ~/key/student-name sq5@sq.krissna.com -p 7788
Server
mdkir student-name
chmod 777 student-name

Practice
CLIENT SERVER
SCP Protocol
Client
touch ~/data/student-name-scp{1..10}.txt
Server
scp -P 7788 -i ~/key/student-name ~/data/* sq5@sq.krissna.com:~/student-name/
~/data, ~/key /home/sq5/student-name

Practice
CLIENT SERVER
SFTP Protocol
Client
mkdir -p ~/data; touch ~/data/student-name-sftp{1..10}.txt
Server
sftp -oPort=7788 -i ~/key/student-name sq5@sq.krissna.com
mput -r /home/username/data/* /home/sq5/student-name
~/data, ~/key
/home/sq5/student-name

Practice
CLIENT SERVER
RSYNC Protocol
Client
sudo apt install rsync
touch ~/data/student-name-rsync{1..10}.txt
Server
rsync -e "ssh -p 7788 -i ~/key/student-name" -auzrv ~/data/ sq5@sq.krissna.com:~/student-name/
~/data, ~/key
/home/sq5/student-name

Remote Accesserver, Introduction(Part1).pptx

More Related Content

Similar to Remote Accesserver, Introduction(Part1).pptx

Recently uploaded

Remote Accesserver, Introduction(Part1).pptx