Secure Shell (SSH) is a cryptographic network protocol for secure data communication and remote shell services over an insecure network. SSH establishes an encrypted connection between a client and server, allowing for secure login, file transfer, port forwarding and tunneling. It uses public-key authentication and encryption to securely handle remote login and other network services between two networked computers.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Slides from a presentation I gave on SSH. Covers basics of ssh, password|keys|host-based authentication, agent/key forwarding, configuration files (global and user-specific), local/remote port forwarding, scp, rsync, and briefly mentions git's support.
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
FreeIPA is the open source answer to Active Directory, bringing the functionality of Kerberos and centralized management to the unix world. This talk will dive into the background of FreeIPA, how to attack it, and its parallels to traditional Active Directory. We will cover the FreeIPA equivalents of credential abuse, discovery, and lateral movement, highlighting the similarities and differences from traditional Active Directory tradecraft. This will culminate in multiple real-world demos showing how chains of abuse, previously accessible only in Windows environments, are now possible in the unix realm, providing a new medium for offensive research into Kerberos and LDAP environments.
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
Practical Example of grep command in unixJavin Paul
Grep command is one of most useful command in unix. having mastery in Grep and find means your productivity will be very high in unix. these grep command tutorials contains some examples of grep command in unix. It teaches how to leverage power of grep command in unix or linux. This presentation contains some of most useful example of grep command in unix.
for more tutorial see my blog
http://javarevisited.blogspot.com/2011/03/10-find-command-in-unix-examples-basic.html
http://javarevisited.blogspot.com/2011/06/10-examples-of-grep-command-in-unix-and.html
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
FreeIPA is the open source answer to Active Directory, bringing the functionality of Kerberos and centralized management to the unix world. This talk will dive into the background of FreeIPA, how to attack it, and its parallels to traditional Active Directory. We will cover the FreeIPA equivalents of credential abuse, discovery, and lateral movement, highlighting the similarities and differences from traditional Active Directory tradecraft. This will culminate in multiple real-world demos showing how chains of abuse, previously accessible only in Windows environments, are now possible in the unix realm, providing a new medium for offensive research into Kerberos and LDAP environments.
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
Practical Example of grep command in unixJavin Paul
Grep command is one of most useful command in unix. having mastery in Grep and find means your productivity will be very high in unix. these grep command tutorials contains some examples of grep command in unix. It teaches how to leverage power of grep command in unix or linux. This presentation contains some of most useful example of grep command in unix.
for more tutorial see my blog
http://javarevisited.blogspot.com/2011/03/10-find-command-in-unix-examples-basic.html
http://javarevisited.blogspot.com/2011/06/10-examples-of-grep-command-in-unix-and.html
This course provides you with skills to
* Develop sed and awk scripts
* Use sed and awk to automate common tasks
* Use sed and awk to create formatted reports
Prerequisites
* Basic understanding of UNIX / Linux Operating System
* Knowledge of basic UNIX / Linux commands
Intended Audience
* System Administrators, Testing Professionals, and Software Developers working in the UNIX / Linux environment
A presentation+class delivered to a PHP developer group at Brown University that discussed Web Application Security with a heavy emphasis on PHP, and discussed security in the SDLC, and showed with some examples what to do and not do
This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE v1.0.pdf, was made after some brainstorming
with some friends. The techniques used are not new and the tools readily available for download. The purpose of the discussion however
is to debate how internal enterprise resources might be (in)adversely exposed to the internet by in an insider using a combination of common techniques such as SSH and SSL.
These slides provide instructions on how to setup a virtual security training lab that uses OWASP Broken Web Apps, OWASP WebGoat, and OWASP ZAP running on top of Virtual Box.
If you're looking for the top 100 linux interview questions and answers, then you've come to the right place. We at hirist have compiled a list of the top linux interview questions that are asked by companies like TCS, Infosys, Wipro, HCL and Cognizant and put it together in a pdf format that can be downloaded for free.
You can easily download this free linux interview questions pdf file and use it to prepare for an interview. It doesn't matter if you're looking for linux interview questions and answers for freshers or linux interview questions and answers for experienced because this presentation will cater to both segments.
This list includes Linux interview questions and answers in the below categories:
top 100 linux interview questions
kickstart linux interview questions
interview questions on linux boot process
top 100 linux interview questions answers
linux interview questions 2009
linux installation interview questions
interview question on linux commands
linux interview topics
top 50 linux interview questions
Top 30 linux system admin interview questions & answers
Top 25 Unix interview questions with answers
Linux Interview Questions
Practical Interview Questions and Answers on Linux
Top 100 Informatica Interview Questions
10 Linux and UNIX Interview Questions and Answers
linux interview questions and answers for freshers
linux interview questions and answers pdf
linux interview questions and answers pdf free download
linux interview questions and answers for experienced pdf
linux l2 interview questions and answers
linux system administrator interview questions and answers
basic linux interview questions and answers
red hat linux interview questions and answers
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
Talk for USENIX/LISA2014 by Brendan Gregg, Netflix. At Netflix performance is crucial, and we use many high to low level tools to analyze our stack in different ways. In this talk, I will introduce new system observability tools we are using at Netflix, which I've ported from my DTraceToolkit, and are intended for our Linux 3.2 cloud instances. These show that Linux can do more than you may think, by using creative hacks and workarounds with existing kernel features (ftrace, perf_events). While these are solving issues on current versions of Linux, I'll also briefly summarize the future in this space: eBPF, ktap, SystemTap, sysdig, etc.
Talk for PerconaLive 2016 by Brendan Gregg. Video: https://www.youtube.com/watch?v=CbmEDXq7es0 . "Systems performance provides a different perspective for analysis and tuning, and can help you find performance wins for your databases, applications, and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes six important areas of Linux systems performance in 50 minutes: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events), static tracing (tracepoints), and dynamic tracing (kprobes, uprobes), and much advice about what is and isn't important to learn. This talk is aimed at everyone: DBAs, developers, operations, etc, and in any environment running Linux, bare-metal or the cloud."
Broken benchmarks, misleading metrics, and terrible tools. This talk will help you navigate the treacherous waters of Linux performance tools, touring common problems with system tools, metrics, statistics, visualizations, measurement overhead, and benchmarks. You might discover that tools you have been using for years, are in fact, misleading, dangerous, or broken.
The speaker, Brendan Gregg, has given many talks on tools that work, including giving the Linux PerformanceTools talk originally at SCALE. This is an anti-version of that talk, to focus on broken tools and metrics instead of the working ones. Metrics can be misleading, and counters can be counter-intuitive! This talk will include advice for verifying new performance tools, understanding how they work, and using them successfully.
Internal knowledge share on SSH setup and usage. Includes some helpful config file options to save time and how to create and use SSH keys for better security and productivity.
install hadoop in windows using maven and windows sdk and visual c++ compiler.
To install hadoop on windows see below link step by step guidance.
From version 2.3 hadoop suppot windows also but by default it supports linux and other version. to install in windows need to compile the hadoop source in native windows sdk and then that hadoop distribution generated can be used to run hadoop in windows.
hadoop installation on windows
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Using Secure Shell on Linux: What Everyone Should KnowNovell
Secure Shell, or SSH, is a network protocol that allows data to be exchanged over a secure channel. SSH is much more than just data being passed over the wire. SSH can be used to tunnel traffic and specific ports or applications across multiple servers. SSH is a must for anyone using Linux. If you haven't used SSH, then you have not used Linux!
This session is designed for all technical staff or decision makers curious about great Linux tools and making access to Windows services, remote desktops and remote servers easier and less complicated. During this session, we will demonstrate techniques to tunnel RDP sessions, SOAP sessions and HTTP sessions between remote systems.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
3. Definition-I Common used one
«The Secure Shell Protocol (SSH) is a protocol
for secure remote login and other secure
network services over an insecure network»
Ylonen & Lonvick
Standards Track
SSH Communications Security Corp C. Lonvick, Ed.
Cisco Systems, Inc.
January 2006
cagriCOM08 | Information Security
4. Definition-II More detatiled one
«Secure Shell (SSH) is a cryptographic network protocol for
secure data communication, remote shell services or command
execution and other secure network services between two
networked computers that connects, via a secure channel over an
insecure network, a server and a client
(running SSH server and SSH client programs, respectively).»
Ylonen & Lonvick
Standards Track
SSH Communications Security Corp wikipedia
cagriCOM08 | Information Security
5. Definition-III Structure
cagriCOM08 | Information Security
6. What SSH does
SecureSHell handles the set up and generation
of an encrypted TCP connection.
cagriCOM08 | Information Security
7. What SSH does: which means…
.......
-SSH can handle secure remote logins (ssh)
-SSH can handle secure file copy (scp)
-SSH can even drive secure FTP (sftp)
cagriCOM08 | Information Security
8. Core SSH programs
ssh client
sshd server
sftc transfer-line
«if sshd is not running you will not
be able to connect to it with ssh»
cagriCOM08 | Information Security
10. I Password Authentication
Example without SSH Keys Prompts for Password
you server you server
ssh sshd ssh sshd
you> ssh mac-1
password: ****
other>
cagriCOM08 | Information Security
11. II Key-pair Authentication
Example without SSH Keys
you server
ssh sshd
cagriCOM08 | Information Security
12. II Key-pair Authentication
Example without SSH Keys
you ? server
ssh sshd server> ssh –keygen
First of all Generate keys
cagriCOM08 | Information Security
13. II Key-pair Authentication public/private key-pair
you
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
cagriCOM08 | Information Security
14. II Key-pair Authentication public/private key-pair
Private Key: id_rsa
you
you
~/.ssh/id_rsa
~/.ssh/id_rsa.pub ~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Private keys should be
kept secret, do not
share them with anyone
cagriCOM08 | Information Security
15. II Key-pair Authentication public/private key-pair
Private Key: id_rsa Public Key: id_rsa.pub
you
you you
~/.ssh/id_rsa
~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa
~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub
Private keys should be
Public keys are meant to
kept secret, do not
be shared.
share them with anyone
cagriCOM08 | Information Security
16. II Key-pair Authentication public/private key-pair
Copy Public Key to server
you server
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
cagriCOM08 | Information Security
17. II Key-pair Authentication public/private key-pair
Copy Public Key to server
you server
~/.ssh/id_rsa
~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
cagriCOM08 | Information Security
18. II Key-pair Authentication public/private key-pair
No password required!
you server
ssh sshd
you> ssh server
other>
cagriCOM08 | Information Security
19. III Host-based Authentication
• Doesn’t require user credentials (password or key)
• Provides trust based on hostname and user id
• User id on both system has to be the same
• Disabled by default -- not that useful
cagriCOM08 | Information Security
20. SSH Basics Configuration Files [CF]
Server CF Client CF
sshd config: /etc/sshd_config ssh config: /etc/ssh_config
system-side
user-specific ssh config: ~/.ssh/config
Based on installation method system config locations may vary.
example: macports installs in /opt/local/etc/ssh/
cagriCOM08 | Information Security
21. SSH Basics Secure Logins
Login Example #1 Login Example #2
ssh user@example.com ssh example.com
Login Example #3 Login Example #4
ssh -p 45000 example.com ssh example.com<command here>
ssh example.com ls –l
ssh example.com hostname
cagriCOM08 | Information Security
22. SSH Basics Agent / Key Forwarding
Example without SSH Keys
server-1
you
server-2
cagriCOM08 | Information Security
25. SSH Basics Agent / Key Forwarding
[updated example] you to server-1 to server-2
you> ssh -keygen
you server-1 Copy public key to
Authorized_key ~/.ssh/authorized_keys
on each remote host
id_rsa.pub
id_rsa server-2
Authorized_key
cagriCOM08 | Information Security
28. SSH Basics Agent / Key Forwarding
you to server-1 to server-2
you> ssh server-1
server-1>
you server-1 Success
Authorized_key
you> ssh server-2
id_rsa.pub password>
id_rsa server-2 password required at
Authorized_key
the second step!
cagriCOM08 | Information Security
29. SSH Basics Enter Agent / Key Forwarding
SSH Key Gets Forwarded
you server-1
id_rsa.pub
id_rsa server-2
cagriCOM08 | Information Security
30. SSH Basics Enter Agent / Key Forwarding
Command Line Agent Forwarding
ssh -A example.com
Use -A to explicitly turn off
forwarding for a ssh session.
cagriCOM08 | Information Security
31. SSH Basics Port Forwarding
Local Port Forwarding Example
you server-1 server-2
sshd www
Private Network
cagriCOM08 | Information Security
32. SSH Basics Port Forwarding
you to www on server-2
you server-1 server-2
sshd www
public IP local IP
local IP
Private Network
cagriCOM08 | Information Security
33. SSH Basics Port Forwarding
Can’t access server-2 directly
you server-1 server-2
sshd www
public IP local IP
local IP
Private Network
cagriCOM08 | Information Security
34. SSH Basics Port Forwarding
With Local Port Forwarding
you server-1 server-2
sshd www
public IP local IP
local IP
you> ssh -L 8000:server-2:80 server-1
server-1>
success
cagriCOM08 | Information Security
35. SSH Basics Port Forwarding
A Tunnel is Made!
you server-1 server-2
sshd www
public IP local IP
local IP
you> ssh -L 8000:server-2:80 server-1
server-1>
success
cagriCOM08 | Information Security
36. SSH Basics Port Forwarding
server-2 doesn’t have to run sshd
you server-1 server-2
sshd www
public IP local IP
local IP
cagriCOM08 | Information Security
37. SSH Basics Port Forwarding
Command Line Local Port Forwarding
ssh -L localport:host:hostport example.com
localport is the port on your machine,
host is the remote server to tunnel to,
hostport is the port on the remote server to tunnel to
cagriCOM08 | Information Security
38. SSH Basics Port Forwarding
Sharing Tunnel
you server-1 server-2
sshd www
public IP local IP
local IP
another you> ssh -L 8000:server-2:80 -g server-1
server-1>
success
cagriCOM08 | Information Security
39. SSH Basics Port Forwarding
Command Line Local Port Forwarding
ssh -L localport:host:hostport -g example.com
-g allows others to connect to your forwarded port
cagriCOM08 | Information Security
40. SSH Basics Port Forwarding
Host Configured
Host inspire.staging
LocalForward 8000:server-2:80
Per-User ~/.ssh/config
System-wide /etc/ssh_config
Friday, September
cagriCOM08 | Information Security
41. SSH Basics Port Forwarding
SSH Server has final say!
AllowTcpForwarding no
System-wide /etc/sshd_config
Defaults to “yes” -- so pretty much ignore.
cagriCOM08 | Information Security
42. References
SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual
Güvenli kanallardan iletişim ( SSH ) User Manual
http://en.wikipedia.org/wiki/Secure_SHell
http://en.wikipedia.org/wiki/Secure_channel
http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b
http://www.openssh.org/txt/
ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/
http://www.javakursu.net/sshnedir
cagriCOM08 | Information Security
![Content
@ Definitions
@ What SSH Does
@ Core SSH programs
@ SSH Authentication Methods
@ Password
@ Public/private keypair
@ Host-based authentication
@ SHH Basics
@ Configuration Files [CF]
@ Secure Logins
@ Agent / Key Forwarding
@ Enter Agent / Key Forwarding
@ Port Forwarding
@ Conclusion
cagriCOM08 | Information Security](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)