SlideShare a Scribd company logo
SSH COOKBOOK V2 
A SSH TOOLS SUITE PRESENTATION 
ENHANCED VERSION 
Created by Jean-Marie Renouard / @jmrenouard 
http://www.jmrenouard.fr/
WHAT'S SSH ? 
SSH is a secure TCP communication protocol. 
SSH v2 is base standard in all distributions. 
SSH allows you to connect securely to server. 
SSH avoid attack such man in the middle.
SSH BASIC USAGE 
Connect to server REF01.mynetwork as osuser 
$ ssh osuser@REF01.mynetwork
WHAT'S NEXT ? 
Password is asked. 
osuser@REF01.mynetwork's password : 
Password is checked based on system. 
Input password is crypted. 
Result is compared with /etc/shadow information. 
Comparaison failed : command fails, simple !
AND WHEN IT IS OK ... 
Comparaison successed 
SSH asks system for a new shell session. 
Shell session is based on /etc/passwd info. 
7th and last field of /etc/passwd is shell path. 
Default Welcome Message 
Last login: Thu Mar 20 23:26:46 2014 from 192.168.X.X 
Then, You've got a shell ( Bash for instance ) 
A shell as a local shell remotely / securely !
SHELL IS GREAT 
Ctrl-d : Kill the connection immediately. 
Ctrl-l : Clean your screen 
Ctrl-r : Search in bash history on the server 
Readline powered 
.bash_history : command history 
.bash_profile and .bashrc for personal shell customisation 
(alias, functions, ...)
BORING ASPECT OF SSH 
ONE CONNECTION MEANS ONE PASSWORD CHECK. 
Password typing 
No human error probe 
Ctrl-d, exit, kill -9 0, killall bash, ... 
Kill/terminate Shell session means : 
All processes launched from Shell session are also killed. 
You JUST have to REconnect and REtype your password. 
REtype your command even if it's long time taking.
AVOIDING PASSWORD TYPING 
Thanks God, it is possible to connect without passord typing. 
It is as secure as password typing. 
Maybe more secure: 
No password Excel File on network 
No Agile Access info Post-it on ScrumBoard :)
SSH KEY GENERATION 
2 FILES MUST BE GENERATED 
1. Red key : .ssh/id_rsa is your Private SSH key 
Keep it secret 
2. Blue key: .ssh/id_rsa.pub is your Public SSH key.
SSH KEY GENERATION COMMAND 
Key Generation Command: 
ssh-keygen -t rsa 
Hey, it is asking me a F*** password !!! 
Leave it empty :)
SSH KEY DEPLOYMENT 
Public Key Deployment Command: 
ssh-copy-id -i .ssh/id_rsa.pub ossuer@REF01.mynnetwork 
It is asking a password for a last time ....
AND ALL IS OK ? 
On the server, .ssh/authorized_keys contains the content of 
your public key. 
Try to connect one again. 
ssh osuser@REF01.mynetwork 
NO MORE PASSWORD .... 
Magic Simple, Easy and secure ....
IS IT ALL ? 
How to automate this process ? 
Library Expect : 
library interacting with shell programmaticaly. 
You can script an interactive scenario. 
And you can execute it automatically.
BETTER THAN A SHELL 
YOU CAN ALSO REMOTELY EXECUTE A COMMAND. 
Shutdown the server 
ssh root@REF01.mynetwork shutdown -h now 
Execute a remote python script 
ssh osuser@REF01.mynetwork  
"python remoteScript.py" 
Know load average on REF01 server 
ssh osuser@REF01.mynetwork uptime
PERL EXPECT 
#!/usr/bin/perl 
use strict; 
use Expect; 
my $timeout=1; 
my $command="ssh ".$ARGV[0]." ".$ARGV[2]; 
my $exp = Expect->spawn($command) or die "Cannot spawn $command: $!n"; 
$exp->raw_pty(1); 
LOGIN: 
$exp->expect($timeout, 
[ 'ogin: $' => sub { 
$exp->send("lusern"); 
exp_continue; } 
], 
[ 'yes/no)?s*$' => sub { 
$exp->send("yesn"); 
goto LOGIN; 
} 
], 
[ 'assword:s*$' => sub { 
$exp->send($ARGV[1]."n"); 
exp_continue; } 
], 
'-re', qr'[#>:] $' 
); 
$exp->soft_close();
REMOTE EXECUTE A LOCAL SCRIPT 
PYTHON, BASH, PHP, RYBY, JAVA, ALL INTERPRETERS 
Interpreter must be present on the remote server 
Simple Python Script: hello.py 
#!/usr/bin/python 
print "Hello World !" 
Remote execute script:ssh-exec 
#!/bin/sh 
INTERPRETER=$(head -n 1 $2 | sed -e 's/#!//') 
cat $2 | grep -v "#" | ssh -t $1 $INTERPRETER 
Usage 
ssh-exec osuser@REF01.mynetwork hello.py
FILE TRANSFERT OVER SSH 
Using the input/output redirection. 
cat myLocalFile |  
ssh osuser@REF01.mynetwork  
"cat > myRemoteFile" 
Compressing on fly. 
cat myLocalFile |  
gzip |  
ssh osuser@REF01.mynetwork  
"gzip > myRemoteFile" 
Compression by SSH himself. 
cat myLocalFile | 
ssh -C osuser@REF01.mynetwork  
"cat > myRemoteFile"
DIRECTORIES OVER SSH 
Commands using input/output for directory 
tar UNIX archiver command works with stdin and stdout 
tar -czf – myDir |  
ssh -C osuser@ref01.mynetwork  
"mkdir myDir;cd myDir ;tar -xzf -" 
Better solution 
A kind of cp based on SSHv2 protocol 
scp -rp mydir osuser@ref01.mynetwork:myDir 
Best solution 
Incremental copy 
rsync -avz myDir osuser@ref01.mynetwork:myDir
MULTIPLE HOST COMMANDS 
SIMPLE SHELL LOOP ON 3 SERVERS 
for host in server1 server2 server3; do 
echo "* Updating $host" 
ssh -C root@${host}.mynetwork "yum -y update" 
done 
SIMPLE SHELL LOOP ON SERVER1 TO SERVER100 
for i in `seq 1 100`; do 
host=server${i}.mynetwork 
echo "*Updating $host" 
ssh -C root@${host} "yum -y update" 
done
MULTIPLE HOST COMMANDS IN PARALLEL 
FORKING SUBSHELLS IN LOOP ON SERVER1 TO SERVER100 
for i in `seq 1 100`; do 
( 
host=server${i}.mynetwork 
echo "*Updating $host" 
ssh -C root@${host} "yum -y update" 2>&1 >> ${host}.update.log 
echo "* Updating $host ..DONE" 
)& 
done 
Output and Errors are stored in individual log file per host
MULTIPLE HOST COMMANDS IN PARALLEL 
FORKING SUBSHELLS IN LOOP FROM A FILE 
while read host; do 
( 
echo "*Updating $host" 
ssh -C root@${host} "yum -y update" 2>&1 >> ${host}.update.log 
echo "* Updating $host ..DONE" 
)& 
done < "${1:-/proc/${$}/fd/0}" 
Server are reading from a file or from stdin 
A file with one server name by line 
Output and Errors are stored in individual log file per host
PORT FORWARDING 
OPEN A LOCAL PORT AND REDIRECT IT THROUGHT SSH 
ssh -L2000:localhost:80 user@host1 
Open a local port 2000 and redirect I/O to server port 80 on 
host1 
ssh -L8080:host2:80 user@host1 
Open a local port 8080 and redirect I/O to server port 80 on 
host2 
Using SSH to host1 to access host2 server
REVERSE PORT FORWARDING 
OPEN A REMOTE PORT ON SERVER AND REDIRECT IT 
THROUGHT SSH TO CLIENT 
ssh -R 2000:localhost:80 user@host1 
Open a port 2000 on host1 
Redirect I/O ond this port to local port80 
ssh -R 8080:host2:80 user@host1 
Open a remote port 8080 on host1 
Redirect I/O to server host2 on port 80 from ssh client host 
Using SSH to host1 to access host2 server
USEFUL SCRIPTS 
ssh-installkeys, ssh key installer 
ssh-copy-id, included in openssh-clients in all distributions 
Fusefs, Filesystem over SSH 
MUSSH, Multihost SSH 
perl-Net-SSH-Expect, automate connection without ssh keys 
scanssh, scan hosts with SSH 
sshpass, password cracker for SSH
PROJECTS FOR MASSIVE REMOTE EXECUTION 
Ansible in Python 
Chef in Ruby 
Rex in Perl 
Rundeck in Java 
Envoy in PHP 
Shunt in PHP 
SSHKit 
DO It in Ruby
PROJECTS FOR SSH MANAGEMENT 
GateOne, Web SSH client 
Storm in Python, manage your SSH identities 
SSHRC, transport your config everywhere 
git deliver, deliver files from git and SSH 
SShuttle, the poor's man VPN Solution
STELLAR LINKS 
Code samples in Bash and Perl 
http://www.jmrenouard.fr 
Follow me on Twitter
THE END 
BY JEAN-MARIE RENOUARD / JMRENOUARD.FR

More Related Content

What's hot

Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
Instalasi Network Monitoring System (Nagios) Ubuntu 12.04Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
Febi Gelar Ramadhan
 
Red Hat Linux cheat sheet
Red Hat Linux cheat sheetRed Hat Linux cheat sheet
Red Hat Linux cheat sheet
Rafael Montesinos Muñoz
 
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKINGWHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
Positive Hack Days
 
Perintah perintah dasar linux Operating Sistem
Perintah perintah dasar linux Operating SistemPerintah perintah dasar linux Operating Sistem
Perintah perintah dasar linux Operating Sistem
Roziq Bahtiar
 
What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?
Docker, Inc.
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloud
NUTC, imac
 
使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台
NUTC, imac
 
50 Perintah Dasar pada linux
50 Perintah Dasar pada linux50 Perintah Dasar pada linux
50 Perintah Dasar pada linux
ReskyRian
 
Docker 基本概念與指令操作
Docker  基本概念與指令操作Docker  基本概念與指令操作
Docker 基本概念與指令操作
NUTC, imac
 
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
 SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
Redis Labs
 
Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)
Giovanni Bechis
 
Aprils fool 2014
Aprils fool 2014Aprils fool 2014
Aprils fool 2014
bijan_
 
Eduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhereEduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhere
StarTech Conference
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Develcz
 
Docker command
Docker commandDocker command
Docker command
Eric Ahn
 
Ubic
UbicUbic
Computer Security
Computer SecurityComputer Security
Computer Security
Aristotelis Kotsomitopoulos
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
John Varghese
 

What's hot (18)

Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
Instalasi Network Monitoring System (Nagios) Ubuntu 12.04Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
Instalasi Network Monitoring System (Nagios) Ubuntu 12.04
 
Red Hat Linux cheat sheet
Red Hat Linux cheat sheetRed Hat Linux cheat sheet
Red Hat Linux cheat sheet
 
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKINGWHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
WHEN FILE ENCRYPTION HELPS PASSWORD CRACKING
 
Perintah perintah dasar linux Operating Sistem
Perintah perintah dasar linux Operating SistemPerintah perintah dasar linux Operating Sistem
Perintah perintah dasar linux Operating Sistem
 
What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloud
 
使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台使用 CLI 管理 OpenStack 平台
使用 CLI 管理 OpenStack 平台
 
50 Perintah Dasar pada linux
50 Perintah Dasar pada linux50 Perintah Dasar pada linux
50 Perintah Dasar pada linux
 
Docker 基本概念與指令操作
Docker  基本概念與指令操作Docker  基本概念與指令操作
Docker 基本概念與指令操作
 
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
 SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
 
Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)
 
Aprils fool 2014
Aprils fool 2014Aprils fool 2014
Aprils fool 2014
 
Eduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhereEduardo Silva - monkey http-server everywhere
Eduardo Silva - monkey http-server everywhere
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
 
Docker command
Docker commandDocker command
Docker command
 
Ubic
UbicUbic
Ubic
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Who Broke My Crypto
Who Broke My CryptoWho Broke My Crypto
Who Broke My Crypto
 

Viewers also liked

Syntaxe du langage PHP
Syntaxe du langage PHPSyntaxe du langage PHP
Syntaxe du langage PHP
Jean-Marie Renouard
 
Manuel de sécurisation d'un serveur Linux
Manuel de sécurisation d'un serveur LinuxManuel de sécurisation d'un serveur Linux
Manuel de sécurisation d'un serveur Linux
Jean-Marie Renouard
 
Structure de données en PHP
Structure de données en PHPStructure de données en PHP
Structure de données en PHP
Jean-Marie Renouard
 
Présentation de PHP
Présentation de PHPPrésentation de PHP
Présentation de PHP
Jean-Marie Renouard
 
Le client HTTP PHP5
Le client HTTP PHP5Le client HTTP PHP5
Le client HTTP PHP5
Jean-Marie Renouard
 
Le client FTP de PHP5
Le client FTP de PHP5Le client FTP de PHP5
Le client FTP de PHP5
Jean-Marie Renouard
 
Les structures de données PHP5
Les structures de données PHP5Les structures de données PHP5
Les structures de données PHP5
Jean-Marie Renouard
 
SQL et MySQL
SQL et MySQLSQL et MySQL
SQL et MySQL
Jean-Marie Renouard
 
Email et PHP5
Email et PHP5Email et PHP5
Email et PHP5
Jean-Marie Renouard
 
Configuration PHP5
Configuration PHP5Configuration PHP5
Configuration PHP5
Jean-Marie Renouard
 
Fichier XML et PHP5
Fichier XML et PHP5Fichier XML et PHP5
Fichier XML et PHP5
Jean-Marie Renouard
 
PHP5 et les fichiers
PHP5 et les fichiersPHP5 et les fichiers
PHP5 et les fichiers
Jean-Marie Renouard
 
PHP 5 et la programmation objet
PHP 5 et la programmation objetPHP 5 et la programmation objet
PHP 5 et la programmation objet
Jean-Marie Renouard
 
Sécurité et Quaité de code PHP
Sécurité et Quaité de code PHPSécurité et Quaité de code PHP
Sécurité et Quaité de code PHP
Jean-Marie Renouard
 
MVC / Frameworks PHP
MVC / Frameworks PHPMVC / Frameworks PHP
MVC / Frameworks PHP
Jean-Marie Renouard
 
Client base de données en PHP5
Client base de données en PHP5Client base de données en PHP5
Client base de données en PHP5
Jean-Marie Renouard
 
Javascript et JQuery
Javascript et JQueryJavascript et JQuery
Javascript et JQuery
Jean-Marie Renouard
 
Gestion de formulaires en PHP
Gestion de formulaires en PHPGestion de formulaires en PHP
Gestion de formulaires en PHP
Jean-Marie Renouard
 
анимации в Windows phone
анимации в Windows phoneанимации в Windows phone
анимации в Windows phone
Filipp Panfilov
 
About Sage France
About Sage FranceAbout Sage France
About Sage France
Sage france
 

Viewers also liked (20)

Syntaxe du langage PHP
Syntaxe du langage PHPSyntaxe du langage PHP
Syntaxe du langage PHP
 
Manuel de sécurisation d'un serveur Linux
Manuel de sécurisation d'un serveur LinuxManuel de sécurisation d'un serveur Linux
Manuel de sécurisation d'un serveur Linux
 
Structure de données en PHP
Structure de données en PHPStructure de données en PHP
Structure de données en PHP
 
Présentation de PHP
Présentation de PHPPrésentation de PHP
Présentation de PHP
 
Le client HTTP PHP5
Le client HTTP PHP5Le client HTTP PHP5
Le client HTTP PHP5
 
Le client FTP de PHP5
Le client FTP de PHP5Le client FTP de PHP5
Le client FTP de PHP5
 
Les structures de données PHP5
Les structures de données PHP5Les structures de données PHP5
Les structures de données PHP5
 
SQL et MySQL
SQL et MySQLSQL et MySQL
SQL et MySQL
 
Email et PHP5
Email et PHP5Email et PHP5
Email et PHP5
 
Configuration PHP5
Configuration PHP5Configuration PHP5
Configuration PHP5
 
Fichier XML et PHP5
Fichier XML et PHP5Fichier XML et PHP5
Fichier XML et PHP5
 
PHP5 et les fichiers
PHP5 et les fichiersPHP5 et les fichiers
PHP5 et les fichiers
 
PHP 5 et la programmation objet
PHP 5 et la programmation objetPHP 5 et la programmation objet
PHP 5 et la programmation objet
 
Sécurité et Quaité de code PHP
Sécurité et Quaité de code PHPSécurité et Quaité de code PHP
Sécurité et Quaité de code PHP
 
MVC / Frameworks PHP
MVC / Frameworks PHPMVC / Frameworks PHP
MVC / Frameworks PHP
 
Client base de données en PHP5
Client base de données en PHP5Client base de données en PHP5
Client base de données en PHP5
 
Javascript et JQuery
Javascript et JQueryJavascript et JQuery
Javascript et JQuery
 
Gestion de formulaires en PHP
Gestion de formulaires en PHPGestion de formulaires en PHP
Gestion de formulaires en PHP
 
анимации в Windows phone
анимации в Windows phoneанимации в Windows phone
анимации в Windows phone
 
About Sage France
About Sage FranceAbout Sage France
About Sage France
 

Similar to Ssh cookbook

Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
webelement
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
Chris Hales
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
NigussMehari4
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
Dan Kaminsky
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
Assem CHELLI
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
Gregory Hanis
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
Alejandro Besne
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
Alessandro Franceschi
 
Sshstuff
SshstuffSshstuff
Sshstuff
Matt Rae
 
Session Server - Maintaing State between several Servers
Session Server - Maintaing State between several ServersSession Server - Maintaing State between several Servers
Session Server - Maintaing State between several Servers
Stephan Schmidt
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
E D Williams
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Alert Logic
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
AnisSalhi3
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018
Mandi Walls
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
Vitalii Sharavara
 

Similar to Ssh cookbook (20)

Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Session Server - Maintaing State between several Servers
Session Server - Maintaing State between several ServersSession Server - Maintaing State between several Servers
Session Server - Maintaing State between several Servers
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 

Recently uploaded

OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

Ssh cookbook

  • 1. SSH COOKBOOK V2 A SSH TOOLS SUITE PRESENTATION ENHANCED VERSION Created by Jean-Marie Renouard / @jmrenouard http://www.jmrenouard.fr/
  • 2. WHAT'S SSH ? SSH is a secure TCP communication protocol. SSH v2 is base standard in all distributions. SSH allows you to connect securely to server. SSH avoid attack such man in the middle.
  • 3. SSH BASIC USAGE Connect to server REF01.mynetwork as osuser $ ssh osuser@REF01.mynetwork
  • 4. WHAT'S NEXT ? Password is asked. osuser@REF01.mynetwork's password : Password is checked based on system. Input password is crypted. Result is compared with /etc/shadow information. Comparaison failed : command fails, simple !
  • 5. AND WHEN IT IS OK ... Comparaison successed SSH asks system for a new shell session. Shell session is based on /etc/passwd info. 7th and last field of /etc/passwd is shell path. Default Welcome Message Last login: Thu Mar 20 23:26:46 2014 from 192.168.X.X Then, You've got a shell ( Bash for instance ) A shell as a local shell remotely / securely !
  • 6. SHELL IS GREAT Ctrl-d : Kill the connection immediately. Ctrl-l : Clean your screen Ctrl-r : Search in bash history on the server Readline powered .bash_history : command history .bash_profile and .bashrc for personal shell customisation (alias, functions, ...)
  • 7. BORING ASPECT OF SSH ONE CONNECTION MEANS ONE PASSWORD CHECK. Password typing No human error probe Ctrl-d, exit, kill -9 0, killall bash, ... Kill/terminate Shell session means : All processes launched from Shell session are also killed. You JUST have to REconnect and REtype your password. REtype your command even if it's long time taking.
  • 8. AVOIDING PASSWORD TYPING Thanks God, it is possible to connect without passord typing. It is as secure as password typing. Maybe more secure: No password Excel File on network No Agile Access info Post-it on ScrumBoard :)
  • 9. SSH KEY GENERATION 2 FILES MUST BE GENERATED 1. Red key : .ssh/id_rsa is your Private SSH key Keep it secret 2. Blue key: .ssh/id_rsa.pub is your Public SSH key.
  • 10. SSH KEY GENERATION COMMAND Key Generation Command: ssh-keygen -t rsa Hey, it is asking me a F*** password !!! Leave it empty :)
  • 11. SSH KEY DEPLOYMENT Public Key Deployment Command: ssh-copy-id -i .ssh/id_rsa.pub ossuer@REF01.mynnetwork It is asking a password for a last time ....
  • 12. AND ALL IS OK ? On the server, .ssh/authorized_keys contains the content of your public key. Try to connect one again. ssh osuser@REF01.mynetwork NO MORE PASSWORD .... Magic Simple, Easy and secure ....
  • 13. IS IT ALL ? How to automate this process ? Library Expect : library interacting with shell programmaticaly. You can script an interactive scenario. And you can execute it automatically.
  • 14. BETTER THAN A SHELL YOU CAN ALSO REMOTELY EXECUTE A COMMAND. Shutdown the server ssh root@REF01.mynetwork shutdown -h now Execute a remote python script ssh osuser@REF01.mynetwork "python remoteScript.py" Know load average on REF01 server ssh osuser@REF01.mynetwork uptime
  • 15. PERL EXPECT #!/usr/bin/perl use strict; use Expect; my $timeout=1; my $command="ssh ".$ARGV[0]." ".$ARGV[2]; my $exp = Expect->spawn($command) or die "Cannot spawn $command: $!n"; $exp->raw_pty(1); LOGIN: $exp->expect($timeout, [ 'ogin: $' => sub { $exp->send("lusern"); exp_continue; } ], [ 'yes/no)?s*$' => sub { $exp->send("yesn"); goto LOGIN; } ], [ 'assword:s*$' => sub { $exp->send($ARGV[1]."n"); exp_continue; } ], '-re', qr'[#>:] $' ); $exp->soft_close();
  • 16. REMOTE EXECUTE A LOCAL SCRIPT PYTHON, BASH, PHP, RYBY, JAVA, ALL INTERPRETERS Interpreter must be present on the remote server Simple Python Script: hello.py #!/usr/bin/python print "Hello World !" Remote execute script:ssh-exec #!/bin/sh INTERPRETER=$(head -n 1 $2 | sed -e 's/#!//') cat $2 | grep -v "#" | ssh -t $1 $INTERPRETER Usage ssh-exec osuser@REF01.mynetwork hello.py
  • 17. FILE TRANSFERT OVER SSH Using the input/output redirection. cat myLocalFile | ssh osuser@REF01.mynetwork "cat > myRemoteFile" Compressing on fly. cat myLocalFile | gzip | ssh osuser@REF01.mynetwork "gzip > myRemoteFile" Compression by SSH himself. cat myLocalFile | ssh -C osuser@REF01.mynetwork "cat > myRemoteFile"
  • 18. DIRECTORIES OVER SSH Commands using input/output for directory tar UNIX archiver command works with stdin and stdout tar -czf – myDir | ssh -C osuser@ref01.mynetwork "mkdir myDir;cd myDir ;tar -xzf -" Better solution A kind of cp based on SSHv2 protocol scp -rp mydir osuser@ref01.mynetwork:myDir Best solution Incremental copy rsync -avz myDir osuser@ref01.mynetwork:myDir
  • 19. MULTIPLE HOST COMMANDS SIMPLE SHELL LOOP ON 3 SERVERS for host in server1 server2 server3; do echo "* Updating $host" ssh -C root@${host}.mynetwork "yum -y update" done SIMPLE SHELL LOOP ON SERVER1 TO SERVER100 for i in `seq 1 100`; do host=server${i}.mynetwork echo "*Updating $host" ssh -C root@${host} "yum -y update" done
  • 20. MULTIPLE HOST COMMANDS IN PARALLEL FORKING SUBSHELLS IN LOOP ON SERVER1 TO SERVER100 for i in `seq 1 100`; do ( host=server${i}.mynetwork echo "*Updating $host" ssh -C root@${host} "yum -y update" 2>&1 >> ${host}.update.log echo "* Updating $host ..DONE" )& done Output and Errors are stored in individual log file per host
  • 21. MULTIPLE HOST COMMANDS IN PARALLEL FORKING SUBSHELLS IN LOOP FROM A FILE while read host; do ( echo "*Updating $host" ssh -C root@${host} "yum -y update" 2>&1 >> ${host}.update.log echo "* Updating $host ..DONE" )& done < "${1:-/proc/${$}/fd/0}" Server are reading from a file or from stdin A file with one server name by line Output and Errors are stored in individual log file per host
  • 22. PORT FORWARDING OPEN A LOCAL PORT AND REDIRECT IT THROUGHT SSH ssh -L2000:localhost:80 user@host1 Open a local port 2000 and redirect I/O to server port 80 on host1 ssh -L8080:host2:80 user@host1 Open a local port 8080 and redirect I/O to server port 80 on host2 Using SSH to host1 to access host2 server
  • 23. REVERSE PORT FORWARDING OPEN A REMOTE PORT ON SERVER AND REDIRECT IT THROUGHT SSH TO CLIENT ssh -R 2000:localhost:80 user@host1 Open a port 2000 on host1 Redirect I/O ond this port to local port80 ssh -R 8080:host2:80 user@host1 Open a remote port 8080 on host1 Redirect I/O to server host2 on port 80 from ssh client host Using SSH to host1 to access host2 server
  • 24. USEFUL SCRIPTS ssh-installkeys, ssh key installer ssh-copy-id, included in openssh-clients in all distributions Fusefs, Filesystem over SSH MUSSH, Multihost SSH perl-Net-SSH-Expect, automate connection without ssh keys scanssh, scan hosts with SSH sshpass, password cracker for SSH
  • 25. PROJECTS FOR MASSIVE REMOTE EXECUTION Ansible in Python Chef in Ruby Rex in Perl Rundeck in Java Envoy in PHP Shunt in PHP SSHKit DO It in Ruby
  • 26. PROJECTS FOR SSH MANAGEMENT GateOne, Web SSH client Storm in Python, manage your SSH identities SSHRC, transport your config everywhere git deliver, deliver files from git and SSH SShuttle, the poor's man VPN Solution
  • 27. STELLAR LINKS Code samples in Bash and Perl http://www.jmrenouard.fr Follow me on Twitter
  • 28. THE END BY JEAN-MARIE RENOUARD / JMRENOUARD.FR