SSH Tricks Matthew G Marsh SSH Tricks 1
- Slides: 16
SSH Tricks Matthew G. Marsh SSH Tricks 1
Overview § SSH – What is it – How does it work § Discussion of Network Topology – Tricks for multiple hosts – Keys and config files – Multi. Hop tricks § Q&A SSH Tricks 2
SSH § What is it – Secure Shell was developed to solve the two most acute problems in the Internet, secure remote terminal logins and secure file transfers. – Essentially an encrypted Remote Utilities replacement § How does it work – Set up and generation of an encrypted TCP connection – Authentication can be Password or Pub. Priv key • Yes there are others but that is where the cracks are… – Arbitrary TCP ports - WKP = 22 § In this session we will concentrate on SSH 1 using key based authentication SSH Tricks 3
Simple Examples § Two hosts – 1 has a sshd running on WKP – 2 has a client root@2: ssh 1 root@1’s password: # § This allows root to login remotely using a password BAD! § Better is to define: ‘Permit. Root. Login no’ in the sshd_config file SSH Tricks 4
Simple Examples § Two hosts - preshared key – 1 has a sshd running on WKP – 2 has a client tech@2: ssh 1 tech@2$ § The way to set this up is as follows: tech@2$ ssh-keygen -t rsa 1 -f /home/tech/. ssh/key 4 mac 1 -N “” tech@2$ scp. ssh/key 4 mac 1. pub tech@1: ~/. ssh/authorized_keys tech@1’s password: tech@2$ cat >. ssh/config Host 1 User tech Protocol 1 Identity. File /home/tech/. ssh/key 4 mac 1 Hostname 10. 1. 2. 1 ^D SSH Tricks 5
A wee bit less Simple Examples § Two hosts - preshared key – 1 has a sshd running on port 17 – 2 has a client tech@2: ssh 1 tech@2$ § The way to set this up is as follows: tech@2$ ssh-keygen -t rsa 1 -f /home/tech/. ssh/key 4 mac 1 -N “” tech@2$ scp -P 17. ssh/key 4 mac 1. pub tech@1: ~/. ssh/authorized_keys tech@1’s password: tech@2$ cat >. ssh/config Host 1 User tech Port 17 Protocol 1 Identity. File /home/tech/. ssh/key 4 mac 1 Hostname 10. 1. 2. 1 ^D SSH Tricks 6
A wee bit less Simple Examples § Three hosts - Assume: preshared keys – 1 has sshd running on port 17 – 2 has sshd running on port 27 tech@3: ssh 2 ‘ssh 1’ tech@1$ § The way to set this up is as follows: tech@3$ cat >. ssh/config Host 2 User tech Port 27 Protocol 1 Identity. File /home/tech/. ssh/key 4 mac 2 Hostname 10. 1. 2. 2 ^D § Note you may need ssh -t 2 ‘ssh -t 1’. . . SSH Tricks 7
AN 4 SCD § Buy a copy of “SSH” by Daniel J. Barrett & Richard E. Silverman pub. O’Reilly (ISBN: 0 -596 -00011 -1) § Read it § I use openssl 0. 9. 7 c with openssh 2. 9. 9 p 2 -PS 2. 4. 18 § I do not use any other version of SSH § I use Protocol 1 on purpose § I use TCP Wrappers w/ IPv 6 extensions § I keep tight controls using TCP Wrappers SSH Tricks 8
AN 4 SCD - 2 § Static Compile methods Get the latest openssl 1. Compile it static with the /usr/static directory target. /config --openssldir=/usr/static --prefix=/usr/static no-shared 2. Get openssh-2. 9. 9 p 2 -PS 2. 4. 18 http: //www. paksecured. com. /configure --prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddrdisplay --with-ipv 4 -default –with-tcp-wrappers compile it and install Edit the sshd config file Make sure you also change the paths for the keys!! SSH Tricks 9
AN 4 SCD – sshd_config Port 17 Protocol 1 Listen. Address 192. 168. 1. 1 Host. Key /usr/static//etc/ssh_host_key Key. Regeneration. Interval 3600 Server. Key. Bits 768 Syslog. Facility AUTH Log. Level INFO Login. Grace. Time 600 Permit. Root. Login no Strict. Modes yes RSAAuthentication yes Pubkey. Authentication yes Rhosts. Authentication no Ignore. Rhosts yes Rhosts. RSAAuthentication no Password. Authentication yes Permit. Empty. Passwords no Challenge. Response. Authentication no X 11 Forwarding no X 11 Display. Offset 10 Print. Motd yes Keep. Alive yes SSH Tricks 10
Fun Examples - 1 § Using commands attached to keys – On the server define a command in the authorized_keys file associated with a key – Format is “command=“my/command/string”…key data… EX: command=“/bin/ls -al /logs”ABCDEF 1234567 Then ssh with the appropriate key will only allow you to execute this command. Note that this is per key so… SSH Tricks 11
Fun Examples – 1 A § Each connection performs a different function: command=“/bin/tar –C /var –zc logs/” 1024 35 1401127197419957603963992310744541309544383747259734516089771188967767458939385504290 6266397233675535209345620851916409713765178056035743236657401456397953787690189347836 3907211327813169574947477644423751539165732401392118051347844589891126078421590846523 123481112885029800203382369752603047612281250015390957 mgm@mgmlap. paksecured. org command=“/bin/tar –C / –zc etc/” 1024 35 2201127197419957603963992310744541309544383747259734516089771188967767458939385504290 6266393132085191640971376517805603723367553169905743236657401456397953787690189347836 3907211327813169574947477644423751539165732401392118051347844589891126078421590846523 123481112885029800203382369752603047612281250015390957 mgm@mgmlap. paksecured. org command=“/bin/tar –C /home –zc mgm/mail/” 1024 35 2301127197419957603963992310744541309544383747259734516089771188967767458939385504290 6266397233675531699031320980020338236975260308519164097137651780560357432366574014563 9795378769018934783639072113278131695749474776444237515391657324013921180513478445898 911260784215908465231234811128850247612281250015390957 mgm@mgmlap. paksecured. org § First one is keytar 1 § Second one is keytar 2 § Third one is keytar 3 SSH Tricks 12
Fun Examples – 1 B § Assuming we have setup the config file then: ssh 1 | tar –zxv Will generate a copy including timestamps and permissions of the logs/ directory ssh 2 | tar –zxv Will generate a backup copy of our remote etc/ directory (assuming we have permission…) SSH Tricks 13
Fun Examples - 2 § Multi. Bounce Sessions – Using the three hosts example from earlier § Consider: ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv Note that there are limits… SSH Tricks 14
Q&A SSH Tricks 15
This is The SSH Tricks 16
- Alice drablow quotes
- Lori marsh
- Navan nasya
- Woodson bridge sra
- Psychological harassment
- Api test procedure
- Marsh latin
- Salt marsh plant adaptations
- Celiachia tipo 3a sec marsh
- Yem mai marsh
- Dr courtney marsh
- Decomposers in a salt marsh
- Kristina marsh
- Marsh hawk trophic level
- Terry marsh finance
- Marsh risk and insurance services
- Who has defined style as: 'proper words in proper places?