Remote Connectivity
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (201.58 KB, 29 trang )
The Saigon CTT
Remote
Connectivity
The Saigon CTT
Objectives
Explain :
telnet
rsh
ssh
Configure FTP
The Saigon CTT
Telnet
Telnet is used to communicate to a host
through telnet protocol on default port 23
It operates on client/server basic. The client
requires an account on the server to login
Most telnet servers will not allow you
login as root because of security. You can
login as normal user and su to root
The Saigon CTT
Telnet
telnet is insecure protocol : username and
password send from client to server across
network in clear text
why people still use it ? - telnet can be used
for debugging text based protocol : HTTP,
SMTP and POP
The Saigon CTT
Relevant File - ~/.telnetrc
When users has .telnetrc file in their
home directories, telnet will execute the
commands listed in this file.
# this is a comment
saigonctt send ayt
DEFAULT environ export USER
The Saigon CTT
Telnet Commands
Command Format :
telnet [IP address|host name] [port]
If telnet is executed without options, it will be
started in command mode with prompt
“telnet>”
You can change to command mode by
“Ctrl-]” after connected.
The Saigon CTT
Telnet Commands
?, h, help
Lists commands with description
<command> ?
More information of command (arg)
open <IP address> Open connection to the IP address or host name
close = quit
Terminates connection from client
logout
Requests server to terminate the connection
send
Send a special character sequence to the server
status
A brief status report of telnet
…
( See #man telnet for more commands )
The Saigon CTT
The r Commands
There are 3 programs :
rlogin
Remote login
rsh
Remote shell executes command
rcp
Remote copy
Password NOT required if following files
are configured:
/etc/hosts.equiv
(system-wide)
$HOME/.rhosts
(per-user)
( Entry : [+|-] [hostname] [username] )
The Saigon CTT
The r Commands
rlogin :
similar to telnet
rlogin [-l username] <hostname>
rsh
: executes cmd on remote host
rsh [-l username] <hostname> <cmd>
Shell meta-characters can be used in <cmd> To have rsh
interpret the meta-characters on remote machine, put
`quotation mark around them. If not quotes,metacharacters are interpreted on local machine :
# rsh –l minh saigonctt “cat ~/file” > local_file
# rsh –l minh saigonctt “cat ~/file” “>” remote_file
The Saigon CTT
The r Commands
rcp : copy files between machines
rcp <dir> <remote username>@<hostname>:<dir>
rcp <remote username>@<hostname>:<dir> <dir>
Example :
rcp /home/file minh@saigonctt:/backup
rcp minh@saigonctt:/backup/file
/home
rcp -r /etc minh@saigonctt:/backup/etc
rcp –p /etc minh@saigonctt:/backup/etc
The Saigon CTT
Security of r Commands
centers around the idea of trusted users
and hosts , NOT password authentication.
• Trusted hosts are also known as equivalent hosts
• If NO hosts.equiv is present, NO hosts are trusted
• The .rhosts file is used to control access to an
individual user account
• It grant/denies password-free access to an individual
user account by means of .rhosts
• hosts.equiv does NOT work with root account
but .rhosts does
The Saigon CTT
SSH – Secure Shell
SSH originally authored by Tatu Ylonen in
Finland, replacement for telnet,
rlogin, rsh, rcp
Everything SSH send across network is
encrypted. SSH has become de-factor
standard for remote connection
SSH can hanlde X connection
The Saigon CTT
SSH Features
Strong authentication with RSA, SecurID,
S/Key, Kerberos and TIS
Secure X11 sessions
Arbitrary TCP/IP ports can be redirect
through the encrypted channel in both
directions
For forwarding, ssh captures on port 6010
Optional compression of all data with gzip
Complete replacement for rlogin, rsh, rcp
The Saigon CTT
Component of SSH1
sshd
Server
ssh
Client
scp
Sercure copy files, replaces rcp
ssh-keygen
Creates RSA keys (host key and
authentication keys)
ssh-agent
Authetication agent, used to hold
RSA keys for authentication
ssh-add
Used to register new key with the
agent
make-ssh-known-hosts Used to create
/etc/ssh/ssh_known_hosts file
The Saigon CTT
Component of SSH2
sshd2
Server
ssh2
Client
sftp-server2
SFTP Server (executed by
sshd2)
sftp2
scp2
SFTP Client (need ssh2)
Sercure copy files, replaces rcp
The Saigon CTT
Component of SSH2
ssh-keygen2
The utility for generating keys
ssh-agent2
Authetication agent, used to hold
RSA keys for authentication
ssh-add2
Add identifier to the authentication
agent
ssh-askpass2 X11 utility for querying password
The Saigon CTT
SSH2 Changes
SSH has been 98% rewritten
Supports other key-exchange methods
besides RSA : Diffie-Hellman key exchange
Supports for DSA and other public key
algorithms besides RSA
The Saigon CTT
SSH2 Changes
New added features : sftp , the secure file
transfer protocol
More secure and allows integration into
public key infrastrures
Supports “subsystems”, platformindependent module, built-in SOCKS, …
The Saigon CTT
Install SSH1 – from OpenSSH
Because of legal reasons, SSH is not included by
default in Linux. You can download and install from
source code or from OpenSSH
OpenSSH suite includes :
• ssh (replaces telnet and rlogin)
• scp (replaces rcp)
• sftp (replaces ftp)
The Saigon CTT
Install SSH1 – from OpenSSH
Server : openssh-server-xxx.rpm
(sshd, sshd_config, sftp-server,
...)
Client : openssh-clients-xxx.rpm
(ssh, ssh_config, sftp, ...)
Addtion tools : openssh-xxx.rpm
(scp, ssh-keygen, ...)
