TimeLinux1

Thursday, November 4, 2010

Linux HowTo: SSh Primer

Secured Shell or ssh uses the technology of public-key-cryptography as the base.
    -it requires two keys to open a file (public + private); somewhat like a bank locker which req two keys (bank's + user's)
    -public   key is freely accessible.
    -private  key is strictly restricted.
    -The combination of public + private key is supposed to be unique.

-how it works?
        . both receiver and sender must have access to each others public key
        . sender encrypts:      sender priv key + receiver pub key + data
        . sender sends
        . receiver decrypts:    sender pub key + receiver priv key + data

Note:
-ssh is a proprietary protocol owned by the Finnish company ssh communications security.
-although the source code for original ssh is open, varios restrictions are imposed about its use and distribution.
-openssh is the opensource version of ssh under the openbsd project and is more popular and secure than the original ssh.

-To be fully secure, all insecure connections in a network need to be eliminated.
-eg:    host 'a' connects to host 'b' via telnet; host b connects to host 'c' via ssh.
          then in this case, due to the insecure a-b conn, the traffic bet b-c can be monitored and cracked.

-useful commands:
        # yum -y install openssh-server
        # rpm -qa | grep -i openssh
        # service sshd    start | stop | status
        # ssh -6 user@server                [ ipv6 ]
More       
        . /etc/ssh/sshd_config                [ server daemon ]
        . /etc/ssh/ssh_config                  [ client   daemon ]
        . ~/.ssh/known_hosts                [ a directory of ssh hosts ]

-ssh tunneling = port forwarding     =    poor man's vpn
-using one hostA to connect securely to another hostB (ie via hostA)
        clientA# ssh    -L    local_port:hostA:dest_port   hostB
    ie:    clientA-----hostA====hostB
    ie:    user on clientA authenticates on hostA but securely connects to hostB.
    ie:    it is a way for people inside a firewall or proxy to bypass the firewall restrictions and get to the computers in the outside world.

 -ssh tunneling = port forwarding = a way to forward otherwise insecure tcp traffic through ssh.
 -utility             = allows users to access securely their company data while remote (home, internet, etc)
 -as long as the user has an ip conn to the Internet, he can connect to the remote server securely.

-sftp is a secure ftp service offered under ssh daemon.
        # sftp    user@host
        sftp>bla bla
        sftp> bye
Posted by Unknown at 6:27 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)