Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
SSH Server Setup using OpenSSH on CentOS 5.8
Prof Jeong Chul
tland12.wordpress.com
Computer Science
ITC and RUPP in Cambodia
SSH Server Setup using OpenSSH
on CentOS 5.8 Part 1 • Step 1 Package installation and Startup
• Step 2 SSH Authentication
Part 2 • Step 3 SSH Port Forwarding
• Step 4 X11 Forwarding
• Step 5 SSH Client Tools
• Step 6 SSH Access Control
Step 1 Package installation & service startup
1. Package installation • openssh-askpass-4.3p2-82.el5 // X11 passphrase • openssh-clients-4.3p2-82.el5 // ssh,slogin,ssh-add,sftp • openssh-4.3p2-82.el5 // ssh-keygen, scp • openssh-server-4.3p2-82.el5 // sshd 2. Service startup # service sshd start 3. Service startup checking # ps –ef | grep sshd # netstat –nat | grep 22 4. Runlevel registration # chkconfig sshd on # chkconfig –list sshd 5. Testing : ssh username@ssh-server
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (2)
1. Server Authentication (/etc/ssh) ssh_host_rsa_key & ssh_host_rsa_key.pub
ssh_host_dsa_key & ssh_host_dsa_key.pub
~/.ssh/known_hosts
# ssh –vvvv username@ssh-server
2. User Authentication • Password Authentication
• Public Key Authentication
• Host based Authentication
• Kerberos
Step 2 SSH Authentication (3)
1.Public Key Authentication On Server RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
# service sshd restart On Client $ ssh-keygen –t rsa(dsa) –b 1024 $ scp .ssh/id_rsa.pub user@server:.ssh/authorized_keys $ ssh user@ssh-server 2. Adding Keys $ eval $(ssh-agent) or ssh-agent bash $ ssh-add $ ssh-add -l
Step 3 SSH Port Forwarding
1. Port Forwarding = Tunneling TCP connections over secure tunnel using OpenSSH 2. Server Configuration AllowTcpForwarding yes GatewayPorts yes 3. Local Forwarding # ssh –L 1234:localhost:25 –N user@ssh-server # telnet localhost 1234 4. Remote Forwarding On SSH Client (server system) # service httpd start # ssh –R 10000:localhost:80 –N user@ssh-server On SSH Server (client system) http://localhost:10000/
Step 3 SSH Port Forwarding
Local Port Forwarding
Step 3 SSH Port Forwarding
Remote Port Forwarding
Step 4 X11 Forwarding
1. GUI Program Forwarding
2. On Server
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# service sshd restart
3. On Client
ForwardAgent yes
ForwardX11 yes
# xhost +
$ ssh –X user@ssh-server
$ xclock &
Step 5 SSH Client Tools 1. ssh
$ ssh root@ssh-server reboot
$ ssh linux@ssh-server
2. scp
$ scp linux@ssh-server:.ssh/authorized_keys id_rsa.pub
3. sftp
$ sftp server
$ sftp username@server
4. sshfs
# yum install sshfs $ sshfs server:/remote_dir /mnt/local_dir
5. ssh-keyscan
$ ssh-keyscan -t rsa,dsa client
6. Windows Clients
SecureCRT, Putty, Teraterm
Step 6 Access Control
1. Tcp_wraper
/etc/hosts.deny
sshd:ALL
/etc/hosts.allow
sshd:192.168.80.0/255.255.255.0
2. Options
AllowUsers/AllowGroups // Only these users
DenyUsers/DenyGroups // Only these users
PermitRootLogin yes or no
3. IPTABLES (Firewall) -A INPUT -s 192.168.80.0/24 -m state --state NEW,ESTABLISHED -p tcp --dport 22 -j
ACCEPT
SSH Server Setup using OpenSSH
on CentOS 5.8
Thank you !!