Ensurepass

32. OpenSSH
32.1 Overview
1. Replaces insecure network communication applications.
2. Can authenticate via user and/or token.
3. Can tunnel insecure protocols through an encrypted tunnel.
4. Packages
o openssh – Provides core components for both openssh-servers and openssh-clients.
o openssh-server – Contains sshd, the secure shell daemon.
o openssh-clients – Includes ssh, slogin, ssh-agent, ssh-add, sftp.
o openssh-askpass – Provides X11 based pass phrase dialog.
o openssh-askpass-gnome – A GNOME specific X11 based pass phrase dialog.
o openssl – Provides cryptographic libraries.
5. Ports
o sshd – TCP 22
32.2 Configuration
1. /etc/ssh/
o Client and Server configurations stored here.
o Server Related Files
1. sshd_config – Primary server configuration file.
Sample options:
Port 22 # Port to bind to
Protocol 2,1 # Protocol versions and order to use them in.
#ListenAddress 0.0.0.0 # Bind to all addresses.
ListenAddress 192.168.1.20 # Bind to a specific interface.
HostKey /etc/ssh/ssh_host_key # Specify Host key files
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768 # Size of server key for SSHv1 protocol
LoginGraceTime 600
KeyRegenerationInterval 3600 # How often server key is regenerated in SSHv1 protocol
PermitRootLogin no # Don’t allow root to login directly
IgnoreRhosts yes # Ignore .rhost files
IgnoreUserKnownHosts yes # Ignore user’s known_hosts files.
StrictModes yes # Tells sshd to check file modes and ownerhsip of
# user files before allowing login
X11Forwarding yes # Permit X11 Forwarding
X11DisplayOffset 10 # Specifies which display to use when forwarding

# Enable secure ftp
Subsystem sftp /usr/libexec/openssh/sftp-server

2. ssh_known_hosts – Contains a list of hostnames and their associated public key.
3. ssh_host_key & ssh_host_key.pub – Private/Public RSA key-pair for SSHv1 protocol.
4. ssh_host_rsa_key & ssh_host_rsa_key.pub – Private/Public RSA key-pair for SSHv2 protocol.
5. ssh_host_dsa_key & ssh_host_dsa_key.pub – Private/Public DSA key-pair for SSHv2 protocol.
o Client Related File(s)
1. ssh_config – Client configuration file.
Default configuration:
# Site-wide defaults for various options

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_rsa
# Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar ~

32.3 Client Usage
1. ssh
2. ssh 192.168.1.25 # Login to host 192.168.1.25 via ssh as local user initiating session
3. ssh server.xyz.com # Login to host server.xyz.com
4. ssh steve@192.168.1.25 # Login to host 192.168.1.25 as user steve
5. ssh 192.168.1.25 ls -la # Execute ‘ls -la’ on host 192.168.1.25
6.
7. scp – Secure Copy
8. scp essay steve@192.168.1.25:school_dir # Copy local file ‘essay’ to directory school_dir
9. # in steve’s home directory on the remote host
10. scp essay steve@192.168.1.25:english_paper # Copy local file ‘essay’ to remote host and rename
11. # it to ‘english_paper’ on the remote host
12. scp -r ~/docs steve@192.168.1.25 # Copy the local directory docs and all of it’s
13. # contents to the remote host
14.
15. sftp – Secure ftp
16. sftp steve@192.168.1.25 # Logs into host 192.168.1.25 as user steve and provides an
17. # ftp like session.
18. sftp -C steve@192.168.1.25 # Same as above, only enables compression too.
19.
32.4 Authentication Methods Supported by sshd
1. password – Sent securely through encrypted tunnel.
2. Public Key – Put public key in ?/.ssh/authorized_keys on remote host. Private key is then used to authenticate user with remote host.
3. Kerberos
4. s/key
5. SecureID
32.5 ssh-agent usage
eval `ssh-agent`
ssh-add
32.6 Keys
1. Generate with ssh-keygen.
2. ssh-keygen -b 1024 # Generate 1024 bit RSA key for SSHv1 protocol
3. ssh-keygen -t dsa -b 1024 # Generate a 1024 bit DSA key for SSHv2 protocol
4. ssh-keygen -t rsa -b 1024 # Generate a 1024 bit RSA key for SSHv2 protocol
5. Key Location:
o RSA (SSHv1 protocol) – ~/.ssh/identity and ~/.ssh/identity.pub
o RSA (SSHv2 protocol) – ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
o DSA (SSHv2 protocol) – ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub

Download the Ensurepass Latest 2013 RHCE EX300 Practise Test PDF to pass RHCE EX300 exam.

Comments are closed.