SSH Can

Transcript

1. SSH Can

2. SSH can start a shell in remote host $ s

   s h r o o t @ 1 8 8 . 1 6 6 . 2 5 3 . 2 5 3 P a s s w o r d : s s h d e m o #

3. SSH can save you some typing $ v i m

   ~ / . s s h / c o n f i g H o s t s s h d e m o H o s t N a m e 1 8 8 . 1 6 6 . 2 5 3 . 2 5 3 U s e r r o o t

4. SSH can save you even more typing (authentication with SSH

   key) Step 1: First, you need to generate your SSH key $ s s h - k e y g e n G e n e r a t i n g p u b l i c / p r i v a t e r s a k e y p a i r . E n t e r f i l e i n w h i c h t o s a v e t h e k e y ( / r o o t / . s s h / i d _ r s a ) : E n t e r p a s s p h r a s e ( e m p t y f o r n o p a s s p h r a s e ) : E n t e r s a m e p a s s p h r a s e a g a i n : Y o u r i d e n t i f i c a t i o n h a s b e e n s a v e d i n / r o o t / . s s h / i d _ r s a . Y o u r p u b l i c k e y h a s b e e n s a v e d i n / r o o t / . s s h / i d _ r s a . p u b . T h e k e y f i n g e r p r i n t i s : 2 9 : a 4 : 8 3 : 8 a : a 7 : c 7 : a 6 : d 3 : a 5 : 6 6 : 4 1 : c 6 : 0 3 : 0 e : b 3 : 0 c r o o t @ s s h d e m o T h e k e y ' s r a n d o m a r t i m a g e i s : + - - [ R S A 2 0 4 8 ] - - - - + | | | E | | = = . | | . o = . o . | | o . . o . S | | . . . . . . | | o o . + | | . o O | | o B | + - - - - - - - - - - - - - - - - - +

5. SSH can save you even more typing (authentication with SSH

   key) Step 2: Copy your SSH public key $ c a t ~ / . s s h / i d _ r s a . p u b s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A D A Q A B A A A B A Q D X g D g c r R n W n J O w f L U 0 Z Q P t U l F j r v W Y t F l W l 3 M 7 N p L 1 J T g g p r J X N Q e C c 7 y a M 2 E 1 G S 2 W q Z H C d C Z Q X v L U s Y Y i / x 2 E j l l f 5 u / j b 4 a P b X g u o p a P 3 M i W R 3 9 m b j C v f 2 h 9 6 5 T R 4 q R Y L W Y 5 6 x t a W p m z D Y e J F 3 g 1 s F E N a 4 z 8 p i 2 3 e W k s 6 Z n l Y h J 2 9 1 K u Y w k 3 R q S a 6 + H c 8 d H S U A Y 5 q 2 Y Y f K y W a u C U S 5 g S 7 0 F a v K l k i i X a M N / 5 v w A S r U 4 1 d 9 w K g H y l V H 0 U 7 b y 2 / c Y M E B h O T X U D a 3 c Y d j c h E C 0 8 I Z f H R G Q 0 c 0 O 3 W A 7 0 x 9 T q 4 c R Q x 2 o T A B D Y g l Q q U u 0 p O s / p H Y n q k n h f Z f 5 Z Y h C / 2 7 6 h r o o t @ s s h d e m o

6. SSH can save you even more typing (authentication with SSH

   key) Step 3: Add SSH public key to a u t h o r i z e d _ k e y s s s h d e m o # m k d i r - p ~ / . s s h s s h d e m o # c a t m y k e y . p u b > > ~ / . s s h / a u t h o r i z e d _ k e y s

7. SSH can save you even more typing (authentication with SSH

   key) How do you know a coworker's SSH key with style? $ c u r l h t t p s : / / g i t h u b . c o m / r i c k m a k . k e y s s s h - r s a A A A A B 3 N z a C 1 y c 2 E A A A A B I w A A A Q E A 1 F 7 k u I x N 6 o P f W I 8 o 7 7 w g o 7 l b x l F k x u 9 P j a Y l y 4 U 0 F P c r E o d A r Q 4 6 V H T d u 7 H O A e I v Y 8 k Q i L L d 8 t 0 k r A 0 T 6 N W 3 B f k 4 N y 8 x N s 0 m e d / G X d B P a l h 4 W 0 R 0 3 0 Z y 4 N e B J J 2 k D c W t V u k r N v M 6 S k y 9 V o k l s 0 H / 8 w l I m T v 3 D R C / 2 q T w e X y d O o 7 S F x H 1 U S G w t u p j C 8 E v v U + z 3 7 c 1 L G Q G L Y L 0 L c F s m 6 a E H n d 1 B B g M C N i L F E W c S + S V 7 b 2 D h W C U X / Z 2 5 R T c B 7 L l + p V L Q E w z 3 c f U 0 A i v a X V o K z w Q H / r G e 6 q 7 U a 8 9 i U A C M W 9 D k h Q y M 7 5 a b y Y B 0 A H l I S 6 c b R Z G u 5 q a g K m S f 7 O i R T R p p t / + 8 Q = =

8. SSH can forward your key to remote host without exposing

   your private key $ s s h - A s s h d e m o s s h d e m o # s s h r o o t @ o t h e r h o s t o t h e r h o s t # TYPE LESS: Add F o r w a r d A g e n t to ssh_config

9. SSH can copy files to/from remote host $ s c

   p s s h d e m o : r e m o t e _ f i l e . t x t l o c a l _ f i l e . t x t $ s c p l o c a l _ f i l e . t x t s s h d e m o : r e m o t e _ f i l e . t x t

10. SSH can execute program without shell $ s s h

    s s h d e m o u n a m e - a SSH executes `uname -a` at the remote host, then disconnect.

11. SSH can read/write stdin/stdout $ s s h s s

    h d e m o l s - 1 | p b c o p y $ c a t ~ / . s s h / i d _ r s a . p u b | s s h s s h d e m o s h - c " c a t > > ~ / . s s h / a u t h o r i z e d _ k e y s "

12. SSH can connect to locked-down host via gateway $ v

    i m ~ / . s s h / c o n f i g H o s t p r o d H o s t N a m e s e c u r e - s e r v e r . e x a m p l e . c o m U s e r r o o t P r o x y C o m m a n d s s h u b u n t u @ g a t e w a y - s e r v e r . e x a m p l e . c o m e x e c n c % h % p SSH set up the proxy by running P r o x y C o m m a n d , then connect to target host through the proxy.

13. SSH can forward local port to remote port $ s

    s h - L 3 3 0 6 : l o c a l h o s t : 3 3 0 6 s s h d e m o You can now connect to localhost:3306 for MySQL server running on the remote host.

14. SSH can forward remote port to local port $ s

    s h - R 8 0 : l o c a l h o s t : 8 0 0 0 s s h d e m o Port 80 on remote server is now forwarded to localhost:8000. NOTE: Need G a t e w a y P o r t s in s s h d _ c o n f i g ( 5 )

15. SSH can act as SOCKS proxy $ s s h

    - D 2 1 0 8 0 s s h d e m o SOCKS proxy now listening at localhost:21080.

16. SSH can run GUI programs $ s s h -

    X s s h d e m o s s h d e m o # f i r e f o x

17. Thank you

18. None