Scribd
Upload
71 views28 pages

Remote Connectivity: 69-3 Nguyen Thi Nho, P9, Q.Tbinh, Tp. HCM

This document chapter explains remote connectivity tools including telnet, rsh, rlogin, rcp and secure shell (SSH). It describes how telnet operates on a client/server model but is insecure. The r-commands allow passwordless login between trusted hosts but lack security. SSH was created as a secure replacement, encrypting all network traffic and supporting strong authentication methods. The document outlines the components, features and installation of OpenSSH, the most common implementation of SSH.

Uploaded by

m3onh0x84
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
71 views28 pages

Remote Connectivity: 69-3 Nguyen Thi Nho, P9, Q.Tbinh, Tp. HCM

This document chapter explains remote connectivity tools including telnet, rsh, rlogin, rcp and secure shell (SSH). It describes how telnet operates on a client/server model but is insecure. The r-commands allow passwordless login between trusted hosts but lack security. SSH was created as a secure replacement, encrypting all network traffic and supporting strong authentication methods. The document outlines the components, features and installation of OpenSSH, the most common implementation of SSH.

Uploaded by

m3onh0x84
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 28

Chapter 16

Remote Connectivity

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Objectives

Explain :
telnet
Rsh
ssh
Configure FTP

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Telnet

Telnet is used to communicate to a host


through telnet protocol on default port 23
It operates on client/server basic. The client
requires an account on the server to login
Most telnet servers will not allow you login as
root because of security. You can login as
normal user and su to root.

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Telnet

telnet is insecure protocol : username and


password send from client to server across
network in clear text
why people still use it ? - telnet can be used
for debugging text based protocol : HTTP,
SMTP and POP

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Relevant File ~/.telnetrc

When users has .telnetrc file in their home


directories, telnet will execute the commands
listed in this file.
# this is a comment
command1
command2

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Telnet Commands

Command Format :
telnet [IP address|host name] [port]
If telnet is executed without options, it will be
started in command mode with prompt “telnet>”
You can change to command mode by “Ctrl-]”
after connected.

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Telnet Commands

?, h, help Lists commands with description


<command> ? More information of command (arg)
open <IP address> Open connection to the IP
address or host name
close = quit Terminates connection from client
logout Requests server to terminate the connection
send Send a special character sequence to the server
status A brief status report of telnet

( See #man telnet for more commands )
SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
The r Commands

There are 3 programs :


rlogin Remote login
rsh Remote shell executes command
rcp Remote copy
Password NOT required if following files are
configured:
/etc/hosts.equiv (system-wide)
$HOME/.rhosts (per-user)
( Entry : [+|-] [hostname] [username] )
SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
The r Commands

rlogin : similar to telnet


rlogin [-l username] <hostname>
rsh : executes cmd on remote host
rsh [-l username] <hostname> <cmd>
Shell meta-characters can be used in <cmd> To have
rsh interpret the meta-characters on remote machine,
put quotation mark around them. If not quotes,
metacharacters are interpreted on local machine :
# rsh –l minh saigonctt “cat ~/file” > local_file
# rsh –l minh saigonctt “cat ~/file” “>” remote_file
SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
The r Commands

rcp : copy files between machines


rcp <dir> <remote username>@<hostname>:<dir>
rcp <remote username>@<hostname>:<dir> <dir>
Example :
rcp /home/file minh@saigonlab:/backup
rcp minh@saigonlab:/backup/file /home
rcp -r /etc minh@saigonlab:/backup/etc
rcp –rp /etc minh@saigonlab:/backup/etc

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Security of r Commands

centers around the idea of trusted users and


hosts , NOT password authentication.
Trusted hosts are also known as equivalent hosts
If NO hosts.equiv is present, NO hosts are trusted
The .rhosts file is used to control access to an
individual user account
It grant/denies password-free access to an
individual user account by means of .rhosts
hosts.equiv does NOT work with root account but
.rhosts does

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
SSH – Secure Shell

SSH originally authored by Tatu Ylonen in


Finland, replacement for telnet, rlogin, rsh, rcp
Everything SSH send across network is
encrypted. SSH has become de-factor
standard for remote connection
SSH can handle X connection

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
SSH Features

Strong authentication with RSA, SecurID,


S/Key, Kerberos and TIS
Secure X11 sessions
Arbitrary TCP/IP ports can be redirect through
the encrypted channel in both directions
Optional compression of all data with gzip
Complete replacement for rlogin, rsh, rcp

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Component of SSH1

sshd Server
ssh Client
scp Secure copy files, replaces rcp
ssh-keygen Creates RSA keys (host key and
authentication keys)
ssh-agent Authentication agent, used to hold RSA
keys for authentication
ssh-add Used to register new key with the agent
make-ssh-known-hosts Used to create
/etc/ssh/ssh_known_hosts file
SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Component of SSH2

sshd2 Server
ssh2 Client
sftp-server2 SFTP Server (executed by sshd2)
sftp2 SFTP Client (need ssh2)
scp2 Secure copy files, replaces rcp

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Component of SSH2

ssh-keygen2 The utility for generating keys


ssh-agent2 Authentication agent, used to hold
RSA keys for authentication
ssh-add2 Add identifier to the authentication
agent
ssh-askpass2 X11 utility for querying
password

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
SSH2 Changes

SSH has been 98% rewritten


Supports other key-exchange methods
besides RSA :Diffie-Hellman key exchange
Supports for DSA and other public key
algorithms besides RSA
New added features : sftp , the secure file
transfer protocol

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
SSH2 Changes

New added features : sftp , the secure file


transfer protocol
More secure and allows integration into public
key infrastrucres
Supports “subsystems”, platformindependent
module, built-in SOCKS, …

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Install SSH1 – from OpenSSH

Because of legal reasons, SSH is not


included by default in Linux. You can download
and install from source code or from OpenSSH
OpenSSH suite includes :
ssh (replaces telnet and rlogin)
scp (replaces rcp)
sftp (replaces ftp)

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Install SSH1 – from OpenSSH

Server : openssh-server-xxx.rpm (sshd,


sshd_config, sftp-server,...)
Client : openssh-clients-xxx.rpm (ssh,
ssh_config, sftp, ...)
Addtion tools : openssh-xxx.rpm (scp, ssh-
keygen, ...)

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
SSH1 Configure
Configure files :
Server : /etc/ssh/sshd_config
Client : /etc/ssh/ssh_config
These file contains keyword-value pairs, one per line, use ‘#’
as comment. Keyword are case sensitive :
# more /etc/ssh/sshd_config
Port 22
ListenAddress 0.0.0.0
PermitRootLogin yes
IgnoreRhosts yes
RhostsAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
...

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Using SSH

Using ssh is similar to telnet or rlogin.


Here are some examples for a server
named “smallfry” in your /etc/hosts file
[root@bigboy tmp]# ssh smallfry
[root@bigboy tmp]# ssh –l peter smallfry
[root@bigboy tmp]# ssh –l peter –p 435 \
smallfry

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
File Transfer - ftp

 ftp (file transfer protocol) provides service for


file transfer from/to your computer.
All Linux distributions offer the wu-ftpd
program, which is ftp daemon developed at
Washington University.
wu-ftpd is the most common daemon on the
Internet

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
FTP – Relevant Files

/etc/ftpaccess
/etc/ftphosts
/etc/ftpusers
/etc/ftpconversion

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
/etc/ftpaccess
It’s main configuration file
class all real,guest,anonymous *
email root@localhost
loginfails 5
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
chmod no guest,anonymous
delete no anonymous
rename no anonymous

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
/etc/ftphosts

It’s used to allow or deny access to certain


accounts from various hosts.

allow henry 10.1.2.3


deny fred example.org 10.2.3.*

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
/etc/ftpusers

It contains login names of users who are NOT


allow to login to your system
root
bin
daemon
adm
lp
mail
news
uucp

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102
Proftpd

It’s another powerful ftp server, not popular as


wu-ftpd but easier to configure and more
secure.
It can run as stand-alone server or from inetd
Relevant files :
/usr/sbin/in.proftpd : server daemon
/etc/proftpd.conf : main configuration file

SAIGONLAB 83 Nguyễn
69-3 ThịThi
Nguyen Nhỏ,Nho,
P9, Q.Tân Bình, Tp.Tp.
P9, Q.TBinh, HCMHCM LPI 102

You might also like