ae6382 secure shell usually referred to as ssh, the name refers to both a program and a protocol....
TRANSCRIPT
AE6382
Secure Shell
Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking codes
•Data encryption and compression
•Terminal access to remote computers
•File transfer
•Command execution on remote computers
•Support for port forwarding
AE6382
Secure Shell
•There are currently two versions of the SSH protocol. Version 1 is considered insecure and should not be used unless there is no choice.
•The version to use can be configured on both the client and server systems.
•The protocol implements
•Remote terminal
•Remote file transfer (scp and sftp)
•Remote command execution
The Protocol
AE6382
Secure Shell
•scp is the secure copy operation. It is based on the Unix cp (file copy) program but does so securely across a network.
•sftp is a file transfer loosely based on the standard ftp file transfer program. It is like ftp only in the client interface. It requires the server to specifically support this option.
The Protocol
AE6382
Secure Shell
•There are several implementations of secure shell available both commercial and free.
•A list of available versions can be located at
•http://freessh.org/
•The most common version for use on Windows is PuTTy
•Georgia Tech has a license for the commercial SecureCRT program.
•The most common version for use on Linux is OpenSSH
The Program
AE6382
Secure Shell
•PuTTy is a Windows implementation of the ssh program.
•http://www.chiark.greenend.org.uk/~sgtatham/putty/
•It consists of several programs•putty.exe – the terminal access program
•pscp.exe – the file copy program
•psftp.exe – the ftp-like file transfer program
•plink.exe – the remote command execution program
•pageant.exe – program to handle keys
•puttygen.exe – program to generate keys
Program - PuTTy
AE6382
Secure Shell
•When installing PuTTy place all executables in a directory such as c:\putty or c:\bin
•Place this directory in your path (use System control panel)
Program - PuTTy
AE6382
Secure Shell
•There is a free Windows GUI implementation for file transfer, WinSCP, at
•http://winscp.net/
•It implements both scp and sftp
•A multi-purpose program that implements the ssh/sftp protocol is FileZilla
•http://filezilla.sourceforge.net/
•It also does ftp
The Program
AE6382
Secure Shell
•The OpenSSH program is found at,
•http://www.openssh.org/
•This package implements the client, server, and key generation software
•Intended for BSD, Linux, and Linux systems
•A Windows installation based on Cygwin can be found at
•http://sshwindows.sourceforge.net/
•A Mac OS graphical file transfer version (sftp) is at,
•http://rsug.itd.umich.edu/software/fugu/
The Program
AE6382
Secure Shell
PuTTy Configuration
Upon first connection the dialog above will appear. A similar dialog will appear if the server’s key has changed. If you accept the server’s identity then press “Yes”.
AE6382
Secure Shell
•pscp source destination
•Source/destination: user@host:path
•Do not use user@host for a local file
•For path use target systems file conventions
•Spaces in path require quoted names
•pscp c:\data\data1.dat [email protected]:/project/data/
•pscp gburdell@newton:presentation1.ppt presentation1.ppt
File Transfer – PuTTy scp
AE6382
Secure Shell
•psftp server
•Server: user@host:path
•psftp gburdell@newton
•cd /project/data
•put c:\data\data1.dat
•exit
File Transfer – PuTTy sftp
AE6382
Secure Shell
•plink –ssh gburdell@newton ls
•plink –ssh gburdell@newton “cat file”
Remote Command Execution – PuTTy
AE6382
Secure Shell
•An alternative to entering your password is to setup ssh’s public key authentication
•Generate a public/private key pair
•Distribute the public key to servers
•Enable public key authentication in client
Public Keys for SSH Authentication
AE6382
Secure Shell
•Use the puttygen.exe program to generate key pair
Public Keys for SSH Authentication - PuTTy
AE6382
Secure Shell
•Save your key files on local disk, use a pass phrase
•Transfer the public key to the server
•Usually the server is OpenSSH based
•Get a copy of .ssh/authorized_keys from server (scp)
•Open in WordPad
•Paste the key from puttygen into the file
•Place back on server
Public Keys for SSH Authentication - PuTTy
AE6382
Secure Shell
•When public key authentication is used by the client the software will read the private key. To do so it requests the pass-phrase. The PuTTy pageant.exe program, when run at startup, will request the pass-phrase and supply it later when needed.
Public Keys for SSH Authentication - PuTTy
AE6382
Secure Shell
•Makes it possible to make a connection where it is otherwise impossible, for example, through a firewall.
•Requires connecting to an SSH server that has access to the ultimate target system.
•Sets up a proxy-pair on the client and the ssh server to transmit data to the target.
•Only works with TCP ports.
•Creates an encrypted and authenticated tunnel.
Port Forwarding
AE6382
Secure Shell
•The –L option controls port forwarding
•-L local-loopback-addr:local-port:remote-addr:remote-port
Port Forwarding
AE6382
Secure Shell
•Connect to your WinXP computer from a remote WinXP computer.
•Requires an SSH port forwarding to penetrate firewall.
•SSH command to port forward•plink –ssh –L 9000:172.16.4.13:3389 [email protected] cat -
•Be very careful not to connect to your own system.•plink –ssh –L 3389:172.16.4.13:3389 [email protected] cat - NO!
•Tutorial on using remote desktop•http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx
•For ASDL the external SSH gateway is asdl.ae.gatech.edu
Port Forwarding – Remote Desktop