Basic commands - Content created by: ESSI PROJECTS LIMITED

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

Remote Access

$ ssh student@serverX

$ ssh student@serverX 'echo I am from serverX > ~Desktop/serverX.txt'

Comunication

$ scp source-local-folder user@server:destination-remote-folder $ scp user@server:source-remote-folder destination-local-folder

$ rsync source-local-folder user@server:destination-remote-folder $ rsync user@server:source-remote-folder destination-local-folder

$ rsync source-local-folder destination-local-folder

Secure Shell:

ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel.

ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods (see below).

scp:

It copies files between hosts on a network. It uses ssh for data transfer, and uses the same

authentication and provides the same security as ssh. scp will ask for passwords or passphrases if they are needed for authentication.

File names may contain a user and host specification to indicate that the file is to be copied to/from that host. Local file names can be made explicit using absolute or relative pathnames to avoid scp treating file names containing ‘:’ as host specifiers. Copies between two remote hosts are also permitted.

Rsync:

rsync is a utility that keeps copies of a file on two computer systems.It is commonly found on Unix-like systems and functions as both a file synchronization and file transfer program. The rsync algorithm is a type of delta encoding, and is used to minimize network usage. Zlib may be used for additional

compression, and SSH or stunnel can be used for data security.

Rsync is typically used to synchronize files and directories between two different systems. For example, if the command rsync local-file user@remote-host:remote-file is run, rsync will use SSH to connect as user to remote-host. Once connected, it will invoke the remote host's rsync and then the two programs will determine what parts of the file need to be transferred over the connection.

This project (2015-1-ES01-KA202-015858) has been funded with support from the European Commission. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein. “Creative Commons Attribution-ShareAlike 4.0 International” (https://creativecommons.org/licenses/by-sa/4.0/).

References:

http://man.openbsd.org/OpenBSD-current/man1/scp.1 http://man.openbsd.org/OpenBSD-current/man1/ssh.1 https://en.wikipedia.org/wiki/Rsync

Laboratory

Remote access and secure comunication [ student@serverA ] $ ssh student@serverX [ student@serverX ] $ id

[ student@serverX ] $ exit

[ student@serverA ] $ ssh student@serverX 'echo Soy de serverX > ~/Desktop/serverX.txt' [ student@serverA ] $ ssh student@serverX 'ls ~/Desktop ; cat ~/Desktop/serverX.txt'

[ student@serverA ] $ mkdir ~/Desktop/comu

[ student@serverA ] $ touch ~/Desktop/comu/serverX [ student@serverA ] $ cd ~/Desktop/comu

[ student@serverA ] $ rsync -aR . student@serverX:~/Desktop/comu/

Certificates

$ Enter passphrase (empty for no passphrase): [Enter]

Securing remote access

It generates, manages and converts authentication keys for ssh. ssh-keygen can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections.

ssh-keygen is also used to generate groups for use in Diffie-Hellman group exchange (DH-GEX). See the MODULI GENERATION section for details.

Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in ~/.ssh/identity, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc.

Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but ''.pub'' appended. The program also asks for a passphrase.

The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, whitespace, or any string of characters you want. Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters. The passphrase can be changed later by using the -p option.

-t type

Specifies the type of key to create. The possible values are ''rsa1'' for protocol version 1 and ''rsa'' or ''dsa'' for protocol version 2.

ssh-copy-id:

ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities) It also changes the permissions of the remote user's home, ~/.ssh, and

~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration). If the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in your ssh-agent.

Example: ssh-copy-id [-i [identity_file]] [user@]machine This project (2015-1-ES01-KA202-015858) has been funded with support from the European Commission. This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein. “Creative Commons Attribution-ShareAlike 4.0 International” (https://creativecommons.org/licenses/by-sa/4.0/).

References:

https://linux.die.net/man/1/ssh-keygen https://linux.die.net/man/1/ssh-copy-id

Laboratory

Generating SSH Cert and securing access

[ student@serverA ] $ ssh-keygen -t rsa Generating public/private rsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/demo/.ssh/id_rsa.

Your public key has been saved in /home/demo/.ssh/id_rsa.pub.

The key fingerprint is:

4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a The key's randomart image is:

[ student@serverA ] $ ssh-copy-id [email protected]

The authenticity of host '123.45.67.89 (12.34.56.78)' can't be established.

RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '123.45.67.89' (RSA) to the list of known hosts.

[email protected]'s password:

Now try logging into the machine, with "ssh '[email protected]' ", and check in:

~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[ student@serverA ] $ vim /etc/ssh/sshd_config [...]

PasswordAuthentication no PermitRootLogin no

[ student@serverA ] $ systemctl restart sshd

In document Content created by: ESSI PROJECTS LIMITED (Page 60-66)