• No results found

Experimental Techniques 8

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Experimental Techniques 8"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Experimental Techniques 8

Experimental Techniques

8

Remotely Logging into a Linux

Work-station

JinJie Jiang, Ph.D, Ralph T. Weber, Ph.D.

Bruker BioSpin Corporation

EPR Division

19 Fortune Drive

Billerica, MA

USA

1. Introduction

The Linux workstation delivered with your Elexsys EPR spectrometer offers you several options to login remotely or transfer files. The most com-monly-used tools have been Telnet or rlogin for remote login and FTP or rcp for data transfer. Computer experts discourage the use of these tools because they do not offer the security required to protect your system and information from mischief. For this reason, many versions of Red Hat Linux disable FTP and Telnet by default. We encourage using alternative tools such as SSH (Secure SHell) and SFTP (Secure FTP) that give you similar functionality with added security. This note describes SSH and SFTP from either a Linux or MS WindowsÒ platform. It also describes how to activate and heighten the security of your Linux workstation should you still choose to use FTP and Telnet.

2. SSH, A Secured Way to “Telnet”

2.1. What is SSH?

SSH (Secure SHell) is an internet protocol that allows a user to connect to a remote host via an encrypted link by: 1) an authentication process with a spe-cial “key”, and 2) encrypting information including passwords that may be intercepted by hackers. To use SSH you need: 1) an sshd daemon running on the server; 2) an SSH program on the client computer; 3) a user’s account and password on the server. To check whether sshd is running on the server you can use the ps -ax | grep sshd command on the server. If not, start the dae-mon by typing /usr/sbin/sshd (n.b. you must be root to use this command). The Red Hat Linux operating system provides an SSH program for both the server and client. For the SGI O2 IRIX operating system and MS WindowsÒ operating system, there are free and commercial SSH or SSH-like software available for client and server computers. Special regulations may apply to encryption software depending on your country. Make sure you do not violate these regulations.

(2)

SSH, A Secured Way to “Telnet”

2.2. SSH from a Linux workstation

It is easy to use SSH to connect a computer with Red Hat Linux to a Red Hat Linux workstation since the sshd daemon is running by default. Simply open a shell window and type

ssh <server’s IP address>

under the prompt sign. You can also use the server’s hostname if it is listed in the client computer’s /etc/hosts file or DNS (Domain Name Server) is avail-able. You will be prompted for user account and password. The first time you try to connect to the remote host you will be asked whether the host is a trusted host. If your answer is “Yes”, a so-called magic key (authentication) will be generated for you and then you can proceed just as you would with Telnet.

If you activated remote display by the command xhost + <host IP address>

before you launch SSH, you can launch the Xepr program after you log in remotely.

2.3. SSH from MS Windows

Ò

A Microsoft WindowsÒ operating system does not provide SSH support. You need to install an SSH program. Several web sites provide SSH software e i t h e r f o r f r e e o r c o m m e r c i a l l y. Yo u c a n f i n d t h e m a t : http://www.freessh.org.

A particularly useful web site is http://www.openssh.com. It provides a free MS WindowsÒ-based client program called “PuTTY” that offers SSH con-nections. Read the instructions and manuals posted on the above web site before you install.

(3)

SSH, A Secured Way to “Telnet”

Experimental Techniques 8

3

Double click the putty.exe icon to launch the program. A configuration dia-log window opens. (See Figure 2-1.) Enter the IP address or hostname of the SSH server, e.g. the Linux workstation. Select SSH as the protocol. You can give a session name and Save it so that you can Load it the next time. Click the Open button to start the connection. A DOS window opens prompting for a login account and password. Enter the user account name and password and you will be connected to the host. The first time you establish the connection you need to answer “yes” to the question of whether the remote host is a trusted host.

Figure 2-1 Configuring and launching PuTTY (SSH) from a MS Win-dowsÒ-based computer.

Figure 2-2 Login to a remote host using the SSH program.

Select SSH Enter hostname

or IP address

Name the session

(4)

SFTP, A Secure Way to “FTP”

3. SFTP, A Secure Way to “FTP”

3.1. What is SFTP?

Similar to SSH, SFTP (Secure FTP) is a secure means to transfer files. It uti-lizes SSH’s authentication feature and encrypts the transactions.

3.2. SFTP from a Linux System

To SFTP between computers with Linux operating systems you can simply enter sftp <IP address (or hostname)> in a shell window. The authentica-tion and login process are the same as SSH.

3.3. SFTP from a MS Windows

Ò

System

You can find SFTP freeware for MS WindowsÒ-based systems from the web site: http://www.openssh.com/windows.html. Among these programs ixplore is particular convenient and easy to use since it has a graphical user interface. Download and install this software package onto your MS Win-dow

Ò

-based PC following the instructions on its web site. Launch the ixplore program. In the opened window, right-mouse-click SSH Hosts > New SSH Host. (See Figure 3-3.)

(5)

SFTP, A Secure Way to “FTP”

Experimental Techniques 8

5

A pop-up window of the Remote SSH Host Properties opens. In the Remote SSH Host Properties window enter the Host Display Name, Host (IP address or complete hostname), Username, and other optional information. Click OK.

(6)

SFTP, A Secure Way to “FTP”

You need to confirm that the remote host is a trusted host as part of the authentication process. You will not be able to type in the text box. Click the Yes button instead. You may need to scroll down to see the Yes button.

If your New SSH Host was configured properly you will be prompted for the password. Enter the password and click OK.

Figure 3-5 Confirming the remote host.

(7)

SFTP, A Secure Way to “FTP”

Experimental Techniques 8

7

Now you are logged in. From the window you can upload or download files or folders. The nice thing about this program is that you can “drag and drop”.

After you finish the transaction you can log out by right clicking the remote host icon and then clicking Log Off. (See Figure 3-8.)

If you save this session you will find the icon in the SSH Hosts list. You can can click the icon and then Open to start an SFTP session or click Proper-ties to modify the configurations. You can reestablish a connection to an SSH Figure 3-7 SFTP window

Remote site Local site

(8)

What If I Still Want to Use Telnet or FTP?

host, simply by clicking its icon to start an SFTP session. A right mouse click allows you to modify the settings.

4. What If I Still Want to Use Telnet or FTP?

4.1. How to activate Telnet and FTP

By default, Red Hat Linux (7.1 or above) disables Telnet and FTP. You can activate them in a server by modifying their configuration files. You need to be root to edit these files. Use a text editor to open the /etc/xinetd.d/telnet file. Find the entry “disable = yes” and change it to “disable = no”. Save the modified file. Edit the /etc/xinetd.d/wu-ftp file the same way. In a shell win-dow enter “service network restart”. The new settings will then be active. You will be able to remotely login with Telnet or FTP.

4.2. Make it a little safer

You can limit the Telnet and FTP services to trusted hosts only if you know their IP addresses. In the /etc/xinetd.d/telnet file add a line: only_from = <IP address(es)>. You can separate the IP addresses by a coma if there is more than one IP address. You can also enter a subnet address to allow all the hosts from this subnet to access the service. The format is <subnet address>/<num-ber of bits for network and subnet>. For example, if you add “only_from = 192.168.99.0/24”, all 254 hosts in the subnet 192.168.99.0 can access your Telnet service. The number 24 indicates that 24 bits of the 32 bit IP address are used for the network/subnet address. If you change to “only_from = 192.168.99.16/28” it means that the first 28 bits of the total 32 bits are used for network/subnet address. All 14 hosts from 192.168.99.17 to 192.168.99.30 of the subnet 192.168.99.16 are allowed to login remotely with Telnet. Ask your local network administrator for the subnet address and network mask if you plan to allow all your local subnet users to use Telnet. You can set the same restriction on FTP via the /etc/xinitd.d/wu-ftp file. I t i s n o t r e c o m

-m e n d e d t h a t y o u increase the security b y e d i t i n g t h e h o s t s . a l l o w a n d hosts.deny files since t h a t m i g h t c a u s e booting problem of t h e a c q u i s i t i o n server.

(9)

Glossary

Experimental Techniques 8

9

5. Glossary

rcp Remote CoPy.

rlogin Remote LOGIN.

rsh Remote SHell.

ssh Secure SHell, a basic rlogin/rsh-like client program. sshd The ssh daemon that permits you to login.

ssh-agent An authentication agent that can store private keys. ssh-add Tool which adds keys to the above agent.

sftp FTP-like program that works over SSH1 and SSH2 protocols. scp Secure CoPy, a file copy program that acts like rcp.

ssh-keygen Key generation tool.

sftp-server SFTP server subsystem (started automatically by sshd in a Linux system). ssh-keyscan Utility for gathering public host keys from a number of hosts.

(10)

References

Download now ( PDF - 10 Page - 821.53 KB )

Related documents

"Laser Microdrilling in Industrial Applications"

Laser Absorptivity Reflectivity Refractive Index Surface Roughness OPTICAL Thermal Conductivity Specific Heat Melting Point Boiling Point Evaporation Enthalpy Surface Tension

Denmark s National Reform Programme

The Danish Reform Strategy · October 2005 3 Fiscal sustainability requires, in particular, moderate growth in real public consump- tion of ½ per cent per year in the period

Sequestration through forestry and agriculture

tillage also reduce energy use and minimizes CO 2  losses from decomposition in drained 

Finding Aid to The HistoryMakers Promotional Videos (Chicago 2001)

The HistoryMakers is a national 501(c)(3) non profit educational institution founded in 1999, committed to preserving, developing and providing easy access to an

49-Horoscope in Your Hand

From the above table on previous page showing planetary relations with each other, we can very clearly see that Moon is of equal power with Venus, and is friendly with Mercury in

Changes in fungal population and aflatoxin levels and assessment of major aflatoxin types in stored peanuts (Arachis hypogaea Linnaeus)

However, peanuts stored in polypropylene and polyethylene bags were 5.6% and 13.4% more contaminated with total aflatoxin than samples stored in jute bags, respectively.. This could

The New Keynesian Business Cycle Achievements and Challenges

Figure 3 plots the impulse response functions for output, employment, price level, nominal wage, real wage, real interest rate and real marginal cost in response to a

Translation & Interpretation Services

Upon receipt of a request, verbally or by fax, Alpha’s staff will immediately log the request, issue a reference number and shortly thereafter contact you with details of