Professional Documents
Culture Documents
u4606295@cm.edu
introduction
Secure Shell
History
secure shell
SSH Protocol
Server Configuration
TCP Wrapper
client (Linux,Windows)
Secure Shell
Secure Shell
remote access
authentication encryption
SSH History
1995
- ssh1 Tatu
Ylonen
- (HUT)
1996
ssh2
Internet Standard
IETF
1999 - OpenSSH
open source
Don't tell anyone that I'm free.
Secure Shell
Secure Shell
remote access
telnet, rlogin, rsh
Secure Shell
telnet server
Secure Shell
ssh server
password
ssh
client
Encryption
Authentication
RSA DSA
Encryption
Platform
MsDOS
Linux
Windows
Macintosh
UNIX
SSH Protocol
SSH1
- RSA algorithm
-
SSH2
-
- secure
- SFTP
- license ( )
Secure Shell
ssh1 ssh2
encryption
authentication
Encryption
DES (Data Encryption
Standard)
IBM 1975
Key 56 bit
insecure
key
http://en.wikipedia.org/wiki/Data_Encryption_Standard
Encryption
Triple DES
(3DES)
IBM
1978
key 168
bit
http://en.wikipedia.org/wiki/3DES
RSA Algorithm
Ron
Rivest, Adi Shamir
Len Adleman
MIT
Algorithm
Public-Key encryption
Latest Version
Update 20 .. 2549
SSH1 1.2.33
SSH2 3.2.9
/etc/ssh/sshd_config
config
# option
http://thaicert.nectec.or.th/paper/basic/Secure_S
Port 22
: port
ListenAddress
192.168.1.1
: IP interface
HostKey
server
/etc/ssh/ssh_host_k : path private
ey
key host
ServerKeyBits
: key
: login
1024
: key
LoginGraceTime
600
KeyRegenerationInte : username
PrintMotd yes
:
msg of the day
RhostsAuthentication no
RhostsRSAAuthentication
: no
Rhosts Authentication
RSAAuthentication yes
PasswordAuthentication:
yes
RSA Authentication
PermitEmptyPasswordsno
Rhost
Subsystem sftp
: RSA Authentication
/usr/libexec/openssh/sftp
server
: Password
Authentication
---------------------------------------------------------------------: login
----------------------------------- restart
service
password
:
/etc/rc.d/init.d/sshd restart
SFTP (default)
TCP Wrapper
Monitor service server
/etc/inetd.conf
Hosts.allow
host service
/etc/hosts.allow
Form Service : IP
all
all
all
all
:
:
:
:
telnet : 10.9.0.
10.0.0.1
finger : 10.9.0.
10.0.0.2, 10.0.0.3
10.0.1.0/255.255.255.0 tftp : 10.9.0.3
10.0.2.1, 10.0.3.0/255.255.255.0
Hosts.allow
Hosts.deny
host/client service
/etc/hosts.deny
Form Service : IP
!!!! all : all
Hosts.deny
service
service /etc/xinetd.d/
!!! service
Telnet
service /etc/xinetd.d/telnet
disable yes
Grep disable *
client Linux
ssh username@hostname
Client Window
SSH Secure Shell Client
Secure
command-shell SFTP
http://www.ssh.com
Client Window
PuTTY
telnet ssh s
ssh PSFTP PSCP
Win32 UNIX Platforms
download
http://www.chiark.greenend.org.uk/~sgtatham/putty/d
PuTTY
Interface
PuTTY
login
http://en.wikipedia.org/wiki/Secure_Shell
http://cryp.to/publications/the-secure-shell/
http://www.rz.uni-karlsruhe.de/~ig25/ssh-faq/
http://biss.beckman.uiuc.edu/security/workshops/20
http://www.ssh.com/support/documentation/online/
o
i
n
s