OpenSSH是SSH(Secure SHell)协议的免费开源实现。它用安全、加密的网络连接工具代替了telnet、ftp、rlogin、rsh和rcp工具。OpenSSH支持SSH协议的版本1.3、1.5、和2。自从OpenSSH 的版本2.9以来,默认的协议是版本2,该协议默认使用RSA钥匙。本视频全面讲解SSH协议版本2下的OpenSSHv2实现。
LinuxCBT.OpenSSHv2.Edition
LinuxCBT OpenSSHv2 Edition encompasses: 1. OpenSSHv2 (SSHv2) Security.
LinuxCBT OpenSSHv2 Edition focuses on the implementation of Open Secure Shell Version 2 (OpenSSHv2) on various Linux | Unix platforms.
OpenSSHv2 is central to the confidentiality and integrity of data transmissions across secure (VPN | Private Line) and insecure (Internet | Intranet) networks (conduits). It is included with modern Linux | Unix operating systems and provides a plethora of useful data-transfer features, backed by Public Key Infrastructure (PKI) and asymmetric encryption technologies.
# Introduction - Topology - Features
* Discuss course outline
* Explore system configuration
* Identify key systems to be used
* Explore network topology
* Enumerate and discuss key OpenSSHv2 features
# Identify Key OpenSSHv2 Components
* Identify installed OpenSSHv2 related packages
* Peruse related startup and run-control script files
* Locate 'sshd' on the file system
* Discuss related client | server configuration files
# OpenSSHv2 Client - /ssh/
* Discuss features and benefits
* Obtain shell access on a remote system
* Configure /etc/hosts to provide local name resolution for OpenSSHv2
* Identify and discuss pseudo-terminals - pty
* Redirect X11/X.org traffic to localhost via SSH
* Bind 'ssh' to specific source IP address and test connectivity
* Execute commands on remote system without allocating a pseudo-terminal
* Debug 'ssh' connectivity
* Explore the system-wide client configuration file
* Explore user configuration file
# Secure Copy Program (SCP) - /scp/
* Discuss features and benefits
* Locate 'scp' on the file system
* Discuss usage
* Copy, non-interactively, previously generated data to remote systems
* Test 'scp' with global and user configuration directives
* Debug 'scp' connectivity
* Limit transfer rate to conserve bandwidth
# Secure File Transfer Program (SFTP) - /sftp/
* Discuss features and benefits
* Locate 'sftp' on the file system
* Discuss usage
* Connect to remote system using 'sftp' interactive shell
* Issue puts and gets and evaluate results
* Identify the sftp-server subsystem
* Peruse process list while connected to OpenSSHv2 server
* Illustrate batch file usage
# SSH Key Scan Utility - /ssh-keyscan/
* Discuss features and benefits
* Locate 'ssh-keyscan' on the file system
* Discuss usage
* Scan the network from STDIN for OpenSSHv2 public keys - RSA (SSHv1 & SSHv2) | DSA
* Scan the network based on a file with a list of hosts for OpenSSHv2 public keys
* Populate ~/.ssh/known_hosts file using 'ssh-keyscan' with BASH for loop
* Compare and contrast STDOUT with the output file
# SSH Key Generation Utility - /ssh-keygen/
* Discuss features and benefits
* Locate 'ssh-keygen' on the file system
* Discuss usage
* Generate RSA-2 usage keys
* Identify RSA-2 public and private key pair
* Generate DSA usage keys
* Identify DSA public and private key pair
* Expose usage keys' fingerprint using 'ssh-keygen'
* Generate RSA-2 | DSA usage keys for all hosts
# Public Key Infrastructure (PKI) - Password-less Logins
* Discuss features and benefits
* Identify key files for client and server implemenation of password-less (PKI-based) logins
* Copy manually, RSA-2 | DSA public keys to remote system's ~/.ssh/authorized_keys file
* Test password-less logins
* Use 'ssh-copy-id' to seamlessly populate remote system with RSA-2 | DSA usage keys
* Test password-less connectivity after using 'ssh-copy-id'
* Confirm password-less connectivity using SSH clients /ssh|scp|sftp/ in debug mode
* Connect to privileged account from non-privileged account using PKI
* Configure RSA-1 connectivity using PKI
# System-wide OpenSSHv2 Configuration Directives
* Identify key directory and files associated with client | server configuration
* Explore primary server configuration file
* Discuss applicability of directives
* Alter and test several SSHD directives
* Explore OpenSSHv2 configuration on RedHat Linux
* Explore OpenSSHv2 configuration on Solaris 10
# Port Forwarding - Pseudo-VPN Support - /Local|Remote|Gateway/
* Discuss features and benefits
* Implement local port forwarding using 'ssh'
* Configure remote port forwarding using 'ssh'
* Test circumvention of local firewall using remote port forwarding
* Implement gateway ports to share forwarded /local|remote/ with connected users
* Test connectivity
# Windows Integration - /PuTTY|WinSCP/
* Discuss features and applications
* Download and install PuTTY
* Explore PuTTY's features
* Configure PKI logins
* Download and install WinSCP
* Explore WinSCP's features
* Move data between Windows, Linux and Solaris
# Syslog | Syslog-NG Configuration
* Discuss features and benefits
* Identify default configuration
* Redirect OpenSSHv2 data using Syslog and Syslog-NG
* Examine results
* Enable debugging
# Host-based Authentication
* Discuss applicability and caveats
* Identify key configuration files and directives
* Implement host-based authentication
* Test results
# OpenSSHv2 Source Installation
* Discuss features and benefits
* Download current OpenSSHv2 source code
* Compile and install
* Restart services|daemons
* Test new version of OpenSSHv2
# Secure OpenSSHv2 Implementation
* Discuss features and benefits
* Identify key configuration file
* Enumerate and implement key directives
* Test configuration
