JWK - Jackall's IT Wiki

Sécurité, Système, Réseau

Outils pour utilisateurs

Outils du site


openssh

OpenSSH

Well known daemon use for remote admin

Server

On many distribution, as soon as you set up the daemon you're good to go.

Nevertheless to “secure” just a litte bit more youre server Edit sshd_config

sshd_config
  PermitRootLogin  no
  Protocol 2

Tunning

Connection handling

  • Limit login only to a group
 AllowGroups remoteadmin
  • Same thing for limiting user(s)
AllowUsers radmin1 radmin2 

You can do the exact opposite ( denying group and/or user) by using DenyUsers /DenyGroups

Limit option to certain user(s)

sshd_config
Match User operator
         AllowTcpForwarding yes
         X11Forwarding yes
         PermitTunnel no

Client

Secure Copy

scp allow you to transfer file from or to

  • usage

scp source destination

Where remote ressource is like user@host.tld:/path

 scp page.html wiki.jackall.net:/var/www # Send local page 
 scp wiki.jackall.net:/var/www/index.html . # download index.html in local
 directory

SSH tunnel

Tunnel to an SSH server

Distant ========SSH Server==========Web Server
IP X IP Y IP Z

The -L switch allow you to create a tunnel

 ssh user@Y -L localPort:Z:remotePort
 ssh user@Y -L 8080:Z:80

Also work great if Y=Z… ;)

<note warning> SSH can natively tunnel only TCP stream </note>

Socks Server

If you need to access mumltiple server behind a SSH gateway, a Socks Server is what you need.

Distant ========serveur SSH==========Lan
IP X IP Y subnet Z

The -D switch identify the connection as an Socks Server

 ssh -D 127.0.0.1:80 user@Y

As of now you can configure your apps to use 127.0.0.1:80 as an socks server

<note warning> As I said earlier… no UDP through a SSH tunnel, wich means no DNS</note>

search?q=Linux%20Fedora%20Debian%20EN&amp;btnI=lucky

openssh.txt · Dernière modification: 2018/02/18 16:01 (modification externe)