SSH - Secure Shell


URL: http://www.tu-chemnitz.de/~hot/ssh/

Überblick


Interessante Eigenschaften


Kommando-Übersicht

Schlüsselverteilung:


Paketbasiertes Binär-Protokoll

Paketaufbau:

Gegenseitige Authentifizierung der Partner


Beispielsitzung

  1. Generierung von RSA-Schlüsseln:

    ssh@ultra 9 > ssh-keygen
    Initializing random number generator...
    Generating p:  .....++ (distance 70)
    Generating q:  ................................................................
    ....................................................++ (distance 1768)
    Computing the keys...
    Testing the keys...
    Key generation complete.
    Enter file in which to save the key ($HOME/.ssh/identity):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/ssh/.ssh/identity.
    Your public key is:
    1024 35 86780871172640477620651046358268234143020244232368342472777867489958066
    4288187575830635413235878040795696458057930941294075649267646359022443736191002
    2130817248097745720133382316040202377451042474333008724184035294765549175559147
    9530815708114068954723364017526720151897114967601270014447303145411898947470777
    ssh@ultra
    Your public key has been saved in /home/ssh/.ssh/identity.pub
    
  2. Public Key auf den Server bringen: Datei $HOME/.ssh/authorized_keys

  3. Login auf entfernter Maschine:

    ssh@ultra 25 > ssh -v yang
    SSH Version 1.2.17-afs_pl4 [sparc-sun-solaris2.5.1], protocol version 1.5.
    Standard version.  Does not use RSAREF.
    Reading configuration data /extern2/hot/.ssh/config
    Reading configuration data /etc/ssh_config
    ssh_connect: getuid 324 geteuid 0 anon 0
    Connecting to yang [134.109.184.150] port 22.
    Allocated local port 1022.
    Connection established.
    Remote protocol version 1.5, remote software version 1.2.17-afs_pl4
    Waiting for server public key.
    Received server public key (768 bits) and host key (1024 bits).
    Host 'yang' is known and matches the host key.
    Initializing random; seed file /extern2/hot/.ssh/random_seed
    Encryption type: idea
    Sent encrypted session key.
    Received encrypted confirmation.
    Remote: AFS token accepted (afs@tu-chemnitz.de, AFS ID 4324@tu-chemnitz.de)
    Trying rhosts or /etc/hosts.equiv with RSA host authentication.
    Server refused our rhosts authentication or host key.
    No agent.
    Trying RSA authentication with key 'hot@ultra'
    Received RSA challenge from server.
    Enter passphrase for RSA key 'hot@ultra': 
    Sending response to host key RSA challenge.
    Remote: RSA authentication accepted.
    RSA authentication accepted by server.
    Requesting pty.
    Requesting X11 forwarding with authentication spoofing.
    Requesting shell.
    Entering interactive session.
    Last login: Fri May  9 09:31:30 1997 from ultra.informatik
    Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
    
    Terminal type ?(xterms): 
    hot@yang 1 > exit
    Connection to yang closed.
    Transferred: stdin 14, stdout 521, stderr 28 bytes in 54.0 seconds
    Bytes per second: stdin 0.3, stdout 9.6, stderr 0.5
    Exit status 0
    

Installation aus den Quellen

  1. ./configure

  2. make

  3. make install (als Superuser)

  4. /usr/local/sbin/sshd

Start über inetd:
  ssh stream  tcp nowait  root    /usr/sbin/tcpd  /usr/local/sbin/sshd -i

Absicherung verschiedener Dienste durch SSH

Beispiel FTP:
  1. Aufbau einer SSH-Verbindung zum FTP-Server:

    ssh -L 2345:ftp-serv:21 ftp-serv
  2. Nutzung des weitergeleiteten Ports:

    ftp client 2345

20. März 1998