SlideShare a Scribd company logo
1 of 100
Download to read offline
SSH




Friday, September 2, 11
An Overview



Friday, September 2, 11
SSH was created in 1995 by Finland University
                      Researcher

                      Was initially open source, went closed source in
                      1999

                      OpenSSH was created in 1999 as a fork of the
                      last open source SSH code




Friday, September 2, 11
What SSH Does




                      SSH handles the set up and generation of an
                      encrypted TCP connection




Friday, September 2, 11
...which means....



                      SSH can handle secure remote logins (ssh)
                      SSH can handle secure file copy (scp)
                      SSH can even drive secure FTP (sftp)




Friday, September 2, 11
Core SSH programs


                      ssh is the client
                      sshd is the server
                      if sshd is not running you will not be able to
                      connect to it with ssh




Friday, September 2, 11
SSH Authentication Methods



                      Password
                      Public/private keypair
                      Host-based authentication




Friday, September 2, 11
Password Authentication




Friday, September 2, 11
Example Without SSH Keys

                          your-box              box-1
                                 ssh     sshd




Friday, September 2, 11
Prompts for Password

                          your-box               box-1
                                 ssh      sshd




                           your-box> ssh box-1
                           password:

                           box-1>

Friday, September 2, 11
Keypair Authentication




Friday, September 2, 11
Example With SSH Keys

                          your-box            box-1
                                 ssh   sshd




Friday, September 2, 11
Step 1: Generate Keys



                          your-box> ssh-keygen




Friday, September 2, 11
Public / Private Keypair

                                  your-box




                              ~/.ssh/id_rsa
                              ~/.ssh/id_rsa.pub




Friday, September 2, 11
Private Key: id_rsa

                                   your-box




                           ~/.ssh/id_rsa
                           ~/.ssh/id_rsa.pub

                          Private keys should be kept secret,
                           do not share them with anyone


Friday, September 2, 11
Public Key: id_rsa.pub

                                     your-box




                              ~/.ssh/id_rsa
                              ~/.ssh/id_rsa.pub

                            Public keys are meant to be shared.


Friday, September 2, 11
Copy Public Key to box-1

                          your-box              box-1



                      ~/.ssh/id_rsa
                      ~/.ssh/id_rsa.pub   ~/.ssh/authorized_keys




Friday, September 2, 11
~/.ssh/authorized_keys



                      houses all public keys for people who can
                      authenticate as a user on a machine
                      when copying public keys, append to the file, do
                      not overwrite the file




Friday, September 2, 11
No password required!

                          your-box               box-1
                                 ssh      sshd




                           your-box> ssh box-1

                           box-1>

Friday, September 2, 11
Host-based
                          Authentication




Friday, September 2, 11
Host-based Authentication


                      Doesn’t require user credentials (password or
                      key)
                      Provides trust based on hostname and userid
                      Userid on both system has to be the same
                      Disabled by default -- not that useful



Friday, September 2, 11
SSH Basics




Friday, September 2, 11
Configuration Files



Friday, September 2, 11
Server Configuration Files
                            This is automatically by sshd when started.




                      sshd config: /etc/sshd_config



                Based on installation method system config locations may vary.
                         ie: macports installs in /opt/local/etc/ssh/


Friday, September 2, 11
Client Configuration Files
                           These are automatically by ssh when executed.




                      system-side ssh config: /etc/ssh_config
                      user-specific ssh config: ~/.ssh/config


                Based on installation method system config locations may vary.
                         ie: macports installs in /opt/local/etc/ssh/


Friday, September 2, 11
Custom Client Configuration Files
                          ssh will not read these on its own, use -F option




                      You can put custom config files anywhere you
                      want.
                      ssh -F /foo/bar/custom_ssh.cfg




Friday, September 2, 11
Secure Logins



Friday, September 2, 11
Login Example #1




                      ssh user@example.com




Friday, September 2, 11
Login Example #2




                      ssh example.com



                          What’s the difference between example #1 ?


Friday, September 2, 11
Login Example #3
                              Logging in on a non-default port.




                      ssh -p 45000 example.com



                             What’s the default SSH port anyway?



Friday, September 2, 11
Login Example #4
                                Log in, run a command, and exit.




                      ssh example.com <command here>
                      ssh example.com ls -l
                      ssh example.com hostname

                             Anything with special characters such as
                            quotes, backticks, etc. need to be escaped.


Friday, September 2, 11
Agent / Key Forwarding
                          Without them, With Them




Friday, September 2, 11
Example Without SSH Keys

                                      box-1


           your-box



                                      box-2




Friday, September 2, 11
your-box> ssh box-1

                                   box-1   your-box> ssh box-1
                                           password:

                                           Password required

           your-box



                                   box-2




Friday, September 2, 11
your-box> ssh box-2

                                   box-1   your-box> ssh box-2
                                           password:

                                           Password required

           your-box



                                   box-2




Friday, September 2, 11
your-box to box-1 to box-2

                                       box-1   your-box> ssh box-1
                                               password:

                                               box-1> ssh box-2
           your-box                            password:

                                               Passwords required each
                                               step of the way!


                                       box-2




Friday, September 2, 11
Updated Example with SSH Keys

                                  box-1       your-box> ssh-keygen

                                              copy public key to
                                              ~/.ssh/authorized_keys
                                              on each remote host
           your-box
                            authorized_keys




               id_rsa.pub         box-2
               id_rsa



                            authorized_keys

Friday, September 2, 11
your-box> ssh box-1

                                   box-1   your-box> ssh box-1
                                           box-1>
                                           success


           your-box



                                   box-2




Friday, September 2, 11
your-box> ssh box-2

                                   box-1   your-box> ssh box-2
                                           box-2>
                                           success


           your-box



                                   box-2




Friday, September 2, 11
your-box to box-1 to box-2

                                         box-1       your-box> ssh box-1
                                                     box-1>
                                                     success

                                                     box-1> ssh box-2
           your-box                                  password:
                                   authorized_keys

                                                     Password required at
                                                     the second step!

               id_rsa.pub                box-2
               id_rsa



                                   authorized_keys

Friday, September 2, 11
Enter Agent/Key
                            Forwarding


Friday, September 2, 11
your-box to box-1 to box-2

                                         box-1       your-box> ssh -A box-1
                                                     box-1>
                                                     success

                                                     box-1> ssh -A box-2
           your-box                                  box-2>
                                   authorized_keys
                                                     success




               id_rsa.pub                box-2
               id_rsa



                                   authorized_keys

Friday, September 2, 11
Your SSH Key Gets Forwarded

                               box-1


           your-box



               id_rsa.pub      box-2
               id_rsa




Friday, September 2, 11
Command Line Agent Forwarding



                           ssh -A example.com


                          Use -a to explicitly turn off forwarding for
                                         a ssh session.



Friday, September 2, 11
Host Configured



                          Host inspire.staging
                          ForwardAgent yes

                              Per-User ~/.ssh/config
                            System-wide /etc/ssh_config



Friday, September 2, 11
Capistrano Configured (Ruby)



                ssh_options[:forward_agent] = true


                             Capistrano’s deploy.rb
                           Provided by net/ssh library.



Friday, September 2, 11
SSH Server has final say!



                   AllowAgentForwarding no


                                 System-wide /etc/sshd_config
                            Defaults to “yes” -- so pretty much ignore.



Friday, September 2, 11
When/Why #1 - Everyday Usage


                      When SSH’ing from box to box to box. (ie:
                      multiple servers)
                      Greatly reduces the need to copy over public/
                      private key files
                      It (usually) just works!



Friday, September 2, 11
When/Why #2 - Deploys


                      No need to manage additional SSH key pairs for
                      machines that you want to deploy to
                      If you have access to it and you do the
                      deploying, the remote machine will just SSH in
                      as you!
                      It (usually) just works!



Friday, September 2, 11
...remember...


                      You still need to copy public key file contents to
                      ~/.ssh/authorized_keys
                      Agent forwarding doesn’t work for automated
                      workflows where a user is taken out of the
                      equation, ie: our automated deploy from
                      TeamCity for Inspire



Friday, September 2, 11
Port Forwarding
                           Local, Remote, Magic




Friday, September 2, 11
Local Port Forwarding



Friday, September 2, 11
Local Port Forwarding Example

          your-box          box-1                box-2
                                    sshd   www




                             Private Network



Friday, September 2, 11
your-box to www on box-2

          your-box             box-1                   box-2
                                          sshd   www



                              public IP                local IP
                               local IP



                                Private Network



Friday, September 2, 11
Can’t access box-2 directly



                                X
          your-box                   box-1                    box-2
                                                 sshd   www



                                     public IP                local IP
                                      local IP



                                       Private Network



Friday, September 2, 11
With Local Port Forwarding

          your-box                  box-1                    box-2
                                                sshd   www



                                    public IP                local IP
                                     local IP




                 your-box> ssh -L 8000:box-2:80 box-1
                 box-1>
                 success

Friday, September 2, 11
A Tunnel is Made!

          your-box               box-1                   box-2
                                            sshd   www



                                public IP                local IP
                                 local IP




                 your-box> ssh -L 8000:box-2:80 box-1
                 box-1>
                 success

Friday, September 2, 11
box-2 doesn’t have to run sshd

          your-box          box-1                    box-2
                                        sshd   www

                            public IP                local IP
                             local IP




Friday, September 2, 11
Command Line Local Port Forwarding




       ssh -L localport:host:hostport example.com


                                localport is the port on your machine,
                                  host is the remote box to tunnel to,
                          hostport is the port on the remote box to tunnel to


Friday, September 2, 11
Sharing Your Tunnel

          your-box                   box-1                    box-2
                                                 sshd   www



                                     public IP                local IP
                                      local IP


     bobs-box             your-box> ssh -L 8000:box-2:80 -g box-1
                          box-1>
                          success




Friday, September 2, 11
Command Line Local Port Forwarding




           ssh -L localport:host:hostport -g example.com



                          -g allows others to connect to your forwarded port




Friday, September 2, 11
Host Configured



        Host inspire.staging
        LocalForward 8000:box-2:80

                            Per-User ~/.ssh/config
                          System-wide /etc/ssh_config



Friday, September 2, 11
SSH Server has final say!



                   AllowTcpForwarding no


                                 System-wide /etc/sshd_config
                            Defaults to “yes” -- so pretty much ignore.



Friday, September 2, 11
When/Why




                      Access normally unreachable resources on an
                      internal network from anywhere on the internet




Friday, September 2, 11
Remote Port Forwarding



Friday, September 2, 11
Remote Port Forwarding Example

          your-box                   box-1   box-2
                              sshd




                     Private Network



Friday, September 2, 11
box-2 to your-box

          your-box                    box-1       box-2
                               sshd




                local IP              public IP
                                       local IP


                     Private Network



Friday, September 2, 11
box-2 can’t talk to your-box



                                        X
          your-box                   box-1       box-2
                              sshd




                local IP             public IP
                                      local IP


                     Private Network



Friday, September 2, 11
With Remote Port Forwarding

          your-box                 box-1       box-2
                            sshd




                local IP           public IP
                                    local IP



           your-box> ssh -R 8000:localhost:80 box-1
           box-1>

           success

Friday, September 2, 11
A Reverse Tunnel Is Made!

          your-box                      box-1                           box-2
                                 sshd
                                                    http://box-1:8000
                           80              8000


                local IP                public IP
                                         local IP



           your-box> ssh -R 8000:localhost:80 box-1
           box-1>

           success

Friday, September 2, 11
Command Line Remote Port Forwarding




         ssh -R remoteport:host:hostport example.com



                          remoteport is the port on the machine you ssh into,
                                   host is the local box to tunnel to,
                            hostport is the port on the local box to tunnel to


Friday, September 2, 11
-g is not supported for
                            remote forwarding


Friday, September 2, 11
Host Configured



        Host inspire.staging
        RemoteForward 8000:localhost:80

                            Per-User ~/.ssh/config
                          System-wide /etc/ssh_config



Friday, September 2, 11
SSH Server has final say!



                   AllowTcpForwarding no


                                 System-wide /etc/sshd_config
                            Defaults to “yes” -- so pretty much ignore.



Friday, September 2, 11
When/Why



                      Allow outside resources to connect to your box,
                      or another machine on a private network
                      Example: testing web callbacks




Friday, September 2, 11
~/.ssh/config
                          User-specified SSH configuration




Friday, September 2, 11
Host Configuration
                  Host is the section identifier
                  Any time Host shows up a new section is started
                  Host is whatever you want to refer to the connection as

           Host inspire
           HostName staging.inspirehq.com
           User inspire
           your-box> ssh example.com
           Host inspire.production
           HostName inspirehq.com
           User inspire
                                                                ~/.ssh/config
Friday, September 2, 11
HostName Configuration

                      HostName is the real host name to log into
                      Can be IP address or domain name


           Host inspire
           HostName staging.inspirehq.com
           User inspire
           your-box> ssh example.com
           Host inspire.production
           HostName inspirehq.com
           User inspire
                                                               ~/.ssh/config
Friday, September 2, 11
User Configuration

                      User is the user to log in as
                      Can be overridden on the command line


           Host inspire
           HostName staging.inspirehq.com
           User inspire
           your-box> ssh example.com
           Host inspire.production
           HostName inspirehq.com
           User foobar
                                                              ~/.ssh/config
Friday, September 2, 11
Port Configuration

                      Port defines what port for SSH connect on
                      Can be overridden on the command line


           Host inspire
           HostName staging.inspirehq.com
           User inspire
           Port 45000
           your-box> ssh example.com


                                                                 ~/.ssh/config
Friday, September 2, 11
Local/Remote Port Forwarding

                      LocalForward
                      RemoteForward


           Host inspire
           HostName staging.inspirehq.com
           User inspire
           LocalForward 8080:example.com:80
           your-box> ssh example.com
           RemoteForward 8080:example.com:80


                                               ~/.ssh/config
Friday, September 2, 11
GatewayPorts
                      GatewayPorts specifies whether or not remote hosts
                      can connect to local forwarded ports
                      Works in conjunction with LocalPortForward
                      Defaults to no
           Host inspire
           HostName staging.inspirehq.com
           User inspire
           LocalForward 8080:example.com:80
           your-box> ssh example.com
           GatewayPorts yes


                                                               ~/.ssh/config
Friday, September 2, 11
ServerAliveInterval
                      ServerAliveInterval sets a time interval in seconds after
                      which if no data has been received from the server ssh will
                      send a message to the server
                      Defaults to 0, meaning this will never be sent
                      This can be used to keep SSH connections alive
           Host inspire
           HostName staging.inspirehq.com
           User inspire
           LocalForward 8080:example.com:80
           your-box> ssh example.com
           GatewayPorts yes
           ServerAliveInterval 5

                                                                       ~/.ssh/config
Friday, September 2, 11
> ssh inspire




Friday, September 2, 11
man ssh_config



Friday, September 2, 11
Overuse ~/.ssh/config


                      SSHing into an IP more than once?
                      SSHing into crazy domains? (ie: Amazon)
                      Looking up IP or hostname routinely?
                      save it in ~/.ssh/config




Friday, September 2, 11
...skipping server
                           configuration...


Friday, September 2, 11
SSH and Other apps




Friday, September 2, 11
scp: secure file copy



Friday, September 2, 11
copy single file




                          scp file1 example.com:




Friday, September 2, 11
copy multiple files




                          scp file1 file2 example.com:




Friday, September 2, 11
copy to other locations



                          scp file1example.com:foo/bar

                     scp file1example.com:/foo/bar



Friday, September 2, 11
scp doesn’t copy directories



                      scp dir/ example.com:foo/bar

                             dir/: not a regular file



Friday, September 2, 11
rsync: remote file copying



Friday, September 2, 11
copy single file




                          rsync -avz file1 example.com:




Friday, September 2, 11
copy directory




                          rsync -avz dir/ example.com:




Friday, September 2, 11
rsync does so much more

                      incremental file transfers (only transfers what’s
                      different)
                      include/exclude files and directories
                      include/exclude file name patterns
                      can copy files from a remote box to a local box
                      can copy files from a local box to a remote box


Friday, September 2, 11
git



Friday, September 2, 11
git/ssh info


                      Can run over SSH
                      Supports SSH client configuration files
                      Can set to specific SSH binary using GIT_SSH
                      environment variable




Friday, September 2, 11
The End




Friday, September 2, 11

More Related Content

What's hot

Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with AnsibleAnas
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Mail server on linux
Mail server on linux Mail server on linux
Mail server on linux Roshni17
 
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...NETWAYS
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeologyenigma0x3
 

What's hot (20)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
LDAP
LDAPLDAP
LDAP
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
Vault 101
Vault 101Vault 101
Vault 101
 
Network Automation with Ansible
Network Automation with AnsibleNetwork Automation with Ansible
Network Automation with Ansible
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec ProtocolsIPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Mail server on linux
Mail server on linux Mail server on linux
Mail server on linux
 
SSL intro
SSL introSSL intro
SSL intro
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
LDAP
LDAPLDAP
LDAP
 
Basic 50 linus command
Basic 50 linus commandBasic 50 linus command
Basic 50 linus command
 
Windows Operating System Archaeology
Windows Operating System ArchaeologyWindows Operating System Archaeology
Windows Operating System Archaeology
 

Viewers also liked

Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments Chris Swan
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure  V1.0Defeating The Network Security Infrastructure  V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Sed & awk the dynamic duo
Sed & awk   the dynamic duoSed & awk   the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

Viewers also liked (19)

Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure  V1.0Defeating The Network Security Infrastructure  V1.0
Defeating The Network Security Infrastructure V1.0
 
Sed & awk the dynamic duo
Sed & awk   the dynamic duoSed & awk   the dynamic duo
Sed & awk the dynamic duo
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

More from Zach Dennis

A Brief, Very Very Brief Intro to Systems Thinking
A Brief, Very Very Brief Intro to Systems ThinkingA Brief, Very Very Brief Intro to Systems Thinking
A Brief, Very Very Brief Intro to Systems ThinkingZach Dennis
 
BTLE (Bluetooth Low Energy) and CoreBluetooth
BTLE (Bluetooth Low Energy) and CoreBluetooth BTLE (Bluetooth Low Energy) and CoreBluetooth
BTLE (Bluetooth Low Energy) and CoreBluetooth Zach Dennis
 
Sand Piles and Software - Madison Ruby Conference
Sand Piles and Software - Madison Ruby ConferenceSand Piles and Software - Madison Ruby Conference
Sand Piles and Software - Madison Ruby ConferenceZach Dennis
 
Discovering patterns
Discovering patternsDiscovering patterns
Discovering patternsZach Dennis
 
JavaScript Code Organizations, Patterns Slides - Zach Dennis
JavaScript Code Organizations, Patterns Slides - Zach DennisJavaScript Code Organizations, Patterns Slides - Zach Dennis
JavaScript Code Organizations, Patterns Slides - Zach DennisZach Dennis
 
Balancing the Pendulum: Reflecting on BDD in Practice
Balancing the Pendulum: Reflecting on BDD in PracticeBalancing the Pendulum: Reflecting on BDD in Practice
Balancing the Pendulum: Reflecting on BDD in PracticeZach Dennis
 

More from Zach Dennis (6)

A Brief, Very Very Brief Intro to Systems Thinking
A Brief, Very Very Brief Intro to Systems ThinkingA Brief, Very Very Brief Intro to Systems Thinking
A Brief, Very Very Brief Intro to Systems Thinking
 
BTLE (Bluetooth Low Energy) and CoreBluetooth
BTLE (Bluetooth Low Energy) and CoreBluetooth BTLE (Bluetooth Low Energy) and CoreBluetooth
BTLE (Bluetooth Low Energy) and CoreBluetooth
 
Sand Piles and Software - Madison Ruby Conference
Sand Piles and Software - Madison Ruby ConferenceSand Piles and Software - Madison Ruby Conference
Sand Piles and Software - Madison Ruby Conference
 
Discovering patterns
Discovering patternsDiscovering patterns
Discovering patterns
 
JavaScript Code Organizations, Patterns Slides - Zach Dennis
JavaScript Code Organizations, Patterns Slides - Zach DennisJavaScript Code Organizations, Patterns Slides - Zach Dennis
JavaScript Code Organizations, Patterns Slides - Zach Dennis
 
Balancing the Pendulum: Reflecting on BDD in Practice
Balancing the Pendulum: Reflecting on BDD in PracticeBalancing the Pendulum: Reflecting on BDD in Practice
Balancing the Pendulum: Reflecting on BDD in Practice
 

Recently uploaded

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Recently uploaded (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

SSH

  • 3. SSH was created in 1995 by Finland University Researcher Was initially open source, went closed source in 1999 OpenSSH was created in 1999 as a fork of the last open source SSH code Friday, September 2, 11
  • 4. What SSH Does SSH handles the set up and generation of an encrypted TCP connection Friday, September 2, 11
  • 5. ...which means.... SSH can handle secure remote logins (ssh) SSH can handle secure file copy (scp) SSH can even drive secure FTP (sftp) Friday, September 2, 11
  • 6. Core SSH programs ssh is the client sshd is the server if sshd is not running you will not be able to connect to it with ssh Friday, September 2, 11
  • 7. SSH Authentication Methods Password Public/private keypair Host-based authentication Friday, September 2, 11
  • 9. Example Without SSH Keys your-box box-1 ssh sshd Friday, September 2, 11
  • 10. Prompts for Password your-box box-1 ssh sshd your-box> ssh box-1 password: box-1> Friday, September 2, 11
  • 12. Example With SSH Keys your-box box-1 ssh sshd Friday, September 2, 11
  • 13. Step 1: Generate Keys your-box> ssh-keygen Friday, September 2, 11
  • 14. Public / Private Keypair your-box ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Friday, September 2, 11
  • 15. Private Key: id_rsa your-box ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone Friday, September 2, 11
  • 16. Public Key: id_rsa.pub your-box ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Public keys are meant to be shared. Friday, September 2, 11
  • 17. Copy Public Key to box-1 your-box box-1 ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys Friday, September 2, 11
  • 18. ~/.ssh/authorized_keys houses all public keys for people who can authenticate as a user on a machine when copying public keys, append to the file, do not overwrite the file Friday, September 2, 11
  • 19. No password required! your-box box-1 ssh sshd your-box> ssh box-1 box-1> Friday, September 2, 11
  • 20. Host-based Authentication Friday, September 2, 11
  • 21. Host-based Authentication Doesn’t require user credentials (password or key) Provides trust based on hostname and userid Userid on both system has to be the same Disabled by default -- not that useful Friday, September 2, 11
  • 24. Server Configuration Files This is automatically by sshd when started. sshd config: /etc/sshd_config Based on installation method system config locations may vary. ie: macports installs in /opt/local/etc/ssh/ Friday, September 2, 11
  • 25. Client Configuration Files These are automatically by ssh when executed. system-side ssh config: /etc/ssh_config user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. ie: macports installs in /opt/local/etc/ssh/ Friday, September 2, 11
  • 26. Custom Client Configuration Files ssh will not read these on its own, use -F option You can put custom config files anywhere you want. ssh -F /foo/bar/custom_ssh.cfg Friday, September 2, 11
  • 28. Login Example #1 ssh user@example.com Friday, September 2, 11
  • 29. Login Example #2 ssh example.com What’s the difference between example #1 ? Friday, September 2, 11
  • 30. Login Example #3 Logging in on a non-default port. ssh -p 45000 example.com What’s the default SSH port anyway? Friday, September 2, 11
  • 31. Login Example #4 Log in, run a command, and exit. ssh example.com <command here> ssh example.com ls -l ssh example.com hostname Anything with special characters such as quotes, backticks, etc. need to be escaped. Friday, September 2, 11
  • 32. Agent / Key Forwarding Without them, With Them Friday, September 2, 11
  • 33. Example Without SSH Keys box-1 your-box box-2 Friday, September 2, 11
  • 34. your-box> ssh box-1 box-1 your-box> ssh box-1 password: Password required your-box box-2 Friday, September 2, 11
  • 35. your-box> ssh box-2 box-1 your-box> ssh box-2 password: Password required your-box box-2 Friday, September 2, 11
  • 36. your-box to box-1 to box-2 box-1 your-box> ssh box-1 password: box-1> ssh box-2 your-box password: Passwords required each step of the way! box-2 Friday, September 2, 11
  • 37. Updated Example with SSH Keys box-1 your-box> ssh-keygen copy public key to ~/.ssh/authorized_keys on each remote host your-box authorized_keys id_rsa.pub box-2 id_rsa authorized_keys Friday, September 2, 11
  • 38. your-box> ssh box-1 box-1 your-box> ssh box-1 box-1> success your-box box-2 Friday, September 2, 11
  • 39. your-box> ssh box-2 box-1 your-box> ssh box-2 box-2> success your-box box-2 Friday, September 2, 11
  • 40. your-box to box-1 to box-2 box-1 your-box> ssh box-1 box-1> success box-1> ssh box-2 your-box password: authorized_keys Password required at the second step! id_rsa.pub box-2 id_rsa authorized_keys Friday, September 2, 11
  • 41. Enter Agent/Key Forwarding Friday, September 2, 11
  • 42. your-box to box-1 to box-2 box-1 your-box> ssh -A box-1 box-1> success box-1> ssh -A box-2 your-box box-2> authorized_keys success id_rsa.pub box-2 id_rsa authorized_keys Friday, September 2, 11
  • 43. Your SSH Key Gets Forwarded box-1 your-box id_rsa.pub box-2 id_rsa Friday, September 2, 11
  • 44. Command Line Agent Forwarding ssh -A example.com Use -a to explicitly turn off forwarding for a ssh session. Friday, September 2, 11
  • 45. Host Configured Host inspire.staging ForwardAgent yes Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September 2, 11
  • 46. Capistrano Configured (Ruby) ssh_options[:forward_agent] = true Capistrano’s deploy.rb Provided by net/ssh library. Friday, September 2, 11
  • 47. SSH Server has final say! AllowAgentForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. Friday, September 2, 11
  • 48. When/Why #1 - Everyday Usage When SSH’ing from box to box to box. (ie: multiple servers) Greatly reduces the need to copy over public/ private key files It (usually) just works! Friday, September 2, 11
  • 49. When/Why #2 - Deploys No need to manage additional SSH key pairs for machines that you want to deploy to If you have access to it and you do the deploying, the remote machine will just SSH in as you! It (usually) just works! Friday, September 2, 11
  • 50. ...remember... You still need to copy public key file contents to ~/.ssh/authorized_keys Agent forwarding doesn’t work for automated workflows where a user is taken out of the equation, ie: our automated deploy from TeamCity for Inspire Friday, September 2, 11
  • 51. Port Forwarding Local, Remote, Magic Friday, September 2, 11
  • 52. Local Port Forwarding Friday, September 2, 11
  • 53. Local Port Forwarding Example your-box box-1 box-2 sshd www Private Network Friday, September 2, 11
  • 54. your-box to www on box-2 your-box box-1 box-2 sshd www public IP local IP local IP Private Network Friday, September 2, 11
  • 55. Can’t access box-2 directly X your-box box-1 box-2 sshd www public IP local IP local IP Private Network Friday, September 2, 11
  • 56. With Local Port Forwarding your-box box-1 box-2 sshd www public IP local IP local IP your-box> ssh -L 8000:box-2:80 box-1 box-1> success Friday, September 2, 11
  • 57. A Tunnel is Made! your-box box-1 box-2 sshd www public IP local IP local IP your-box> ssh -L 8000:box-2:80 box-1 box-1> success Friday, September 2, 11
  • 58. box-2 doesn’t have to run sshd your-box box-1 box-2 sshd www public IP local IP local IP Friday, September 2, 11
  • 59. Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote box to tunnel to, hostport is the port on the remote box to tunnel to Friday, September 2, 11
  • 60. Sharing Your Tunnel your-box box-1 box-2 sshd www public IP local IP local IP bobs-box your-box> ssh -L 8000:box-2:80 -g box-1 box-1> success Friday, September 2, 11
  • 61. Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port Friday, September 2, 11
  • 62. Host Configured Host inspire.staging LocalForward 8000:box-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September 2, 11
  • 63. SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. Friday, September 2, 11
  • 64. When/Why Access normally unreachable resources on an internal network from anywhere on the internet Friday, September 2, 11
  • 66. Remote Port Forwarding Example your-box box-1 box-2 sshd Private Network Friday, September 2, 11
  • 67. box-2 to your-box your-box box-1 box-2 sshd local IP public IP local IP Private Network Friday, September 2, 11
  • 68. box-2 can’t talk to your-box X your-box box-1 box-2 sshd local IP public IP local IP Private Network Friday, September 2, 11
  • 69. With Remote Port Forwarding your-box box-1 box-2 sshd local IP public IP local IP your-box> ssh -R 8000:localhost:80 box-1 box-1> success Friday, September 2, 11
  • 70. A Reverse Tunnel Is Made! your-box box-1 box-2 sshd http://box-1:8000 80 8000 local IP public IP local IP your-box> ssh -R 8000:localhost:80 box-1 box-1> success Friday, September 2, 11
  • 71. Command Line Remote Port Forwarding ssh -R remoteport:host:hostport example.com remoteport is the port on the machine you ssh into, host is the local box to tunnel to, hostport is the port on the local box to tunnel to Friday, September 2, 11
  • 72. -g is not supported for remote forwarding Friday, September 2, 11
  • 73. Host Configured Host inspire.staging RemoteForward 8000:localhost:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September 2, 11
  • 74. SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. Friday, September 2, 11
  • 75. When/Why Allow outside resources to connect to your box, or another machine on a private network Example: testing web callbacks Friday, September 2, 11
  • 76. ~/.ssh/config User-specified SSH configuration Friday, September 2, 11
  • 77. Host Configuration Host is the section identifier Any time Host shows up a new section is started Host is whatever you want to refer to the connection as Host inspire HostName staging.inspirehq.com User inspire your-box> ssh example.com Host inspire.production HostName inspirehq.com User inspire ~/.ssh/config Friday, September 2, 11
  • 78. HostName Configuration HostName is the real host name to log into Can be IP address or domain name Host inspire HostName staging.inspirehq.com User inspire your-box> ssh example.com Host inspire.production HostName inspirehq.com User inspire ~/.ssh/config Friday, September 2, 11
  • 79. User Configuration User is the user to log in as Can be overridden on the command line Host inspire HostName staging.inspirehq.com User inspire your-box> ssh example.com Host inspire.production HostName inspirehq.com User foobar ~/.ssh/config Friday, September 2, 11
  • 80. Port Configuration Port defines what port for SSH connect on Can be overridden on the command line Host inspire HostName staging.inspirehq.com User inspire Port 45000 your-box> ssh example.com ~/.ssh/config Friday, September 2, 11
  • 81. Local/Remote Port Forwarding LocalForward RemoteForward Host inspire HostName staging.inspirehq.com User inspire LocalForward 8080:example.com:80 your-box> ssh example.com RemoteForward 8080:example.com:80 ~/.ssh/config Friday, September 2, 11
  • 82. GatewayPorts GatewayPorts specifies whether or not remote hosts can connect to local forwarded ports Works in conjunction with LocalPortForward Defaults to no Host inspire HostName staging.inspirehq.com User inspire LocalForward 8080:example.com:80 your-box> ssh example.com GatewayPorts yes ~/.ssh/config Friday, September 2, 11
  • 83. ServerAliveInterval ServerAliveInterval sets a time interval in seconds after which if no data has been received from the server ssh will send a message to the server Defaults to 0, meaning this will never be sent This can be used to keep SSH connections alive Host inspire HostName staging.inspirehq.com User inspire LocalForward 8080:example.com:80 your-box> ssh example.com GatewayPorts yes ServerAliveInterval 5 ~/.ssh/config Friday, September 2, 11
  • 84. > ssh inspire Friday, September 2, 11
  • 86. Overuse ~/.ssh/config SSHing into an IP more than once? SSHing into crazy domains? (ie: Amazon) Looking up IP or hostname routinely? save it in ~/.ssh/config Friday, September 2, 11
  • 87. ...skipping server configuration... Friday, September 2, 11
  • 88. SSH and Other apps Friday, September 2, 11
  • 89. scp: secure file copy Friday, September 2, 11
  • 90. copy single file scp file1 example.com: Friday, September 2, 11
  • 91. copy multiple files scp file1 file2 example.com: Friday, September 2, 11
  • 92. copy to other locations scp file1example.com:foo/bar scp file1example.com:/foo/bar Friday, September 2, 11
  • 93. scp doesn’t copy directories scp dir/ example.com:foo/bar dir/: not a regular file Friday, September 2, 11
  • 94. rsync: remote file copying Friday, September 2, 11
  • 95. copy single file rsync -avz file1 example.com: Friday, September 2, 11
  • 96. copy directory rsync -avz dir/ example.com: Friday, September 2, 11
  • 97. rsync does so much more incremental file transfers (only transfers what’s different) include/exclude files and directories include/exclude file name patterns can copy files from a remote box to a local box can copy files from a local box to a remote box Friday, September 2, 11
  • 99. git/ssh info Can run over SSH Supports SSH client configuration files Can set to specific SSH binary using GIT_SSH environment variable Friday, September 2, 11