DOCSLIB.ORG

SSU Extending SSH for Secure Root Administration

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The following paper was originally published in the Proceedings of the Twelfth Systems Administration Conference (LISA ’98) Boston, Massachusetts, December 6-11, 1998 SSU Extending SSH for Secure Root Administration Christopher Thorpe, Yahoo!, Inc. For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org SSU: Extending SSH for Secure Root Administration Christopher Thorpe – Yahoo!, Inc. ABSTRACT SSU†, ‘‘Secure su,’’ is a mechanism that uses SSH [Ylonen] to provide the security for distributing access to privileged operations. Its features include both shell or per-command access, a password for each user that is distinct from the login password and easily changed, and high portability. By installing SSU, administrators build a solid infrastructure for using SSH for improving security in other areas, such as file distribution and revision control. Introduction and Site Information been successfully used to support the secure exchange of data for programs such as rdist [Cooper] and CVS The EECS research computing environment at [Cyclic]. Harvard University is comprised of approximately two hundred workstations running eight variations of In any large installation, key management is an Unix. Users are primarily faculty, graduate students important task for the proper installation and mainte- and researchers, most of whom need some level of nance of SSH. Since we already used SSH, it was nat- root access to their workstations. Some students need ural to extend the key management system we devel- only the ability to reboot their workstations or mount oped for remote root operations into a more complex removable storage media, but many computer science system supporting SSU. By doing so, researchers researchers need full root access for their work. In adding a new system need only install SSH and add addition, these Unix-savvy users ease the load on sys- the trusted public identity key in root’s autho- tem administrators tremendously by performing rized_keys file. After this is done, SSU is installed administration tasks when possible. automatically from the trusted host and keys are peri- odically updated. Note that SSH uses two types of Because the EECS environment is a research-ori- RSA keys: one for host identification and another for ented group, machines come and go on the network all user authorization. SSU does not use the host identifi- the time, as do users who need privileged access. cation keys outside their normal use when ssh estab- There are several independent research groups within lishes a connection between two hosts. All SSU EECS, and researchers in a group generally need priv- authentication uses 1024-bit RSA key pairs, com- ileged access only to that group’s machines. In addi- pletely separate from a host’s identity keys. tion, many researchers administer their own research machines while using our network and home directory The features we required: NFS server. Since our environment is comprised of • The ability to easily redefine users’ root access machines for which we provide various levels of • Definition of access in terms of groups of administration, we built a system to give both admin- machines and automatic update of machines’ istrators and researchers root access on various groups root access configurations when these groups of machines. In addition, we made the system easy to change install so that anyone setting up a new machine need • The ability to administer machines without pos- only modify or create two files in addition to the ssh sessing a local user id distribution (which everyone installs anyway.) • Easy installation for researchers installing new systems SSU sits on top of the widely-used secure shell Seamless portability between all of our operat- protocol SSH. Because of its usefulness in providing • ing systems security and ease of access to networked computing environments, ssh is now in use on all of the Unix- Features we wanted: based machines within EECS. SSH can also be used • A password for privileged operations distinct for remote administration, where a trusted host uses from the user’s login password and consistent the protocol to establish secure connections to other for all operations machines and execute privileged operations. SSH has • Authentication of the user within the EECS domain before allowing root access †The bulk of this work was completed while the author was Description of SSU employed as a student systems administrator while an under- graduate at Harvard University. SSU is currently used in Table 1 shows the commands and files used by Harvard’s EECS (Electrical Engineering and Computer Sci- SSU. Examples 1, 2, and 3 show how to reboot the ence) research environment. local machine, gain a remote shell, and grant access to 1998 LISA XII – December 6-11, 1998 – Boston, MA 27 SSU: Extending SSH for Secure Root Administration Thorpe a new user. Note that this program asks for multiple script then determines the appropriate identity to use, command/host pairs, so that it is possible to define a connects to the SSU port on the remote machine or different set of commands for each group of hosts. loopback interface as root, and ssh executes the com- mand as root. See Appendix D for a description of Overview of How SSU Works how SSH authenticates a user. Note that SSU does not When users are granted access they are given allow .rhosts, .shosts or password authentication, and access to commands chosen from a list of SSU com- disables TCP/IP, X, and agent forwarding by default. mands (checked in a configuration file for sanity). Key Management A configuration file is created or updated by run- ning ssu-user. This file may be modified by hand to Key management was probably the most difficult change users’ permissions in the future. The reason problem in implementing this solution. Since the sys- for using this file is that if a user is granted access to tem’s security is based on RSA public/private key groups of servers (as defined in the netgroup file or cryptography, it is vital to correctly administer the the GROUPS directory) and those groups change the keys. First, we introduce the idea of a ‘‘trusted mas- user ’s permissions are automatically adjusted to corre- ter.’’ This machine holds an RSA private key for the spond to the changes in those groups the next time root user that is trusted by the root users on all other process-ssu is run. machines on our network. (It is possible, and probably wise, to have multiple trusted masters.) An RSA key pair is generated for each com- mand, and the passphrase is set to be the same for all By configuring all the machines in the network commands for that particular user (in order to facili- to trust the root identity on this host, it allows all tate ease of remembering the passphrases.) The ssu- authentication for user root access to take place on the passwd command makes it easy for users to change all trusted machine. Connections with root access can be of their SSU passphrases at once. established from there. This also has the useful side effect of creating a machine that can establish secure, A user executes a privileged command by typing privileged connections to all other machines for any ‘‘ssu command’’ or ‘‘ssu command@host.’’ The ssu purpose – e.g., rdist, network monitoring and backups. Command/File Description ssu Used to invoke a privileged operation locally or remotely. ssu-passwd Used to modify a user’s RSA passphrases for all SSU commands. ssu-user Administrators’ tool for creating or modifying SSU privileges. Processes the configuration files, generates the authorized_keys files, process-ssu and pushes the files to the hosts. A Perl 5 module that contains local configuration settings and library SSU.pm functions used by ssu commands. ssu_cmdgroups Definitions of convenient groups of SSU commands. ssu_usergroups Definitions of convenient groups of SSU users. These groups may work with or be instead of the system group file. ssu_hostgroups Definitions of convenient groups of hosts for SSU. These groups may work with or be instead of the system netgroup file. Table 1: User Interface. % ssu reboot Enter passphrase for RSA key ’cat:tcsh@eecs’: [passphrase] Shutdown at Sun Sep 20 14:59:19 1998. shutdown: [pid 19268] Connection to localhost closed. Example 1: Rebooting the local machine. % ssu tcsh@herbert Enter passphrase for RSA key ’cat:reboot@eecs’: [passphrase] herbert# Example 2: Gaining a shell on a remote machine. 28 1998 LISA XII – December 6-11, 1998 – Boston, MA Thorpe SSU: Extending SSH for Secure Root Administration Alternatively, private keys may be pushed to all of the options with which ssh will execute the command machines on the network or placed in an NFS- (e.g., environment=‘‘SHELL=/bin/false’’ to prevent mounted directory (see Appendix C for security con- shell escapes from vi or less), and the public key for cerns). With the keys available everywhere, users can the user-command pair generated by ssu-user or pro- gain root access through the loopback port. This cess-ssu. allows restricted login access to the trusted master as Since the private keys of these user-command well as the ability to gain root access even if the pairs are protected by passphrases, even if they are trusted master is inaccessible. captured via NFS sniffing or user negligence they are The master’s trusted private key should be care- still secure. Some administrators may wish to place fully guarded. We do not protect it with a passphrase them on the trusted server’s local disk if root access is so automatic privileged operations can execute with- to be limited to connections coming from the trusted out administrator intervention at boot time.
Recommended publications
  • The Keys to Using SSH

    The Keys to Using SSH

    The Keys to Using SSH David Tomaschik RHCE, LPIC-1 System Administrator, Kennesaw State University MSCS Student, SPSU [email protected] http://systemoverlord.com Special ALE Central Edition! What is SSH? ● SSH = Secure Shell ● Originally intended as “Encrypted Telnet” ● Allows remote shell (command-line) access ● Connection Encrypted Using Public Key Cryptography ● SSH Version 1: Developed 1995, Now Insecure ● SSH Version 2: Standardized 2006 ● Only use SSH2! Why use SSH? ● Useful for remote system administration ● Transfer files securely ● Run remote applications ● Secure OTHER communications ● Requires Little Bandwidth ● Industry Standard SSH Clients ● Linux: OpenSSH; Usually Installed by Default ● OS X: OpenSSH; Installed by Default ● Windows: PuTTY, OpenSSH under Cygwin, Commercial SSH ● Android: ConnectBot + Others ● IOS: iSSH, Prompt, Others About the Presentation ● Assumes OpenSSH on Linux for both Client and Server ● Some features may require relatively recent versions of OpenSSH Basic Use ● ssh [email protected] Basic Use ● ssh [email protected] Verifying Who You're Connecting To ● The highlighted lines show you which host you are connecting to along with the key fingerprint. ● The key fingerprint is cryptographic proof that your connection is not being tampered with. ● Depending on your level of paranoia: ● Get the fingerprint from the system administrator ● Make your first connection from a 'trusted' network ● Just ignore it and hope its ok What You Can Do Now ● Run Commands Remotely ● Install packages/services ● Configure
  • Secure Telnet

    Secure Telnet

    The following paper was originally published in the Proceedings of the Fifth USENIX UNIX Security Symposium Salt Lake City, Utah, June 1995. STEL: Secure TELnet David Vincenzetti, Stefano Taino, and Fabio Bolognesi Computer Emergency Resource Team Italy Department of Computer Science University of Milan, Italy For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org STEL Secure TELnet David Vincenzetti Stefano Taino Fabio Bolognesi fvince k taino k b ologdsiunimiit CERTIT Computer Emergency Response Team ITaly Department of Computer Science University of Milan ITALY June Abstract Eavesdropping is b ecoming rampant on the Internet We as CERTIT have recorded a great numb er of sning attacks in the Italian community In fact sning is the most p opular hackers attack technique all over the Internet This pap er presents a secure telnet implementation whichhas b een designed by the Italian CERT to makeeavesdropping ineective to remote terminal sessions It is not to b e considered as a denitive solution but rather as a bandaid solution to deal with one of the most serious security threats of the moment Intro duction STEL stands for Secure TELnet We started developing STEL at the University of Milan when we realized that eavesdropping was a very serious problem and we did not like the freeware solutions that were available at that time It was ab out three years ago Still as far as we know e tapping problem and there are no really satisfying
  • Unix Security

    Unix Security

    Unix Security Vulnerability Assessment Course All materials are licensed under a Creative Commons “Share Alike” license. ■ http://creativecommons.org/licenses/by-sa/3.0/ 2 Agenda ■ Why assess ■ Where are we in the process ■ What’s needed ■ Defining vulnerabilities ■ NIST 800-53A controls ■ Assessment Exercise ■ Security Exercise ■ Conclusion 3 Vulnerability Assessment ■ Provides the opportunity to address weaknesses before an enemy can exploit them ■ Implementation: Scanning tools that identify vulnerabilities in computer hardware, software, networks and operating systems ■ Common techniques – Multiple tools – one tool may not identify all vulnerabilities – Ability to identify backdoors security perimeter, e.g. modems, VPNs, etc. – all potential vulnerabilities need to be assessed – Correction verification mechanism – ability to check if vulnerability has been eliminated ■ Compliance with OMB, DOD, DHS policy – Utilize NIST 800-53 and 800-53A – DOD 8500 series 4 What’s Needed ■ Unix experience – Hands on experience: configuration, managing, building various Unix systems – Working knowledge of best practices ■ Security Experience – Intimate knowledge of how to secure a system – Prior experience with CIS Benchmark, DISA STIG/SRR ■ Data Collection – Network scans from NMAP and Nessus – Host output from any data collection tools ■ Other Skills – Need to work with administrators – Put vulnerability in their language – Be tedious while looking for vulnerabilities – Work well in a team 5 Defining Unix Vulnerability Assessment ■ Defining Unix Vulnerability Assessment – Unix Vulnerability Assessment – Unix Security Issues – Security Paradigm – System Hardening: The CIS Philosophy – Network Based Vulnerability Scanning – Host (Local) Vulnerability Scanning – Remote vs. Local Vulnerability Scanning – Common Problems and Issues – Mitigation 6 Unix Vulnerability Assessment ■ Definition – Examining the operating characteristics of a Unix environment remotely and locally in order to accurately assess its security posture (or profile).
  • Computer Network Security Protocols: a Review

    Computer Network Security Protocols: a Review

    International Journal of Enhanced Research in Management & Computer Applications ISSN: 2319-7471, Vol. 5 Issue 1, January-2016 Computer Network Security Protocols: A Review Anil Kumar Programmer-Cum-Networking Engineer, Haryana Roadways, Transport Department, Govt of Haryana, India. ABSTRACT Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them. Keywords: Protocol, Security, Secure Socket Layer (SSL) and Transport Layer Security (TLS) Protocols; secure IP (IPSec); Secure HTTP (S-HTTP), secure E-mail (PGP and S/MIME), DNDSEC, SSH. 1. INTRODUCTION The rapid growth of the Internet as bothan individual and business communication channel has created a growing demand forsecurity and privacy in this electronic communication channel. Security and privacy are essential if individual communication is to continue ande-commerce is to thrivein cyberspace. The call for and desire for security and privacy has led to several security protocols and standards. Among these are: Secure Socket Layer (SSL) and Transport Layer Security (TLS) Protocols; secure IP (IPSec); Secure HTTP (S-HTTP), secure E-mail ( PGP and S/MIME), DNDSEC, SSH, and others. In this paper I discuss these protocols and standards within the framework of the network protocol stack as follow: Application Layer Transport Layer Network Layer Data Link Layer: PGP, SSL IPSec PPP S/MIME TLS VPN RADIUS S-HTTP TACACS+ HTTPS SET KERBEROS 2.
  • Unix Security Overview: 1

    Unix Security Overview: 1

    CIS/CSE 643: Computer Security (Syracuse University) Unix Security Overview: 1 Unix Security Overview 1 User and Group • Users – root: super user (uid = 0) – daemon: handle networks. – nobody: owns no files, used as a default user for unprivileged operations. ∗ Web browser can run with this mode. – User needs to log in with a password. The encrypted password is stored in /etc/shadow. – User information is stored in /etc/passwd, the place that was used to store passwords (not anymore). The following is an example of an entry in this file. john:x:30000:40000:John Doe:/home/john:/usr/local/bin/tcsh • Groups – Sometimes, it is more convenient if we can assign permissions to a group of users, i.e. we would like to assign permission based on groups. – A user has a primary group (listed in /etc/passwd), and this is the one associated to the files the user created. – Any user can be a member of multiple groups. – Group member information is stored in /etc/group % groups uid (display the groups that uid belongs to) – For systems that use NIS (Network Information Service), originally called Yellow Page (YP), we can get the group information using the command ypcat. % ypcat group (can display all the groups and their members) 2 File Permissions • File Permissions – The meaning of the permission bits in Unix. ∗ Owner (u), Group (g), and Others (o). ∗ Readable (r), Writable (w), and Executable (x). ∗ Example: -rwxrwxrwx (777) • Permissions on Directories: – r: the directory can be listed. – w: can create/delete a file or a directory within the directory.
  • Evaluating UNIX Security Previous Screen Allen B

    Evaluating UNIX Security Previous Screen Allen B

    84-01-15.1 Evaluating UNIX Security Previous screen Allen B. Lum Payoff The UNIX operating system's basic security features include password protection, access permission, user profiles, shell scripts, and file ownership. Because new and enhanced UNIX security features are continually being added to these features in response to the demands of an increasingly competitive user community, information security professionals must begin with an understanding of the basic UNIX security environment. This article covers the fundamental security features that can be found in most of the currently available versions of the UNIX operating system. Several checklists are included at the end of the article to assist administrators in ensuring the security of UNIX systems. Problems Addressed The UNIX operating system was originally developed for use by programmers within an open systems environment. The adoption of UNIX as a common operating system across several different platforms has increased the need for security beyond its original purpose. As a result, many UNIX installations have less than optimal security. In addition, there are several versions of UNIX on the market today with differing security features. This article discusses basic access controls (e.g., passwords) and directory and file permissions within the UNIX system. The concepts discussed are applicable to all versions of UNIX unless specifically noted otherwise. UNIX History As the majority of UNIX users know, UNIX was developed at AT Bell Laboratories in the late 1960s by Thompson and Ritchie; the name UNIXis a contraction of uni and multics. The original UNIX system software was written in the assembler language to run on the digital PDP-7 computer.
  • Malware to Crimeware

    Malware to Crimeware

    I have surveyed over a decade of advances in delivery of malware. Over this daVid dittRich period, attackers have shifted to using complex, multi-phase attacks based on malware to crimeware: subtle social engineering tactics, advanced how far have they cryptographic techniques to defeat takeover gone, and how do and analysis, and highly targeted attacks we catch up? that are intended to fly below the radar of current technical defenses. I will show how Dave Dittrich is an affiliate information malicious technology combined with social security researcher in the University of manipulation is used against us and con- Washington’s Applied Physics Laboratory. He focuses on advanced malware threats and clude that this understanding might even the ethical and legal framework for respond- ing to computer network attacks. help us design our own combination of [email protected] technical and social mechanisms to better protect us. And ye shall know the truth, and the truth shall make you free. The late 1990s saw the advent of distributed and John 8:32 coordinated computer network attack tools, which were primarily used for the electronic equivalent of fist fighting in the streets. It only took a few years for criminal activity—extortion, click fraud, denial of service for competitive advantage—to appear, followed by mass theft of personal and financial data through quieter, yet still widespread and auto- mated, keystroke logging. Despite what law-abid- ing citizens would desire, crime does pay, and pay well. Today, the financial gain from criminal enter- prise allows investment of large sums of money in developing tools and operational capabilities that are increasingly sophisticated and highly targeted.
  • Unix and Linux System Administration and Shell Programming

    Unix and Linux System Administration and Shell Programming

    Unix and Linux System Administration and Shell Programming Unix and Linux System Administration and Shell Programming version 56 of August 12, 2014 Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009, 2010, 2011, 2012, 2013, 2014 Milo This book includes material from the http://www.osdata.com/ website and the text book on computer programming. Distributed on the honor system. Print and read free for personal, non-profit, and/or educational purposes. If you like the book, you are encouraged to send a donation (U.S dollars) to Milo, PO Box 5237, Balboa Island, California, USA 92662. This is a work in progress. For the most up to date version, visit the website http://www.osdata.com/ and http://www.osdata.com/programming/shell/unixbook.pdf — Please add links from your website or Facebook page. Professors and Teachers: Feel free to take a copy of this PDF and make it available to your class (possibly through your academic website). This way everyone in your class will have the same copy (with the same page numbers) despite my continual updates. Please try to avoid posting it to the public internet (to avoid old copies confusing things) and take it down when the class ends. You can post the same or a newer version for each succeeding class. Please remove old copies after the class ends to prevent confusing the search engines. You can contact me with a specific version number and class end date and I will put it on my website. version 56 page 1 Unix and Linux System Administration and Shell Programming Unix and Linux Administration and Shell Programming chapter 0 This book looks at Unix (and Linux) shell programming and system administration.
  • Linux Server Security, 2Nd Edition Expertly Conveys to Administrators

    Linux Server Security, 2Nd Edition Expertly Conveys to Administrators

    Linux Server Security, 2nd Edition By Michael D. Bauer Publisher: O'Reilly Pub Date: January 2005 ISBN: 0-596-00670-5 Pages: 542 Table of • Contents • Index • Reviews • Examples Linux Server Security, 2nd Edition expertly conveys to administrators and Reader developers the tricks of the trade that can help them avoid serious • Reviews security breaches. It covers both background theory and practical step-by- • Errata step instructions for protecting a server that runs Linux. Packed with • Academic examples, this must-have book lets the good guys stay one step ahead of potential adversaries. Linux Server Security, 2nd Edition By Michael D. Bauer Publisher: O'Reilly Pub Date: January 2005 ISBN: 0-596-00670-5 Pages: 542 Table of • Contents • Index • Reviews • Examples Reader • Reviews • Errata • Academic Copyright dedication Dedication Preface What This Book Is About The Paranoid Penguin Connection The Second Edition Audience What This Book Doesn't Cover Assumptions This Book Makes Organization of This Book Conventions Used in This Book Safari® Enabled How to Contact Us Using Code Examples Acknowledgments Chapter 1. Threat Modeling and Risk Management Section 1.1. Components of Risk Section 1.2. Simple Risk Analysis: ALEs Section 1.3. An Alternative: Attack Trees Section 1.4. Defenses Section 1.5. Conclusion Section 1.6. Resources Chapter 2. Designing Perimeter Networks Section 2.1. Some Terminology Section 2.2. Types of Firewall and DMZ Architectures Section 2.3. Deciding What Should Reside on the DMZ Section 2.4. Allocating Resources in the DMZ Section 2.5. The Firewall Chapter 3. Hardening Linux and Using iptables Section 3.1.
  • Recent Security Enhancements in Netbsd

    Recent Security Enhancements in Netbsd

    Recent Security Enhancements in NetBSD Elad Efrat < [email protected] > September 2006 Abstract Over the years, NetBSD obtained the position of the BSD focusing on portability. While it is true that NetBSD offers an easily portable operating system, care is also given to other areas, such as security. This paper presents the NetBSD philosophy of security, design decisions, and currently offered security features. Finally, some of the current and future research will be revealed. 1. Introduction Running on almost twenty different architectures, and easily portable to others, NetBSD gained its reputation as the most portable operating system on the planet. While that may indicate high quality code, the ever demanding networked world cares about more than just that. Over the past year, NetBSD evolved quite a bit in various areas; this paper, however, will focus on the aspect relating to security. This paper was written and structured to present a full overview of the recent security enhancements in NetBSD in an easily readable and balanced form that will satisfy new, intermediate, and experienced users. References were sprinkled across the text to provide more information to those who want the gory details, while preserving the continuity. Section 2 will present the bigger picture of security in NetBSD: how NetBSD perceives security, the design decisions of NetBSD software in general and the security infrastructure and features more specifically. Section 3 will present a detailed overview of the recent enhancements in the security infrastructure and features of NetBSD including, where relevant, details about the design, implementation, and possible future development. Section 4 will present current security-related research and development in NetBSD, and section 5 will discuss how the described enhancements work together to provide a more secure platform.
  • SSH Secure Shell for UNIX Servers Administrator's Guide

    SSH Secure Shell for UNIX Servers Administrator's Guide

    SSH Secure Shell for UNIX Servers Administrator's Guide December, 2000 2 c 1996 - 2000 SSH Communications Security Corp, Finland. No part of this publication may be reproduced, published, stored in a electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Commu- nications Security Corp. SSH and IPSEC Express are trade- marks or registered trademarks of SSH Communications Secu- rity Corp. All brand and product names that are trademarks or registered trademarks are the property of their owners. US and other patents pending. This product includes software de- veloped by the University of California, Berkeley and its con- tributors. THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY OR USEFULNESS OF THIS INFORMA- TION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING. SSH Communications Security Corp Fredrikinkatu 42; FIN-00100 Helsinki; FINLAND SSH Communications Security Inc. 1076 East Meadow Circle; Palo Alto, CA 94303; USA SSH Communications Security K.K 2-7-1, House Hamamatsu-cho Bldg. 5F; Hamamatsu-cho; Minato-ku, Tokyo 105-0013; JAPAN http://www.ssh.com/ e-mail: [email protected] (sales), http://www.ssh.com/support/ssh/ Tel: +358 303 9870 (Finland), +1 650 251 2700 (USA), +81 3 3459 6830 (Japan) Fax: +358 303 9871 (Finland), +1 650 251 2701 (USA), +81 3 3459 6825 (Japan) c 2000 SSH Communications Security SSH Secure Shell Administration CONTENTS 3 Contents 1 Introduction to SSH Secure Shell 7 1.1 SSH Secure Shell . 7 1.2 This Document .
  • Lab Work 03. Using Ssh/Rdp for Remote Linux/UNIX/Mac/Windows Servers

    Lab Work 03. Using Ssh/Rdp for Remote Linux/UNIX/Mac/Windows Servers

    LAB WORK 03. USING SSH/RDP FOR REMOTE LINUX/UNIX/MAC/WINDOWS SERVERS MANAGEMENT 1. PURPOSE OF WORK Get the initial skills of working with a remote host via ssh protocol. Secure SHell is the primary means of remotely managing networked computers running UNIX/Linux. The Linux/UNIX commands are used: ssh, scp, uname, passwd, date, who, pwd, mkdir, mc, exit, logout. 2. TASKS FOR WORK 2.1. Install Secure Shell Extension on your Chrome browser in the classroom or at home. Using the Secure Shell Extension, connect to the academy.lv remote server with your student account. Use the uname command (with the appropriate parameters) to determine the type of operating system, hardware platform, and version of the server core (make a Screenshot 1). 2.2. Download Putty.exe on your Windows computer in the classroom or at home. Using the putty.exe, connect to the academy.lv remote server with your student account. Use the passwd command for change Your password on academy.lv remote server. Use the date command (with the appropriate parameters) to determine the date and time of the remote server (make a Screenshot 2). 2.3. Start Your Linux Virtual Machine on VirtualBox on your Windows computer (show Lab Work 01). Start Linux Terminal. 2.4. Use the uname command (with the appropriate parameters) to determine the type of operating system, hardware platform, and version of the server core for local Linux (make a Screenshot 3). 2.5. Use the ssh command on Linux Virtual Machine (without loading the academy.lv remote server shell) to determine the date and time (date command with the appropriate parameters) for academy.lv remote server (make a Screenshot 4).