Presentation is loading. Please wait.

Presentation is loading. Please wait.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

Published byErika Allison Modified over 8 years ago

Similar presentations

Presentation on theme: "SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access."— Presentation transcript:

1 SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access

2 SUSE Linux Enterprise Server Administration (Course 3037)2 Objectives Provide Secure Remote Access with OpenSSH Enable Remote Administration with YaST Configure a Network Installation

3 SUSE Linux Enterprise Server Administration (Course 3037)3 Provide Secure Remote Access with OpenSSH Objectives –Cryptography Basics –SSH Features and Architecture –How to Configure the SSH Client –SSH Client Commands –How to Configure the SSH Server –SSH Server Commands –Public Key Authentication Management

4 SUSE Linux Enterprise Server Administration (Course 3037)4 Cryptography Basics Symmetric encryption –Same key is used for encryption and decryption Key should be protected –Helps with high-speed transmission –Key length is very important –Technologies DES (Data Encryption Standard) 3DES (Triple DES) IDEA Blowfish AES (Advanced Encryption Standard)

5 SUSE Linux Enterprise Server Administration (Course 3037)5 Cryptography Basics (continued) Asymmetric encryption –Symmetric encryption problem Securely transmitting the key –Uses two keys (private and public keys) One is used for encryption and the other for decryption –Low-speed data transmission –Both techniques are often combined Key for symmetric encryption is transmitted over an asymmetrically encrypted channel –Techniques RSA, DSA, Diffie-Hellman

6 SUSE Linux Enterprise Server Administration (Course 3037)6 SSH Features and Architecture SSH features –Basic functionality Login from a remote host Interactive or noninteractive command execution on remote hosts Copying files between different network hosts High-performance authentication and cryptographically secured communication on nonsecure networks Automatic and transparent encryption of all communication Complete substitution of “r” utilities: rlogin, rsh, and rcp Port forwarding Tunneling

7 SUSE Linux Enterprise Server Administration (Course 3037)7 SSH Features and Architecture (continued) SSH features (continued) –Special features Prevent security loopholes through IP, routing, and DNS spoofing You can control the client by using system-wide and user-based configuration files You can transmit any type of binary data between hosts –Optional support for compressing data is also available There are up to six procedures available from the client for server authentication

8 SUSE Linux Enterprise Server Administration (Course 3037)8 SSH Features and Architecture (continued) SSH protocol versions –Protocol version 1 (SSH1) –Protocol version 2 (SSH2) SSH1 does not ensure the integrity of a connection –Insertion attack HMAC (Keyed-Hash Message Authentication Code) –Guarantees integrity of a connection

9 SUSE Linux Enterprise Server Administration (Course 3037)9 SSH Features and Architecture (continued)

10 SUSE Linux Enterprise Server Administration (Course 3037)10 SSH Features and Architecture (continued)

11 SUSE Linux Enterprise Server Administration (Course 3037)11 SSH Features and Architecture (continued)

12 SUSE Linux Enterprise Server Administration (Course 3037)12 SSH Features and Architecture (continued) SSH authentication mechanism configuration –Client checks if public host key of the server really belongs to the server –SSH currently does not use any directory services Or any certificates Random key pair can be easily created by anyone Client “learns” server public host key –Server side mechanisms to authenticate clients Host-based authentication –Authentication is based on configuration files /etc/hosts.equiv or /etc/, shosts.equiv, and/or ~/.rhosts or ~/.shosts

13 SUSE Linux Enterprise Server Administration (Course 3037)13 SSH Features and Architecture (continued) SSH authentication mechanism configuration (continued) –Server side mechanisms to authenticate clients (continued) Host-based RSA authentication –Public keys of clients are saved on server in the files ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts Public key (RSA/DSA) authentication –User proves knowledge of his private key through a challenge-response procedure Password authentication –Takes place through a UNIX user password –Transfer of the password is encrypted

14 SUSE Linux Enterprise Server Administration (Course 3037)14 SSH Features and Architecture (continued) SSH authentication mechanism configuration (continued) –After successful authentication A work environment is created on the server –Initialization routines are processed –Parameter X11 Forwarding Determines whether or not graphical output is forwarded by default –SSH server configuration file /etc/ssh/sshd_config

15 SUSE Linux Enterprise Server Administration (Course 3037)15 How to Configure the SSH Client SSH client configuration file –/etc/ssh/ssh_config Each user can edit his individual settings –In the file ~/.ssh/config StrictHostKeyChecking option –Prevents client from simply entering new keys From unknown servers without checking –Three values: yes, no, and ask (default)

16 SUSE Linux Enterprise Server Administration (Course 3037)16 SSH Client Commands

17 SUSE Linux Enterprise Server Administration (Course 3037)17 How to Configure the SSH Server Configuration file –/etc/ssh/sshd_config

18 SUSE Linux Enterprise Server Administration (Course 3037)18 How to Configure the SSH Server (continued)

19 SUSE Linux Enterprise Server Administration (Course 3037)19 SSH Server Commands

20 SUSE Linux Enterprise Server Administration (Course 3037)20 Public Key Authentication Management Public key authentication process –Client informs server of which public key is being used for authentication –Server checks to see if the public key is known –Server encrypts a random number using the public key and transfers this to the client –Client decrypts random number with its private key –Client sends the server an MD5 checksum that has calculated from the number –Server also calculates a checksum and, if they are identical, the user has authenticated successfully

21 SUSE Linux Enterprise Server Administration (Course 3037)21 Public Key Authentication Management (continued) How to create a key pair –Use command ssh-keygen –A different key is required for SSH1 than for SSH2 –Use option -t keytype to specify the type of key –Keys are stored in the files ~/.ssh/identity (private key) ~/.ssh/identity.pub (public key) –Command ssh-keygen -t rsa Generates an RSA key pair Keys are stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

22 SUSE Linux Enterprise Server Administration (Course 3037)22 Public Key Authentication Management (continued) How to configure and use public key authentication –Authentication using RSA or DSA keys Copy public key to the server Append the public key to file ~/.ssh/authorized_keys Example: scp.ssh/id_dsa.pub sun:geeko-pubkey –Launch the client to test the keys You can use option -i to enter file name for private key –Password is still required when logging in to server Enter password with the command ssh-add –You can also use the ssh-agent with a graphical login

23 SUSE Linux Enterprise Server Administration (Course 3037)23 Exercise 10-1 Manage Remote Connections with OpenSSH In this exercise, you do the following: –Part I: Use SSH Utilities –Part II: Create a Trusted Connection Between Servers

24 SUSE Linux Enterprise Server Administration (Course 3037)24 Enable Remote Administration with YaST Objectives –VNC and YaST Remote Administration –How to Configure Your Server for Remote Administration –How to Access Your Server for Remote Administration

25 SUSE Linux Enterprise Server Administration (Course 3037)25 VNC and YaST Remote Administration VNC (virtual network computing) –Client-server solution –Allows a remote X server to be managed from anywhere on the Internet Set VNC with YaST Remote Administration module Connect to the server using –VNC client such as krdc (connect to hostname:5901) –VNC connection in Konqueror (vnc://hostname:5901) –Java-capable Web browser (http://hostname:5801) Remote Administration is less secure than SSH

26 SUSE Linux Enterprise Server Administration (Course 3037)26 How to Configure Your Server for Remote Administration Steps –Start the YaST Remote Administration module –Select Allow Remote Administration; select Finish –Close the dialog box by selecting OK –Close any open applications; then display a console pressing Ctrl+Alt+F2 –Log in as root with the appropriate password –Restart the display manager by entering rcxdm restart –Log in to the desktop as root or any other local user

27 SUSE Linux Enterprise Server Administration (Course 3037)27 How to Configure Your Server for Remote Administration (continued)

28 SUSE Linux Enterprise Server Administration (Course 3037)28 How to Configure Your Server for Remote Administration

29 SUSE Linux Enterprise Server Administration (Course 3037)29 How to Access Your Server for Remote Administration Access the server from a Web browser –Open Web browser; then enter http://hostname:5801 –Directly access YaST by selecting Administration –Enter the root password; then select OK –Exit YaST; then close the session by selecting Disconnect

30 SUSE Linux Enterprise Server Administration (Course 3037)30 How to Access Your Server for Remote Administration (continued)

31 SUSE Linux Enterprise Server Administration (Course 3037)31 Exercise 10-2 Use Remote Administration In this exercise, you do the following: –Part I: Remotely Access a Text-Based Version of YaST –Part II: Remotely Access the GUI Version of YaST –Part III: Configure Remote Administration with YaST –Part IV: Access Your Partner’s Server Remotely

32 SUSE Linux Enterprise Server Administration (Course 3037)32 Configure a Network Installation Objectives –How to Prepare for the Installation –SUSE Linux Installation Basics –How to Configure an Installation Server

33 SUSE Linux Enterprise Server Administration (Course 3037)33 How to Prepare for the Installation Consider the following: –Hardware compatibility Verify that your hardware is compatible with SLES 9 at www.novell.com/partnerguide/section/481.html –File system types –Partitioning scheme Plan for the appropriate partitions and partition sizes –Software package selection –Dual-boot system Better to install SUSE Linux Enterprise Server 9 first

34 SUSE Linux Enterprise Server Administration (Course 3037)34 SUSE Linux Installation Basics SUSE Linux lets you install from a variety of sources –Using a YaST GUI interface or a text-based interface The role of Linuxrc –Defines installation settings and loads hardware drivers –Hands over control to YaST Which starts the actual installation

35 SUSE Linux Enterprise Server Administration (Course 3037)35 SUSE Linux Installation Basics (continued)

36 SUSE Linux Enterprise Server Administration (Course 3037)36 SUSE Linux Installation Basics (continued)

37 SUSE Linux Enterprise Server Administration (Course 3037)37 SUSE Linux Installation Basics (continued)

38 SUSE Linux Enterprise Server Administration (Course 3037)38 SUSE Linux Installation Basics (continued) Virtual consoles –You might need to access a command-line prompt Called a shell prompt in Linux From a virtual console –Linux system provides six virtual consoles –X Window system is assigned console number 7 –Switch between virtual consoles by pressing Ctrl+Alt+Fx –Return to the X Window system by pressing Ctrl+Alt+F7

39 SUSE Linux Enterprise Server Administration (Course 3037)39 SUSE Linux Installation Basics (continued) YaST installation log files –/var/log/YaST2/y2log –View its contents entering the following: more /var/log/YaST2/y2log –View the last few lines of the installation log file: tail /var/log/YaST2/y2log

40 SUSE Linux Enterprise Server Administration (Course 3037)40 How to Configure an Installation Server Steps –Start the YaST Installation Server module –Select the server type –Deactivate the automatic configuration of server services (conditional) –Enter directory where you want to copy the installation files –Continue by selecting Next –Configure the service type (HTTP or FTP, and NFS) –Continue by selecting Next

41 SUSE Linux Enterprise Server Administration (Course 3037)41 How to Configure an Installation Server (continued)

42 SUSE Linux Enterprise Server Administration (Course 3037)42 How to Configure an Installation Server (continued)

43 SUSE Linux Enterprise Server Administration (Course 3037)43 How to Configure an Installation Server (continued) Steps (continued) –Configure an installation source by selecting Configure –Enter a name for the installation source –Select Use ISO Images Instead of CDs (conditional) –Select Prompt for additional CDs (conditional) –Announce as Installation Service with SLP (optional) –Continue by selecting Next –Insert the First CD

44 SUSE Linux Enterprise Server Administration (Course 3037)44 How to Configure an Installation Server (continued)

45 SUSE Linux Enterprise Server Administration (Course 3037)45 How to Configure an Installation Server (continued) Steps (continued) –Continue following the prompts to remove and replace CDs –Edit the configured source (optional) –Change the server settings (optional) –Finalize the configuration by selecting Finish –Close the YaST Control Center (optional)

46 SUSE Linux Enterprise Server Administration (Course 3037)46 How to Start a Remote Installation Steps –Insert the boot media and restart your computer –With the down-arrow key, scroll to and highlight Installation –Press F3; then select the service type (FTP, HTTP, NFS, or SLP) –Enter server and full path (conditional) To directory where the installation files are stored –Select Installation –Follow installation prompts until complete

47 SUSE Linux Enterprise Server Administration (Course 3037)47 How to Start a Remote Installation (continued)

48 SUSE Linux Enterprise Server Administration (Course 3037)48 Exercise 10-3 Install SLES 9 from an Installation Server In this exercise you will install SLES 9 from an Installation Server

49 SUSE Linux Enterprise Server Administration (Course 3037)49 Summary SSH daemon (sshd) provides a secure alternative to telnet, r-tools, and FTP –By encrypting traffic scp and sftp commands –Copy files between remote hosts using SSH SSH uses a combination of asymmetric and symmetric encryption SSH server configuration file /etc/ssh/sshd_config ssh-keygen and ssh-keyscan commands –Generate and view asymmetric SSH keys

50 SUSE Linux Enterprise Server Administration (Course 3037)50 Summary (continued) Use YaST Remote Administration module –To configure a VNC server Before installing SLES, consider: –Server role –Hardware compatibility –Boot, partition, and filesystem configuration Linuxrc –Provides a text-based installation program YaST is used to perform a graphical installation

51 SUSE Linux Enterprise Server Administration (Course 3037)51 Summary (continued) YaST may be used to set up an installation server –That hosts the SLES media using the HTTP, FTP, or NFS protocol

Download ppt "SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access."

Similar presentations

Network Security.

Network Security.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Data Networking Fundamentals Unit 7 7/2/2015 1 Modified by: Brierley.

Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Cs490ns-cotter1 SSH / SSL Supplementary material.

Cs490ns-cotter1 SSH / SSL Supplementary material.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.

Similar presentations

Ads by Google