Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005.

Published byGwen Shaw Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005."— Presentation transcript:

1 Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005

2 Secure Shell What is ssh? How to use it? Single sign on using ssh Digital certificates Accessing and Managing Grid Resources Wrgrid commands Further Information

3 Secure Shell Program to log into another computer over a network Execute commands on a remote machine Move files from one machine to another Provides strong authentication and secure communications over insecure channels. Intended as a replacement for rlogin, rsh, rcp, and rdist.

4 The Secure shell protocol SSH is a new method of communications over the Internet that encrypts data end-to-end. Replaces telnet, ftp, rsh and rcp Components –Secure shell ssh –Secure ftp sftp –Secure copy scp

5 ssh You only need the SSH client. The server is unnecessary, unless you wish to connect back to your home machine via the Internet using SSH. Connecting to a WRG node ssh -l wrsmg maxima.leeds.ac.uk To use X-windows add the "-X" flag –SSH will then carry Xwindows traffic over the Internet to connect Range of options for changing ports, specifying authentication files, encryption algorithms etc…. –Use man ssh for help with options

6 ssh You only need the SSH client. The server is unnecessary, unless you wish to connect back to your home machine via the Internet using SSH. Connecting to a WRG node ssh -l wrsmg maxima.leeds.ac.uk To use X-windows add the "-X" flag –SSH will then carry Xwindows traffic over the Internet to connect Range of options for changing ports, specifying authentication files, encryption algorithms etc…. –Use man ssh for help with options

7 Running X Windows Apps Examples –File manager and NAG Iris explorer on Maxima After using ssh to access a remote host –setenv DISPLAY workstation_address:1.0 –Workstation address can be an ip number of the workstation –Check ip number using nslookup (on linux), ipconfig (pc)

8 Secure ftp (sftp) Establishes an FTP-style file transfer session between the Unix systems sftp command always used in the form: sftp user@server –e.g.from titania sftp wrsmg@maxima.leeds.ac.uk

9 Transferring Files Using sftp From the SFTP prompt (sftp>) can do the following: get command to retrieve a file from the remote Unix server. –get test.txt put command to transfer a file from your Unix system to the remote Unix system you are connected to. – put file2.txt

10 Navigating file systems using sftp From the SFTP prompt (sftp>) can do the following: ls command to display the contents of a directory on the remote Unix system you are connected to. –ls /home/user. Will display the contents of the directory /home/user on the remote Unix system. cd and lcd commands change current remote directory, or current local directory. –e.g. cd /home/user. Will change the current remote directory to /home/user.

11 Summary of sftp commands 1 mget Retrieve multiple files from server Mput Transfer multiple files to server pwd Display remote working directory quit or exit Quit sftp rename oldpath newpath Rename remote file rmdir path Remove remote directory rm path Delete remote file version Show SFTP version ? Synonym for help

12 Summary Listing of SFTP commands 2 ascii Use text transfer mode help Display the help text image Use binary transfer mode lls [ls-options [path]] Display local directory listing lmkdir path Create local directory ls [path] Display remote directory listing mkdir path Create remote directory put local-path [remote-path] Upload file

13 Secure copy - scp Using SCP Fast, easy method to copy single files from your Unix system to a remote Unix system.

14 Retrieving a file using SCP To retrieve a file from a remote Unix system, the syntax is: scp username@server:file local-file –username= username on the remote system – server= the name of the remote Unix system – file= the file to retrieve from the remote system –local-file= the location you wish to save the file to on your local Unix system

15 Transferring a file to a remote Unix system using SCP The syntax is: scp local-file username@server:file – local-file= the file to transfer from the local system –username= username on the remote system –server= the name of the remote Unix system –file= the location you wish to save the file to on the remote Unix system

16 Transferring Multiple Files mget and mput with sftp Use tar and compress to package a directory tree –scp transfers the packaged directory tree –uncompress and extract directory tree using tar

17 Security Authentication –Are you who you say you are? Authorisation –What are you permitted to do? Message protection –Integrity –Confidentiality Single sign-on –Delegation

18 SSH Authentication SSH allows to perform authentication based on –what we know (our key pass-phrase) –and what we have (our private key).

19 SSH Authentication Enable single sign on to remote resources that use ssh. Authentication Utilities –ssh-keygen Authentication key pair generation –ssh-agent Authentication agent –ssh-add Adds identities for authentication agent

20 ssh files and directories authorized_keys –Contains public keys of hosts and users authorised to access this host known_hosts –List of hosts from which ssh authentication is allowed. Contains public key for remote host

21 Enabling Single Sign On Using SSH Enable using the Utility ssh-keygen ssh-keygen –Generates and manages authentication keys for ssh

22 Steps for setting up single sign on General steps for enabling your local host to access an account on a remote host without providing a password –Generate a key pair from your local host –Copy public key to remote host you require access –Edit authorized_keys file on the remote host

23 Running ssh-keygen Generate a key pair of type rsa –ssh-keygen –t rsa At the prompt for a file name press return the default filename will be generated for the pair At the prompt for a pass phrase and the prompt to re-enter the pass phrase just hit return. A pair of keys has now been generated the private key must be protected.

24 Preparing the Remote Host for Single Sign On Copy the public key you created using ssh-keygen to the.ssh directory on the remote host Append your public key to the authorised_keys file in the.ssh directory Single sign on using secure shell is now enabled.

25 Comments Enables distributed application shell scripts that request applications and transfers resources between different systems on which you have accounts. Approach does not require logon to access each node

26 Grid Security Infrastructure Grid Security Infrastructure uses PKI to protect security of communications on the internet Public key infrastructure integrate digital certificates, public key cryptography and certification authorities Digital certificates allow individual users and hosts to confidently validate the identity of each party involved in a transaction Use X509v3 Digital Certificates

27 GSI Delegation Proxies are temporary certificates signed by the owner –Expiry date –Private key Relies on conventional filesystem security Enables remote processes to authenticate with further resources Hence single sign-on

28 Apply to Use Grid Resources White Rose Grid –Download, complete and sign a form. National Grid Service –Complete on line form provide case Details at: –http://www.shef.ac.uk/wrgrid/access

29 Why??? Extra compute resource? Run jobs when local queues are busy… Run more jobs… Run jobs faster

30 How to Obtain an X509v3 Certificate Obtain certificate from CA Get request approved by local registration authority (ID required) Get certificate from CA, install it and test it. May need to Use OpenSSL to convert certificate for use Details at –http://www.shef.ac.uk/wrgrid/access

31 Protection of Credentials Permission on long term-term private key file read only (userkey.pem by default is read only) The passphrase for encrypting your private key must be secure Private keys and proxy files should not be stored on movable media Private keys should be copied using secure methods only (sftp NOT ftp or rcp)

32 Using the Grid Iceberg grid commands –wrhelp Geodise toolkit with matlab (available on iceberg) gsissh, gsiscp –From maxima Globus toolkit gt2.4

33 wr grid commands : Overview wrhelp wrnn Proxy Management Execute Commands (e.g. unix ) on remote node Transfer files Submit jobs

34 wr grid commands : Help and nodes wrhelp –Gives list of available commands –Type command with –help option to get help wrnn –List of wrg nodes and ngs nodes with correct contact information –Given a nickname for a node will return the crrect conatct name –ssh –X wrsmg@`wrnn snowdon`

35 wr grid commands : Proxy management wrgpi –Initialises a proxy wrgpinf –Displays information about current proxy wrgpd –Deletes proxy

36 wr grid commands : Execute Commands wrunx –Execute unix command (/bin ) –wrunx nodenickname command options wrexe –Run executable on specified path –Wrexe fullnodecontact command+path options –Can use jobmanager i.e. sge, pbs, condor

37 wr grid commands : File Transfer wrft –Wrft fromnode fromfile+path tonode tofile+path Use nickname in wrnn to specify fromnode and tonode File must include path which is RELATIVE to the HOME area on a node. –i.e. no need to remember where home on different nodes located Can do third party file transfers

38 wr grid commands : Job management Use wrft to transfer required resources to node wrjobsubmit –wrjobsubmit fullcontactnamefornode rslfile –Full contact name for node (not nick name) can include job manager –Provide the name of an rsl file –Returns a handle for the job wrjobstatus –wrjobstatus jobhandle wrjobkill –wrjobkill jobhandle

39 Further Information Registration and Access –http://www.shef.ac.uk/wrgrid/access/index.htmlhttp://www.shef.ac.uk/wrgrid/access/index.html Status information about nodes –http://www.shef.ac.uk/wrgrid/status.htmlhttp://www.shef.ac.uk/wrgrid/status.html RSL Scripting –http://www.ipg.nasa.gov/ipgusers/globus/4-globus.htmlhttp://www.ipg.nasa.gov/ipgusers/globus/4-globus.html Documentation Index –http://www.shef.ac.uk/wrgrid/documents/index.htmlhttp://www.shef.ac.uk/wrgrid/documents/index.html Contacts –http://www.shef.ac.uk/wrgrid/contact.html

Download ppt "Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.

1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
PlanetLab www.planet-lab.org. What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.

PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.

Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.

FILE TRANSFER PROTOCOL Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring.
Chapter 19 FTP: Transferring Files Across a Network

Chapter 19 FTP: Transferring Files Across a Network
Universidad del Cauca Red de Datos Module 9 Remote Connections.

Universidad del Cauca Red de Datos Module 9 Remote Connections.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Cs490ns-cotter1 SSH / SSL Supplementary material.

Cs490ns-cotter1 SSH / SSL Supplementary material.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
SoftwareTools CGS 3460, Lecture 7 Jan 25, 2006 Zhen Yang.

SoftwareTools CGS 3460, Lecture 7 Jan 25, 2006 Zhen Yang.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.

Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.

Similar presentations

Ads by Google