cai dat ssh
TRANSCRIPT
Phc lcS m hnh :
Thng tin v server OpenSSH c ci t : Server chy h iu hnh CenOS 6.5 kernel 2.6.32-431.el6.i686
- Bc 1 - ng nhp vo ti khon root trn server kim tra xem openssh c ci t hay cha :# rpm -qa | grep ssh Thng thng cc phin bn h iu hnh linux dnh cho server ngay khi mi ci t c sn openssh (cc phin bn dnh cho Desktop nh ubuntu hay backtrack hoc kali linux th phi ci thm) Bc 2 Nu cha ci t th hin down bn ci t internet bng lnh :# yum install ssh -y Sau khi ci t song cc file cu hnh s nm ng dn /etc/ssh/:+ moduli : Cha mt nhm Diffie-Hellman c s dng cho vic trao i kha Diffie-Hellman, n thc s quan trng xy dng mt lp bo mt tng vn chuyn d liu.Khi cc kha c trao i vi nhau bt u mt phin kt ni SSH, mt share secret value c to ra v khng th xc nh bi mt trong hai bn kt ni, gi tr ny sau s c dng cung cp chng thc cho host.+ ssh_config: file cu hnh mc nh cho SSH client ca h thng.+ sshd_config: File cu hnh chnh cho ssh deamon.+ ssh_host_dsa_key: DSA private key c s dng vi ssh deamon.+ssh_host_dsa_key.pub: DSA public key c s dng bi ssh deamon.+ ssh_host_key: RSA private key c s dng bi ssh deamon cho phin bn 1 ca giao thc SSH.+ssh_host_key.pub: RSA public key c s dng bi ssh deamon cho phin bn 1 ca giao thc SSH.+ssh_host_rsa_key: RSA private key c s dng bi ssh deamon cho phin bn 2 ca giao thc SSH.+ssh_host_rsa_key.pub: RSA public key c s dng bi ssh deamon cho phin bn 2 ca giao thc SSH.
A. Cu hnh sshd chng thc bng mt khu ( Password Authentication ) Bc 3 Dng trnh son tho vi cu hnh :# vi /etc/ssh/sshd_configThm 2 dng sau vo file cu hnh : PermitRootLogin noPasswordAuthentication yesVi dng u tin khng cho user root ng nhp trc tip thng qua sshDng th 2 l cho php xc thc bng mt khu Bc 4 Thc hin ng nhp t my client vo server thng qua SSH:+ Download ng dng PuTTY v, y l ng dng nh min ph chy trn Windows c 1 file exe duy nht dng SSH vo my ch. C th d dng ti trn mng v+ M chng trnh v nhp cc thng s Hostname: IP ca serverPort: Cng SSH Server ang lng ngheSaved Sessions: t mt ci tn no
+ n Open v tin hnh nhp username v password ng nhp vo server :
B. Cu hnh sshd chng thc bng kha ( Keys Authentication ) Khc vi chng thc bng mt khu, y ta s cu hnh SSH Server cho php chng thc ngi dng thng qua kha Ta s to ra cp kha Public key & Private key bng thut ton RSA hoc DSA.+Public key: S dng cho Server+Private key : S dng cho Client Thut ton ny h tr cp kha to ra cho di max l 2048 bitMun to kha login cho user no th ta login ssh bng user , sau khi logion thnh cng ta chy lnh sau to khaThc hin nh sau :Bc 1 - Dng PuTTYgen to Public key & Private key.M PuTTYgen ln nhn Generate tin hnh to kha.
Ch di chuynchut vo trng y l mt ma trn n to kha ngu nhin Nhp vo Passphrase trong Key passphrase : c s dng khi dng PuTTY to kt ni ssh mc ch bo v private key Chn Save private key to private keyChn Save public key to public key: y cc bn ch ,nu khng th chuyn file v s dng thnh cng th c th copy ton b chui trong Public key for pasting into vo file public key .
Bc 2 Cu hnh SSH server :+ Thc hin to user mun s dng xc thc bng key (nu c th khng cn phi to)
+ To th mc n c tn l ssh vi ng dn /home/kmassh/.ssh (trong kmassh l tn user s ci t xc thc bng key):# mkdir /home/kmassh/.ssh+ Cp quyn 700 cho php ti khon root c ton quyn vi th mc, cc ti khon khc khng c quyn g c :# chmod 700 /home/kmassh/.ssh+ Chuyn vo th mc ssh va to :# cd /home/kmassh/.ssh+ To file authentication_keys trong .ssh:# vi authorized_keys+ Copy ton b chui m ha trong public key va to bc 1 paste vo authentication_keys (lu li bng lnh :wq)ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBxphMdnPS5L+Ais28zeJ4wAqSx4H06IbEJFLV47ULC6vfaTX0RMKI2CeoX5GEKKnTh0DDu9hREzD0K6AqPf/BfhNRbX1z7s4rDxT+VguQ7csvtAYjkH1a1K0JaqkmkZDyF2yF4JqkkhOBUKPqUC5/FDlkjxW71gy+WfT/Ddh7jEQ== rsa-key-20140508+ Cp quyn 600 read, write cho authentication_ keys va to ra.# chmod 600 authorized_keys+ Tip theo dng vi edit file cu hnh sshd_config# vi /etc/ssh/sshd_config+ Sa li cc dng nh sau v lu li: PubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keysPasswordAuthentication no+ Khi ng li dch v sshd: # service sshd restartBc 3 Hiu chnh PuTTY to kt ni s dng Private key & Public key:+ G a ch ip ca server vo giao din nh bnh thng, sau tip tc thc hin nh hnh bn di+ phn s 3 n Browse chn ng dn file private key va lu bc 1
+ Tin hnh open v g tn user tng ng vo
C. Cu hnh SFTP ng dng SSH trong truyn fileFTP giao thc truyn file c s dng rt rng di trao i d liu gia cc my tnh khc nhau. Tuy nhin, mc nh tt c cc kt ni FTP u khng c bo mt ng cch n khng phi cch an ton trao i cc d liu quan trng.Rt nhiu ngi c Download Filezilla Client hay CuteFTP v ci sau truyn file ph ph ln Server m khng bit rng nhng d liu c th b tht thot ra ngoi. Vy lm th no bo mt kt ni FTP y ? Mnh xin gii thiu mt cch bo mt kt ni FTP l SFTP.SFTP SSH File Transfer Protocol l s kt hp gia SSH Keys Authentication v FTP, to ra knh truyn file an ton gia client v server.1. To kt ni SFTP s dng WinSCP:Host name: 10.0.0.3 IP SSH ServerPort number: 22, y l port SSH Server lng nghe.User name: ssh1Password: Pass tng ng ca user ssh1 y tng t nh ssh cng c 2 kiu ng nhp l dng username password hoc s dng key chng ta c th chn 1 trong 2 phng php tin hnh ng nhp vi WinSCPSau khi in xong ta n login
+Nu s dng phng php ng nhp bng key ta phi n chn phn Advanced.. chn tip Authentication v nhp file private key tng ng vo
+Mt ca s thng bo hin ra, bn chn Yes thm key vo cache.
Giao in to kt ni SFTP thnh cng, chng ta c th tin hnh ko th cc file t my client sang server mt cch n gin v d dng
+ Th tin hnh chn bt v phn tch gi tin bng wireshark chng ta s thy giao thc c s dng l SSH v ton b d liu c m ha
+ Phn tch c th 1 phin lin lc ta thy ton b d liu c m ha