16
Phục lục Sơ đồ mô hình : Thông tin về server OpenSSH được cài đặt : Server chạy hệ điều hành CenOS 6.5 kernel 2.6.32-431.el6.i686 - Bước 1 - Đăng nhập vào tài khoản root trên server kiểm tra xem openssh đã được cài đặt hay chưa : # rpm -qa | grep ssh Thông thường các phiên bản hệ điều hành linux dành cho server ngay khi mới cài đặt đã có sẵn openssh

cai dat SSH

Embed Size (px)

Citation preview

Phc lcS m hnh :

Thng tin v server OpenSSH c ci t : Server chy h iu hnh CenOS 6.5 kernel 2.6.32-431.el6.i686

- Bc 1 - ng nhp vo ti khon root trn server kim tra xem openssh c ci t hay cha :# rpm -qa | grep ssh Thng thng cc phin bn h iu hnh linux dnh cho server ngay khi mi ci t c sn openssh (cc phin bn dnh cho Desktop nh ubuntu hay backtrack hoc kali linux th phi ci thm) Bc 2 Nu cha ci t th hin down bn ci t internet bng lnh :# yum install ssh -y Sau khi ci t song cc file cu hnh s nm ng dn /etc/ssh/:+ moduli : Cha mt nhm Diffie-Hellman c s dng cho vic trao i kha Diffie-Hellman, n thc s quan trng xy dng mt lp bo mt tng vn chuyn d liu.Khi cc kha c trao i vi nhau bt u mt phin kt ni SSH, mt share secret value c to ra v khng th xc nh bi mt trong hai bn kt ni, gi tr ny sau s c dng cung cp chng thc cho host.+ ssh_config: file cu hnh mc nh cho SSH client ca h thng.+ sshd_config: File cu hnh chnh cho ssh deamon.+ ssh_host_dsa_key: DSA private key c s dng vi ssh deamon.+ssh_host_dsa_key.pub: DSA public key c s dng bi ssh deamon.+ ssh_host_key: RSA private key c s dng bi ssh deamon cho phin bn 1 ca giao thc SSH.+ssh_host_key.pub: RSA public key c s dng bi ssh deamon cho phin bn 1 ca giao thc SSH.+ssh_host_rsa_key: RSA private key c s dng bi ssh deamon cho phin bn 2 ca giao thc SSH.+ssh_host_rsa_key.pub: RSA public key c s dng bi ssh deamon cho phin bn 2 ca giao thc SSH.

A. Cu hnh sshd chng thc bng mt khu ( Password Authentication ) Bc 3 Dng trnh son tho vi cu hnh :# vi /etc/ssh/sshd_configThm 2 dng sau vo file cu hnh : PermitRootLogin noPasswordAuthentication yesVi dng u tin khng cho user root ng nhp trc tip thng qua sshDng th 2 l cho php xc thc bng mt khu Bc 4 Thc hin ng nhp t my client vo server thng qua SSH:+ Download ng dng PuTTY v, y l ng dng nh min ph chy trn Windows c 1 file exe duy nht dng SSH vo my ch. C th d dng ti trn mng v+ M chng trnh v nhp cc thng s Hostname: IP ca serverPort: Cng SSH Server ang lng ngheSaved Sessions: t mt ci tn no

+ n Open v tin hnh nhp username v password ng nhp vo server :

B. Cu hnh sshd chng thc bng kha ( Keys Authentication ) Khc vi chng thc bng mt khu, y ta s cu hnh SSH Server cho php chng thc ngi dng thng qua kha Ta s to ra cp kha Public key & Private key bng thut ton RSA hoc DSA.+Public key: S dng cho Server+Private key : S dng cho Client Thut ton ny h tr cp kha to ra cho di max l 2048 bitMun to kha login cho user no th ta login ssh bng user , sau khi logion thnh cng ta chy lnh sau to khaThc hin nh sau :Bc 1 - Dng PuTTYgen to Public key & Private key.M PuTTYgen ln nhn Generate tin hnh to kha.

Ch di chuynchut vo trng y l mt ma trn n to kha ngu nhin Nhp vo Passphrase trong Key passphrase : c s dng khi dng PuTTY to kt ni ssh mc ch bo v private key Chn Save private key to private keyChn Save public key to public key: y cc bn ch ,nu khng th chuyn file v s dng thnh cng th c th copy ton b chui trong Public key for pasting into vo file public key .

Bc 2 Cu hnh SSH server :+ Thc hin to user mun s dng xc thc bng key (nu c th khng cn phi to)

+ To th mc n c tn l ssh vi ng dn /home/kmassh/.ssh (trong kmassh l tn user s ci t xc thc bng key):# mkdir /home/kmassh/.ssh+ Cp quyn 700 cho php ti khon root c ton quyn vi th mc, cc ti khon khc khng c quyn g c :# chmod 700 /home/kmassh/.ssh+ Chuyn vo th mc ssh va to :# cd /home/kmassh/.ssh+ To file authentication_keys trong .ssh:# vi authorized_keys+ Copy ton b chui m ha trong public key va to bc 1 paste vo authentication_keys (lu li bng lnh :wq)ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBxphMdnPS5L+Ais28zeJ4wAqSx4H06IbEJFLV47ULC6vfaTX0RMKI2CeoX5GEKKnTh0DDu9hREzD0K6AqPf/BfhNRbX1z7s4rDxT+VguQ7csvtAYjkH1a1K0JaqkmkZDyF2yF4JqkkhOBUKPqUC5/FDlkjxW71gy+WfT/Ddh7jEQ== rsa-key-20140508+ Cp quyn 600 read, write cho authentication_ keys va to ra.# chmod 600 authorized_keys+ Tip theo dng vi edit file cu hnh sshd_config# vi /etc/ssh/sshd_config+ Sa li cc dng nh sau v lu li: PubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keysPasswordAuthentication no+ Khi ng li dch v sshd: # service sshd restartBc 3 Hiu chnh PuTTY to kt ni s dng Private key & Public key:+ G a ch ip ca server vo giao din nh bnh thng, sau tip tc thc hin nh hnh bn di+ phn s 3 n Browse chn ng dn file private key va lu bc 1

+ Tin hnh open v g tn user tng ng vo

C. Cu hnh SFTP ng dng SSH trong truyn fileFTP giao thc truyn file c s dng rt rng di trao i d liu gia cc my tnh khc nhau. Tuy nhin, mc nh tt c cc kt ni FTP u khng c bo mt ng cch n khng phi cch an ton trao i cc d liu quan trng.Rt nhiu ngi c Download Filezilla Client hay CuteFTP v ci sau truyn file ph ph ln Server m khng bit rng nhng d liu c th b tht thot ra ngoi. Vy lm th no bo mt kt ni FTP y ? Mnh xin gii thiu mt cch bo mt kt ni FTP l SFTP.SFTP SSH File Transfer Protocol l s kt hp gia SSH Keys Authentication v FTP, to ra knh truyn file an ton gia client v server.1. To kt ni SFTP s dng WinSCP:Host name: 10.0.0.3 IP SSH ServerPort number: 22, y l port SSH Server lng nghe.User name: ssh1Password: Pass tng ng ca user ssh1 y tng t nh ssh cng c 2 kiu ng nhp l dng username password hoc s dng key chng ta c th chn 1 trong 2 phng php tin hnh ng nhp vi WinSCPSau khi in xong ta n login

+Nu s dng phng php ng nhp bng key ta phi n chn phn Advanced.. chn tip Authentication v nhp file private key tng ng vo

+Mt ca s thng bo hin ra, bn chn Yes thm key vo cache.

Giao in to kt ni SFTP thnh cng, chng ta c th tin hnh ko th cc file t my client sang server mt cch n gin v d dng

+ Th tin hnh chn bt v phn tch gi tin bng wireshark chng ta s thy giao thc c s dng l SSH v ton b d liu c m ha

+ Phn tch c th 1 phin lin lc ta thy ton b d liu c m ha


Huong dan cai dat avira

Huong dan cai dat avira

Documents
Huong Dan Cai Dat Iis

Huong Dan Cai Dat Iis

Documents
Huong Dan Cai Dat Synology

Huong Dan Cai Dat Synology

Documents
Cai dat ISA 2006

Cai dat ISA 2006

Documents
Cai dat web joomla

Cai dat web joomla

Documents
Cai dat DotNetNuke 4.5.3

Cai dat DotNetNuke 4.5.3

Documents
Cai dat kali tren vmware

Cai dat kali tren vmware

Technology
Cai dat windows_7_tu_dong_qua_mang

Cai dat windows_7_tu_dong_qua_mang

Technology
Cai Dat Cum Hadoop

Cai Dat Cum Hadoop

Documents
Tai lieu cai dat

Tai lieu cai dat

Business
Cai dat DOTNETNUKE 4

Cai dat DOTNETNUKE 4

Documents
Cai Dat SQL Mat Khau

Cai Dat SQL Mat Khau

Documents
Huong Dan Cai Dat Struts2

Huong Dan Cai Dat Struts2

Documents
2.1.Hd Cai Dat Vemis

2.1.Hd Cai Dat Vemis

Documents
Cai Dat Centos 5

Cai Dat Centos 5

Documents
Huong Dan Cai Dat NXL

Huong Dan Cai Dat NXL

Documents
LAP RAP VA CAI DAT

LAP RAP VA CAI DAT

Documents
Cai Dat Kaspersky Cho Linux

Cai Dat Kaspersky Cho Linux

Documents
Cai Dat Lotus Domino

Cai Dat Lotus Domino

Documents
Cai Dat Router TP Link

Cai Dat Router TP Link

Documents
Huong Dan Cai Dat

Huong Dan Cai Dat

Documents
Cai Dat Grid - Database

Cai Dat Grid - Database

Documents
Cai Dat Va Cau Hinh_iis7.0_web_ftp

Cai Dat Va Cau Hinh_iis7.0_web_ftp

Documents
Cai dat iphone

Cai dat iphone

Documents
Cai dat va_su_dung_kaspersky_internet_security_2013

Cai dat va_su_dung_kaspersky_internet_security_2013

Documents
Cai dat gns3

Cai dat gns3

Education
CAI DAT ASD 2013

CAI DAT ASD 2013

Documents
Cai dat teamplate

Cai dat teamplate

Education
Cai Dat Fedora

Cai Dat Fedora

Documents
Huong Dan Cai Dat TktNet

Huong Dan Cai Dat TktNet

Documents