SlideShare ist ein Scribd-Unternehmen logo

Formation ssh

‱
‱
Nicolas Ledez
Nicolas Ledez

Pour tout savoir sur SSH

Technologie
1 von 34
Downloaden Sie, um offline zu lesen
Introduction AuthentiïŹcation Tunnel Divers Secure SHell Nicolas Ledez 15 septembre 2008 Nicolas Ledez Secure SHell
Introduction AuthentiïŹcation Tunnel Divers Plan 1 Introduction 2 AuthentiïŹcation 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers Historique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers FonctionnalitĂ©s 1/2 AuthentiïŹcation Chiffrement IntĂ©gritĂ© Nicolas Ledez Secure SHell
Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers FonctionnalitĂ©s 2/2 Login distant Transfert de ïŹchier ExĂ©cution de commande distante ClĂ©s et agents Redirection de ports VPN Nicolas Ledez Secure SHell
Clé/chiffrement symétrique
Clé/chiffrement asymétrique
Chiffrement dans ssh
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Password ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding ClĂ©s ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 1/2 Nicolas Ledez Secure SHell
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 1/2 Nicolas Ledez Secure SHell
Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Tunnel 1/2 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Tunnel 2/2 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 1/4 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 2/4 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 3/4 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Remote Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting .conïŹg et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Timeout ConnectTimeout Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting AuthentiïŹcation ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting CaractĂšre d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Conclusion Conclusion Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Bibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The DeïŹnitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Questions Questions ? Nicolas Ledez Secure SHell

Empfohlen

Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoĂ ng HáșŁi Nguyễn
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Ssh
SshSsh
SshRaghu nath
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
Switcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 

Empfohlen

Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoĂ ng HáșŁi Nguyễn
 
SSH
SSHSSH
SSHZach Dennis
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Ssh
SshSsh
SshRaghu nath
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
Switcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo Network - Advanced NEO Smart Contracts
Switcheo Network - Advanced NEO Smart ContractsSwitcheo
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Vpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșżVpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșżlaonap166
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacksCyber Security Alliance
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSLZhi Guan
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lecKaustubh Joshi
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden TicketGiuseppe Trotta
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime SĂĄnchez
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLEAmiraMohamedGalal
 
Race car security system
Race car security systemRace car security system
Race car security systemcabreraracing
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizoXiris Rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDainerCruz
 
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșαγÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșαprasino
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classrooms
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on BloggingCompendium
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Vpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșżVpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșżlaonap166
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSLZhi Guan
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden TicketGiuseppe Trotta
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime SĂĄnchez
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLEAmiraMohamedGalal
 

Was ist angesagt? (16)

Vpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșżVpn site to site 2 asa qua gpon ftth thá»±c táșż
Vpn site to site 2 asa qua gpon ftth thá»±c táșż
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)Chromium Sandbox on Linux (BlackHoodie 2018)
Chromium Sandbox on Linux (BlackHoodie 2018)
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Secure shell
Secure shellSecure shell
Secure shell
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacks
 
Crypto With OpenSSL
Crypto With OpenSSLCrypto With OpenSSL
Crypto With OpenSSL
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLESecure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
 

Andere mochten auch

Race car security system
Race car security systemRace car security system
Race car security systemcabreraracing
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizoXiris Rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDainerCruz
 
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșαγÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșαprasino
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classrooms
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on BloggingCompendium
 
1.5 infinite geometric series
1.5 infinite geometric series1.5 infinite geometric series
1.5 infinite geometric seriesGary Ball
 
Domino must gather information
Domino must gather informationDomino must gather information
Domino must gather informationChris Sparshott
 

Andere mochten auch (8)

Race car security system
Race car security systemRace car security system
Race car security system
 
Alimentos xiris rizo
Alimentos xiris rizoAlimentos xiris rizo
Alimentos xiris rizo
 
Desensamblando y ensamblando la pc
Desensamblando y ensamblando la pcDesensamblando y ensamblando la pc
Desensamblando y ensamblando la pc
 
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșαγÎșÎżÏ…Î­ÏÎœÎčÎșα
ÎłÎșÎżÏ…Î­ÏÎœÎčÎșα
 
Flat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slidesFlat Classroom Conference Go virtual 2013 slides
Flat Classroom Conference Go virtual 2013 slides
 
Calculating ROI on Blogging
Calculating ROI on BloggingCalculating ROI on Blogging
Calculating ROI on Blogging
 
1.5 infinite geometric series
1.5 infinite geometric series1.5 infinite geometric series
1.5 infinite geometric series
 
Domino must gather information
Domino must gather informationDomino must gather information
Domino must gather information
 

Ähnlich wie Formation ssh

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdfNigussMehari4
 
Security and dev ops for high velocity organizations
Security and dev ops for high velocity organizationsSecurity and dev ops for high velocity organizations
Security and dev ops for high velocity organizationsChef
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptographyErik LaBianca
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)Maarten Mulders
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)Maarten Mulders
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
InSpec Keynote at ChefConf
InSpec Keynote at ChefConfInSpec Keynote at ChefConf
InSpec Keynote at ChefConfChristoph Hartmann
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using sshTiago Henriques
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using sshmorisson
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpecdevopsdaysaustin
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as CodeMatt Ray
 
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...Jan Löffler
 

Ähnlich wie Formation ssh (20)

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
Security and dev ops for high velocity organizations
Security and dev ops for high velocity organizationsSecurity and dev ops for high velocity organizations
Security and dev ops for high velocity organizations
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
InSpec Keynote at ChefConf
InSpec Keynote at ChefConfInSpec Keynote at ChefConf
InSpec Keynote at ChefConf
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh(Mis)trusting and (ab)using ssh
(Mis)trusting and (ab)using ssh
 
2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
GOTO Copenhagen - Radical Agility with Autonomous Teams and Microservices in ...
 
dotCloud and go
dotCloud and godotCloud and go
dotCloud and go
 

KĂŒrzlich hochgeladen

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

KĂŒrzlich hochgeladen (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Formation ssh

  • 1. Introduction AuthentiïŹcation Tunnel Divers Secure SHell Nicolas Ledez 15 septembre 2008 Nicolas Ledez Secure SHell
  • 2. Introduction AuthentiïŹcation Tunnel Divers Plan 1 Introduction 2 AuthentiïŹcation 3 Tunnel 4 Divers Nicolas Ledez Secure SHell
  • 3. Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers Historique 1995 par Tatu Ylönen (Helsinki Finland) Remplacement de Telnet et les r* Nicolas Ledez Secure SHell
  • 4. Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers FonctionnalitĂ©s 1/2 AuthentiïŹcation Chiffrement IntĂ©gritĂ© Nicolas Ledez Secure SHell
  • 5. Introduction AuthentiïŹcation Historique et fonctionnalitĂ©s Tunnel ClĂ©/chiffrement symĂ©trique et asymĂ©trique Divers FonctionnalitĂ©s 2/2 Login distant Transfert de ïŹchier ExĂ©cution de commande distante ClĂ©s et agents Redirection de ports VPN Nicolas Ledez Secure SHell
  • 9. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Password ssh AhostB root@AhostB’s password: Nicolas Ledez Secure SHell
  • 10. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding ClĂ©s ssh -i ~/.ssh/id_dsa_who AhostB Enter passphrase for key ’~/.ssh/id_dsa_who’: AhostB # cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAKDWEj3QEEvNYADeGTOPXuj [...] kZQlsoVSbNM5ocYUGFE3aWWWw== Un commentaire complet sur l AhostB # ls -ld ~/ ~/.ssh/ ~/.ssh/authorized_keys drwx------ 5 root root 512 Jul 19 16:38 ~/ drwxr-xr-x 2 root root 512 Jul 3 11:45 ~/.ssh/ -rw-r--r-- 1 root other 4202 Jul 3 10:05 ~/.ssh/authori Nicolas Ledez Secure SHell
  • 11. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 1/2 Nicolas Ledez Secure SHell
  • 12. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding SSH-Agent 2/2 admin@station:~$ ssh-agent export SSH_AUTH_SOCK=/tmp/ssh-EFGVug1775/agent.1775; export SSH_AGENT_PID=1776; echo Agent pid 1776; admin@station:~$ ssh-add -l The agent has no identities. admin@station:~$ ssh-add ~/.ssh/id_dsa_who Enter passphrase for ~/.ssh/id_dsa_who: Identity added: ~/.ssh/id_dsa_who (~/.ssh/id_dsa_who) admin@station:~$ ssh-add -l 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c ~/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 13. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 1/2 Nicolas Ledez Secure SHell
  • 14. Introduction Password AuthentiïŹcation ClĂ©s Tunnel SSH-Agent Divers Agent forwarding Agent forwarding 2/2 AhostB # ssh-add -l 1024 40:33:2e:2a:71:2a:9b:a8:d1:4c:a4:4e:13:a5:b4:b1 /home/admin/.ssh/station/idd (DSA) 1024 06:b3:0e:fe:bc:97:7e:37:b7:a1:7d:e0:7f:0f:3b:7c /home/admin/.ssh/id_dsa_who (DSA) Nicolas Ledez Secure SHell
  • 15. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Tunnel 1/2 Nicolas Ledez Secure SHell
  • 16. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Tunnel 2/2 Nicolas Ledez Secure SHell
  • 17. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 1/4 Nicolas Ledez Secure SHell
  • 18. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 2/4 Nicolas Ledez Secure SHell
  • 19. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 3/4 Nicolas Ledez Secure SHell
  • 20. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Local 4/4 ssh -L P :S :W B $ ssh -L2001 :localhost :143 server.example.com Nicolas Ledez Secure SHell
  • 21. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Remote Nicolas Ledez Secure SHell
  • 22. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 Dynamiques ssh -D 8080 AhostB Dans le navigateur proxy socks 127.0.0.1 port 8080 Nicolas Ledez Secure SHell
  • 23. Introduction Local AuthentiïŹcation Remote Tunnel Dynamiques Divers X11 X11 AhostB # env | grep DISPLAY DISPLAY=localhost:10.0 The following connections are open: #1 x11 (t4 r3 i0/0 o0/0 fd 7/7 cfd -1) Nicolas Ledez Secure SHell
  • 24. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting .conïŹg et ligne de commande admin@station:~$ cat ~/.ssh/config host * ForwardX11 yes User root ConnectTimeout 1 ForwardAgent yes ServerAliveInterval 60 admin@station:~$ ssh -o ’ConnectTimeout=10’ AhostB Nicolas Ledez Secure SHell
  • 25. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Timeout ConnectTimeout Nicolas Ledez Secure SHell
  • 26. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting AuthentiïŹcation ForwardAgent yes PasswordAuthentication no StrictHostKeyChecking no Nicolas Ledez Secure SHell
  • 27. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting CaractĂšre d’échappement Alt-Gr-˜ AhostB # ~? Supported escape sequences: ~. - terminate connection ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to te ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after Nicolas Ledez Secure SHell
  • 28. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 1/4 c a t << "EOF" | ssh $1 / b i n / sh − ps −e d f −o comm, args | grep [ h ] t t p d | s o r t −u $ {ORACLE_HOME } / b i n / s q l p l u s " / as sysdba " << EOF s p o o l $ {ORACLE_BASE } / admin / $ { ORACLE_SID } / c r e a t e / s c o EOF c a t << EOF | ssh $1 / b i n / sh − chown −R $ {USERTOTO_NAME } : $ {USERTOTO_GROUP} $ {HOMED EOF Nicolas Ledez Secure SHell
  • 29. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 2/4 expect << EOF spawn ssh − t $1 passwd $ {USERTOTO_NAME} expect "New Password : " send " $ {USERTOTO_PASSWD } r " expect " Re−e n t e r new Password : " send " $ {USERTOTO_PASSWD } r " expect e o f EOF Nicolas Ledez Secure SHell
  • 30. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 3/4 c a t << "EOF" | ssh $1 / b i n / bash − SITES = / s i t e s i f [ −d $SITES ] ; then cd $SITES f o r s i t e i n ∗ ; do NB_PROC= ‘ ps −e d f | grep $ s i t e | grep −vc grep ‘ i f [ $NB_PROC −eq 0 ] ; then echo " $ s i t e m i s s i n g " fi done fi Nicolas Ledez Secure SHell
  • 31. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Scripting 4/4 c a t << EOF > $ { SED_FILE } s %172.30.47.11.∗ hostname01 . ∗ # Front −End%172.30.156.1 hostname01% s %172.30.47.14.∗ hostname04 . ∗ # Front −End%172.30.156.1 hostname04% EOF c a t << EOF | ssh $1 / b i n / bash − | t e e r e p o r t / $1 echo ’ uname −a ’ uname −a echo EOF Nicolas Ledez Secure SHell
  • 32. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Conclusion Conclusion Nicolas Ledez Secure SHell
  • 33. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Bibliographie http ://gnrt.terena.org/content.php ?section_id=103 SSH, The Secure Shell : The DeïŹnitive Guide Ed. O’Reilly & Associates Nicolas Ledez Secure SHell
  • 34. Introduction Timeout AuthentiïŹcation AuthentiïŹcation Tunnel CaractĂšre d’échappement Divers Scripting Questions Questions ? Nicolas Ledez Secure SHell