Securing Data
Openssl
*generating digital certificates
#openssl genrsa -out server1.key.pem 1024
#openssl req -new -key server1.key.pem -out server1.csr.pem
#openssl req -new -key server1.key.pem -out server1.crt.pem
%make dovecot.pem (使用己經寫好MakeFile)
#cd /etc/pki/tls/certs/
#make dovecot.pem
%openssh authentication
#ssh-keygen -t dsa [或rsa]
[root@server118 netfilter]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
a2:7b:4d:f9:2c:57:f1:5d:c4:39:44:c2:fa:7e:8a:f4 root@server118.example.com
[root@server118 netfilter]#
(1)SSH
Packages: openssh, openssh-clients, openssh-server
Daemon: /usr/sbin/sshd
Script: /etc/init.d/sshd
Port: 22
Configuration: /etc/ssh/*, $HOME/.ssh/
Related: openssl, openssh-askpass, open-askpass-gnome, tcp-wrappers
OpenSSH Server
configuration file: /etc/ssh/sshd_config
---略---
#listening port
#Port 22
#ssh2(DSA), ssh1(RSA), use ssh2
#Protocol 2,1
Protocol 2
#listening on multiple interfaces
#ListenAddress 0.0.0.0
---略---
# no default banner path
#Banner /some/path
---略---
*command
#ssh hostname
#ssh user@hostname
#ssh hostname remote-command
#scp file user@host:remote-dir
#scp -r user@host:remote-dir localdir
%Port Forwarding
#ssh -L clientport:host:hostport localhost
Ex:
#ssh -L 3025:mail.example.com:25 -N station1.example.com
%Managing Keys
#ssh-add
adds RSA or DSA identities to the authentication agent
#ssh-agent
authentication agent
#ssh-copy-id
install your identity.pub in a remote machine’s authorized_keys
Ex:
[root@server118 ssh]# ssh-keygen -p -f ~/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
[root@server118 ssh]# eval $(ssh-agent)
Agent pid 4749
[root@server118 ssh]# ssh-add
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
#ssh-copy-id -i ~/.ssh/id_dsa.pub server1
(將pub-key存到server1: ~/.ssh/authorized_keys, 連線不用打密碼)
Lab:
%vnc使用安全連線(ssh tunnel)
[root@server118 ssh]#ssh -L 5901:server1:5901 server118
[root@server118 ssh]#vncviewer server118:5901
Openssl
*generating digital certificates
#openssl genrsa -out server1.key.pem 1024
#openssl req -new -key server1.key.pem -out server1.csr.pem
#openssl req -new -key server1.key.pem -out server1.crt.pem
%make dovecot.pem (使用己經寫好MakeFile)
#cd /etc/pki/tls/certs/
#make dovecot.pem
%openssh authentication
#ssh-keygen -t dsa [或rsa]
[root@server118 netfilter]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
a2:7b:4d:f9:2c:57:f1:5d:c4:39:44:c2:fa:7e:8a:f4 root@server118.example.com
[root@server118 netfilter]#
(1)SSH
Packages: openssh, openssh-clients, openssh-server
Daemon: /usr/sbin/sshd
Script: /etc/init.d/sshd
Port: 22
Configuration: /etc/ssh/*, $HOME/.ssh/
Related: openssl, openssh-askpass, open-askpass-gnome, tcp-wrappers
OpenSSH Server
configuration file: /etc/ssh/sshd_config
---略---
#listening port
#Port 22
#ssh2(DSA), ssh1(RSA), use ssh2
#Protocol 2,1
Protocol 2
#listening on multiple interfaces
#ListenAddress 0.0.0.0
---略---
# no default banner path
#Banner /some/path
---略---
*command
#ssh hostname
#ssh user@hostname
#ssh hostname remote-command
#scp file user@host:remote-dir
#scp -r user@host:remote-dir localdir
%Port Forwarding
#ssh -L clientport:host:hostport localhost
Ex:
#ssh -L 3025:mail.example.com:25 -N station1.example.com
%Managing Keys
#ssh-add
adds RSA or DSA identities to the authentication agent
#ssh-agent
authentication agent
#ssh-copy-id
install your identity.pub in a remote machine’s authorized_keys
Ex:
[root@server118 ssh]# ssh-keygen -p -f ~/.ssh/id_dsa
Key has comment '/root/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
[root@server118 ssh]# eval $(ssh-agent)
Agent pid 4749
[root@server118 ssh]# ssh-add
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
#ssh-copy-id -i ~/.ssh/id_dsa.pub server1
(將pub-key存到server1: ~/.ssh/authorized_keys, 連線不用打密碼)
Lab:
%vnc使用安全連線(ssh tunnel)
[root@server118 ssh]#ssh -L 5901:server1:5901 server118
[root@server118 ssh]#vncviewer server118:5901
全站熱搜
留言列表
學習 (2)