LinuxCBT OpenSSHv2 Edition encompasses: 1. OpenSSHv2 (SSHv2) Security.
LinuxCBT OpenSSHv2 Edition focuses on the implementation of Open Secure Shell Version 2 (OpenSSHv2) on various Linux | Unix platforms.
OpenSSHv2 is central to the confidentiality and integrity of data transmissions across secure (VPN | Private Line) and insecure (Internet | Intranet) networks (conduits). It is included with modern Linux | Unix operating systems and provides a plethora of useful data-transfer features, backed by Public Key Infrastructure (PKI) and asymmetric encryption technologies.
Let LinuxCBT OpenSSHv2 Edition cost-effectively sharpen your SSHv2 skills!
Recommended Prerequisites for:
- Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
- Open mind & determination to master Linux and related open-source applications
- Basic understanding of networking concepts
- Access to a PC to follow the exercises
Open Secure Shell version 2 (OpenSSHv2) Security - Module VIII
- Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Identify key systems
to be used
- Explore network topology
- Enumerate and discuss key OpenSSHv2 features
- Identify Key OpenSSHv2 Components
- Identify installed OpenSSHv2 related packages
- Peruse related startup and run-control script files
- Locate 'sshd' on the file system
- Discuss related client | server configuration files
- OpenSSHv2 Client - /ssh/
- Discuss features and benefits
- Obtain shell access on a remote system
- Configure /etc/hosts to provide local name resolution for OpenSSHv2
- Identify and discuss pseudo-terminals - pty
- Redirect X11/X.org traffic to localhost via SSH
- Bind 'ssh' to specific source IP address and test connectivity
- Execute commands on remote system without allocating a pseudo-terminal
- Debug 'ssh' connectivity
- Explore the system-wide client configuration file
- Explore user configuration file
- Secure Copy Program (SCP)
- /scp/
- Discuss features
and benefits
- Locate 'scp' on the file system
- Discuss usage
- Copy, non-interactively, previously generated data to remote systems
- Test 'scp' with global and user configuration directives
- Debug 'scp' connectivity
- Limit transfer rate
to conserve bandwidth
- Secure File Transfer Program (SFTP) - /sftp/
- Discuss features and benefits
- Locate 'sftp' on the file system
- Discuss usage
- Connect to remote system using 'sftp' interactive shell
- Issue puts and gets and evaluate results
- Identify the sftp-server subsystem
- Peruse process list while connected to OpenSSHv2 server
- Illustrate batch file usage
- SSH Key Scan Utility - /ssh-keyscan/
- Discuss features and benefits
- Locate 'ssh-keyscan' on the file system
- Discuss usage
- Scan the network from STDIN for OpenSSHv2 public keys
- RSA (SSHv1 & SSHv2) | DSA
- Scan the network based on a file with a list of hosts
for OpenSSHv2 public keys
- Populate ~/.ssh/known_hosts file using 'ssh-keyscan'
with BASH for loop
- Compare and contrast STDOUT with the output file
- SSH Key Generation Utility - /ssh-keygen/
- Discuss features and benefits
- Locate 'ssh-keygen' on the file system
- Discuss usage
- Generate RSA-2 usage keys
- Identify RSA-2 public and private key pair
- Generate DSA usage keys
- Identify DSA public and private key pair
- Expose usage keys' fingerprint using 'ssh-keygen'
- Generate RSA-2 | DSA usage keys for all hosts
- Public Key Infrastructure (PKI) - Password-less Logins
- Discuss features and benefits
- Identify key files for client and server
implemenation of password-less (PKI-based) logins
- Copy manually, RSA-2 | DSA public keys to remote system's ~/.ssh/authorized_keys file
- Test password-less logins
- Use 'ssh-copy-id' to seamlessly populate remote system with RSA-2 | DSA usage keys
- Test password-less connectivity
after using 'ssh-copy-id'
- Confirm password-less connectivity using SSH clients /ssh|scp|sftp/ in debug mode
- Connect to privileged account from non-privileged account using PKI
- Configure RSA-1 connectivity using PKI
- System-wide OpenSSHv2 Configuration Directives
- Identify key directory and files associated with client | server configuration
- Explore
primary server configuration file
- Discuss applicability of directives
- Alter and test several SSHD directives
- Explore OpenSSHv2 configuration on RedHat Linux
- Explore OpenSSHv2 configuration on Solaris 10
- Port Forwarding - Pseudo-VPN Support - /Local|Remote|Gateway/
- Discuss features
and benefits
- Implement local port forwarding using 'ssh'
- Configure remote port forwarding using 'ssh'
- Test circumvention of local firewall using remote port forwarding
- Implement gateway ports to share forwarded /local|remote/ with connected users
- Test connectivity
- Windows Integration - /PuTTY|WinSCP/
- Discuss features and applications
- Download and install PuTTY
- Explore PuTTY's features
- Configure PKI logins
- Download and install WinSCP
- Explore WinSCP's features
- Move data between Windows, Linux and Solaris
- Syslog | Syslog-NG Configuration
- Discuss features and benefits
- Identify default configuration
- Redirect OpenSSHv2 data using Syslog and Syslog-NG
- Examine results
- Enable debugging
- Host-based Authentication
- Discuss applicability and caveats
- Identify key configuration files and directives
- Implement host-based authentication
- Test results
- OpenSSHv2 Source Installation
- Discuss features and benefits
- Download current OpenSSHv2 source code
- Compile and install
- Restart services|daemons
- Test new version of OpenSSHv2
- Secure OpenSSHv2 Implementation
- Discuss features and benefits
- Identify key configuration file
- Enumerate and implement key directives
- Test configuration
- Upgrade OpenSSHv2
- Identify target systems
- Download latest OpenSSH source code
- Compile with compatible options
- Test installation
- CHROOT - SFTP Connections
- Discuss features and benefits
- Implement CHROOT SFTP sessions for specific users
- Evaluate results
- top
|
