Phc lcS m hnh :
Thng tin v server OpenSSH c ci t : Server chy h iu hnh CenOS 6.5
kernel 2.6.32-431.el6.i686
- Bc 1 - ng nhp vo ti khon root trn server kim tra xem openssh c
ci t hay cha :# rpm -qa | grep ssh Thng thng cc phin bn h iu hnh
linux dnh cho server ngay khi mi ci t c sn openssh (cc phin bn dnh
cho Desktop nh ubuntu hay backtrack hoc kali linux th phi ci thm)
Bc 2 Nu cha ci t th hin down bn ci t internet bng lnh :# yum
install ssh -y Sau khi ci t song cc file cu hnh s nm ng dn
/etc/ssh/:+ moduli : Cha mt nhm Diffie-Hellman c s dng cho vic trao
i kha Diffie-Hellman, n thc s quan trng xy dng mt lp bo mt tng vn
chuyn d liu.Khi cc kha c trao i vi nhau bt u mt phin kt ni SSH, mt
share secret value c to ra v khng th xc nh bi mt trong hai bn kt
ni, gi tr ny sau s c dng cung cp chng thc cho host.+ ssh_config:
file cu hnh mc nh cho SSH client ca h thng.+ sshd_config: File cu
hnh chnh cho ssh deamon.+ ssh_host_dsa_key: DSA private key c s dng
vi ssh deamon.+ssh_host_dsa_key.pub: DSA public key c s dng bi ssh
deamon.+ ssh_host_key: RSA private key c s dng bi ssh deamon cho
phin bn 1 ca giao thc SSH.+ssh_host_key.pub: RSA public key c s dng
bi ssh deamon cho phin bn 1 ca giao thc SSH.+ssh_host_rsa_key: RSA
private key c s dng bi ssh deamon cho phin bn 2 ca giao thc
SSH.+ssh_host_rsa_key.pub: RSA public key c s dng bi ssh deamon cho
phin bn 2 ca giao thc SSH.
A. Cu hnh sshd chng thc bng mt khu ( Password Authentication )
Bc 3 Dng trnh son tho vi cu hnh :# vi /etc/ssh/sshd_configThm 2 dng
sau vo file cu hnh : PermitRootLogin noPasswordAuthentication yesVi
dng u tin khng cho user root ng nhp trc tip thng qua sshDng th 2 l
cho php xc thc bng mt khu Bc 4 Thc hin ng nhp t my client vo server
thng qua SSH:+ Download ng dng PuTTY v, y l ng dng nh min ph chy
trn Windows c 1 file exe duy nht dng SSH vo my ch. C th d dng ti
trn mng v+ M chng trnh v nhp cc thng s Hostname: IP ca serverPort:
Cng SSH Server ang lng ngheSaved Sessions: t mt ci tn no
+ n Open v tin hnh nhp username v password ng nhp vo server
:
B. Cu hnh sshd chng thc bng kha ( Keys Authentication ) Khc vi
chng thc bng mt khu, y ta s cu hnh SSH Server cho php chng thc ngi
dng thng qua kha Ta s to ra cp kha Public key & Private key bng
thut ton RSA hoc DSA.+Public key: S dng cho Server+Private key : S
dng cho Client Thut ton ny h tr cp kha to ra cho di max l 2048
bitMun to kha login cho user no th ta login ssh bng user , sau khi
logion thnh cng ta chy lnh sau to khaThc hin nh sau :Bc 1 - Dng
PuTTYgen to Public key & Private key.M PuTTYgen ln nhn Generate
tin hnh to kha.
Ch di chuynchut vo trng y l mt ma trn n to kha ngu nhin Nhp vo
Passphrase trong Key passphrase : c s dng khi dng PuTTY to kt ni
ssh mc ch bo v private key Chn Save private key to private keyChn
Save public key to public key: y cc bn ch ,nu khng th chuyn file v
s dng thnh cng th c th copy ton b chui trong Public key for pasting
into vo file public key .
Bc 2 Cu hnh SSH server :+ Thc hin to user mun s dng xc thc bng
key (nu c th khng cn phi to)
+ To th mc n c tn l ssh vi ng dn /home/kmassh/.ssh (trong kmassh
l tn user s ci t xc thc bng key):# mkdir /home/kmassh/.ssh+ Cp quyn
700 cho php ti khon root c ton quyn vi th mc, cc ti khon khc khng c
quyn g c :# chmod 700 /home/kmassh/.ssh+ Chuyn vo th mc ssh va to
:# cd /home/kmassh/.ssh+ To file authentication_keys trong .ssh:#
vi authorized_keys+ Copy ton b chui m ha trong public key va to bc
1 paste vo authentication_keys (lu li bng lnh :wq)ssh-rsa
AAAAB3NzaC1yc2EAAAABJQAAAIBxphMdnPS5L+Ais28zeJ4wAqSx4H06IbEJFLV47ULC6vfaTX0RMKI2CeoX5GEKKnTh0DDu9hREzD0K6AqPf/BfhNRbX1z7s4rDxT+VguQ7csvtAYjkH1a1K0JaqkmkZDyF2yF4JqkkhOBUKPqUC5/FDlkjxW71gy+WfT/Ddh7jEQ==
rsa-key-20140508+ Cp quyn 600 read, write cho authentication_ keys
va to ra.# chmod 600 authorized_keys+ Tip theo dng vi edit file cu
hnh sshd_config# vi /etc/ssh/sshd_config+ Sa li cc dng nh sau v lu
li: PubkeyAuthentication yesAuthorizedKeysFile
.ssh/authorized_keysPasswordAuthentication no+ Khi ng li dch v
sshd: # service sshd restartBc 3 Hiu chnh PuTTY to kt ni s dng
Private key & Public key:+ G a ch ip ca server vo giao din nh
bnh thng, sau tip tc thc hin nh hnh bn di+ phn s 3 n Browse chn ng
dn file private key va lu bc 1
+ Tin hnh open v g tn user tng ng vo
C. Cu hnh SFTP ng dng SSH trong truyn fileFTP giao thc truyn
file c s dng rt rng di trao i d liu gia cc my tnh khc nhau. Tuy
nhin, mc nh tt c cc kt ni FTP u khng c bo mt ng cch n khng phi cch
an ton trao i cc d liu quan trng.Rt nhiu ngi c Download Filezilla
Client hay CuteFTP v ci sau truyn file ph ph ln Server m khng bit
rng nhng d liu c th b tht thot ra ngoi. Vy lm th no bo mt kt ni FTP
y ? Mnh xin gii thiu mt cch bo mt kt ni FTP l SFTP.SFTP SSH File
Transfer Protocol l s kt hp gia SSH Keys Authentication v FTP, to
ra knh truyn file an ton gia client v server.1. To kt ni SFTP s dng
WinSCP:Host name: 10.0.0.3 IP SSH ServerPort number: 22, y l port
SSH Server lng nghe.User name: ssh1Password: Pass tng ng ca user
ssh1 y tng t nh ssh cng c 2 kiu ng nhp l dng username password hoc
s dng key chng ta c th chn 1 trong 2 phng php tin hnh ng nhp vi
WinSCPSau khi in xong ta n login
+Nu s dng phng php ng nhp bng key ta phi n chn phn Advanced..
chn tip Authentication v nhp file private key tng ng vo
+Mt ca s thng bo hin ra, bn chn Yes thm key vo cache.
Giao in to kt ni SFTP thnh cng, chng ta c th tin hnh ko th cc
file t my client sang server mt cch n gin v d dng
+ Th tin hnh chn bt v phn tch gi tin bng wireshark chng ta s thy
giao thc c s dng l SSH v ton b d liu c m ha
+ Phn tch c th 1 phin lin lc ta thy ton b d liu c m ha