Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 131
- Pagina / 282
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Chapter 10.
SSH Protocol
SSH™ allows users to log into host systems remotely. Unlike rlogin or telnet SSH encrypts the
login session, making it impossible for intruders to collect clear-text passwords.
SSH is designed to replace common methods for remotely logging into another system through a
command shell. A related program called scp replaces older programs designed to copy files between
hosts such as ftp or rcp. Because these older applications do not encrypt passwords between the
client and the server, you avoid them whenever possible. Using secure methods to remotely log in to
other systems will decrease the security risks for both your system and the remote system.
10.1. Introduction
SSH (or Secure SHell) is a protocol for creating a secure connection between two systems. In the SSH
protocol, the client machine initiates a connection with a server machine.
The following safeguards are provided by SSH:
• After an initial connection, the client verifies it is connecting to the same server during subsequent
sessions.
• The client transmits its authentication information to the server, such as a username and password,
in an encrypted format.
• All data sent and received during the connection is transferred using strong, 128 bit encryption,
making it extremely difficult to decrypt and read.
• The client has the ability to use X11
1
applications launched from the shell prompt. This technique,
called X11 forwarding, provides a secure means to use graphical applications over a network.
Because the SSH protocol encrypts everything it sends and receives, it can be used to secure otherwise
insecure protocols. Using a technique called port forwarding, an SSH server can become a conduit to
secure insecure protocols, like POP, increasing overall system and data security.
Red Hat Linux 7.3 includes the general OpenSSH package (openssh), the OpenSSH server
(openssh-server) and client (openssh-clients) packages. Please see the chapter titled
OpenSSH in the Official Red Hat Linux Customization Guide for instructions on installing and
deploying OpenSSH. Also note that the OpenSSH packages require the OpenSSL package
(openssl). OpenSSL installs several important cryptographic libraries that help OpenSSH provide
encrypted communications.
A large number of client and server programs can use the SSH protocol. Several different SSH client
versions are available for almost every major operating system in use today. Even if the users con-
necting to your system are not running Red Hat Linux, they can still find and use an SSH client native
for their operating system.
10.1.1. Why Use SSH?
Threats to network traffic include packet sniffing, DNS and IP spoofing
2
and the proliferation of fake
routing information. In general terms, these threats can be categorized as follows:
1. X11 refers to the X11R6 windowing display system, traditionally referred to as X. Red Hat Linux includes
XFree86, a widely used, open source X Window System, which is based on X11R6.
2. Spoofing means an intruder sends network packets that falsely appear to be from a trusted host on the
network.
- Red Hat Linux 7.3 1
- The Official Red Hat Linux 1
- Reference Guide 1
- Table of Contents 3
- Introduction 7
- 1.2. For the More Experienced 9
- 2. Document Conventions 10
- Mail backupfiles mail reports 11
- [stephen@maturin stephen]$ 12
- 3. Using the Mouse 13
- 5. More to Come 13
- 6. Sign Up for Support 13
- System Reference 15
- Chapter 1 17
- File System Structure 17
- 1.2.1. FHS Organization 18
- /usr/local/sbin." 19
- /usr." 20
- 1.3. Special File Locations 21
- Chapter 2 23
- The /proc File System 23
- 2.2. Top-Level Files in /proc 24
- /proc File System 25 25
- /proc File System 26
- /proc File System 27 27
- /proc File System 29 29
- /proc File System 31 31
- /proc File System 33 33
- /proc File System 35 35
- 2.3. Directories in /proc 37
- /proc File System 39 39
- /proc File System 41 41
- /proc File System 43 43
- /proc File System 45 45
- /proc File System 47 47
- /proc File System 49 49
- /proc File System 51 51
- 2.4. Using sysctl 52
- 2.5. Additional Resources 52
- /proc File System 53 53
- Chapter 3 55
- /etc/lilo.conf 56
- 3.2.2. Init 58
- 3.2.3. SysV Init 60
- 3.3. Sysconfig Information 61
- • CLOCKMODE= 63
- DESKTOP="GNOME" 64
- LANG="en_US" 65
- • DEVICE= 68
- • ROOTDIR=" 68
- /dev/raw/raw1 /dev/sda1 70
- /dev/raw/raw2 8 5 70
- • CARDTYPE= 71
- /etc/sysconfig/ Directory 72
- 3.4. Init Runlevels 73
- 3.6. Shutting Down 74
- ELILO boot loader 75
- Chapter 4 77
- 4.1.2. GRUB Features 78
- 4.2. Terminology 79
- 4.2.2. File Names 80
- 4.3. Interfaces 81
- 4.4. Commands 82
- 4.6. Additional Resources 84
- 86 Chapter 4. GRUB 86
- Chapter 5 87
- The ext3 File System 87
- /sbin/fdisk /dev/hdb 88
- /sbin/mkfs -t ext3 /dev/hdbX 89
- /sbin/tune2fs -j /dev/hdbX 90
- -y /dev/hdb1 91
- Chapter 6 93
- Users and Groups 93
- 6.3. Standard Groups 94
- 6.4. User Private Groups 96
- /usr/lib/emacs/site-lisp 97
- 6.5. Shadow Utilities 98
- Chapter 7 99
- X Servers and Clients 99
- 7.2. The XFree86 Server 100
- 7.3.1. Window Managers 104
- 7.4. Runlevels 105
- 7.4.2. Runlevel 5: prefdm 106
- 7.5. Fonts 107
- 7.5.1. xfs Configuration 108
- 7.5.2. Adding Fonts 108
- 7.6. Additional Resources 109
- 7.6.2. Useful Websites 110
- 7.6.3. Related Books 110
- Security Reference 111
- Chapter 8 113
- 8.3. PAM Modules 114
- 8.4. PAM Module Control Flags 115
- 8.5. PAM Module Paths 116
- 8.6. PAM Module Arguments 116
- 8.8. PAM and Device Ownership 118
- 8.9. Additional Resources 119
- Chapter 9 121
- TCP Wrappers and xinetd 121
- 9.2.1. Formatting Rules 122
- 9.4. Additional Resources 128
- 9.4.2. Useful Websites 129
- Chapter 10 131
- SSH Protocol 131
- 10.3. Layers of SSH Security 132
- 10.3.2. Authentication 133
- 10.3.3. Connection 134
- 10.5.1. X11 Forwarding 135
- 10.5.2. Port Forwarding 135
- • telnet 136
- Chapter 10. SSH Protocol 137 137
- 138 Chapter 10. SSH Protocol 138
- Chapter 11 139
- Kerberos 139
- 11.3. Kerberos Terminology 140
- 11.4. How Kerberos Works 141
- 11.5. Kerberos and PAM 142
- 11.8. Additional Resources 145
- 146 Chapter 11. Kerberos 146
- Chapter 12 147
- 12.3. File Locations 150
- 12.4. Tripwire Components 151
- 12.6. Selecting Passphrases 152
- 12.9. Printing Reports 153
- /etc/hosts, type a 154
- 12.12. Tripwire and Email 156
- 12.13. Additional Resources 157
- Network Services Reference 159
- Chapter 13 161
- Network Scripts 161
- 13.1.2. Dialup Interfaces 162
- 13.1.3. Alias and Clone Files 164
- /sbin/service network action 165
- 13.3. Network Functions 166
- Chapter 14 167
- Firewalling with iptables 167
- 14.3.1. Tables 169
- 14.3.2. Structure 169
- 14.3.3. Commands 169
- 14.3.4. Parameters 170
- 14.3.5. Match Options 171
- 14.3.6. Target Options 173
- 14.3.7. Listing Options 174
- 14.5. Additional Resources 175
- Chapter 15 177
- 178 Chapter 15. Apache 178
- /sbin/service httpd start 179
- /sbin/service httpd stop 179
- /sbin/service httpd restart 179
- /sbin/service httpd reload 179
- 15.3.20. ClearModuleList 183
- 15.3.21. AddModule 183
- 15.3.22. ExtendedStatus 183
- 15.3.23. Port 183
- 15.3.24. User 183
- 15.3.25. Group 184
- 15.3.26. ServerAdmin 184
- 15.3.27. ServerName 184
- 15.3.28. DocumentRoot 184
- 15.3.29. Directory 184
- 15.3.30. Options 185
- 15.3.31. AllowOverride 185
- 15.3.32. Order 185
- 15.3.35. UserDir 186
- 15.3.36. DirectoryIndex 186
- 15.3.37. AccessFileName 186
- 15.3.33. Allow 186
- 15.3.34. Deny 186
- 15.3.44. ErrorLog 188
- 15.3.45. LogLevel 188
- 15.3.46. LogFormat 188
- 15.3.47. CustomLog 188
- 15.3.48. ServerSignature 189
- 15.3.49. Alias 189
- 15.3.50. ScriptAlias 189
- 15.3.51. Redirect 190
- 15.3.52. IndexOptions 190
- 15.3.53. AddIconByEncoding 190
- 15.3.54. AddIconByType 190
- 15.3.62. AddLanguage 192
- 15.3.63. LanguagePriority 192
- 15.3.64. AddType 192
- 15.3.65. AddHandler 192
- 15.3.66. Action 192
- 15.3.67. MetaDir 193
- 15.3.68. MetaSuffix 193
- 15.3.69. ErrorDocument 193
- 15.3.70. BrowserMatch 193
- 15.3.71. Location 193
- 15.3.72. ProxyRequests 195
- 15.3.73. ProxyVia 195
- 15.3.74. Cache Directives 195
- 15.3.75. NameVirtualHost 195
- 15.3.76. VirtualHost 196
- 15.3.77. SetEnvIf 196
- 15.5. Using Virtual Hosts 198
- 15.6. Additional Resources 200
- Chapter 16 201
- 16.1.2. POP 202
- 16.1.3. SMTP 202
- 16.2.1. Mail User Agent 203
- 16.2.2. Mail Transfer Agent 203
- 16.3. Sendmail 204
- /etc/sendmail.cf by running: 206
- FEATURE(’ldap_routing’)dnl 208
- 16.4. Fetchmail 209
- • daemon 210
- 16.5. Procmail 212
- 16.5.1. Procmail Configuration 213
- 16.5.2. Procmail Recipes 214
- /dev/null 217
- 16.6. Security 218
- 16.7. Additional Resources 219
- 16.7.2. Useful Websites 220
- 16.7.3. Related Books 220
- Chapter 17 221
- 17.2. BIND Configuration Files 222
- 17.2.1. /etc/named.conf 223
- • include " 224
- • key " 224
- • view " 225
- • zone " 226
- 17.2.2. Zone Files 227
- $ORIGIN domain.com 228
- 259200 3D 231
- 604800 1W 231
- 31536000 365D 231
- SOA records 231
- 17.3. Using rndc 233
- 17.3.2. Command Line Options 235
- 17.4. BIND Advanced Features 236
- 17.6. Additional Resources 237
- 17.6.2. Useful Websites 238
- 17.6.3. Related Books 238
- Chapter 18 239
- Network File System (NFS) 239
- 18.1.1. NFS and portmap 240
- 100003 3 udp 2049 nfs 241
- 100021 1 udp 1028 nlockmgr 241
- 100021 3 udp 1028 nlockmgr 241
- 100021 4 udp 1028 nlockmgr 241
- [root@bleach /]# 241
- 18.2.1. /etc/exports 242
- 18.3.1. /etc/fstab 243
- 18.3.2. autofs 244
- 18.4. Securing NFS 245
- 18.5. Additional Resources 246
- 18.5.2. Related Books 247
- Chapter 19 249
- 19.3. Uses for LDAP 250
- 19.4. LDAP Terminology 250
- 19.6. OpenLDAP Files 251
- 19.6.2. The schema Directory 252
- 19.9. OpenLDAP Setup Overview 254
- 19.11. Additional Resources 256
- 19.11.2. Useful Websites 257
- 19.11.3. Related Books 257
- Appendixes 259
- Appendix A 261
- A.2. CD-ROM Module Parameters 262
- A.3. SCSI parameters 264
- A.4. Ethernet Parameters 267
Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
(6 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.024 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale