Subtitles of the Movie

To conclude our discussion on Network Security let's talk about Secure Shell. Now Secure Shell is a command and a set of utilities that replace non-secure protocols that people use for file copy and remote administration between two Unix hosts. Now, Secure Shell replaces protocols such as telnet, ftp and the r services, such as rlogin, rcp and so forth. Now, the advantages of using ssh are that ssh encrypts any communication session that's in it. It also protects communication sessions by offering authentication that is restricted. It could be restricted to username and host, or other factors if we like. Ssh can also log communication sessions so you can look at a log and say, OK, someone used ssh to login as root from this box to this box. Now, ssh has to be enabled first in the/fc/rc.conf file and we'll take a look at that as well but we've seen that before in there. Now how you actually configure ssh is in the/etc/ssh/sshd_config files. You actually have two files that are used to configure ssh. The sshd_config configures the secure shell daemon. The ssh_config actually configures the secure shell client. Let's go ahead and take a look at this configuration files and then we'll see an example of a session, an ssh session between two hosts. OK, we're in our FreeBSD8 box and what we want to do is look at rc.conf and rc.conf is where we see that the sshd daemon should be enabled. Let's kind of go down to the end here. If you look at the end we can see that this was done through sysinstall, by the way, we could have just manually edited this and put in sshd_enable equals YES or we could allow sysinstall to do it and when sysinstall does it, it actually puts a little note there above it. So that's all we need for rc.conf is that little line that says sshd underscore enable equals YES, that turns it on. Now the next file we need to look at is the/etc/ssh/sshd_config and this is the file that configures the secure shell daemon and basically we've got a few things that are configured such as the port, which protocol it uses - protocol 2 is the most secure, protocol 1 has some issues with it, but we can enable protocol 1 for backwards compatibility if we want - but we also have a lot of different options here: configuring host keys, some rsa keys and so forth, we can configure whether ssh uses password authentication or not, whether it uses logging or not, there's a lot of different configuration options here. And again, before you get around in here and mess with this file a little bit you probably need to know what you're doing because what you don't want to do is configure ssh in an unsecure manner so that it doesn't do what it's supposed to do so it allows anyone in using ssh. But you can basically allow users and we've allowed two users - root and bobby - and we can use password authentication if we'd like. We can have banners that greet the individual when they login, such as maybe the message of the day, or a warning about accessing a system and so forth. So we have a lot of different options here we can configure in the sshd_config file. Now once those are configured, and there's not a lot you need to do to get it to working, once those are configured then you can secure shell into the system and actually get a prompt here and you can do remote administration or secure copy or even port forward other protocols over ssh. Let's go ahead and take a look at how easy it is to ssh into a system. We're in our OpenSUSE 11 Box and what we want to do is start a Terminal window so let's Open Terminal and what we'd like to do is go ahead and ssh to RBSD box so we can do some remote administration on that box. It's actually not that difficult to do. All we need to do is type in ssh and we need to put a name, a username and the IP address or hostname of the box. I'm going to login as root. Now, normally you probably should not login as root remotely across ssh for security reasons. Sometimes you have to, but try to keep it to a minimum if you can. We're going to put the FreeBSD's IP address in here, which is 30.105, hit Enter and we should get prompted for a password. We're going to put root's password in there for the BSD box and voila, there we are. We get the FreeBSD Welcome Terminal and you could actually change this message, this Welcome to FreeBSD message if you like. You can change that through the sshd underscore config file and get a different message there, so we can now administer the FreeDSB box, do all kinds of things to it and reconfigure it if we like and then in order to get out of it all we really need to do is type in Exit and we're out and then we're back to our normal Desktop session here, our terminal session rather, here in openSUSE 11. So, that's how easy ssh is to use and we've only scratched the surface of it. We can also use the scp utility and the sftp utility to copy files between these two boxes if we'd like and that would be a secure encrypted session so no one could intercept those files. Ssh, you need to take the time to learn it and use it very well if you're going to be a Unix system administrator because it's a very important part of your Unix Toolbox, if you will, to manage Unix Systems. It is definitely a Unix System administration essential.