CMPT 214 Lecture 18: OpenSSH and Bash Scripting

Questions and Answers

What is the purpose of the scp utility?

The scp utility is used to securely copy files and directories between systems over a network.

What does the ssh command with the –L option typically do?

It creates a local port forwarding that forwards a local port to a remote host and port.

How can you copy a directory using scp?

You must use the -r option to copy the contents of a directory with scp.

Explain the purpose of the -X and -Y options in the ssh command.

These options enable trusted and untrusted X11 forwarding, allowing graphical applications to be run remotely and displayed locally.

Explain the primary difference between tmux and ssh.

tmux creates a persistent session where programs stay alive, while ssh connects to a remote machine without persistence.

What command would you use to list active tmux sessions?

You would use the command tmux ls to list active sessions.

What is the main function of the scp utility?

The scp utility securely copies files and directories between systems using SSH.

What is implied if no user is specified in an scp command?

The command defaults to the current user's username on the local system.

How does rsync differ from scp?

rsync is more powerful and flexible, providing options for file synchronization and deletion at the destination.

What does the --delete option do in the context of rsync?

The --delete option deletes files in the destination that are not present in the source during the synchronization process.

Why is it advised not to perform X11 forwarding on TUXWORLD?

This could compromise security since X11 forwarding can expose graphical session data to unauthorized users.

In the command ssh -N -R local-port:remote-host:remote-port target, what does the –R option do?

It establishes remote port forwarding, allowing connections to a remote port to be forwarded back to a specified local port.

What is the function of the --dry-run option in rsync?

The --dry-run option allows you to simulate an rsync command without actually performing any actions.

What happens to the file paths in an scp command if the from-host or to-host is not specified?

The command assumes the local system is the source if from-host is omitted and the local system as the target if to-host is omitted.

In scp, what happens if the destination-file is not specified?

If the destination-file is not specified, scp assumes the user's home directory as the default destination.

Name a configuration file related to SSH and describe its use.

The ssh_config file is used to configure client-side SSH options for connecting to remote servers.

Describe a scenario where using the ssh -L option would be beneficial.

It would be useful when needing to access a database securely hosted on a remote server without exposing the database port directly to the internet.

What does the command ssh-copy-id accomplish?

ssh-copy-id installs your public key on a remote server, allowing for passwordless login using SSH.

What is the purpose of the known hosts file in OpenSSH?

The known hosts file stores the fingerprints of previously connected servers to verify their authenticity during future connections.

How do client configuration files enhance the use of the ssh utility?

Client configuration files allow users to set default options and settings for SSH connections, reducing the need to specify them each time.

Describe the process of establishing an SSH connection.

An SSH connection is established by first creating an encrypted connection and then authenticating the user with the server.

What is X11 forwarding in the context of OpenSSH?

X11 forwarding allows the user to run graphical applications on a remote server while displaying them on the local machine.

Explain the purpose of port forwarding in OpenSSH.

Port forwarding in OpenSSH securely forwards network traffic from one port to another, enabling access to services on remote machines.

How does OpenSSH ensure that communication between client and server is secure?

OpenSSH uses encryption to protect all traffic, including sensitive data like passwords, from eavesdropping during transmission.

What is the significance of verifying the ECDSA key fingerprint when connecting to a new server?

Verifying the ECDSA key fingerprint ensures that the client is connecting to the correct server and not an imposter.

In what way does OpenSSH replace older utilities like telnet?

OpenSSH replaces older utilities by providing encrypted communication, thus enhancing security compared to unencrypted protocols like telnet.

Study Notes

CMPT 214 Lecture 18

• The lecture covers OpenSSH utilities (including rsync) and Bash scripting.
• Reading material includes Sobell: Chapters 16 and 17.

OpenSSH

• OpenSSH is a secure network connectivity tool suite.
• It replaces older utilities like telnet, rcp, rsh, rlogin, and ftp.
• OpenSSH encrypts all traffic, including passwords.
• This security protects against eavesdropping, hijacking, and password theft.
• OpenSSH can forward graphical user interfaces (GUIs), tunnel network ports, and copy files.

OpenSSH: Security

• A client contacts an OpenSSH server.
• It first establishes an encrypted connection.
• Authentication of the user follows.
• OpenSSH facilitates communication between the two systems.
• The first time a client connects to a server, OpenSSH verifies the server's authenticity to prevent man-in-the-middle (MITM) attacks.
• An attacker might impersonate a server, capturing and recording transmitted data.
• The warning message ensures the correct system is accessed.

The OpenSSH Suite

• ssh: executes commands or logs into a remote system.
• scp: copies files to and from a remote system.
• sftp: securely transfers files to and from a remote system (alternative to FTP).
• sshd: the OpenSSH daemon, which runs on the server.
• ssh-agent: holds private keys.
• ssh-add: adds a passphrase for a private key.
• ssh-copy-id: adds a user's public key to the authorized_keys file in the target system. Reduces the need to use passwords for subsequent logins to remote systems or servers.
• ssh-keygen: creates, manages, and converts authentication keys.

OpenSSH: Configuration Files

• Global configuration files are stored in /etc/ssh.
• User configurations are in ~/.ssh.
• Client and server configurations use global and user configurations, eliminating the need to memorize details.
• /etc/ssh/sshd_config: the primary configuration file for the SSH server.
• ~/.ssh/authorized_keys: stores user public keys for login access, without a typed password.
• ~/.ssh/environment: contains environment variable assignments for the remote user.
• /etc/ssh/moduli: holds key exchange information for secure connections, do not modify.
• /etc/ssh/ssh_host_xxx_key, /etc/ssh/ssh_host_xxx_key.pub: store the host key pairs for SSH server.

OpenSSH: Client Configuration Files

• /etc/ssh/ssh_config: global client configuration; set by the administrator.
• ~/.ssh/config: user-specific client configuration; overrides settings in /etc/ssh/ssh_config.
• ~/.ssh/id_xxx and ~/.ssh/id_xxx.pub: contain user authentication keys.
• Key exchange information, located in /etc/ssh/moduli, is crucial for secure connections.

OpenSSH: Client Configuration Files - continued

• /etc/ssh/ssh_known_hosts: stores public keys for known hosts, enabling secure access.
• ~/.ssh/known_hosts: contains public keys for previously connected hosts, automatically updated.

The ssh utility

• ssh [options] [user@]host [command]: This command allows login to a remote system.
• The host can be a system name, IP address, etc.
• The user argument (if provided) specifies a different user than the logged-in user.
• The command argument runs a specified command on the remote host. This is useful for specific actions without establishing a complete shell session.

The ssh utility: Port Forwarding

• -L: forwards a local port to a remote system.
• -R: forwards a remote port to a local system.
• -N: prevents ssh from executing remote commands; useful with forwarding.
• Syntax: ssh -N -L local-port:remote-host:remote-port target.

The ssh utility: X11 Forwarding

• Enables graphical programs' execution on a remote system.
• Using the -X or -Y options in the ssh command is required.
• This functionality is not available with the Windows SSH client.

The scp utility

• Copies files across systems securely.
• Uses SSH for authentication and security.
• scp syntax: scp [[user@]from-host:]source-file [[user@]to-host:][destination-file].

The scp utility - continued

• source-file: file being copied.
• destination-file: location of the copied file.
• Ensure read/write permissions for source/destination files or directories.
• Remote or local directories can be used, with a -r option for copying directories.

The rsync utility

• Copies files or directories with synchronization capability between systems.
• Utilizes SSH for security.
• rsync provides options such as --dry-run (testing) and --verbose (detailed output).

Tmux

• A terminal multiplexer; persistent terminal sessions that survive connections.
• Enables connecting to and detaching from sessions without losing running processes.
• Allows multiple sessions and workspaces within a single terminal.

Additional Notes

• Consult man pages for detailed information (man ssh, man scp, man rsync, etc.).
• tmux man pages contain complete information.
• Additional reading: Kochan: Chapter 15 (File I/O, system calls, and C library overview).

Description

This lecture delves into OpenSSH utilities, including rsync, and the fundamentals of Bash scripting. Students will explore the security features of OpenSSH, including encrypted connections and user authentication to protect against various network threats. Reading material includes Sobell's chapters 16 and 17.