Pokrewne
- Strona Główna
- Microsoft Press Microsoft Encyclopedia of Security
- Configuring Windows 2000 Server Security
- Redhat Linux 7.2 Bible
- Tara Sivec Piękne kłamstwo. Igrając z ogniem
- George R.R. Martin 3 Nawałnica mieczy cz.1
- Kiernan Denise Dziewczyny atomowe
- Card Orson Scott Ksenocyd
- (43) Miernicki Sebastian Pan Samochodzik i ... Buzdygan hetmana Mazepy
- Kazantzakis Nikos Grek Zorba
- Kesey Ken Lot nad kukulczym gniazdem
- zanotowane.pl
- doc.pisz.pl
- pdf.pisz.pl
- euro2008.keep.pl
[ Pobierz całość w formacie PDF ]
.13PackagesSSH2 Homepage: http://www.ssh.org/You must be sure to download: ssh-2.13.tar.gzTarballsIt is a good idea to make a list of files on the system before you install ssh2, and one afterwards,and then compare them using diff to find out what file it placed where.Simply run find /* >SSH1 before and find /* > SSH2 after you install the software, and use diff SSH1 SSH2 >SSH-Installed to get a list of what changed.CompilationDecompress the tarball (tar.gz).[root@deep /]# cp ssh-version.tar.gz /var/tmp[root@deep /]# cd /var/tmp[root@deep tmp]# tar xzpf ssh-version.tar.gzCompile and OptimizeMove into the new SSH2 directory and type the following commands on your terminal:CC="egcs" \CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \./configure \--prefix=/usr \--without-ssh-agent1-compat \--disable-suid-ssh-signer \--disable-tcp-port-forwarding \--disable-X11-forwarding \--enable-tcp-nodelay \--with-libwrapThis tells SSH2 to set itself up for this particular hardware setup as follows:193Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1- Leave out ssh-agent1 compatibility.- Install ssh-signer without suid bit.- Disable port forwarding support.- Disable X11 forwarding support.- Enable TCP_NODELAY socket option.- Compile in libwrap (tcp_wrappers) support.[root@deep ssh-2.13]# make clean[root@deep ssh-2.13]# make[root@deep ssh-2.13]# make install[root@deep ssh-2.13]# rm -f /usr/bin/ssh-askpassThe "make clean", command erase all previous traces of a compilation so as to avoid anymistakes, the make command compiles all source files into executable binaries, and finally, the make install command installs the binaries and any supporting files into the appropriatelocations.Cleanup after work[root@deep /]# cd /var/tmp[root@deep tmp]# rm -rf ssh-version/ ssh-version.tar.gzThe rm command as used above will remove all the source files we have used to compile andinstall SSH2.It will also remove the SSH2 compressed archive from the /var/tmp directory.ConfigurationsAll software we describe in this book has a specific directory and subdirectory in a tarcompressed archive named floppy.tgz containing file configurations for specific programs.If youget this archive file, you won t be obliged to reproduce the different configuration files below,manually, or cut and paste them to create your configuration files.Whether you decide to copymanually or get the files made for your convenience from the archive compressed files, it will beto your responsibility to modify, adjust for your needs and place the files related to SSH2 softwarein their appropriate places on your server, as shown below.The server configuration files archiveto download is located at the following Internet address: http://www.openna.com/books/floppy.tgz" To run the SSH2 Client/Server, the following files are required, and must be created orcopied to the appropriate directories on your server.Copy the sshd2_config file to the /etc/ssh2/ directory.Copy the ssh2_config file to the /etc/ssh2/ directory.Copy the ssh file to the /etc/pam.d/ directory.You can obtain the configuration files listed below on our floppy.tgz archive.Copy the followingfiles from the decompressed floppy.tgz archive to the appropriate places, or copy them directlyfrom this book to the concerned file.Configure the /etc/ssh2/ssh2_config fileThe configuration file for ssh2 /etc/ssh2/ssh2_config allows you to set options that modify theoperation of the client programs.The files contain keyword-value pairs, one per line, withkeywords being case insensitive.Here are the more important keywords; a complete listing isavailable in the man page for ssh2 (1).Edit the ssh2_config file (vi /etc/ssh2/ssh2_config) and add or change, if necessary:194Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1# ssh2_config# SSH 2.0 Client Configuration File*:Port 22Ciphers blowfishCompression yesIdentityFile identificationAuthorizationFile authorizationRandomSeedFile random_seedVerboseMode noForwardAgent noForwardX11 noPasswordPrompt "%U's password: "Ssh1Compatibility noSsh1AgentCompatibility noneNoDelay yesKeepAlive yesQuietMode noThis tells ssh2_config file to set itself up for this particular configuration setup with:Port 22The option Port specifies on which port number ssh connects to on the remote host.The defaultport is 22.Ciphers blowfishThe option Ciphers specifies what cipher should be used for encrypting sessions.The blowfishuses 64-bit blocks and keys of up to 448 bits.Compression yesThe option Compression specifies whether to use compression during sessions.Compressionwill improve communication speed and files transfers.IdentityFile identificationThe option IdentityFile specifies an alternate name for the user's identification file.AuthorizationFile authorizationThe option AuthorizationFile specifies an alternate name for the user's authorization file.RandomSeedFile random_seedThe option RandomSeedFile specifies an alternate name for the user's random seed file.VerboseMode noThe option VerboseMode instructs ssh2 to print debugging messages about its progress.Thisoption is helpful in debugging connection, authentication, and configuration problems.ForwardAgent noThe option ForwardAgent specifies which connection authentication agent (if any) should beforwarded to the remote machine.ForwardX11 noThe option ForwardX11 is for people that use the Xwindow GUI and want to automaticallyredirect X11 sessions to the remote machine.Since we ve set up a server and do not have a GUIinstalled on it, we can safely turn this option off.195Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1PasswordPrompt "%U's password: "The option PasswordPrompt specifies the password prompt that will be displayed for the userwhen connecting to a host.Variables '%U' and '%H' give the user's login name and host,respectively.Ssh1Compatibility noThe option Ssh1Compatibility specifies whether or not to use SSH1 compatibility code withSSH2 for ssh1 users.Ssh1AgentCompatibility noneThe option Ssh1AgentCompatibility specifies whether or not to also forward SSH1 agentconnections with SSH2 for ssh1 users.NoDelay yesThe option NoDelay specifies if the socket option TCP_NODELAY should be enabled.It isrecommended that you set this option to yes to improve network performance [ Pobierz caÅ‚ość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl agnieszka90.opx.pl
.13PackagesSSH2 Homepage: http://www.ssh.org/You must be sure to download: ssh-2.13.tar.gzTarballsIt is a good idea to make a list of files on the system before you install ssh2, and one afterwards,and then compare them using diff to find out what file it placed where.Simply run find /* >SSH1 before and find /* > SSH2 after you install the software, and use diff SSH1 SSH2 >SSH-Installed to get a list of what changed.CompilationDecompress the tarball (tar.gz).[root@deep /]# cp ssh-version.tar.gz /var/tmp[root@deep /]# cd /var/tmp[root@deep tmp]# tar xzpf ssh-version.tar.gzCompile and OptimizeMove into the new SSH2 directory and type the following commands on your terminal:CC="egcs" \CFLAGS="-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions" \./configure \--prefix=/usr \--without-ssh-agent1-compat \--disable-suid-ssh-signer \--disable-tcp-port-forwarding \--disable-X11-forwarding \--enable-tcp-nodelay \--with-libwrapThis tells SSH2 to set itself up for this particular hardware setup as follows:193Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1- Leave out ssh-agent1 compatibility.- Install ssh-signer without suid bit.- Disable port forwarding support.- Disable X11 forwarding support.- Enable TCP_NODELAY socket option.- Compile in libwrap (tcp_wrappers) support.[root@deep ssh-2.13]# make clean[root@deep ssh-2.13]# make[root@deep ssh-2.13]# make install[root@deep ssh-2.13]# rm -f /usr/bin/ssh-askpassThe "make clean", command erase all previous traces of a compilation so as to avoid anymistakes, the make command compiles all source files into executable binaries, and finally, the make install command installs the binaries and any supporting files into the appropriatelocations.Cleanup after work[root@deep /]# cd /var/tmp[root@deep tmp]# rm -rf ssh-version/ ssh-version.tar.gzThe rm command as used above will remove all the source files we have used to compile andinstall SSH2.It will also remove the SSH2 compressed archive from the /var/tmp directory.ConfigurationsAll software we describe in this book has a specific directory and subdirectory in a tarcompressed archive named floppy.tgz containing file configurations for specific programs.If youget this archive file, you won t be obliged to reproduce the different configuration files below,manually, or cut and paste them to create your configuration files.Whether you decide to copymanually or get the files made for your convenience from the archive compressed files, it will beto your responsibility to modify, adjust for your needs and place the files related to SSH2 softwarein their appropriate places on your server, as shown below.The server configuration files archiveto download is located at the following Internet address: http://www.openna.com/books/floppy.tgz" To run the SSH2 Client/Server, the following files are required, and must be created orcopied to the appropriate directories on your server.Copy the sshd2_config file to the /etc/ssh2/ directory.Copy the ssh2_config file to the /etc/ssh2/ directory.Copy the ssh file to the /etc/pam.d/ directory.You can obtain the configuration files listed below on our floppy.tgz archive.Copy the followingfiles from the decompressed floppy.tgz archive to the appropriate places, or copy them directlyfrom this book to the concerned file.Configure the /etc/ssh2/ssh2_config fileThe configuration file for ssh2 /etc/ssh2/ssh2_config allows you to set options that modify theoperation of the client programs.The files contain keyword-value pairs, one per line, withkeywords being case insensitive.Here are the more important keywords; a complete listing isavailable in the man page for ssh2 (1).Edit the ssh2_config file (vi /etc/ssh2/ssh2_config) and add or change, if necessary:194Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1# ssh2_config# SSH 2.0 Client Configuration File*:Port 22Ciphers blowfishCompression yesIdentityFile identificationAuthorizationFile authorizationRandomSeedFile random_seedVerboseMode noForwardAgent noForwardX11 noPasswordPrompt "%U's password: "Ssh1Compatibility noSsh1AgentCompatibility noneNoDelay yesKeepAlive yesQuietMode noThis tells ssh2_config file to set itself up for this particular configuration setup with:Port 22The option Port specifies on which port number ssh connects to on the remote host.The defaultport is 22.Ciphers blowfishThe option Ciphers specifies what cipher should be used for encrypting sessions.The blowfishuses 64-bit blocks and keys of up to 448 bits.Compression yesThe option Compression specifies whether to use compression during sessions.Compressionwill improve communication speed and files transfers.IdentityFile identificationThe option IdentityFile specifies an alternate name for the user's identification file.AuthorizationFile authorizationThe option AuthorizationFile specifies an alternate name for the user's authorization file.RandomSeedFile random_seedThe option RandomSeedFile specifies an alternate name for the user's random seed file.VerboseMode noThe option VerboseMode instructs ssh2 to print debugging messages about its progress.Thisoption is helpful in debugging connection, authentication, and configuration problems.ForwardAgent noThe option ForwardAgent specifies which connection authentication agent (if any) should beforwarded to the remote machine.ForwardX11 noThe option ForwardX11 is for people that use the Xwindow GUI and want to automaticallyredirect X11 sessions to the remote machine.Since we ve set up a server and do not have a GUIinstalled on it, we can safely turn this option off.195Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingSecurities Software (Network Services) 1CHAPTER 1PasswordPrompt "%U's password: "The option PasswordPrompt specifies the password prompt that will be displayed for the userwhen connecting to a host.Variables '%U' and '%H' give the user's login name and host,respectively.Ssh1Compatibility noThe option Ssh1Compatibility specifies whether or not to use SSH1 compatibility code withSSH2 for ssh1 users.Ssh1AgentCompatibility noneThe option Ssh1AgentCompatibility specifies whether or not to also forward SSH1 agentconnections with SSH2 for ssh1 users.NoDelay yesThe option NoDelay specifies if the socket option TCP_NODELAY should be enabled.It isrecommended that you set this option to yes to improve network performance [ Pobierz caÅ‚ość w formacie PDF ]