From: Mart Lubbers Date: Wed, 11 Jun 2014 20:14:20 +0000 (+0200) Subject: Truukjes section done, needs checking though X-Git-Tag: 1.0~8 X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=cdcaab18ecc7930e18dc48bba2adfa8e1286e8d3;p=linuxnijmegen-ssh.git Truukjes section done, needs checking though Notes need to be made for all the slides, als more detailed agent forwarding needs to be explained --- diff --git a/img/firefox_socks.png b/img/firefox_socks.png new file mode 100644 index 0000000..9c20532 Binary files /dev/null and b/img/firefox_socks.png differ diff --git a/pres.tex b/pres.tex index 9a9fda6..65205fa 100644 --- a/pres.tex +++ b/pres.tex @@ -18,13 +18,10 @@ } \lstset{ - basicstyle=\footnotesize, + basicstyle=\tiny, breakatwhitespace=false, breaklines=true, - frame=L, keepspaces=true, - numbers=left, - numberstyle=\tiny, tabsize=2 } diff --git a/truuk.tex b/truuk.tex index 546a4ba..37f6ea6 100644 --- a/truuk.tex +++ b/truuk.tex @@ -1,12 +1,12 @@ -\begin{frame} +\begin{frame}[fragile] \frametitle{Public key authentication} \pause - \begin{block}{Standaard key file} - \textasciitilde/.ssh/idrsa\\ + \begin{block}{Nut} + Mogelijk geen wachtwoord en veiliger \end{block} \pause \begin{block}{Command line vlag} - \lstinline{\$ ssh -i ~/.ssh/keyfile user@server.nl} + \lstinline{ssh -i ~/.ssh/keyfile user@server.nl} \end{block} \pause \begin{block}{Config file} @@ -14,18 +14,141 @@ \end{block} \end{frame} -\begin{frame} +\begin{frame}[fragile] + \frametitle{Public key authentication} + \framesubtitle{Genereren van een sleutelpaar} + \begin{block}{\$ ssh-keygen} + \begin{lstlisting} +Generating public/private rsa key pair. +Enter file in which to save the key (/home/user/.ssh/id_rsa): + /home/user/.ssh/github +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/user/.ssh/github. +Your public key has been saved in /home/user/.ssh/github.pub. +The key fingerprint is: +92:92:6e:b8:3f:d5:76:e8:1b:73:ed:97:c4:e5:87:ba user@system +The key's randomart image is: ++--[ RSA 2048]----+ +| | +| | +| | +| . . .| +| o o.S. . + | +| o ...+ .. + o| +| . o. oo.. .o ..| +| o. .+ .. o | +| .... .. Eo | ++-----------------+ + \end{lstlisting} + \end{block} +\end{frame} + +\begin{frame}[fragile] + \frametitle{Public key authentication} + \framesubtitle{Installeren van een sleutel} + \begin{block}{Publieke sleutel: \textasciitilde/.ssh/github.pub} + \begin{lstlisting} +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBrgcK05XzRRbtmPyXQner5ef8 +suOAErDvInRDQbl2bjR0PGizL2t5lM9zE+mS0HHigteGLKma1NxVBBeam0CrodJN +BcW55x3LR/2fLSujUqcloQNwLUpD5da6eGg9yPo1fEaAOK1ssHGA30o6nmDEZEHy +PFgBtPwtDw5TPXPpzslaJx1u7CdeyzqpYsUycxzboy3GBcCsvG4nzD4C9vd0yk5o +jlDeECul4mwyg7NuEjltaY89RzrSa8NtqtURyg/JFQW2IVGe+oBXeTL/eQRuo1Nj +GhYyPm1VMVM+NvaYQZXxGfLpoDoP2V+deD+gP5DuC8WW4LSGnkHKhDEin0Yl mar +t@valhalla + \end{lstlisting} + \end{block} + \pause + \begin{block}{Geheime sleutel: \textasciitilde/.ssh/github} + \begin{lstlisting} +-----BEGIN RSA PRIVATE KEY----- +9RnNnrD2DkJBqoX/Aph2wVZg1y/I8t27C7yPR66xUNyHWG4J+k+q7REhA/K4fvjl +NNvNtbc4EeNI+NxaaftH1qo6yBIF5yDwuEYKixeconLCeGl9/exdlyMyXbuuTrU9 +d5DgKnWxgJPHnDjmwqTeX3A5S34m/qJKK67IF9WqedeHxeMKzMZYcZpcsFxdvHk/ +... +-----END RSA PRIVATE KEY----- + \end{lstlisting} + \end{block} + \pause + \begin{block}{Installeren op de server} + De inhoud van het publieke bestand moet in + \lstinline{~/.ssh/authorized_keys} komen te staan + \end{block} +\end{frame} + +\begin{frame}[fragile] \frametitle{X forwarding} + \begin{block}{Nut} + Grafische programma's draaien op een machine die niet perse binnen + handbereik is. + \end{block} + \pause + \begin{block}{Command line vlag} + \lstinline{ssh -X user@server.nl} + \end{block} + \pause + \begin{block}{Config file} + \lstinline{ForwardX11 yes} + \end{block} + \pause + \begin{block}{Caveat} + Veiligheid + \end{block} \end{frame} \begin{frame} \frametitle{Port forwarding} + \begin{block}{Nut} + Onversleutelde communicatie versleutelen + \end{block} + \pause + \begin{block}{Command line vlag} + \lstinline{ssh -L port:host:hostport}\\ + \lstinline{ssh -R port:host:hostport} + \end{block} + \pause + \begin{block}{Config file} + \lstinline{LocalForward port host:hostport}\\ + \lstinline{RemoteForward port host:hostport} + \end{block} \end{frame} \begin{frame} \frametitle{Agent forwarding} + \begin{block}{Nut} + Je SSH cache meenemen naar een andere server + \end{block} + \pause + \begin{block}{Command line vlag} + \lstinline{ssh -A user@system} + \end{block} + \pause + \begin{block}{Config file} + \lstinline{ForwardAgent yes} + \end{block} \end{frame} \begin{frame} \frametitle{SOCKS proxy} + \begin{block}{Nut} + Al je internet verkeer via een \textit{vertrouwde} locatie laten lopen + \end{block} + \pause + \begin{block}{Command line vlag} + \lstinline{ssh -D port} + \end{block} + \pause + \begin{block}{Config file} + \lstinline{DynamicForward port} + \end{block} + \pause + \begin{block}{Instellen in Chromium} + \lstinline{chromium --proxy-server="socks5://host:8080" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE host"} + \end{block} +\end{frame} + +\begin{frame} + \frametitle{Instellen in Firefox} + Edit - Preferences - Advanced - Network - Settings + \includegraphics[width=200px]{./img/firefox_socks.png} \end{frame}