laatste dingen

[linuxnijmegen-ssh.git] / truuk.tex

\begin{frame}[fragile]
        \frametitle{Public key authentication}
        \pause
        \begin{block}{Nut}
                Mogelijk geen wachtwoord en veiliger
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -i ~/.ssh/keyfile frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{IdentityFile ~/.ssh/keyfile}
        \end{block}
\end{frame}

\begin{frame}[fragile]
        \frametitle{Public key authentication}
        \framesubtitle{Genereren van een sleutelpaar}
        \begin{block}{\$ ssh-keygen}
                \begin{lstlisting}
Generating public/private rsa key pair.
Enter file in which to save the key (/home/frobnicator/.ssh/id_rsa):
                /home/frobnicator/.ssh/github
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/frobnicator/.ssh/github.
Your public key has been saved in /home/frobnicator/.ssh/github.pub.
The key fingerprint is:
92:92:6e:b8:3f:d5:76:e8:1b:73:ed:97:c4:e5:87:ba frobnicator@foobarbaz
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|     . .        .|
|    o o.S.   . + |
|   o ...+ ..  + o|
|  . o. oo.. .o ..|
|   o.   .+ .. o  |
|  ....  ..  Eo   |
+-----------------+
                \end{lstlisting}
        \end{block}
\end{frame}

\begin{frame}[fragile]
        \frametitle{Public key authentication}
        \framesubtitle{Installeren van een sleutel}
        \begin{block}{Publieke sleutel: \textasciitilde/.ssh/github.pub}
                \begin{lstlisting}
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBrgcK05XzRRbtmPyXQner5ef8
suOAErDvInRDQbl2bjR0PGizL2t5lM9zE+mS0HHigteGLKma1NxVBBeam0CrodJN
BcW55x3LR/2fLSujUqcloQNwLUpD5da6eGg9yPo1fEaAOK1ssHGA30o6nmDEZEHy
PFgBtPwtDw5TPXPpzslaJx1u7CdeyzqpYsUycxzboy3GBcCsvG4nzD4C9vd0yk5o
jlDeECul4mwyg7NuEjltaY89RzrSa8NtqtURyg/JFQW2IVGe+oBXeTL/eQRuo1Nj
GhYyPm1VMVM+NvaYQZXxGfLpoDoP2V+deD+gP5DuC8WW4LSGnkHKhDEin0Yl fro
Bnicator@foobarbaz
                \end{lstlisting}
        \end{block}
        \pause
        \begin{block}{Geheime sleutel: \textasciitilde/.ssh/github}
                \begin{lstlisting}
-----BEGIN RSA PRIVATE KEY-----
9RnNnrD2DkJBqoX/Aph2wVZg1y/I8t27C7yPR66xUNyHWG4J+k+q7REhA/K4fvjl
NNvNtbc4EeNI+NxaaftH1qo6yBIF5yDwuEYKixeconLCeGl9/exdlyMyXbuuTrU9
d5DgKnWxgJPHnDjmwqTeX3A5S34m/qJKK67IF9WqedeHxeMKzMZYcZpcsFxdvHk/
...
-----END RSA PRIVATE KEY-----
                \end{lstlisting}
        \end{block}
        \pause
        \begin{block}{Installeren op de server}
                De inhoud van het publieke bestand moet in
                \lstinline{~/.ssh/authorized_keys} komen te staan
        \end{block}
\end{frame}

\begin{frame}[fragile]
        \frametitle{Public key authentication}
        \pause
        \begin{block}{\textasciitilde/.ssh/authorized\_keys}
                \begin{lstlisting}
option1="option1value",option2="option2value"...optionn="optionnvalue" ssh-rsa\
AAAB4N.....
                \end{lstlisting}
        \end{block}
        \pause
        \begin{block}{Merk op}
                alles in \textasciitilde/.ssh/ moet alleen leesbaar zijn voor de user. 
                \lstinline{chmod 600} dus
        \end{block}
\end{frame}

\begin{frame}[fragile]
        \frametitle{Pipen}
        \pause
        \begin{block}{Basisvoorbeelden}
                \begin{enumerate}
                        \item{server$\rightarrow$client}\\
                                \lstinline{ssh frobnicator@foobarbaz.com 'ls -allah /media/cdrom'}
                        \item{client$\rightarrow$server}\\
                                \lstinline{ls -lah /media/cdrom | ssh frobnicator@foobarbaz.com 'cat - > cdrom_client.txt'}
                \end{enumerate}
        \end{block}
        \pause
        \begin{block}{Praktijk}
                \begin{enumerate}
                        \pause
                        \item{Backup}\\
                                \lstinline{dd if=/dev/sdb | gzip | ssh frobnicator@foobarbaz.com 'gzip -d | dd of=sdb.img'}
                        \pause
                        \item{Script draaien}\\
                                \lstinline{ssh frobnicator@foobarbaz.com 'bash -s' < script.sh}
                        \pause
                        \item{Liedje afspelen vanaf server op client}\\
                                \lstinline{ssh frobnicator@foobarbaz.com 'cat ~/liedje.flac' | flac -dsc - | aplay}
                        \pause
                        \item{Liedje afspelen op server vanaf client}\\
                                \lstinline{ssh frobnicator@foobarbaz.com 'flac -dsc - | aplay' < ~/liedje.flac}
                \end{enumerate}
        \end{block}
\end{frame}


\begin{frame}[fragile]
        \frametitle{X forwarding}
        \begin{block}{Nut}
                Grafische programma's draaien op een machine die niet perse binnen
                handbereik is.
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -X frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{ForwardX11 yes}
        \end{block}
        \pause
        \begin{block}{Caveat}
                Veiligheid
        \end{block}
\end{frame}

\begin{frame}
        \frametitle{Port forwarding}
        \begin{block}{Nut}
                Onversleutelde communicatie versleutelen
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -L port:host:hostport frobnicator@foobarbaz.com}\\
                \lstinline{ssh -R port:host:hostport frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{LocalForward port host:hostport}\\
                \lstinline{RemoteForward port host:hostport}
        \end{block}
\end{frame}

\begin{frame}
        \frametitle{Agent forwarding}
        \begin{block}{Nut}
                Je SSH cache meenemen naar een andere server
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -A frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{ForwardAgent yes}
        \end{block}
\end{frame}

\begin{frame}
        \frametitle{SOCKS proxy}
        \begin{block}{Nut}
                Al je internet verkeer via een \textit{vertrouwde} locatie laten lopen
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -D port frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{DynamicForward port}
        \end{block}
        \pause
        \begin{block}{Instellen in Chromium}
                \lstinline{chromium --proxy-server="socks5://host:8080" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE host"}
        \end{block}
\end{frame}

\begin{frame}
        \frametitle{Instellen in Firefox}
        Edit - Preferences - Advanced - Network - Settings
        \includegraphics[width=200px]{./img/firefox_socks.png}
\end{frame}

\begin{frame}[fragile]
        \frametitle{Compression}
        \begin{block}{Nut}
                Snelheid
        \end{block}
        \pause
        \begin{block}{Command line vlag}
                \lstinline{ssh -C frobnicator@foobarbaz.com}
        \end{block}
        \pause
        \begin{block}{Config file}
                \lstinline{Compression yes}
        \end{block}
\end{frame}