2 \frametitle{Public key authentication
}
5 Mogelijk geen wachtwoord en veiliger
8 \begin{block
}{Command line vlag
}
9 \lstinline{ssh -i ~/.ssh/keyfile frobnicator@foobarbaz.com
}
12 \begin{block
}{Config file
}
13 \lstinline{IdentityFile ~/.ssh/keyfile
}
17 \begin{frame
}[fragile
]
18 \frametitle{Public key authentication
}
19 \framesubtitle{Genereren van een sleutelpaar
}
20 \begin{block
}{\$ ssh-keygen
}
22 Generating public/private rsa key pair.
23 Enter file in which to save the key (/home/frobnicator/.ssh/id_rsa):
24 /home/frobnicator/.ssh/github
25 Enter passphrase (empty for no passphrase):
26 Enter same passphrase again:
27 Your identification has been saved in /home/frobnicator/.ssh/github.
28 Your public key has been saved in /home/frobnicator/.ssh/github.pub.
29 The key fingerprint is:
30 92:
92:
6e:b8:
3f:d5:
76:e8:
1b:
73:ed:
97:c4:e5:
87:ba frobnicator@foobarbaz
31 The key's randomart image is:
47 \begin{frame
}[fragile
]
48 \frametitle{Public key authentication
}
49 \framesubtitle{Installeren van een sleutel
}
50 \begin{block
}{Publieke sleutel:
\textasciitilde/.ssh/github.pub
}
52 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBrgcK05XzRRbtmPyXQner5ef8
53 suOAErDvInRDQbl2bjR0PGizL2t5lM9zE+mS0HHigteGLKma1NxVBBeam0CrodJN
54 BcW55x3LR/
2fLSujUqcloQNwLUpD5da6eGg9yPo1fEaAOK1ssHGA30o6nmDEZEHy
55 PFgBtPwtDw5TPXPpzslaJx1u7CdeyzqpYsUycxzboy3GBcCsvG4nzD4C9vd0yk5o
56 jlDeECul4mwyg7NuEjltaY89RzrSa8NtqtURyg/JFQW2IVGe+oBXeTL/eQRuo1Nj
57 GhYyPm1VMVM+NvaYQZXxGfLpoDoP2V+deD+gP5DuC8WW4LSGnkHKhDEin0Yl fro
62 \begin{block
}{Geheime sleutel:
\textasciitilde/.ssh/github
}
64 -----BEGIN RSA PRIVATE KEY-----
65 9RnNnrD2DkJBqoX/Aph2wVZg1y/I8t27C7yPR66xUNyHWG4J+k+q7REhA/K4fvjl
66 NNvNtbc4EeNI+NxaaftH1qo6yBIF5yDwuEYKixeconLCeGl9/exdlyMyXbuuTrU9
67 d5DgKnWxgJPHnDjmwqTeX3A5S34m/qJKK67IF9WqedeHxeMKzMZYcZpcsFxdvHk/
69 -----END RSA PRIVATE KEY-----
73 \begin{block
}{Installeren op de server
}
74 De inhoud van het publieke bestand moet in
75 \lstinline{~/.ssh/authorized_keys
} komen te staan
79 \begin{frame
}[fragile
]
80 \frametitle{Public key authentication
}
82 \begin{block
}{\textasciitilde/.ssh/authorized
\_keys}
84 option1="option1value",option2="option2value"...optionn="optionnvalue" ssh-rsa\
89 \begin{block
}{Merk op
}
90 alles in
\textasciitilde/.ssh/ moet alleen leesbaar zijn voor de user.
91 \lstinline{chmod
600} dus
95 \begin{frame
}[fragile
]
98 \begin{block
}{Basisvoorbeelden
}
100 \item{server$
\rightarrow$client
}\\
101 \lstinline{ssh frobnicator@foobarbaz.com 'ls -allah /media/cdrom'
}
102 \item{client$
\rightarrow$server
}\\
103 \lstinline{ls -lah /media/cdrom | ssh frobnicator@foobarbaz.com 'cat - > cdrom_client.txt'
}
107 \begin{block
}{Praktijk
}
111 \lstinline{dd if=/dev/sdb | gzip | ssh frobnicator@foobarbaz.com 'gzip -d | dd of=sdb.img'
}
113 \item{Script draaien
}\\
114 \lstinline{ssh frobnicator@foobarbaz.com 'bash -s' < script.sh
}
116 \item{Liedje afspelen vanaf server op client
}\\
117 \lstinline{ssh frobnicator@foobarbaz.com 'cat ~/liedje.flac' | flac -dsc - | aplay
}
119 \item{Liedje afspelen op server vanaf client
}\\
120 \lstinline{ssh frobnicator@foobarbaz.com 'flac -dsc - | aplay' < ~/liedje.flac
}
126 \begin{frame
}[fragile
]
127 \frametitle{X forwarding
}
129 Grafische programma's draaien op een machine die niet perse binnen
133 \begin{block
}{Command line vlag
}
134 \lstinline{ssh -X frobnicator@foobarbaz.com
}
137 \begin{block
}{Config file
}
138 \lstinline{ForwardX11 yes
}
141 \begin{block
}{Caveat
}
147 \frametitle{Port forwarding
}
149 Onversleutelde communicatie versleutelen
152 \begin{block
}{Command line vlag
}
153 \lstinline{ssh -L port:host:hostport frobnicator@foobarbaz.com
}\\
154 \lstinline{ssh -R port:host:hostport frobnicator@foobarbaz.com
}
157 \begin{block
}{Config file
}
158 \lstinline{LocalForward port host:hostport
}\\
159 \lstinline{RemoteForward port host:hostport
}
164 \frametitle{Agent forwarding
}
166 Je SSH cache meenemen naar een andere server
169 \begin{block
}{Command line vlag
}
170 \lstinline{ssh -A frobnicator@foobarbaz.com
}
173 \begin{block
}{Config file
}
174 \lstinline{ForwardAgent yes
}
179 \frametitle{SOCKS proxy
}
181 Al je internet verkeer via een
\textit{vertrouwde
} locatie laten lopen
184 \begin{block
}{Command line vlag
}
185 \lstinline{ssh -D port frobnicator@foobarbaz.com
}
188 \begin{block
}{Config file
}
189 \lstinline{DynamicForward port
}
192 \begin{block
}{Instellen in Chromium
}
193 \lstinline{chromium --proxy-server="socks5://host:
8080" --host-resolver-rules="MAP *
0.0.0.0 , EXCLUDE host"
}
198 \frametitle{Instellen in Firefox
}
199 Edit - Preferences - Advanced - Network - Settings
200 \includegraphics[width=
200px
]{./img/firefox_socks.png
}
203 \begin{frame
}[fragile
]
204 \frametitle{Compression
}
209 \begin{block
}{Command line vlag
}
210 \lstinline{ssh -C frobnicator@foobarbaz.com
}
213 \begin{block
}{Config file
}
214 \lstinline{Compression yes
}