-\begin{frame}
+\begin{frame}[fragile]
\frametitle{Public key authentication}
\pause
- \begin{block}{Standaard key file}
- \textasciitilde/.ssh/idrsa\\
+ \begin{block}{Nut}
+ Mogelijk geen wachtwoord en veiliger
\end{block}
\pause
\begin{block}{Command line vlag}
- \lstinline{\$ ssh -i ~/.ssh/keyfile user@server.nl}
+ \lstinline{ssh -i ~/.ssh/keyfile frobnicator@foobarbaz.com}
\end{block}
\pause
\begin{block}{Config file}
\end{block}
\end{frame}
-\begin{frame}
+\begin{frame}[fragile]
+ \frametitle{Public key authentication}
+ \framesubtitle{Genereren van een sleutelpaar}
+ \begin{block}{\$ ssh-keygen}
+ \begin{lstlisting}
+Generating public/private rsa key pair.
+Enter file in which to save the key (/home/frobnicator/.ssh/id_rsa):
+ /home/frobnicator/.ssh/github
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/frobnicator/.ssh/github.
+Your public key has been saved in /home/frobnicator/.ssh/github.pub.
+The key fingerprint is:
+92:92:6e:b8:3f:d5:76:e8:1b:73:ed:97:c4:e5:87:ba frobnicator@foobarbaz
+The key's randomart image is:
++--[ RSA 2048]----+
+| |
+| |
+| |
+| . . .|
+| o o.S. . + |
+| o ...+ .. + o|
+| . o. oo.. .o ..|
+| o. .+ .. o |
+| .... .. Eo |
++-----------------+
+ \end{lstlisting}
+ \end{block}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Public key authentication}
+ \framesubtitle{Installeren van een sleutel}
+ \begin{block}{Publieke sleutel: \textasciitilde/.ssh/github.pub}
+ \begin{lstlisting}
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBrgcK05XzRRbtmPyXQner5ef8
+suOAErDvInRDQbl2bjR0PGizL2t5lM9zE+mS0HHigteGLKma1NxVBBeam0CrodJN
+BcW55x3LR/2fLSujUqcloQNwLUpD5da6eGg9yPo1fEaAOK1ssHGA30o6nmDEZEHy
+PFgBtPwtDw5TPXPpzslaJx1u7CdeyzqpYsUycxzboy3GBcCsvG4nzD4C9vd0yk5o
+jlDeECul4mwyg7NuEjltaY89RzrSa8NtqtURyg/JFQW2IVGe+oBXeTL/eQRuo1Nj
+GhYyPm1VMVM+NvaYQZXxGfLpoDoP2V+deD+gP5DuC8WW4LSGnkHKhDEin0Yl fro
+Bnicator@foobarbaz
+ \end{lstlisting}
+ \end{block}
+ \pause
+ \begin{block}{Geheime sleutel: \textasciitilde/.ssh/github}
+ \begin{lstlisting}
+-----BEGIN RSA PRIVATE KEY-----
+9RnNnrD2DkJBqoX/Aph2wVZg1y/I8t27C7yPR66xUNyHWG4J+k+q7REhA/K4fvjl
+NNvNtbc4EeNI+NxaaftH1qo6yBIF5yDwuEYKixeconLCeGl9/exdlyMyXbuuTrU9
+d5DgKnWxgJPHnDjmwqTeX3A5S34m/qJKK67IF9WqedeHxeMKzMZYcZpcsFxdvHk/
+...
+-----END RSA PRIVATE KEY-----
+ \end{lstlisting}
+ \end{block}
+ \pause
+ \begin{block}{Installeren op de server}
+ De inhoud van het publieke bestand moet in
+ \lstinline{~/.ssh/authorized_keys} komen te staan
+ \end{block}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Public key authentication}
+ \pause
+ \begin{block}{\textasciitilde/.ssh/authorized\_keys}
+ \begin{lstlisting}
+option1="option1value",option2="option2value"...optionn="optionnvalue" ssh-rsa\
+AAAB4N.....
+ \end{lstlisting}
+ \end{block}
+ \pause
+ \begin{block}{Merk op}
+ alles in \textasciitilde/.ssh/ moet alleen leesbaar zijn voor de user.
+ \lstinline{chmod 600} dus
+ \end{block}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Pipen}
+ \pause
+ \begin{block}{Basisvoorbeelden}
+ \begin{enumerate}
+ \item{server$\rightarrow$client}\\
+ \lstinline{ssh frobnicator@foobarbaz.com 'ls -allah /media/cdrom'}
+ \item{client$\rightarrow$server}\\
+ \lstinline{ls -lah /media/cdrom | ssh frobnicator@foobarbaz.com 'cat - > cdrom_client.txt'}
+ \end{enumerate}
+ \end{block}
+ \pause
+ \begin{block}{Praktijk}
+ \begin{enumerate}
+ \pause
+ \item{Backup}\\
+ \lstinline{dd if=/dev/sdb | gzip | ssh frobnicator@foobarbaz.com 'gzip -d | dd of=sdb.img'}
+ \pause
+ \item{Script draaien}\\
+ \lstinline{ssh frobnicator@foobarbaz.com 'bash -s' < script.sh}
+ \pause
+ \item{Liedje afspelen vanaf server op client}\\
+ \lstinline{ssh frobnicator@foobarbaz.com 'cat ~/liedje.flac' | flac -dsc - | aplay}
+ \pause
+ \item{Liedje afspelen op server vanaf client}\\
+ \lstinline{ssh frobnicator@foobarbaz.com 'flac -dsc - | aplay' < ~/liedje.flac}
+ \end{enumerate}
+ \end{block}
+\end{frame}
+
+
+\begin{frame}[fragile]
\frametitle{X forwarding}
+ \begin{block}{Nut}
+ Grafische programma's draaien op een machine die niet perse binnen
+ handbereik is.
+ \end{block}
+ \pause
+ \begin{block}{Command line vlag}
+ \lstinline{ssh -X frobnicator@foobarbaz.com}
+ \end{block}
+ \pause
+ \begin{block}{Config file}
+ \lstinline{ForwardX11 yes}
+ \end{block}
+ \pause
+ \begin{block}{Caveat}
+ Veiligheid
+ \end{block}
\end{frame}
\begin{frame}
\frametitle{Port forwarding}
+ \begin{block}{Nut}
+ Onversleutelde communicatie versleutelen
+ \end{block}
+ \pause
+ \begin{block}{Command line vlag}
+ \lstinline{ssh -L port:host:hostport frobnicator@foobarbaz.com}\\
+ \lstinline{ssh -R port:host:hostport frobnicator@foobarbaz.com}
+ \end{block}
+ \pause
+ \begin{block}{Config file}
+ \lstinline{LocalForward port host:hostport}\\
+ \lstinline{RemoteForward port host:hostport}
+ \end{block}
\end{frame}
\begin{frame}
\frametitle{Agent forwarding}
+ \begin{block}{Nut}
+ Je SSH cache meenemen naar een andere server
+ \end{block}
+ \pause
+ \begin{block}{Command line vlag}
+ \lstinline{ssh -A frobnicator@foobarbaz.com}
+ \end{block}
+ \pause
+ \begin{block}{Config file}
+ \lstinline{ForwardAgent yes}
+ \end{block}
\end{frame}
\begin{frame}
\frametitle{SOCKS proxy}
+ \begin{block}{Nut}
+ Al je internet verkeer via een \textit{vertrouwde} locatie laten lopen
+ \end{block}
+ \pause
+ \begin{block}{Command line vlag}
+ \lstinline{ssh -D port frobnicator@foobarbaz.com}
+ \end{block}
+ \pause
+ \begin{block}{Config file}
+ \lstinline{DynamicForward port}
+ \end{block}
+ \pause
+ \begin{block}{Instellen in Chromium}
+ \lstinline{chromium --proxy-server="socks5://host:8080" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE host"}
+ \end{block}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Instellen in Firefox}
+ Edit - Preferences - Advanced - Network - Settings
+ \includegraphics[width=200px]{./img/firefox_socks.png}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Compression}
+ \begin{block}{Nut}
+ Snelheid
+ \end{block}
+ \pause
+ \begin{block}{Command line vlag}
+ \lstinline{ssh -C frobnicator@foobarbaz.com}
+ \end{block}
+ \pause
+ \begin{block}{Config file}
+ \lstinline{Compression yes}
+ \end{block}
\end{frame}
repositories / linuxnijmegen-ssh.git / blobdiff