Top
Search

Social Profiles
Twitter Feed
Powered by Squarespace

Entries in SSH (3)

Thursday
Apr092009

Linux/BSD: Serial Console vs SSH

DateThursday, April 9, 2009 at 10:50AM

We will be setting two different server administration methods against each other. In one corner we have a trusty serial console and in the other corner we have the newer Secure Shell (SSH).

Serial Console

If like many network administrators you have managed devices through a serial port, you may like to know that this can also be done for the command line on *Nix distros. It's set up at the hardware layer in it's most basic form with a null-modem serial cable connected to the serial ports on both computers. Naturally both computers must have a serial port, which some newer computers don't as serial port are being deprecated.

The serial console has the advantage over SSH that it doesn't require the network to be running to work and the serial console adds no network services. A serial

Click to read more ...

AuthorGraham | CommentPost a Comment | | | Print ArticlePrint Article
tagged , in
Sunday
Feb152009

Secure Shell Port Forwarding

DateSunday, February 15, 2009 at 2:00PM

In this little tip we will be using SSH port forwarding to secure MySQL from a remote Snort sensor to the server. However the same process can be used for other programs like VNC. This example is on Ubuntu but the process is very similar for other distributions.

The Server
We will be using the Secure Shell port forwarding to provide an additional layer of security to the MySQL traffic coming from the Snort sensors. First we must install the server before the sensors can send any data via SSH. The following command would be used to install the SSH server on the server that hosts the MySQL server.
 $ sudo apt-get install openssh-server openssh-client

The Client
First we set up the connection to the server on the client system with the following command.

 $ ssh -N -f -L 3306:<serverIP>:3306 <USERNAME>@192.168.58.133

We then would test connectivity to the MySQL server with the mysql command line client. To access the SSH connection to the server we connect to port 3306 on the localhost, which SSH then forwards to the server.
$ mysql -u snort -p -h 127.0.0.1

Finally we check that the connection is encrypted by using a packet capture utility.

Click to read more ...

AuthorGraham | CommentPost a Comment | | | Print ArticlePrint Article
tagged in ,
Sunday
Jan252009

Mac/Linux X11 forwarding

DateSunday, January 25, 2009 at 3:08PM

This tip is for power users. It requires a few things to work:

  • A Linux/BSD/Whatever runs X11.
  • A Mac for the Clients.
  • A install of OpenSSH server on the Linux box (with ForwardX11 enabled)

First we open the Terminal application from the Utilities folder on the Mac. Then we login to the ssh server with the following command.

ssh -X -l <USERNAME> <IPADDRESS>

Once we have logged in we can run any commands that are available on the server system. In this example I used the system-config-services command that is part of the Fedora 10 Linux system that is used to configure services.

This method of running applications remotely enables the network traffic to be encrypted and doesn't require a VNC server to be running.

AuthorGraham | CommentPost a Comment | | | Print ArticlePrint Article
tagged , in ,