ssh-server (inleiding)
Als je de oefening ssh-client uitvoert, dan heb je ook al een ssh-server geïnstalleerd. En hem getest, misschien zelfs laten testen door een lesgenoot. In deze web-pagina gebruiken we de ssh-service ook om alle linux services even van dichter bij te bekijken.
We maken kennis met installatie, versies, executables, configuratie files en service beheer.
In de inleiding op linux maken we meestal gebruik van linuxmint en van ubuntu-server. Linuxmint is een afgeleide distro van ubuntu, en ubuntu is zelf debian based. In linux advanced gebruiken we ookRedhat based distro's, zoals CentOS. Die verschilt in mindere mate van ubuntu, vooral qua software administratie.
- zoeken van ssh-server
Hoe vinden we welk pakket we moeten installeren ...
Metaptitude searchkunnen we zoeken op keywords:user@mint18-srv ~ $ aptitude search gdisk i gdisk - GPT fdisk text-mode partitioning tool p gdisk:i386 - GPT fdisk text-mode partitioning toolMaar als we zoeken op ssh vinden we te veel. Zoeken op 2 zoektermen doen we als volgt:
user@mint18-srv ~ $ aptitude search "ssh server" p aolserver4-nssha1 - AOLserver4 module: performs SHA1 hashes Pr p aolserver4-nssha1:i386 - AOLserver4 module: performs SHA1 hashes Pr p openssh-server - secure shell (SSH) server, for secure acce p openssh-server:i386 - secure shell (SSH) server, for secure acce p openssh-sftp-server - secure shell (SSH) sftp server module, for p openssh-sftp-server:i386 - secure shell (SSH) sftp server module, for v ssh-server - v ssh-server:i386- p aan het begin van een resultaat betekent dat een packet niet geinstalleerd is
- i betekent geïnstalleerd
- v betekent virtueel packet
A virtual package is a generic name that applies to any one of a group of packages, all of which provide similar basic functionality. For example, both the konqueror and firefox-esr programs are web browsers, and should therefore satisfy any dependency of a program that requires a web browser on a system, in order to work or to be useful. They are therefore both said to provide the "virtual package" called www-browser.
- installatie van ssh-server
Nu we weten dat we openssh-server moeten installeren, doen we dit als volgt:
$ sudo apt-get install openssh-serverReading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: openssh-sftp-server Suggested packages: rssh molly-guard monkeysphere Recommended packages: ncurses-term ssh-import-id The following NEW packages will be installed: openssh-server openssh-sftp-server 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 376 kB of archives. After this operation, 1.021 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssh-sftp-server amd64 1:7.2p2-4ubuntu2.2 [38,7 kB] Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssh-server amd64 1:7.2p2-4ubuntu2.2 [338 kB] Fetched 376 kB in 0s (1.969 kB/s) Preconfiguring packages ... Selecting previously unselected package openssh-sftp-server. (Reading database ... 225998 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-sftp-server (1:7.2p2-4ubuntu2.2) ... Selecting previously unselected package openssh-server. Preparing to unpack .../openssh-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-server (1:7.2p2-4ubuntu2.2) ... Processing triggers for man-db (2.7.5-1) ... Processing triggers for ufw (0.35-0ubuntu2) ... Processing triggers for systemd (229-4ubuntu17) ... Processing triggers for ureadahead (0.100.0-19) ... Setting up openssh-sftp-server (1:7.2p2-4ubuntu2.2) ... Setting up openssh-server (1:7.2p2-4ubuntu2.2) ... Creating SSH2 RSA key; this may take some time ... 2048 SHA256:Ryo0GopuAf8pOEFJstkkEW5TeBNbiyjhYH1P8NtcoUo root@mint18-srv (RSA) Creating SSH2 DSA key; this may take some time ... 1024 SHA256:F56CpIaNaELDaLSIKQQrzZnd+LCDWlD8UF2mk5ZWniI root@mint18-srv (DSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:6f+dLmtd7PpJhmDs38FRYfFY/ELXjsYhYED5d/wD/EM root@mint18-srv (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:gFpJg/mAqM3lCN/xcd93OOeCfWFYSNP7twFyRqXVzPc root@mint18-srv (ED25519) Processing triggers for systemd (229-4ubuntu17) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for ufw (0.35-0ubuntu2) ...We kunnen ssh-server testen met het commando
$ ssh localhost
vergeet niet exit te tikken als je klaar bent.
- versie van openssh-server
tik het volgende in:
$ dpkg -l | grep opensshii openssh-client 1:7.2p2-4ubuntu2.2 amd64 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:7.2p2-4ubuntu2.2 amd64 secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.2p2-4ubuntu2.2 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines - inhoud van openssh-server
Metdpkg -Lkunnen we alle files van een pakket op scherm brengen:
user@mint18-srv ~ $ dpkg -L openssh-server/lib /lib/systemd /lib/systemd/system /lib/systemd/system/ssh.service /lib/systemd/system/ssh@.service /lib/systemd/system/ssh.socket /etc /etc/ufw /etc/ufw/applications.d /etc/ufw/applications.d/openssh-server /etc/default /etc/default/ssh /etc/network /etc/network/if-up.d /etc/network/if-up.d/openssh-server /etc/init.d /etc/init.d/ssh /etc/init /etc/init/ssh.conf /etc/pam.d /etc/pam.d/sshd /usr /usr/lib /usr/lib/tmpfiles.d /usr/lib/tmpfiles.d/sshd.conf /usr/sbin /usr/sbin/sshd /usr/share /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/openssh-server /usr/share/apport /usr/share/apport/package-hooks /usr/share/apport/package-hooks/openssh-server.py /usr/share/doc /usr/share/doc/openssh-client /usr/share/doc/openssh-client/examples /usr/share/doc/openssh-client/examples/sshd_config /usr/share/man /usr/share/man/man5 /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man8 /usr/share/man/man8/sshd.8.gz /usr/share/doc/openssh-server /usr/share/man/man5/authorized_keys.5.gz- libraries staan in
/liben/of/usr/lib - system binary executables staan in
/sbinof/usr/sbin(services staan altijd in/usr/sbin) - in
/usr/sharestaan docs, manpages, pictogrammen e.a. - in
/etcstaan config-files
a) Voor openssh-server is de binary daemon/usr/sbin/sshd
wikipedia: In multitasking computer operating systems, a daemon (/ˈdiːmən/ or /ˈdeɪmən/)[1] is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Traditionally, the process names of a daemon end with the letter d, for clarification that the process is, in fact, a daemon, and for differentiation between a daemon and a normal computer program. For example, syslogd is the daemon that implements the system logging facility, and sshd is a daemon that serves incoming SSH connections.
b) De config-file van openssh-server is/etc/ssh/sshd_config
- libraries staan in
- ssh server voor windows server
https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse
- oefeningen op openssh:
- zoek met
dpkg -lengrepofopenssh-serveris geinstalleerd - test met
ssh localhost-- indien dit niet werkt installeer danopenssh-server - kijk met
dpkg -Lnaar de inhoud van dit pakket - bekijk even de configfile:
/etc/ssh/sshd_config - verander het poortnummer van sshd in de
sshd_configPort=2222
(dat doe je metsudo nano /etc/ssh/sshd_config)
herstart de service:sudo systemctl restart sshd
test opnieuw metssh -p 2222 localhosten metssh localhost
- zoek met