COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [1]
COIT20266 – Systems Security Administration
Remote SSH and Command Line Tools
This guide steps us through the installation processes of a number
of software components that allow us to securely login to our
server from a remote location. Even though our server will likely
be running ‘virtually’, on the same computer, the implementation
is the same as if it were running on a completely different host
system. [Once everything is installed we can try this if we have
access to a second computer on our local network – install PuTTY
on the second computer and SSH into the server running virtually
on the other computer.]
To allow secure remote login to our server we first need to
install the SSH server software on our server. Once that is done
we can install an SSH client, PuTTY, on our local host machine and
login to our server via SSH.
Assumptions
We have previously installed and run the Ubuntu Base server and
can login to it through the VirtualBox interface.
openssh-server
* openssh-server (www.openssh.com) – “OpenSSH encrypts all traffic
(including passwords) to effectively eliminate eavesdropping,
connection hijacking, and other attacks”.
Install openssh-server
Installing the openssh-server is very easy using apt. It is
included in the Ubuntu server software distribution list, however,
before installing software we should always make sure our software
distribution list is up-to-date and that our system has the latest
upgraded software. We have done this before using the apt-get
command.
From the server command line update the distribution list:
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [2]
ubuntu@S12345678:~$ sudo apt-get update
then upgrade our system software:
ubuntu@S12345678:~$ sudo apt-get upgrade
We may or may not have software to upgrade. If we do, we would
likely review what changes are being made to our server before
proceeding, however we will just accept all upgrades if there are
any.
To install the openssh server:
ubuntu@S12345678:~$ sudo apt-get install openssh-server
Before continuing with the install, we should read through all of
the packages that will be installed.
One of the items included in the install process was an update to
our man database. So we now have a man page for SSH. View the
man page by entering the following command:
ubuntu@S12345678:~$ man ssh
This gives us some detail about the SSH client that was installed
as part of the server. Toward the bottom of the man page we will
see a section headed “SEE ALSO”. This section lists a number of
related commands. One should be sshd, which is the actual SSH
server. So do a man on sshd.
The ‘d’, is for daemon, which basically means ‘server’. So this
is the man page for the SSH server. Skim through the document
noting that there is a configuration file for the SSH server
located at /etc/init/ssh.conf.
At this point the openssh-server has been installed and configured
to run using a default configuration. This will be fine for our
requirements. To ‘see’ that the server is running we will check
to see if there is a process running named sshd. To do this we
will use the ‘ps’ command. Use man to find out what the ‘ps’
command does. Basically it provides a listing of all active
processes on our server. We will look at the ‘ps’ command in more
detail later.
Type the following command:
ubuntu@S12345678:~$ ps aux
This will give us all of the active processes running on our
server. There are too many entries and they scroll off the
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [3]
screen, so we will use the ‘grep’ command to find just the ones
that matches ‘sshd’. Skim through the grep man page to get an
idea of what it does. We use the pipe command ‘|’ to send the
output from one command to the input of another command. This
will be covered in detail in a later reading.
ubuntu@S12345678:~$ ps aux|grep sshd
The ‘grep’ command finds the lines that contain the string ‘sshd’
from the output of the ‘ps aux’ command. The result should be
something like the following:
The first line shows the SSH server process running, the second is
the grep command that we ran to finding the sshd process. This
shows that our SSH server is running. Note the path where the
sshd binary file can be found ‘/usr/sbin/sshd’.
PuTTY
* PuTTY (www.chiark.greenend.org.uk/~sgtatham/putty) – “PuTTY is a
free implementation of Telnet and SSH for Windows and Unix
platforms”.
Now that we have the SSH server running we need to install an SSH
client on our local host system that will allow us to connect to
the SSH server. For the SSH client we will be using PuTTY.
Download PuTTY
Download the PuTTY client software from the link provided above.
Select the Download link and find the ‘Windows installer for
everything except PuTTYtel’ – this is the installer we want (the
release version not the development snapshot). Download the
installer exe.
If we aren’t using Windows e.g. Mac OS or Linux, then we will have
to research what SSH client we have available to us. Most
alternate operating systems have an SSH client built in, or it is
an easy install process. If problems are encountered using an
alternate operating system, please raise it on the course forum.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [4]
Install PuTTY
Installing PuTTY on windows is as simple as running the installer
exe downloaded above and accepting all of the default settings as
shown below:
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [5]
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [6]
It is always a good idea to skim through the README, just in case
there is anything that could cause us problems. In this case
there shouldn’t be, but quickly read through the README.txt file
anyway.
Configure PuTTY
Before we can configure PuTTY to connect to our SSH server we
first need to find out the IP address of our server. To do that,
we need to run the ‘ifconfig’ command on the server. Before doing
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [7]
that, we should skim through the man page for ifconfig to
understand what the command can provide.
ubuntu@S12345678:~$ ifconfig
Our output from the ifconfig command will vary, as we each have a
different network configuration.
If we look carefully in the screen dump above we will see the line
for the eth0 device that starts with ‘inet addr:192.168.1.10‘ –
the second line down. This is the IP address the server has been
assigned. To connect our SSH client (PuTTY) to our server, this
is the IP address that we need. We must use the IP address of our
own server, not the one listed above.
We need to keep our server running so we can connect to it with
PuTTY, so don’t shut it down. If we do, we will have to restart
it before proceeding below.
Now we can start PuTTY and connect to our server. Starting PuTTY
should give us the main configuration screen:
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [8]
Looking closely we can see that we need to include the IP address
of our SSH server which is using the default SSH port 22. Make
sure the connection type is set for SSH (it should be), and type
in the IP address of our server that we found previously.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [9]
There are two other changes that we should make now, that will set
the Keyboard and Translation of our SSH client to match our SSH
server.
Select the Keyboard item from the menu on the left – it’s under
the Terminal heading. Change ‘The Function keys and keypad’
choice to Xterm R6. This ensures that our keyboard function keys
are mapped correctly for use on our server.
Now select the Translation item from the menu on the left – it’s
under the Window heading. Change the ‘Remote character set’ drop
down list to ‘UTF-8’. If we remember back to our base server
install, this was the translation that we used for our server.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [10
We don’t want to have to change these settings every time we login
to our server so select the ‘Session’ item in the menu on the left
and enter a ‘Saved Sessions’ name that matches our server name –
below S12345678 is used.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [11
Now select the [Save] button and the configuration will be saved.
It should look something like the above. Next time we start PuTTY
we can simply double click on the saved session and we will login
to our server.
Do that now. Double click on the session we just saved – this is
‘S12345678’ in the example above.
Since this is the first time we have logged into this server, SSH
provides the client with a key that uniquely identifies the
server. Select [Yes] to accept this key – this will ensure we are
connecting to this server, not another potential imitation server,
when we login in the future.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [12
We are then presented with a login screen to our server.
Login as ubuntu.
We are now connected via SSH to our server – all the traffic
between the two is encrypted.
We no longer need to login to the VirtualBox interface to access
our system. We simply need to start our server and then use PuTTY
to login.
Go to the VirtualBox interface and type ‘exit’. This will log us
out of that session. So now we have our server running
‘virtually’ and are connecting to it from our host PC. The server
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [13
could reside anywhere on our local network and this would still
work. Make sure we understand what is happening here.
We can now shutdown our server from the SSH client (PuTTY) by
typing the shutdown command in the PuTTY session. Watch both the
server and the client windows when this is done:
ubuntu@S12345678:~$ sudo shutdown -h now
Note that the PuTTY connection is lost as the server shuts down.
Restart the server but don’t login to the VirtualBox server
interface. Instead login remotely using our saved PuTTY session.
We will not use the VirtualBox server interface anymore, unless
specifically asked to. This emulates real life, as a typical
cloud based server could be located anywhere in the world, which
we would not have direct access to.
PSFTP
PuTTY also comes with a number of other SSH tools, one of which is
PSFTP. A SSH version of FTP. Select the PSFTP icon that was
installed with PuTTY and a command window similar to the one below
should open indicating that no hostname was specified. Similar to
FTP we need to open a connection to our server by typing in the IP
address for our server):
open 192.168.1.10
and then login as ubuntu when prompted. Remember to use the IP
address of our own server, not the one provided in the example and
restart the server if it is shutdown.
We can type ‘help’, to get additional details of the available
commands.
We now have an interactive way to transfer files to and from our
server via a secure SSH connection.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [14
A command line version of ‘sftp’ was installed on our server as
part of the openssh-server install. You can find more details by
viewing the man page for sftp.
byobu
* byobu – (launchpad.net/byobu,
help.ubuntu.com/10.10/serverguide/C/byobu.html) – A useful
application for system administrators. It allows the execution of
multiple shells in one terminal, and provides some useful
information about the system.
Install byobu
By now we should be very familiar with the basic use of apt. To
install byobu we simply type the following command into the PuTTY
SSH client (not the VirtualBox interface) which is logged into our
server:
ubuntu@S12345678:~$ sudo apt-get install byobu
Review the manual page for byobu.
Start byobu by typing the following at the command line:
ubuntu@S12345678:~$ byobu
We will see quite a bit of extra information at the bottom of the
screen. This information can be very useful to a System
Administrator. byobu also allows us to have multiple terminals
open at one time. We can switch between the terminal sessions
easily. This is great for starting a job and doing something else
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [15
– checking back on the job when we need to by switching to the
other terminal.
Note – if your byobu screen looks like the following:
You will need to edit the .byobu/backend file and change the one
line from:
BYOBU_BACKEND=tmux
to
BYOBU_BACKEND=screen
log out and back in again and it should then look like:
You may have to review the use of vi before you can do this – it
is one of this week’s items.
We are asked to investigate the use and keys for byobu as part of
the assessment – remember the man page and the links provided
above.
To save us from having to start byobu each time we login, we can
configure it to ‘launch at login’. To do this we need to access
the byobu menu by pressing the [F9] key.
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [16
Move down to the last item on the menu (‘…launch at login…’)
and press [Enter]. The next time we login to our server byobu
will be launched. Press [Esc] to back out of the menu.
vi
* vim – (www.vim.org, help.ubuntu.com/community/VimHowto) – an
advanced text editor often called a “programmer’s editor”. It is
perfect for all kinds of text editing, from composing email to
editing configuration files.
Install vi
vi or vim is already installed on our system. Review the man page
for vi. This is one of the reasons that we should learn the
basics of using the vi editor – it is installed on almost all
operating systems by default.
You can start vi by simply typing vi at the command line.
However, you really need to research some of the keys used before
trying to edit a file. If you started vi, read the screen for
help. [Type :q<Enter> to exit from vi.]
COIT20266 Week-2 Systems Security Administration
Remote SSH and Command Line Tools [17
Although vi is already installed, the version installed is a
minimalist version. It is enough to edit configuration files
etc., but to make our life a little more colourful we will install
the full version of vim which supports syntax highlighting etc.
We should know how to do this now:
ubuntu@S12345678:~$ sudo apt-get install vim
Note that the full name is vim (the improved version of vi).
We should use the man page and the links provided above to become
familiar with the basic functionality of vi.
traceroute
* traceroute – “print the route packets trace to network host”.
To help test our network connection we will install traceroute.
Hopefully we have seen it before in a pre-requisite Networking
course.
Install traceroute
As expected, to install traceroute:
ubuntu@S12345678:~$ sudo apt-get install traceroute