OPEN PETA

SSH is powerfull command line tool for tranfering data through secure channel ( Using Encryption alternate to telnet command), and also you can access all components from server like firefox ,terminal etc …

Scenario

1) You have 10 systems / computers connected with LAN (Local Area Network)
Server IP address : 10.0.0.1
Switch / Router IP : 10.0.0.2
Clients IP range : 10.0.0.3 to 10.0.0.11

2) You have internet connection on your server (10.0.0.1 or any linux machine)

3) Now You want to access the server internet connetion from client (eg:10.0.0.4)

Here is the step by step guide for this scenario

Server Side Configuration (10.0.0.1)

1. Download and Install the lateset version of SSH software from http://www.openssh.org/ website
(If you have any problem with installation check the Installation link
http://linuxforadmin.blogspot.com/search/label/Installation )

2. After installation , start the ssh server (sshd daemon) from terminal

a) For Redhat and Fedora

server# service sshd start

b) For Debian and Ubuntu

server# /etc/init.d/sshd start

Client Side Internet Access (10.0.0.4)

1. Goto terminal and type the following command

client# ssh -X antony@10.0.0.1

Now you need to provide password for antony
(antony is the normal user of server system 10.0.0.1)

2. After getting the connection you can access the server terminal
server#

3. Here type firefox or konqureor or opera
server# firefox

4. Now firefox will open and you can access the internet conneciton from server

Note : when you want to save or download the file , that will be stored into server system only.

Consider this scenario,This is the sample LAN. Now i am going to configure the server and 3 clients (for shutting down 3 clients from server) .Using Secure Shell (SSH) , we can execute any terminal commands like shutdown and halt on the remote system. but we need to enter the password for connecting remote system. By configuring public key both server and client , we can easily logon to the remote system without using password and then we can execute the shutdown command

Server Side (192.168.3.100)
1) Generate public key

root@myserver#ssh-keygen -t dsa -f .ssh/id_dsa
Generating public/private dsa key pair.
.ssh/id_dsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/id_dsa.
Your public key has been saved in .ssh/id_dsa.pub.
The key fingerprint is:
a6:3e:4d:48:af:73:04:d0:53:82:7d:ba:98:b6:fb:dd root@myserver

(Leave passphrase – Simply press enter key]

2) copy the server (192.168.3.100) public key to remote system (192.168.3.101)

root@myserver#cd .ssh
root@myserver#scp id_dsa.pub root@192.168.3.101:~/.ssh/id_dsa.pub
The authenticity of host ‘192.168.3.101 (192.168.3.101)’ can’t be established.
RSA key fingerprint is 5c:5b:84:54:a9:95:6b:64:85:74:9b:cc:ce:60:ed:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.3.101′ (RSA) to the list of known hosts.
root@192.168.3.101’s password:
id_dsa.pub 100% 603 0.6KB/s 00:00
root@myserver#

3) login to remote host(192.168.3.101) from local (192.168.3.100)

root@myserver#ssh -X root@192.168.3.101
root@192.168.3.101’s password:
Last login: Fri Oct 5 11:51:37 2007
Starting MySQL: [ OK ]
Starting httpd:
[root@client1 ~]#

4) In remote system append the public key to authorized_keys file

[root@client1 ~]# cd .ssh
[root@client1 .ssh]# cat id_dsa.pub >> authorized_keys
[root@client1 .ssh]# chmod 640 authorized_keys
[root@client1 .ssh]# rm id_dsa.pub
rm: remove regular file `id_dsa.pub’? y
[root@client1 .ssh]#exit

5) Now you can logon to the remote (192.168.3.101) system without password from your server (192.168.3.100)

6) Execute the shutdown command from server (for shutdown the client)

root@myserver#ssh -X 192.168.3.101 halt

The same way you can configure the client 2, and client 3 systems .

If the network has more number of systems , then you can use the following shell script in server for shutting down all client machines after configuring the public key on all machines

[root@myserver ~]# vi ssh-shutdown.sh
for (( $i=100 ; $i<=250 ; $i++ ))
do
ssh -X root@192.168.3.$i halt
done

(This program will shutdown the all network client system from 100 to 250)

1.Escape character is used for access telnet commands in remote machine , by default the escape character is ‘^’
Example

telnet> set escap #
escape character is ‘#’.
(or)
[root@myserver ~]# telnet -e ‘#’ 192.168.3.138
Telnet escape character is ‘#’.
Trying 192.168.3.138…
Connected to 192.168.3.138 (192.168.3.138).
Escape character is ‘#’.
Red Hat Enterprise Linux WS release 4 (Nahant)
Kernel 2.6.9-5.ELsmp on an i686
login: cam1
Password:
Last login: Wed Sep 26 09:02:18 from myserver
[cam1@MB327SCS068 ~]$

2. The opposite command of set is unset
Example

telnet> unset escape
escape character is ‘off’.

2. Connecting remote host using open command
Example 

telnet> open 192.168.3.138
Trying 192.168.3.138…
Connected to 192.168.3.138 (192.168.3.138).
Escape character is ‘off’.
Red Hat Enterprise Linux WS release 4 (Nahant)
Kernel 2.6.9-5.ELsmp on an i686
login: cam1
Password:
Last login: Wed Sep 26 08:55:59 from myserver
[cam1@MB327SCS068 ~]$

3. In remote terminal we can execute the following commands

a) encrpt
b) close
c) send
d) logout
e) quit
f) status

For executing telnet command in remote machine first logon the remote system using open command and then type telnet , give one space and press your escape character (here #) . don’t press enter key . when you press escape character after telnet,remote machine automatically enter into telnet mode . here you can execute the commands

Example

[cam1@MB327SCS068 ~]$ telnet (one space + #)
telnet>

4. Printing telnet information – status command

[cam1@MB327SCS068 ~]$ telnet
telnet> status
Connected to 192.168.3.138 (192.168.3.138).
Operating in single character mode
Catching signals locally
Remote character echo
Local flow control
Escape character is ‘#’.

5. Authentication using auth command

a) for checking authentication
[cam1@MB327SCS068 ~]$ telnet
telnet> auth status
Authentication enabled
KERBEROS_V5: enabled
KERBEROS_V4: enabled

b) We can enable and disable the authentication

telnet> auth enable ?
auth enable ‘type’
Where ‘type’ is one of:
NULL
KERBEROS_V5
KERBEROS_V4
telnet> auth disable ?
auth disable ‘type’
Where ‘type’ is one of:
NULL
KERBEROS_V5
KERBEROS_V4

Example
telnet> auth disable KERBEROS_V5
telnet> auth enable KERBEROS_V5

6. send command

telnet> send ?
ao Send Telnet Abort output
ayt Send Telnet ‘Are You There’
brk Send Telnet Break
ec Send Telnet Erase Character
el Send Telnet Erase Line
escape Send current escape character
ga Send Telnet ‘Go Ahead’ sequence
ip Send Telnet Interrupt Process
nop Send Telnet ‘No operation’
eor Send Telnet ‘End of Record’
abort Send Telnet ‘Abort Process’
susp Send Telnet ‘Suspend Process’
eof Send Telnet End of File Character
synch Perform Telnet ‘Synch operation’
getstatus Send request for STATUS
? Display send options

Some Examples

a) telnet> send ayt

[MB327SCS068 : yes]

b) telnet> send getstatus
RCVD IAC SB STATUS IS
WILL ECHO
WILL SUPPRESS GO AHEAD
WILL STATUS
DO TERMINAL TYPE
DO NAWS
DO TSPEED
DO LFLOW
DO XDISPLOC
DO NEW-ENVIRON
SB TOGGLE-FLOW-CONTROL ON SE

7. close / logout / quit commands

a) [cam1@MB327SCS068 ~]$ telnet
telnet> quit
Connection closed.
b) [cam1@MB327SCS068 ~]$ telnet
telnet> close
Connection closed.

c) [cam1@MB327SCS068 ~]$ telnet
telnet> logout
Connection closed by foreign host.

Still lot of operations are there in telnet . Some basic idea about telnet commands has only given here.