Linux - 用於遠程管理的SSH (Linux - SSH for Remote Administration)

字幕列表影片播放

please go to the line the computer guy dot com In order to view schematics, code and Maur for the projects that you are learning about welcome back.
So in today's video, I'm going to show you how to use sssh on Lennox S H stands for secure shell.
And this is how you're able to remotely administer Lennox boxes.
The great thing about sshh is essentially all you're doing is sending back and forth text.
So, Maura, unless you could be connected to a potato and still be able Thio administer your Lennox machines.
If you're dealing with the Windows world, probably know about remote desktop protocol remote desktop that is absolutely awesome for ministering Windows servers and Windows machines.
The problem is, there's a lot of graphics involved.
Remote desktop.
So if you're gonna be connecting to a machine with remote desktop, the machine has to be in a solid, fast, stable connection, and you, as a client, have to be in a solid, fast, stable connection.
If that is not the case, using remote desktop on bad Internet connections could be 00 such a treat, right?
The nice thing, though, about essay, because all you're doing is you're sending back text.
And so the fact of the matter is you could be on a to G connection.
Your server can be on almost a dial up connection, and you can still access your server just as quickly as if you're on a big connection.
The reason being again is all you're doing is ascending text back and forth.
That's one of the really nice things about using SS Agent is one of the reasons why a lot of people a lot of technicians, prefer to use Lennox over Windows machines, especially when they have to administer systems remote, like simply because it is literally so easy to access these machines.
And you don't have to worry about things like Internet connections.
Oh, or how fast the Internet connection is.
So when you're dealing with S S H, it is important.
Understand that SS H is a client server model s o.
Your server actually has to have the s s a server software installed, and you have to use a client piece of client software to be able to connect to that server software.
So we start talking about clients again.
I use Mac os so s s H client is actually built into the Mac OS terminal, so I can simply open up a terminal type essay space and the connection to connect to the server on amable able to interact with a server that way, connect over S s A.
If you're using Windows, you may have to use a Windows Sssh client.
So back in the day, I used to use putty.
Oh, there's a whole metric crap ton of clients out there.
But you do have to you have the SS AI software to be able connect to the server, even even again, even if you have a smartphone.
Truly.
10 years ago, back in the day when I had my Lennox server sitting echolocation facility on an iPhone three Gs, if you remember what Internet connections of mobile phones were like back in the day, they were really horrible.
But the fact of the matter is, is I actually had an SS H client app installed on my old iPhone three gs, and I was able to do full administration using that iPhone three.
Yes, because again, all it's sending back is text.
So the important thing to remember about sshh is this?
The software has to be insult on the server, and you have to be able to use a client to be able to connect to it.
Now, when you're dealing with Lennox and you're dealing with sshh, it's important to remember that many times sshh isn't not installed by default on Lenox servers.
Assess Age could be a major security vulnerability.
So if you don't actually need it, you don't want it on the server even though a lot of people use it.
So the first thing that you're gonna have to do is when you boot up your server to take a look.
Toto, look of the SS ai is you're gonna have to see whether or not SS AI is actually installed.
And I'll show you how to check to see whether the SS A service is running or whether it's there.
If it's not there, all you have to do is install open sshh server, which is really easy now sssh on the server and does use port 22.
So it is important.
Understand?
What you start interacting with S s age is they're going to have to understand basic amounts of networking.
This is where again, In the tech world, a lot of people complain because they say, Oh, I do classes on simple things.
Oh, allies always talking about the introductory stuff.
Well, the rial, the thing with the real technology world is you have a whole bunch of introductory classes.
You tie them all together, and that's when you get to something complicated.
So when you're looking at Lenox now, there were using Sssh!
You're going to have to understand a little bit, just at least a little bit about networking, right?
So you need to be able to access a port 22.
So from your client to the server, interacting with Port 22 has to be open.
So if you're using fire while you're using U F W on your Lennox box, you make sure a port 20 two's open.
If you have a firewall on your on your router or whatever else on your network, you have to make sure poor 22 is open.
The things the port forwarding works and all that kind of stuff.
So it is important to understand that you need to understand that poor 22 has to be open, has to be accessible.
And if you're going to be, you know, connecting to your server from wherever in the world, you have to understand the basic neck working principles in order to make that happen.
As far as with our little test lab demo lab, where I'm showing you how to do these things, even on virtual box of theseventies that I had to change actually go into the network settings for the particular virtual machine that we're using.
And I actually had to modify those so that my host system was able to connect to the I.
P address of the virtual machine, the Lenox virtual machine that we're using.
So that's one of things I'm going to be showing you today.
But that's important again.
You have to understand, how do things like Ping, you have to understand how to do basic network troubleshooting to make sure that the client, so whatever the client is installed on, can actually talk to the server today.
I'll show you like I have config.
I'll show you how to pay.
You do that kind of basic stuff, but to get to this point, you should have a reasonable understanding of how basic networking works because again you can have the you're gonna have a server.
You can have a client, but you can't talk to each other literally.
Nothing else matters.
So with that, let's go over to the computer and I'll show you how this works.
So here we are, at my system again.
I'm using Mac OS, some using virtual box, and I have a virtual machine here.
Now it is completely shut off right now because we need to be able go to settings and then we need to go to network.
And what you're going to need to do is you need to change the network to Brady did after eso by default.
It's on that.
So basically what Nat allows Napa wow, is your Lennox system to be able to get to the outside world and download software and see websites or whatever else.
But right now we're going to actually need this max system to be able to connect to our virtual machine.
So that's why we put it over here to bridge adapter, so make sure to select abridged adapter.
This will allow the local host machine to be able to communicate directly with the virtual machine.
Literally.
If you don't do that, everything else isn't gonna work for you.
There's a name here.
These are the different Internet network connections that we have on the on this particular Mac computer s O e N zero WiFi s O.
This is the WiFi connection that we have.
And so I will leave that with that.
And then you just simply do okay past that, Then all you d'oh!
Who is you simply double click and you turn on your virtual machine for you.
Bon dieu server on.
Then you're gonna wait a CZ.
Everything goes by.
Nice part is relatively fast to be able to boot up one of these Lennox machines within within virtual box.
Okay, so now we're here and we're gonna log in.
So again, we're gonna use my my super fancy, my super fancy log in names.
I'm Bob.
It's gonna be a password.
So my password is 123456 Super secret, super secure.
And there we are.
We are now currently along into this system.
Someone do clear.
Just clear the screen.
And now the first thing that I want to take a look at is is SS uh is open sshh installed on this server, right?
So when you install or when you're installing the operating system for a bun, too now, many times it asks you if you want open SS ai installed.
If you don't need it insult, I would recommend you don't install it because again, it could be a security problem.
So that's one of things you have to look at is to see OK in this particular box isn't there.
So what we're gonna do is we're simply going to go to service is or any service is system see, t l status and then the it's s s take d.
So it's s s a demon, basically.
So this is the service.
And so we're going to look for the we're going to look for the service so pseudo the system C t l command.
This allows you to start restart.
Stop Service is and also allows you to see the status of a service.
So we're just going to say, Hey, what is the status of this particular service?
We're gonna type in a password and as as a D D service could not be found so this is not installed on this particular server.
So then all we need to do is we simply need to install it.
So we're gonna do a pseudo space at Typhon, get Ben Stone, and then it's open SS age hyphen server.
So this is what we're going to be installing.
And the S s a T.
D is the name of this service.
Once it's installed around hit, enter, it's going.
That's what packages going through, doing all the stuff processing triggers.
And there you go for you when you do this.
I had this installed before.
Then I uninstalled it so you might get like a Yes, no question there.
But otherwise that's literally all you have to do in order to install a sigh.
Said so from there you go back.
We didn't take a look at the status so pseudo system.
C t l status s s h d.
We need to make sure that the status is they're running.
So now we can see that it is active and it is running from this point.
What we need to know then, is what is the I p address of this particular server?
Right?
So I mean again.
That's one thing you have to be thinking about.
If you're gonna be connecting to remote systems, you actually have to know what I p address you're trying to connect to.
So I'm gonna do is I'm going to use a command called I peek Unfit IQ r I f config Oh, that was That was wrong.
I peek and figure the windows world in the Lenox world is I f i f config and then you hit Enter.
It's gonna give you a whole bunch of information.
But what you want is this.
I think so.
This is your internet address, so it's 10 1.4.
So this is your TCP I p for address.
And so this is what you're going to be using to connect to the server.
Now, Gannon's I've talked about there are are many types of clients software for S s sake.
Again, if you're using windows, you know all you do is type in S S H clients.
Five best sssh client for windows and putty and solar putty and secure.
See Artie and there's a whole bunch of different things.
I'm sure you can get into an asset not only stupid argument about which sssh client is the best again.
I'm just showing you the into directory.
So I'm just showing you how this works and then you can figure out what's the best.
But the nice part again in the Olympics world is that S s a is actually already installed by default within terminal.
So I simply open up a terminal.
So in order to get to terminal, if you're on the Mac world, he simply goto applications.
Then you go to utilities, then you go to terminal and this will open up.
And then here all you have to dio is S s a and so this calls the s s sake application the client application within terminal.
Then you do the user name that you're gonna be longing in with us.
So we have a good old fashioned a Bob as we can before then we do at and then for the at we plug in the i p address of the server there we're trying to connect to.
So this is a 10 1.4 on.
Then we hit Enter basically is asking, you know, do you want do you care about the authenticity is the key.
Correct?
Whatever else.
Basically, you're just going to say yes for this?
I was gonna say type out?
Yes.
Someone actually type out?
Yes, here.
And then I hit Inner.
Now is going to ask for Bob's password to again.
Whenever you're dealing with systems like this, do make sure you remember what password you're supposed to plugging in.
So it's Bob.
So it's 123456 ener.
And look at that.
We're now long been and more or less That's basically looks like the page that you get when you ever you log into Atlantic systems.
If you log into the normal Lennox command line, this is what it looked like.
I can simply hit clear like I normally do.
That clears out the screen.
You can see Bob at server.
That's where I met.
I could do P W d.
Just wear it, see where I am in the file structure again.
If you're doing something like sshh, this could be very important just to make sure you're not adding and removing something in the wrong place, eh?
So I can see I'm located in the Bob folder in the home directory, just like I normally am.
So that's Bob's home forger.
L s space hyphen.
L normal list command.
I can hit in her.
And I can see we have that Kron test that contest one from the from the crime job demonstration that I did before.
We have test file.
We have test folder, And from here, I could do something such as make directory.
I don't S s eight folder Ram.
Then I could enter, and we do.
L s hyphen.
L and we can see that we now have.
That s s a folder.
If I go back to my a bunch of server.
So this is the Avanti server.
I'm still logged in to pwd.
Make sure, Matt.
So I'm still at that bob home.
Clear that l s based hyphen l And so we can now see, we have that S s H folder.
Here s O basically again.
I am currently longed in.
If I make a change here like it's it's the full of candy.
I'm actually interacting directly with server.
There's there's nothing.
Nothing additional there.
Right?
So if I go here and again, I go make directory and I can say SS a folder to hit, Enter and I can go back I say back to this shh session.
You had less hyphen.
L again and we can see that I have the SS a folder to hear.
So I am directly interacting with the server.
It's all it's all real time.
There's no whatever you know, you don't have to apply or anything like that.
Eso from this, right?
So again, if I have a Web server, let's say I need to make sure he gets to my Web server.
I can go in.
I could change configurations for the Web server I can restart.
The service is for the Web server.
I could do a lot of modifications.
I can actually install software from from the terminal again.
So if I want Thio to install something, I could install what?
Basically, I could do the full administrative tasks from sssh!
And really, all you have to do is you simply have to install the open sshh server onto your Lennox server on.
Then you're able to connect to it with whatever client app you have again.
It is built in to Mac OS X or Mac.
Oh, as terminal or again, as I showed you before.
You can use one of those client APS for windows and again, even if you're using an IOS device or an android device.
There are SS H client APS for those two.
And so it really like it.
Isn't that simple to be able to remotely administer your Lennox box?
Whether you're Lennox box is halfway around the world or if it's literally just sitting in a room in a couple of couple of feet away from you, this is a way that you can control and interact with those systems.
So there you go.
I'm showing you how to use Sssh on Lenox Server.
I showed you how to install the SS A server components onto Olynyk Server again.
I've shown you how to be able to connect to the SS a server using the terminal from Mac OS, because again, sshh is built into then and I showed you the options for the window systems again.
In the real world, I use putty, but I'm sure that can start a whole bunch of arguments out there now.
One of things.
I will tell you one of the reasons why I s S H is many times not installed by default onto Lennox Systems is because it can be a vulnerability for what are called of brute force attacks.
So what brute force attacks are?
The hacking world is we're essentially hackers.
Just send a countless number of different username, password combinations trying to figure out if any of them work.
So especially if you use a week user name a weak passwords such as 123456 There's a good chance of somebody does a brute force attack against your system for S s A They may be able to get in, and it is kind of amazing.
Like if you ever look at logs, it's amazing how many times we will try to log in in the S S sake, especially if you're they're using some kind of baht or some kind of automated system.
Now there is security out there.
There are there is different software you can install into your Lennox system that will basically just fail out for a walk and sshh account or service after so many failed log in attempts.
But that's an additional thing that you have to install onto your server that's not installed there by default.
So one of the reasons why essay isn't generally on by default is again because it is a vector for hacking attacks.
And if you don't actually need it, then it may not matter for you again if you have, you know, like, say, like, you know, when you when you have to remotely administer systems like for me.
When I had systems in a cold location facility so literally the facility was like 10 miles from where I was at was a pain in the butt to get to.
So having SS age open make my made my life a hell of a lot easier, right?
Because I could administer the system completely from my house.
And so therefore, again with security, you know, that's the whole thing.
It's, you know, risk versus reward is there.
There's a risk of having sshh open, yes, but not having to get in my car drive all the way to the to where the co location facility is.
You know that that was worth the risk.
Whereas on the other hand, again, if you have a Lennox system working in a production environment, let's say within your office or within your business, you may want to turn sshh off, Right?
So let's say you have the Web server.
If you have some file server or something else, it's doing it saying, basically, you set it up.
You touch it once every five months, right?
Do the updates.
Maybe do a reboot.
That's it.
You may turn sshh off because again, if you have 100 people or 200 people in that office, you may have a hacker.
You may have somebody that's, you know, learning the hacking on the side on.
Is that gonna try to compromise your systems?
And so again, why?
Why have that risk?
Whereas if the system's airway away somewhere else, it may be worth the risk to have SS a show.
But the other thing to be thinking about to secure sshh is again be thinking about me thinking about the networking.
Be thinking about things like firewalls, that type of thing.
So let's say, like with U of W with the built and firewall with a bond to you, possibly you could open up a s s es on Lee for a specific I P address right.
So you could you could give your computer a static I p address and then open up S S eight.
Only four.
That static I p.
Address.
So that allows you to be connected to the server using SS age.
But if anybody else tries, they will simply be blocked by the firewall again.
One of things you can do.
Basic thing is just not, let s s sake, be able to come through your network firewall.
So if you have a network firewall, nobody needs sssh to be able to get in.
Maybe you block Port 22 so nobody can try to get in using SS age from the outside world.
So once you start using SS age, this is one of those things where you really do have to start thinking about the overall security environment and how you start building the system again.
This is this is why we take all of these small little components and technology and then we build them together to create a production system to.
The first thing is you create the Lenox Server, and once he created one ex server, you realize, Oh, I might need to remotely administer the Lenox server.
So then you install eso sake, but they think, Oh, I want to protect it.
So then you do things such as use u f w use the built in fire wall and then you start you.
Then you deal with networking.
Then you start dealing with all of these other things to figure out the best way to give you access to your own system while also preventing that the hackers from being a big gain access.
And that's that's where the creativity comes in.
That's where you build the infrastructure based off of what your recent resource is, our what your capabilities are, what your needs are and what risks that you're concerned about.
S Oh, that's That's one of things that really comes in, especially when you're gonna be deploying SS ache in the real world.
And so in that again, as it was ages.
So basically, it's just a way to remotely administer your systems very easy to set up very easy to connect, Thio.
But the big thing is, is do be concerned about the security implications of once you do set up essay and think about how you're going to try to mitigate those problems.
So, as always, I enjoy doing this video.