Professional Documents
Culture Documents
HP World 2005 Securing Your Unix Environment With HP Secure Shell
HP World 2005 Securing Your Unix Environment With HP Secure Shell
Securing your
Unix
environment
with HP
Secure Shell
Steven E Protter
Senior Systems
Administrator
I.S.N. Corporation
Secure Shell Presentation Outline 1
• Presenter information
– Qualifications and experience.
– Warning !!
– How he got here.
• What is HP Secure Shell
– Advantages
– Challenges
– Components
Secure Shell Presentation Outline 2
• Where do I get HP Secure Shell
• How do I install HP Secure Shell
• Why should I use HP Secure Shell
Secure Shell Presentation Outline 3
• Step by step for installation and
exchange of public keys.
– Downloading the software.
– Installation.
– Exchanging public keys.
• Questions and (hopefully) answers
Getting Started
Qualifications and Experience 1
swinstall -s
/home/secsh/T1471AA_A.04.00.000_
HP-UX_B.11.11_32+64.depot \*
“The command line is the
Systems Administrators
best friend.”
Steven E Protter
Senior Systems Administrator
ISN Corporation
“Because someday it may be
all you have.”
Steven E Protter
Senior Systems Administrator
ISN Corporation
Situations with no GUI tools:
• Advantages:
– Ease of administration
– More secure than typing passwords
– You don’t have to remember passwords
– Works over multiple operating systems
Public Key Exchange
• Challenges:
– You may someday boot the wrong system
– If a root password is compromised on one
system root access is granted on all
systems with public key exchange.
Public Key Exchange
• PS1=
[8476#] echo ${PS1}
Wed Jun 1 16:37:46 2005:$PWD [!#]
In /etc/profile
ENV=/.kshrc
Public Key Exchange: Change prompt
vi /.kshrc
PS1=`date -u +%c `:`echo
$LOGNAME@``hostname`‘ $PWD
[!#] '
Public Key Exchange: Change prompt
ssh-keygen -t dsa.
Press <ENTER> for the next 3 questions
cd .ssh
Public Key Exchange
ls –la
ssh hpweb
The authenticity of host 'hpweb (192.168.0.70)' can't be
established.
RSA key fingerprint is
97:1d:cb:bf:b3:54:9f:54:12:8f:2f:3a:aa:b9:10:7c.
Are you sure you want to continue connecting (yes/no)?
yes <enter>
Warning: Permanently added 'hpweb,192.168.0.70'
(RSA) to the list of known hosts.
Password:
Public Key Exchange: Host setup
cd .ssh
scp –p eilat:/$PWD/id_dsa.pub authorized_keys
<Generate a public key on second host>
cat id_dsa.pub >> authorized_keys
chmod 644 authorized_keys <optional depending on
umask>
scp –p authorized_keys eilat:/$PWD
Public Key Exchange: Host setup
DONE!
Public Key Exchange: Summary
• http://forums.itrc.hp.com
• http://docs.hp.com
• http://itrc.hp.com
• http://www.hp.com/go/software