- SSH Tipps & Tricks
-
- Reihenfolge / Outline
-
- Einleitung, Ziele
-
- Will nicht Grundfunktionen zeigen, sondern das Drumherum
- Will M�glichkeiten aufzeigen, nicht Details oder Howtos
- Basis: SSH 5.1 wie in Debian Lenny, nicht alles (aber fast
alles) geht in �lteren Versionen.
- Das Leben mit Bordmitteln leichter machen
-
- edit .ssh/config
- ssh-keygen
-
- Immer nur mit Passphrase, erst recht, wenn man damit irgendwo
root bekommt.
- Geklauter Laptop + ssh-Key ohne Passphrase = Einbruch
- ssh-copy-id / authorized_keys
- eval `ssh-agent` (GNOME Keying oder tlw. auch X k�nnen das
als Option)
- ssh-add
- ssh -a / ssh -A
- scp / sftp
- Tunneln
-
- Ist nicht b�se sondern dient der eigenen Sicherheit und
Privatsph�re
- Anwendungen, die mit ssh selbst tunneln
-
- rsync
- IMAP mit mutt und pine
- Viele Versioning-Control-Systeme unterst�tzen ssh 'out of
the box': cvs, svn, git, hg, etc.
- X tunneln
-
- Bestimmte Ports tunneln
-
- Beliebige Ports tunneln
-
- -D
-
- DNS-Anfragen werden nicht mitgetunnelt!
- VPN / tun/tap erw�hnen
-
- Je nach Konfiguration wird auch DNS getunnelt
- Tunneln ohne Shell oder Kommando
-
- -f + -N (synergy, -D)
- -n, &
- Im Einsatz
-
- Nette Tools drumherum
-
- screen
- autossh host 'screen -rd'
- sshfs
- Verbindungen kastrieren / ssh zum Pingen
-
- command='command'
- environment='NAME=value'
- from='pattern-list'
- no-agent-forwarding, no-port-forwarding, no-pty,
no-X11-forwarding
- Brainstorming
-
- Externe Tools
-
- molly-guard (Tipp von adi via Freak)
- screen
- autossh
- synergy (Hat eigentlich nichts direkt mit ssh zu tun, will man
einfach mit ssh tunneln -> eher nicht)
- sshfs
- Interne Tools / Config Files
-
- ssh-agent
- ssh-copy-id (Danke an @atoponce)
- ssh-add
- ssh_config
- authorized_keys
-
- command='command'
- environment='NAME=value'
- from='pattern-list'
- no-agent-forwarding, no-port-forwarding, no-pty,
no-X11-forwarding
- sshrc (~/.ssh/rc, /etc/ssh/sshrc)
-
- environment (~/.ssh/environment)
- Optionen
-
- -f + -N (synergy, -D)
- -n, &
- -D 1080 (Danke an fab23)
- -L, -R, -g
- -x, -X, -Y
- Escapes
-
- Alternative Implementationen
-
- dropbear / dclient: http://matt.ucc.asn.au/dropbear/dropbear.html
-
- A small memory footprint suitable for memory-constrained
environments - Dropbear can compile to a 110kB statically linked
binary with uClibc on x86 (only minimal options selected)
- Dropbear server implements X11 forwarding, and
authentication-agent forwarding for OpenSSH clients
- Can run from inetd or standalone
- Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
- The server, client, keygen, and key converter can be compiled
into a single binary (� la busybox)
- Features can easily be disabled when compiling to save space
- TCP forwarding support
- Verf�gbar f�r/in:
-
- Debian, Ubuntu
- Gentoo
- OpenWRT, FreeWRT
- fli4l, floppyfw, ttylinux
- NetBSD, FreeBSD
- Maemo (Nokia N770, N800, N810)
- iPhone, AppleTV
- Motorola a780/e680/e680i
- �ngstr�m (OpenZaurus-Nachfolger)
- Mitgeliefert bei:
-
- VCFe 11.0 Ideen
-
- NUTS: Neil's Unix Talker Server(?) (Thema!)
- Gopher (again)
- Freie Reimplementationen alter Betriebssysteme
-
- Altes Netzwerk
-
- Telnet (Axel)
- Gopher (Venty)
- Modem (Venty)
- Web 1.0 (Boa? Amiga?)
-
- MIDI (Ohrenkrebs)
- AnimGIF, Marquee, Frames (Augenkrebs)
- Web-Award
- Impressum mit Standnummer
- Best Views With Lynx
- NUTS (Axel)
- IRC (Venty)
- AUI/BNC (USB auf BNC Adapter?
-
- USB auf ISA-Adapter und dann ISA-Netzwerkkarte? (Adi)
- DNS (Venty mit BIND) / hosts file per NIS
- UUCP (P2501)
- Fortune per Telnet
- INN (Venty)
- Offener Mailserver
-
- Spam: Enlarge Your Joystick
- FTP (Venty mit PureFTPd, Axel mit WU-FTPd)
-
- Anonymous Upload
- ls-lR.txt
- /pub
- FTP Search
- Weniger wahrscheinlich:
-
- Talk
- Archie?
- WAIS?
- Sendfile
- LPMUD (Raffzahn)
- Framstag mal informieren, vielleicht stellt er sendfile vor.
- Hackerfunk
-
- Heiteres Binaryraten: cat /vmlinuz > /dev/audio
- Debian GNU/kFreeBSD
-
- Overview
-
- Planned to be released with Debian 6.0 Squeeze
- Slides
-
- Title
- Foreword
-
- Mark said: License Matters.
- I say: Jehova!
- We are at FOSDEM, not at the FOSDEM beer event. This is not a
political talk. Even if I mention them, I neither want to start a
license discussion nor to discuss license issues. So please no
flame war. Thanks.
- Yes, it's a Bastard
- Open Source at it's best: Take two existing things and
combine them to something new
- Overview
- What is it exactly?
-
- It's a port, it's its own architecture.
- (Well, two ports/architectures: kfreebsd-i386 and
kfreebsd-amd64, short k-i and k-a)
- Since April 2009 it's part of the official Debian archive.
Was hosted at Debian-Ports.org before.
- You can't have Linux and kFreeBSD kernel in the same
installation or switch between them
- So it's not as easy as 'apt-get install freebsd'
- apt-get install kfreebsd-source-$version works though, also on
Debian GNU/Linux.
- What does the name stand for?
-
- Debian
-
- DFSG, dpkg, apt, D-I, rock-solid stable releases
- GNU
-
- (e)glibc
- the userland (coreutils, etc.)
- kFreeBSD
-
- rock-solid FreeBSD kernel, only the kernel
- Started with 5.somewhere around 2005
- Currently supports 7.2 (testing + D-I) and 8.0 (unstable)
- Why?
-
- Because we can! (SCNR)
- Combines advantages of the Debian System and of FreeBSD
-
http://wiki.debian.org/Debian_GNU/kFreeBSD_why
- Better Performance?
-
- Why not a BSD libc?
-
- Adapting the libc to the kernel is way less work than patching
1000s of packages to work with another libc, too.
- Debian GNU/NetBSD (see, no 'k') tried this and failed.
- Comparisom with Debian GNU/Linux
-
- Cleaner standard kernel interfaces
-
- /dev
- OSS
- Less bazaar-like development model
- More stability
- Features you don't get with Linux
-
- pf
- ZFS
- Jails
- NDIS Drivers in mainline kernel
- Licensish stuff
-
- SCO (Anyone believes they're still able to hurt someone?)
- Often used Linux-only stuff
-
- Comparison with FreeBSD
-
- dpkg and apt
- No rolling releases in ports (e.g. Samba and CUPS)
- No non-DFSG-compliant binary-only drivers in the kernel
- Similar Projects
-
- What's still missing?
-
- ZFS userland utilities
- pf packaging
- Bluetooth
- IPv6 glue for 'route', etc.
- fuse utilities
- inotify-kqueue compatibility layer
- Some FreeBSD-specific tools like kdump, moused, etc.
- 16% (kfreebsd-i386) to 18% (kfreebsd-amd64) of the packages
-
- A current Live CD. Ging is mostly from 2005 based on Sarge and
5.x kernels
- The Future
-
- Release with Debian 6.0 Squeeze as first released non-Linux
ports.
- Not yet planned but possible: Further hardware platforms
- Contact / Resources
-
- History
-
- Traces of FreeBSD versions in Debian package lists
-
- Sarge (End 2005): freebsd-buildutils (5.2 + 5.3)
- Etch (April 2007): kfreebsd-source-5.4
- Lenny (February 2009): kfreebsd-source-6.3, kfreebsd-source-7.0
- Squeeze (Autumn 2010?): kfreebsd-source-8.0,
kfreebsd-source-7.2
- Which Installer is used
-
- First there was bootstrapping done on FreeBSD
- Then there was a raped FreeBSD installer
- Now D-I has support for kFreeBSD