SSH a protocol or tool
Understand ssh and its capabilities
In this post you will understand the Secure Shell protocol, and how this protocol suite helps you establish communication to a BSD, Linux, and OS-X device through the SSH Console or a Windows 3rd party program, such as PuTTy, encrypting the data transmission, adding another layer of protection to important data such as passwords, IP Addresses, and other user information.
For Avaya Media Servers and H.248 gateways it is highly recommended that you use SSH instead of telnet, for reasons already stated above. As system technicians we depend on protocols like SSH in conjunction with Bash to conduct our daily activities.
These are the main ssh characteristics
- 1.- Encryption
- 2.- Protocol suite
- 3.- SSH command scenarios
1.- Encryption
When using a Secured Shell connection there are three methods of encryption, symmetric, hashes, and asymmetric. These types of encryption will be negotiated between two hosts (server and client).
Symmetric – is also known as shared key encryption. It utilizes one single key to encrypt and decrypt the data.
Asymmetric – The RSA (Rivest-Shamir-Adleman) is the most used algorithm in this type of encryption, is where two keys are used, one to encrypt and the other one to decrypt the data.
Hash – You might see it whenever downloading an ISO images from the http://support.avaya.com as the error checking mechanism with md5sum. It doesn’t interchange any keys like the Symmetric or Asymmetric algorithms.
SSH V2 – Besides adding a security mechanisms through the Transport layer, authentication codes, etc. SSH-2 allows you to establish various sessions over one connection and it is not backwards compatible.
TCP Port 22 is the default port, if you are thinking of changing this port to avoid future attacks, it might not be a good idea. Most Avaya equipment requires communication on pre-set ports such as 22 and 222 for ssh.
3.- Protocol suite
As a protocol suite SSH uses a variety of protocols to securely perform different tasks, such as copying and transferring files. Two of these secured protocols are scp and sftp.
SCP (Secure copy) – It remote copies files form host to host using SSH-v1 as default with paraphrases and passwords for authentication. When copying the files you can compress them, using IPV4 vs IPV6, bypass authentication, etc. For a list of attributes run the MAN SCP command.
SFTP (Secure File Transfer) – Version 1 is used by default, although like scp version 2 can be used if specified when running the sftp command. Paraphrases, and passwords authentication is used to connect from host to server.
3.- SSH command scenarios
SSH is also a command incorporated with most of the linux/OX based programs that allows you to establish remote connections to another host/server. the following are some examples:
Accessing remote hosts with SSH
me@computername> ssh dadmin@10.5.8.40
By producing the above command a public key password will be exchanged. The result assumes that you don’t know the password.
- dadmin@10.5.8.40’s password: Permission denied, please try again.
- dadmin@10.5.8.40‘s password: Permission denied, please try again.
- dadmin@10.5.8.40‘s password: Permission denied (publickey,password).
You can also use ssh -l dadmin 10.5.8.40 (-l = login)
Copying files
scp -C -l (compresses and limit the bandwidth) useful for modem or lower connections.
scp -C -l 32 /tools/data/CM/patches/01.5.642.3-17944.tar.gz dadmin@10.1.1.1:/var/home/ftp/pub
scp filename.lic dadmin@10.1.1.1:/var/home/ftp/pub
The above command secure copies the zipped file from /patches to the CM’s Pub directory. You can use the same command to copy licenses and authentication files to the pub in CM. You must enter the dadmin password when prompted.
Transferring files
sftp@servername or sftp@10.1.1.1, once connected run the command “get”, plus file name. to download the file from the remote host or server. Filezilla can be used as a sftp client to connect and manage files.
Question – What other commands can you use with SSH?
Resources
SFTP Client or Server – Filezilla download
Error checking software – MD5SUM (MD5summer Download)
Secure copy client – WinSCP
Avaya Mentor – How to Enable the SSH Client of a VMWare ESXi 5.0 Host
Please note: I reserve the right to delete comments that are offensive or off-topic.