TetaTricks/chap/ssh.tex

\chapter{ssh}
\label{chap:ssh}

Secure Shell.

D'après le site \texttt{openssh.org} :
\textit{OpenSSH is a {\em free} version of the SSH\index{ssh} connectivity
tools that technical users of the Internet rely on. Users of
telnet, rlogin, and ftp\index{ftp} may not realize that their password
is transmitted across the Internet unencrypted, but it
is. OpenSSH encrypts all traffic (including passwords) to
effectively eliminate eavesdropping, connection hijacking, and
other attacks. Additionally, OpenSSH provides secure tunneling
capabilities and several authentication methods, and supports
all SSH protocol versions.}

%	--------------------------------------------

\section{X11 forwarding}\index{X11}

Option \texttt{-X} et ses implications sur la sécurité.

\section{sshfs}
\index{sshfs}

D'après la manpage Linux : \textit{SSHFS (Secure SHell FileSystem)
is a file system for Linux (and other operating systems with a FUSE
implementation, such as Mac OS X or FreeBSD) capable of operating
on files on a remote computer using just a secure shell login on the
remote computer.  On the local computer where the SSHFS is mounted,
the implementation makes use of the FUSE (Filesystem in Userspace)
kernel module. The practical effect of this is that the end user can
seamlessly interact with remote files being securely served over SSH
just as if they were local files on his/her computer. On the remote
computer the SFTP\index{sftp} subsystem of SSH is used.}

Hélas, ça ne marche pas trop bien depuis un
OpenBSD\index{OpenBSD}\footnote{OpenBSD 5.5 sur sparc64} :

\begin{verbatim}
~ $ uname -a
OpenBSD vierge.thsf.net 5.5 GENERIC#159 sparc64
~ $ sshfs tth@10.20.0.23:/tvbruits 23/
fuse_mount: Permission denied
\end{verbatim}

Grace à \texttt{<semarie>}\footnote{du  Groupuscule des Contributeurs
d'Unix}\index{gcu} : pour un montage en
tant que yuser il faut deux choses :
les bons droits sur \texttt{/dev/fuse*} et un
\texttt{sysctl kern.usermount=1} bien senti.

La semaine prochaine, nous verrons le \textit{mapping} entre les
UID\index{UID} locaux et distants.

%	--------------------------------------------

\section{Port forwarding}

% https://tookmund.com/2021/10/ssh-port-forwarding
release du matin, chagrin 2020-09-29 10:41:53 +02:00			`\chapter{ssh}`
done for today 2020-11-10 02:40:30 +01:00			`\label{chap:ssh}`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
			`Secure Shell.`

			`D'après le site \texttt{openssh.org} :`
done for today 2020-11-10 02:40:30 +01:00			`\textit{OpenSSH is a {\em free} version of the SSH\index{ssh} connectivity`
release du matin, chagrin 2020-09-29 10:41:53 +02:00			`tools that technical users of the Internet rely on. Users of`
			`telnet, rlogin, and ftp\index{ftp} may not realize that their password`
			`is transmitted across the Internet unencrypted, but it`
			`is. OpenSSH encrypts all traffic (including passwords) to`
			`effectively eliminate eavesdropping, connection hijacking, and`
			`other attacks. Additionally, OpenSSH provides secure tunneling`
			`capabilities and several authentication methods, and supports`
			`all SSH protocol versions.}`

more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`% --------------------------------------------`
done for today 2020-11-10 02:40:30 +01:00
more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`\section{X11 forwarding}\index{X11}`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`Option \texttt{-X} et ses implications sur la sécurité.`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
			`\section{sshfs}`
			`\index{sshfs}`

			`D'après la manpage Linux : \textit{SSHFS (Secure SHell FileSystem)`
			`is a file system for Linux (and other operating systems with a FUSE`
			`implementation, such as Mac OS X or FreeBSD) capable of operating`
			`on files on a remote computer using just a secure shell login on the`
			`remote computer. On the local computer where the SSHFS is mounted,`
			`the implementation makes use of the FUSE (Filesystem in Userspace)`
			`kernel module. The practical effect of this is that the end user can`
			`seamlessly interact with remote files being securely served over SSH`
			`just as if they were local files on his/her computer. On the remote`
more bla... 2022-04-01 14:23:45 +02:00			`computer the SFTP\index{sftp} subsystem of SSH is used.}`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
			`Hélas, ça ne marche pas trop bien depuis un`
			`OpenBSD\index{OpenBSD}\footnote{OpenBSD 5.5 sur sparc64} :`

			`\begin{verbatim}`
			`~ $ uname -a`
			`OpenBSD vierge.thsf.net 5.5 GENERIC#159 sparc64`
			`~ $ sshfs tth@10.20.0.23:/tvbruits 23/`
			`fuse_mount: Permission denied`
			`\end{verbatim}`

			`Grace à \texttt{<semarie>}\footnote{du Groupuscule des Contributeurs`
			`d'Unix}\index{gcu} : pour un montage en`
			`tant que yuser il faut deux choses :`
			`les bons droits sur \texttt{/dev/fuse*} et un`
			`\texttt{sysctl kern.usermount=1} bien senti.`

			`La semaine prochaine, nous verrons le \textit{mapping} entre les`
			`UID\index{UID} locaux et distants.`

more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`% --------------------------------------------`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`\section{Port forwarding}`
release du matin, chagrin 2020-09-29 10:41:53 +02:00
more bla from Terreblanque 2021-10-04 22:24:01 +02:00			`% https://tookmund.com/2021/10/ssh-port-forwarding`