61 lines
2.1 KiB
TeX
61 lines
2.1 KiB
TeX
\chapter{ssh}
|
|
\label{chap:ssh}
|
|
|
|
Secure Shell.
|
|
|
|
D'après le site \texttt{openssh.org} :
|
|
\textit{OpenSSH is a {\em free} version of the SSH\index{ssh} connectivity
|
|
tools that technical users of the Internet rely on. Users of
|
|
telnet, rlogin, and ftp\index{ftp} may not realize that their password
|
|
is transmitted across the Internet unencrypted, but it
|
|
is. OpenSSH encrypts all traffic (including passwords) to
|
|
effectively eliminate eavesdropping, connection hijacking, and
|
|
other attacks. Additionally, OpenSSH provides secure tunneling
|
|
capabilities and several authentication methods, and supports
|
|
all SSH protocol versions.}
|
|
|
|
% --------------------------------------------
|
|
|
|
\section{X11 forwarding}\index{X11}
|
|
|
|
Option \texttt{-X} et ses implications sur la sécurité.
|
|
|
|
\section{sshfs}
|
|
\index{sshfs}
|
|
|
|
D'après la manpage Linux : \textit{SSHFS (Secure SHell FileSystem)
|
|
is a file system for Linux (and other operating systems with a FUSE
|
|
implementation, such as Mac OS X or FreeBSD) capable of operating
|
|
on files on a remote computer using just a secure shell login on the
|
|
remote computer. On the local computer where the SSHFS is mounted,
|
|
the implementation makes use of the FUSE (Filesystem in Userspace)
|
|
kernel module. The practical effect of this is that the end user can
|
|
seamlessly interact with remote files being securely served over SSH
|
|
just as if they were local files on his/her computer. On the remote
|
|
computer the SFTP subsystem of SSH is used.}
|
|
|
|
Hélas, ça ne marche pas trop bien depuis un
|
|
OpenBSD\index{OpenBSD}\footnote{OpenBSD 5.5 sur sparc64} :
|
|
|
|
\begin{verbatim}
|
|
~ $ uname -a
|
|
OpenBSD vierge.thsf.net 5.5 GENERIC#159 sparc64
|
|
~ $ sshfs tth@10.20.0.23:/tvbruits 23/
|
|
fuse_mount: Permission denied
|
|
\end{verbatim}
|
|
|
|
Grace à \texttt{<semarie>}\footnote{du Groupuscule des Contributeurs
|
|
d'Unix}\index{gcu} : pour un montage en
|
|
tant que yuser il faut deux choses :
|
|
les bons droits sur \texttt{/dev/fuse*} et un
|
|
\texttt{sysctl kern.usermount=1} bien senti.
|
|
|
|
La semaine prochaine, nous verrons le \textit{mapping} entre les
|
|
UID\index{UID} locaux et distants.
|
|
|
|
% --------------------------------------------
|
|
|
|
\section{Port forwarding}
|
|
|
|
% https://tookmund.com/2021/10/ssh-port-forwarding
|