-------------------------
Week 09 Notes for NET2003
-------------------------
-Ian! D. Allen - idallen@idallen.ca - www.idallen.com

Remember - knowing how to find out an answer is more important than
memorizing the answer.  Learn to fish!  RTFM!  (Read The Fine Manual)

Keep up on your readings (Course Outline: average 5 hours/week homework).
A good way to memorize the material is to take notes in class and then
merge your notes with my published note summaries after class.
You won't be able to Google search during tests and exams.

* Abbreviation "ALN" = your "Advanced Linux Networking" text by R.W.Smith

Review:
   Week 8 notes

--------------------------------------------------------------------------------

Network Tool Review
-------------------

How do you know what services are listening on a remote machine?

    $ nmap foo.org

What ports are open on *my* machine?

    # netstat -natup
    # ss -nap
    # ss -nlp

--------------------------------------------------------------------------------

Insecure Remote Login/File/Display Services
-------------------------------------------

The following services should not be used on the open Internet, since
one or both of the passwords and/or the data stream are sent in cleartext:

* Samba (SMB - Microsoft Server Message Block) - Chapter 7

* NFS (Network File System) - Chapter 8

* rlogin/telnet - Chapter 13 - cleartext console access

* VNC - Chapter 14 - graphical remote desktop

* X11 Remote Display (XDMCP) - Chapter 14 - graphical remote desktop

* FTP (file transfer protocol) - Chapter 21

Many of the above services can be "tunnelled" safely over a secure login
protocol such as SSH.

Q: T/F: Text-mode remote login tools directly permit X11 graphical
   programs to run.  p.309

Q: Rank ssh, rlogin, and telnet in order from most to least secure.  p.310,316
   - some would argue that since rlogin can be configured to permit login
     without passwords, it is, under some circumstances, *more* (not less)
     secure than telnet, which always requires a password

Q: What is the name of the file that contains the pre-login banner for
   a) network logins (telnet, ssh, etc.), and b) console logins?  p.317,318

Q: T/F: /etc/issue and /etc/issue.net may be created at boot time. p.319

Q: T/F: the telnet protocol sends your password in clear text
   over the network.  p.320

Q: T/F: a telnet session itself is encrypted once you log in.  p.320

--------------------------------------------------------------------------------

Remote login and Configuring SSH - ALN Chapter 13, p.321
--------------------------------

Q: What is the popular SSH protocol used for?  p.321

Q: What is the name of the non-commercial open source SSH package used in
   most Linux distributions?  p.322

Q: T/F: the open source SSH and the commercial SSH cannot connect to each
   other.  p.322

Many distributions split up the OpenSSH client/server suite into
separate client and server packages, since not everyone needs both.
You may need to install up to three software packages to get a full
open source SSH client and server on a Unix/Linux system.  p.323

Q: T/F: SSH allows you to forward ports across your encrypted connection. p.323

Q: T/F: the ssh/scp programs encrypt the login but not the data.  p.323-324

Q: How is the SSH server traditionally started in Linux?  p.324

Q: You can elect to run the SSH server from a super-server.  What
   inconvenience might this cause (esp. on hardware with slower CPUs)?  p.324

- What is the absolute pathname of the script used to start the SSH
  server?  (Go look!)

- What is the actual name of the running SSH server started by the script?
  (What is the absolute pathname of the SSH server program?)

Q: What configuration has to happen before you can run the SSH server for
   the very first time?  p.325

- What are the key types of the key files that the system SSH
  start-up script generates before starting the SSH server?  (Go look!)

Q: What happens to client connections if you re-generate (overwrite) the
   encryption keys on your server?  p.325

- What is the absolute pathname of the SSH server config file?  p.325

- What is the absolute pathname of the SSH client config file?  p.325

Q: What happens the first time you use an SSH client to connect to a
   server?  bottom p.328

Q: What happens at the client end when the key for a server changes?  p.328-329

Q: How can you force an SSH client connection to a server if the key file has
   changed?  top p.329

----------------------------------------------------------------------------

Classroom demo:
 - Port forwarding and tunnel creation via SSH.
 - The SSH "file system": sshfs

----------------------------------------------------------------------------

Advanced Environments
---------------------

    Using SSH for port forwarding, VPN, SOCKS, layer 2 bridging, etc.

    https://help.ubuntu.com/community/SSH_VPN
    http://wiki.enigmacurry.com/OpenSSH

Cygwin
------

    Unix environment inside Windows

    https://help.ubuntu.com/community/SSHHowto

Nested X servers (Xephyr)
-------------------------

    Run nested X servers

    http://ubuntuforums.org/showthread.php?t=620003