=========================================================
REMOTE ADMINISTRATION AND ADVANCED SSH USAGE LECTURE PLAN
=========================================================
Presented on 31 May 2003 at the 6th annual lug-bg meeting
     by Georgi Chorbadzhiyski (georgi()unixsol!org)

Graphical administration tools
------------------------------
- VNC - Virtual Network Computing
   - platform independant
   - can share the session
   - simple challenge response authentication
   - no encryption
   - can be tunneled through ssh
   - no state stored in client
   - JAVA client
   - clipboard sharing

- X Window (remote X)
   - xdm
   - remote X applications
   - Xnest server
   - X security
   - SSH X forwarding

Web administration
------------------
- Webmin
  - easy to use interface
  - web browser is enough
  - can be used over SSL
  - custom modules for administration every services

Network monitoring
------------------
- SNMP v1, v2, v3 (windows, unix, network devices)
  - community strings
    - v1 weaknesses
    - v2, v3 - hash authentication

Text based console terminal sessions
------------------------------------
- Telnet/Ftp, Rsuite (rsh, rlogin, rcp)
  - available on every unix os
  - no encryption (Rsuite under linux supports DES)
  - easy spoofing
  - Kerberos/SKey authentications can be used for telnet
  - Hostbased authentication for Rsuite
  - NOT RECOMMENDED!

- SSH
  - strong encryption
  - strong authentication
  - password/SKey/public keys authentication
  - port forwarding
  - authentication forwarding
  - X display forwarding

  * See bellow


==================
ADVANCED SSH USAGE
==================
* Authentication Methods (SSH2)
  -----------------------------
Password authentication
 - SSH_ASKPASS

Hostbased authentication
 - Make /etc/ssh/known_hosts (not nesesary)
 - Make /etc/ssh/shosts.equiv
 - Put "HostbasedAuthentication yes" in server's /etc/ssh/sshd_config
   and clients's /etc/ssh/ssh_config
 - Put "EnableSSHKeysign yes"

PublicKey authentication
 - ssh-keygen (id_dsa.pub -> authorized_keys)
 - ssh-agent, ssh-add

Only in ssh.com: Certificate authentication

* Agent forwarding (-A)
  ---------------------
 - no private key is transmitted

* Port forwarding
  ---------------
X forwarding (-X)
Local port forwarding (-L) -g
  local_port:to_host(connect from REMOTE mashine):to_port

Remote port forwarding (-R)
  remote_port:to_host(connect from LOCAL machine):to_port

  - ssh.com ftp port forwarding
      ssh2 -L ftp/x:ftpdserver:y username@sshdserver

On the fly configuration of port forwarding using ssh console
   ~? - help
   ~# - show forwarded connections
   ~C - execute commands (talk on command line usage)

Dynamic port forwarding (-D)
  - OpenSSH supports SOCKS4
  - SSH.com support SOCKS4 an 5

* SSH tools
  ---------
 - scp
 - sftp