13,420
edits
Changes
no edit summary
=INVESTIGATION 3: SECURING THE SSH CONNECTION=
=== Investigation 6Part 1: How do you use ssh to tunnel other traffic. ===
[[Image:Tunnel.png|thumb|right|600px|You can also use an ssh connection to '''tunnel other types of traffic'''. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can '''increase the security of that application''' (i.e. deceive potential hackers).<br><br>Alternatively you could use it to '''circumvent a firewall that is blocking traffic''' you wish to use but allows ssh traffic to pass through.]]
# For this section, you will still be using your '''centos1''' and '''centos2''' VMs.
# On the HTTP server make sure the Apache web server is installed by typing the command:<br /><code>rpm -q httpd</code>
# If it is installed check the configuration of the service to see if it is automatically started at any runlevels by using the <code>chkconfig h</code> command.
# If it has not been started automatically start the service using the '''service ''' command.# Confirm that httpd is listening to TCP/80 using the '''netstat ''' command.# Create a small html document called <code>'''/var/www/html/index.html</code> ''' that displays a short message.*
# On the centos1 (the http server) confirm everything is working locally by using a browser to connect to http://localhost
# Set the default firewall configuration on centos1 to REJECT incoming requests to http (TCP/80)
# Confirm that you can't connect by using firefox on centos to connect to centos1 http://centos1/
# On '''centos2 ''' confirm that the httpd service is stopped so it cannot interfere with your observations.# The next step is to establish a <u>tunnel</u>. When you establish a tunnel you make an ssh connection to a remote host and open a new port on the local host. That local host port is then connected to a port on the remote host through the established tunnel. When you send requests to the local port it is forwarded through the tunnel to the remote port.# Establish a tunnel using a local port on centos2 of 20808, that connects to the remote port on '''centos1 ''' of 80, using the following command on '''centos2''':<br /><b><code><span style="color:#3366CC;font-size:1.2em;">ssh -L 20808:centos1:80 user@centos1</span></code>{{Admon</note | b><br><br> '''Note! | :'''<br>The '''-L ''' option (which means Local port) takes one argument of <pre><local-port>:<connect-to-host>:<connect-to-port></pre> The command basically connects your local port of 20808 to the remote port of 80 on '''centos1'''. This means all requests to 20808 on the <u>localhost </u> ('''centos2''') are actually tunnelled through your ssh connection to port 22 on '''centos1 ''' and then delivered to port 80 on '''centos1''', bypassing the firewall. }}<olbr><li value="14"br># >Once the tunnel is established use '''netstat ''' to verify the port 20808 is listening on '''centos2</li>'''<li># Now using the browser on '''centos2 ''' connect to http://localhost:20808</li><li>#You should see the index.html page on centos1.</li><li># Close the ssh connection and verify that the port 20808 is no longer listening.</li></ol>
'''Answer the Investigation 6 Part 1 observations / questions in your lab log book.'''
=== Investigation 7: How do you make sshd more secure ===