Open main menu

CDOT Wiki β

Changes

OPS235 Lab 7 - Fedora17

94 bytes added, 11:35, 18 March 2011
no edit summary
{{Admon/note | | You can also use an ssh connection to tunnel other types of traffic. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can increase the security of that application. Alternatively you could use it to circumvent a firewall that is blocking traffic you wish to use but allows ssh traffic to pass through.}}
* # You will be working with the 2nd scenario of bypassing a firewall that blocks http traffic.* # In this investigation fedora1 will be your http server and fedora2 will be your client.* # On the HTTP server (fedora1), make sure the Apache web server is installed by typing the command:** <br /><code>rpm -q httpd</code>* # If it is installed check the configuration of the service to see if it is automatically started at any runlevels by issuing the command:** <br /><code>chkconfig --list httpd</code>* # If it has not been started automatically start the service using the command:<br />** <code>service httpd start</code>* # Confirm that httpd is listening to TCP/80 using the command:** <br /><code>netstat -atnp</code>* # Create a small html document called <code>/var/www/html/index.html</code> that displays a short message.* * # On the fedora1 (the http server) confirm everything is working locally by using a browser to connect to http://localhost* # The default firewall configuration on fedora1 is to REJECT incoming requests to http (TCP/80)* # Confirm that you can't connect by using firefox on fedora2 to connect to fedora1 http://fedora1/* # On fedora2 confirm that the httpd service is stopped so it cannot interfere with your observations.* # The next step is to establish a tunnel. When you establish a tunnel you make an ssh connection to a remote host and open a new port on the local host. That local host port is then connected to a port on the remote host through the established tunnel. When you send requests to the local port it is forwarded through the tunnel to the remote port.
:::: [[Image:Tunnel.png]]
* <ol><li value="13">Establish a tunnel using a local port on fedora2 of 20808, that connects to the remote port on fedora1 of 80, using the following command on fedora2:** <br /><code>ssh -L 20808:fedora1:80 user@fedora1</code></li></ol>
{{Admon/note | Note! | The -L (which means Local port) takes one argument of <pre><local-port>:<connect-to-host>:<connect-to-port></pre> The command basically connects your local port of 20808 to the remote port of 80 on fedora1. This means all requests to 20808 on the localhost (fedora2) are actually tunnelled through your ssh connection to port 22 on fedora1 and then delivered to port 80 on fedora1, bypassing the firewall. }}
* <ol><li value="14">Once the tunnel is established use netstat to verify the port 20808 is listening on fedora2</li>* <li>Now using the browser on fedora2 connect to http://localhost:20808</li>* <li>You should see the index.html page on fedora1.</li>* <li>Close the ssh connection and verify that the port 20808 is no longer listening.</li>* Answer <li>nswer the Investigation 6 question in your lab log book.</li></ol>
=== Investigation 7: How do you make sshd more secure. ===
13,420
edits