1. Pendahuluan
SSH (Secure Shell) dan FTP (File Transfer Protocol) adalah dua protokol jaringan yang sangat penting untuk administrasi sistem dan transfer file.
Critical Services: SSH memberikan akses remote yang aman, sementara FTP memungkinkan transfer file antara client dan server. Memahami konfigurasi dan keamanan kedua layanan ini sangat kritis bagi administrator sistem.
SSH
Secure Shell
Secure Remote Access
Port 22
Encrypted
TCP
FTP
File Transfer Protocol
File Transfer Service
Port 21
Unencrypted
TCP
2. Secure Shell (SSH)
Apa itu SSH?
-
Protokol jaringan untuk mengakses sistem secara remote dengan aman
-
Menggunakan enkripsi untuk melindungi data yang ditransmisikan
-
Port default: 22 (TCP)
-
Menggantikan protokol tidak aman seperti telnet, rlogin
SSH Benefits
End-to-End Encryption
Strong Authentication
Integrity Protection
Komponen SSH:
Software untuk menginisiasi koneksi
Contoh: OpenSSH, PuTTY, SecureCRT
Software yang menerima koneksi
Contoh: OpenSSH Server, dropbear
Pasangan kunci kriptografi untuk autentikasi
Public/Private key pairs
SSH Protocol Versions:
Versi lama dengan vulnerability
Security Issues:
- Weak encryption algorithms
- Vulnerable to MITM attacks
- No proper integrity checking
NOT RECOMMENDED for use
Versi current yang lebih secure
Improvements:
- Stronger encryption (AES, ChaCha20)
- Better authentication methods
- Proper integrity protection
- Key exchange improvements
RECOMMENDED for all deployments
Keuntungan SSH:
-
Enkripsi end-to-end - All traffic encrypted
-
Autentikasi yang kuat - Multiple authentication methods
-
Integrity protection - Data tampering detection
-
Port forwarding dan tunneling - Secure network tunneling
3. Implementasi SSH di Linux
OpenSSH Server Installation:
# Update dan install OpenSSH Server
sudo apt update
sudo apt install openssh-server
# Start dan enable service
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh
# Install OpenSSH Server
sudo yum install openssh-server
# atau dengan dnf
sudo dnf install openssh-server
# Start dan enable service
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl status sshd
File Konfigurasi Penting:
SSH server configuration
/etc/ssh/sshd_config
# Security settings
Port 22
Protocol 2
PermitRootLogin no
SSH client configuration
/etc/ssh/ssh_config
# Client settings
Host *
SendEnv LANG LC_*
HashKnownHosts yes
User's authorized keys
~/.ssh/authorized_keys
# Public keys for key-based auth
ssh-rsa AAAAB3Nza... user@client
ssh-ed25519 AAAAC3... user@laptop
SSH Server Configuration Example:
# Basic settings
Port 22
Protocol 2
ListenAddress 0.0.0.0
# Security settings
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
# Session settings
X11Forwarding yes
ClientAliveInterval 300
ClientAliveCountMax 2
MaxAuthTries 3
# Access control
AllowUsers user1 user2@192.168.1.0/24
DenyUsers baduser
# Cryptography settings
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
Testing SSH Configuration:
Check Configuration Syntax
# Test sshd_config syntax
sudo sshd -t
# Check specific configuration
sudo sshd -T | grep -i permitroot
# Reload configuration
sudo systemctl reload ssh
Connection Testing
# Basic connection test
ssh username@hostname
# Test with specific port
ssh -p 2222 username@hostname
# Verbose output for debugging
ssh -vvv username@hostname
# Test with key authentication
ssh -i ~/.ssh/custom_key username@hostname
4. SSH Key Authentication
Generate SSH Key Pair:
# Generate RSA 4096-bit key
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Output:
# Generating public/private rsa key pair.
# Enter file in which to save the key (/home/user/.ssh/id_rsa):
# Enter passphrase (empty for no passphrase):
# Your identification has been saved in /home/user/.ssh/id_rsa
# Your public key has been saved in /home/user/.ssh/id_rsa.pub
# Generate Ed25519 key (more secure, faster)
ssh-keygen -t ed25519 -C "comment"
# Output:
# Generating public/private ed25519 key pair.
# Enter file in which to save the key (/home/user/.ssh/id_ed25519):
# Enter passphrase (empty for no passphrase):
# Your identification has been saved in /home/user/.ssh/id_ed25519
# Your public key has been saved in /home/user/.ssh/id_ed25519.pub
Recommendation: Use Ed25519 for new deployments - faster and more secure than RSA.
Copy Public Key ke Server:
# Copy public key menggunakan ssh-copy-id
ssh-copy-id user@remote-server
# Dengan port specific
ssh-copy-id -p 2222 user@remote-server
# Dengan identity file specific
ssh-copy-id -i ~/.ssh/custom_key.pub user@remote-server
# Manual copy public key
cat ~/.ssh/id_rsa.pub | ssh user@remote-server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
# Atau menggunakan scp
scp ~/.ssh/id_rsa.pub user@remote-server:~/.ssh/
ssh user@remote-server "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys"
File Permission yang Benar:
Important: SSH is very strict about file permissions. Incorrect permissions will cause authentication to fail.
# Set correct permissions for SSH directories and files
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/id_ed25519.pub
chmod 644 ~/.ssh/known_hosts
# Check permissions
ls -la ~/.ssh/
Test Key Authentication:
# Test connection with key authentication
ssh -i ~/.ssh/id_ed25519 user@remote-server
# Test without specifying key (uses default)
ssh user@remote-server
# Verbose output to debug authentication
ssh -vv -i ~/.ssh/id_ed25519 user@remote-server
5. File Transfer Protocol (FTP)
Apa itu FTP?
-
Protokol untuk transfer file antara client dan server
-
Menggunakan dua koneksi:
- Control Connection (port 21) - Untuk commands
- Data Connection (port 20) - Untuk transfer data
-
Standard protocol untuk file transfer sejak 1971
FTP Limitations
No Encryption
Clear Text Passwords
Vulnerable to Sniffing
Mode Transfer FTP:
Server menginisiasi data connection ke client
Connection Process:
- Client connects to server port 21 (control)
- Client sends PORT command with client IP and port
- Server connects back to client on specified port
- Data transfer occurs
Issues:
- Firewall problems (client-side)
- NAT traversal issues
Client menginisiasi data connection ke server
Connection Process:
- Client connects to server port 21 (control)
- Client sends PASV command
- Server responds with IP and port for data connection
- Client connects to server data port
- Data transfer occurs
Benefits:
- Better firewall compatibility
- Works through NAT
- Recommended for modern networks
Kelemahan FTP:
Security Warning: FTP memiliki beberapa kelemahan keamanan yang serius:
-
Tidak terenkripsi - Credentials dan data dikirim plaintext
-
Vulnerable to sniffing attacks - Easy to intercept credentials
-
No data integrity - No protection against tampering
-
Complex firewall configuration - Especially in active mode
14. SSH Connection Simulator
SSH Terminal Output:
Welcome to SSH Connection Simulator
Enter connection parameters and click "Establish SSH Connection" to begin...
Connection Status:
Ringkasan Pembelajaran
Pada pertemuan ini kita telah mempelajari layanan SSH dan FTP, termasuk konfigurasi, keamanan, dan best practices untuk remote access dan file transfer.
Key Takeaways:
- Konfigurasi dan hardening SSH server
- SSH key authentication dan management
- FTP server implementation dan security concerns
- Secure alternatives (SFTP, SCP, FTPS)
- Advanced SSH features (tunneling, port forwarding)
Security Emphasis:
- Always use SSH instead of telnet/FTP
- Implement key-based authentication
- Use SFTP/SCP instead of plain FTP
- Harden SSH configuration
- Monitor and log access attempts