CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Cunsheng Ding HKUST, Hong Kong, CHINA
Remote Login: TELNET and
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.
EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
The Secure Shell Protocol Jia Zhu Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel.
COS 420 DAY 24. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Cs490ns-cotter1 SSH / SSL Supplementary material.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
SSH Secure Login Connections over the Internet
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Secure Remote Access: SSH. 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services over an insecure.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Network Security Essentials Chapter 5
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Tunneling and Securing TCP Services Nathan Green.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
Other useful commands netstat ps tail kill. netstat Print network connections, routing tables, interface statistics, masquerade connections, and multicast.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
Phil Hurvitz Securing UNIX Servers with the Secure.
1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
TELNET 1.TELNET 2.SSH. TELNET  TELNET is an abbreviation for TErminaL NETwork.  It is the standard TCP/IP protocol for virtual terminal service as proposed.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
By Chris Zachor CS 650.  Introduction  SSH Overview  Scenarios  How To:  Results  Conclusion.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
1 Example security systems n Kerberos n Secure shell.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
Secure services Unit-IV CHAP-1
Ssh: secure shell.
Virtual Private Networks
Secure Sockets Layer (SSL)
SECURE SHELL MONIKA GUPTA COT 4810.
Module 4 Remote Login.
File Transfer Protocol
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
SSH – the practical solution
Introduction to Network Security
Presentation transcript:

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003

– 2 – CSCE 815 Sp 03 Machines to Attack NOT!!! gateway

– 3 – CSCE 815 Sp 03 SSH (Secure Shell) SSH Released April 1, 2003 OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks OpenSSH provides a myriad of secure tunneling capabilities E.g. tunneling X connections OpenSSH provides variety of authentication methods. Port 22 when used over TCP/IP (most common)

– 4 – CSCE 815 Sp 03 SSH Picture

– 5 – CSCE 815 Sp 03 SSH Suite ssh replaces telnet and rsh scp (secure copy) which replaces rcp sftp (secure ftp) which replaces ftp sshd (secure shell daemon) which is the server Others: ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server ssh-addssh-agentssh-keysignssh-keyscan ssh-keygensftp-serverssh-addssh-agentssh-keysignssh-keyscan ssh-keygensftp-server Protocols: SSH 1.3 thru SSH 2.0 are supported

– 6 – CSCE 815 Sp 03 OpenSSH SSH client configuration ssh_config (5) ssh_config SSH client configuration files $HOME/.ssh/config $HOME/.ssh/config /etc/ssh/ssh_config /etc/ssh/ssh_config

– 7 – CSCE 815 Sp 03 SSH Protocol 2.0 SSH Protocol ArchitectureSSH Protocol Architecture - Architecture describes the overall design of SSH-2 SSH Protocol Architecture SSH Transport Layer ProtocolSSH Transport Layer Protocol - provides a single, full- duplex, flow-controlled, byte-oriented connection from client to server, with privacy, integrity, and man-in-the-middle protection SSH Transport Layer Protocol SSH Authentication ProtocolSSH Authentication Protocol - identifies the client to the server SSH Authentication Protocol SSH Connection ProtocolSSH Connection Protocol - provides richer, application- support services such as TCP port and X forwarding SSH Connection Protocol

– 8 – CSCE 815 Sp 03 SSH Architecture Host Keys - Each server host SHOULD have a host key Two different trust models can be used:  client has a local database that associates each host name with the corresponding public host key  host name-to-key association is certified by some trusted certification authority All implementations SHOULD provide an option to not accept host keys that cannot be verified. Extensibility - should evolve over time protocol allows full negotiation of encryption, integrity, key exchange, compression, and public key algorithms and formats

– 9 – CSCE 815 Sp 03 SSH Packets Minimum Packets Size is 28 Negligible for large packets, but for character by character ala telnet this is significant (TCP/IP) + ethernet But minimum ethernet packet payload size is 46 So the increase over the minimum is 4/46 = ~10%

– 10 – CSCE 815 Sp 03 SSH Message Numbers SSH packets have message numbers in the range 1 to 255. Transport layer protocol: 1 to 19 Transport layer generic (e.g. disconnect, ignore, debug, etc.) 20 to 29 Algorithm negotiation 30 to 49 Key exchange method specific (numbers can be reused for different authentication methods) User authentication protocol: 50 to 59 User authentication generic 60 to 79 User authentication method specific (numbers can be reused for different authentication methods) Connection protocol: 80 to 89 Connection protocol generic 90 to 127 Channel related messages Reserved for client protocols: 128 to 191 Reserved Local extensions: 192 to 255

– 11 – CSCE 815 Sp 03 Authentication requests Requests byte - SSH_MSG_USERAUTH_REQUEST string - user name (in ISO UTF-8 encoding [RFC2279]) string - service name (in US-ASCII) string - method name (US-ASCII) The rest of the packet is method-specificResponse byte SSH_MSG_USERAUTH_FAILURE string “authentications that can continue” boolean partial success “Authentications that can continue" is a comma- separated list of authentication method names that may productively continue the authentication dialog.

– 12 – CSCE 815 Sp 03 XWindows Normal Connection

– 13 – CSCE 815 Sp 03

– 14 – CSCE 815 Sp 03 SSH X Connection  SSH attempts to connect to port 22 on remote host  SSHD on the machine Remote forks off a child SSHD process. If X11 forwarding is enabled, the process listens on port x (first open one)  child SSHD now forks off the command received from the original SSH client, usually xterm. SSHD sets the DISPLAY environment xterm to "Remote  xterm sends all X information to the fake server on it's own host  fake SSHD-X server encrypts the X information, then sends it to the SSH client on the Local machine.  SSH client decrypts the information and sends it to the real X server

– 15 – CSCE 815 Sp 03 SSH and Proxy Servers in General Two methods “-L” and “-R” options ssh -L local-port:remote-machine:remote-port \ remote-machine remote-machine This forwards a port (local-port) on the local machine across an encrypted channel to a server port (remote-port) on the remote machine ssh -R remote-port:remote-machine:local-port \ remote-machine remote-machine command to have a port on a remote host act as a proxy for a local port

– 16 – CSCE 815 Sp 03

– 17 – CSCE 815 Sp 03 SSH References Implementation SSH 1 SSH Open SSH Protocols

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.