Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Published byShonda O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software."— Presentation transcript:

1 SSH

2 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software implementing SSH is PuTTY – Download and test for free – http://www.chiark.greenend.org.uk/~sgtatham/putty/downlo ad.html http://www.chiark.greenend.org.uk/~sgtatham/putty/downlo ad.html – You need a login account on a server (usually Linux) supporting logins through SSH Servers usually operate SSH at TCP port 22 – What is a TCP port?

3 3 SSH Protocol Basics Host authentication (to the user) – Known hosts Server on the list of trusted hosts on client machine Danger of spoofing User authentication (to the server) – Password based User enters a username and password Sent encrypted with Server’s public key – RSA/DSA Server maintains copy of user’s public key Method 1: signed session id: The client signs a session id. The server verifies it with the corresponding public key Method 2: challenge-response: Server encrypts a random number with the user’s public key; Client proves identity by decrypting it.

4 4 Uses and Advantages of SSH SSH Overcomes limitation of Telnet – Of transmitting passwords in clear on networks on the way to the server Originally designed for remote login – But can also be used for encrypted file transfer Increasingly used to transport other applications – This is called SSH port forwarding or tunnelling

5 5 SSH-Architecture Client-Server architecture An SSH server program listens on a computer’s TCP port 22 An SSH Client program (e.g. PuTTY) requests connection to the server Disconnects when finished Or when server announces time out SSH Server SSH Client port 22 On Desktop e.g. on thoth.dsunix.net

6 6 SSH - Software Several implementations for both SSH Client and Servers exist – PuTTY is just one of them (and the most popular) Linux: – Client: OpenSSH Client (most popular) Run at the command line with the command “ssh” – Server: OpenSSH Server (most popular) Either starts automatically at startup or by typing command “sshd” (stands for ssh daemon) Windows: – Client: PuTTY (most popular)-Has a GUI – Server: SSH Server by OpenSSH Uncommon but not impossible to have SSH Server on Desktop machine

7 7 User Agent Role S/MIME uses Public-Key Certificates - X.509 version 3 signed by Certification Authority Functions: – Key Generation - Diffie-Hellman, DSS, and RSA key-pairs. – Registration - Public keys must be registered with X.509 CA. – Certificate Storage - Local (as in browser application) for different services. – Signed and Enveloped Data - Various orderings for encrypting and signing.

8 8 SSH Software usage SSH provides a virtual terminal – User almost feels as if she is using the remote system – In reality, she is only connected to the remote system Same in Telnet too but there transmitted data is unencrypted – In SSH, all data is encrypted SSH can also be used for remote command execution – Syntax: ssh –l username hostname command – E.g. ssh –l malladis thoth.dsunix.net ‘rm index.html’

9 9 User Agent Role Example: Verisign (www.verisign.com) – Class-1: Buyer’s email address confirmed by emailing vital info. – Class-2: Postal address is confirmed as well, and data checked against directories. – Class-3: Buyer must appear in person, or send notarized documents.

10 10 File transfer with SSH FTP transfers files in the clear – SSH can be used to do encrypted file transfer – Also termed SCP (Secure Copy) WinSCP is a software that implements SCP – available for free download – Has a GUI Command line SCP tools require the command – pscp malladis@dsunix.net:syllabus.txt \teaching\malladis@dsunix.net:syllabus.txt

11 11 Port Forwarding in SSH Use of SSH from a different port Enables the use of SSH for insecure TCP/IP applications (such as email, web browsing etc.) Also to bypass firewalls – How? Port forwarding can solve problems – See next slide

12 12 SSH Port forwarding NOTE: Same host need not host SSH, Mail, Database and VNC (as in this picture).

13 13 A Problem Consider the situation – Say an employee at a company is away from office – Wants to access her IMAP email by connecting to an internal host in the corporate network, remotely – But the IMAP port (143) is blocked by the corporate firewall Normally this would mean she cant read her email

14 14 A Problem ( continued) But say the SSH port (22) is open on the firewall And she has an account on an internal machine that runs SSH server She can then set up a “SSH tunnel” from a local port on her client PC, through the SSH server and on to the desired application (in this case, the mail server on port 143). Next she can connect her mail client on the local port (from which she set up an SSH tunnel to port 22) – The connection is forwarded to the desired application (the mail server)

15 15 Secure Tunnel Set up command (also possible in PuTTY): ssh –l loginname –L 1143:mailserver:143 sshserver.company.com (user is prompted for password) Company Network Firewall Port 1143 Port 22 Port 143 Internet Secure SSH Tunnel

16 16 To use it: In the email client settings, incoming mail server has to be set to 127.0.0.1 and port number for IMAP email to 1143: –Note that host name localhost or IP address 127.0.0.1 refer to the local machine

17 17 Port forwarding – more examples Say your academic institution subscribed to journals and articles from various websites – Where authentication is based on the institution’s IP address range – Meaning that only people within the institution (physically) can get access But if you can forward a local port on the Web Proxy via a SSH server accessible from outside, you can appear to websites as though you are accessing from within your institution

18 18 Security of port forwarding Good aspects of port forwarding – Secure access to insecure services Can transport any kind of application – email, web browsing, file transfer etc. – Bypassing firewalls Forces users to only access internal services securely Bad aspects – Gives users (consequently attackers) means to access arbitrary internal services – Since only password authentication is used, all an attacker is need is password of any one user on SSH And then for example, browse the company’s intranet

Download ppt "SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software."

Similar presentations

SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Remote Networking Architectures

Remote Networking Architectures
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.

1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Computation for Physics 計算物理概論 Introduction to Linux.

Computation for Physics 計算物理概論 Introduction to Linux.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Similar presentations

Ads by Google