DOC PREVIEW
SMC CS 78 - ssh – The Secure Shell

This preview shows page 1-2-3-4-5 out of 15 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1© David Morgan 2003ssh – The Secure ShellDavid Morgan© David Morgan 2003A client-server pair of programs ssh - client– /usr/bin/ssh (configurable) sshd - server– /usr/sbin/sshd– assigned port number 22 Originated by TatuYlonen as a secure drop-in replacement for rsh/rlogin/rcp2© David Morgan 2003Secure Shell’s Functions Explicit functionalites Remote login tool Remote command executor Implicit activites Authentication Encryption© David Morgan 2003ssh stated mission“ssh is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between twountrusted hosts over an insecure channel.”ssh man page – first sentence3© David Morgan 2003ssh syntaxLogging inssh –l remote-user-name remote-machine-ide.g., ssh -l root 193.6.37.12 Executing a commandssh –l remote-user-name remote-machine-id commande.g., ssh -l root 193.6.37.12 cat /etc/passwd© David Morgan 2003ssh dynamic encryption all session/command traffic passes through ssh/sshd (sshd runs on port 22) encrypted going out/decrypted coming in for duration of session/command4© David Morgan 2003ssh – why secure? uses RSA (public-key) authentication then strong-key symmetrical encryption© David Morgan 2003Cryptographic processingplaintextciphercryptogramcryptogramreverse cipherplaintextEncryption Decryption5© David Morgan 2003Key cipher - encryptionY25E5N14O15M13K11S19Y25K11S19plaintextkey = “sky”J10X24M13Z26F6ciphertext13+19=32 -26=615+11=2614+25=39 -26=135+19=2425+11=36 -26=10+© David Morgan 2003Key cipher - decryptionK11S19Y25K11S19Key = “sky”6-19=-13 +26=1326-11=1513-25=-12 +26=1424-19=510-11=-1 +26=25Y25E5N14O15M13plaintextJ10X24M13Z26F6ciphertext-6© David Morgan 2003Ciphertext is key-dependentY25E5N14O15M13M13Y25M13Y25M13plaintextKey = “my”L12D4M13N14Z26ciphertext13+13=2615+25=40 -26=1414+13=27 -26=135+25=30 -26=425+13=38 -26=12+not FZMXJ © David Morgan 2003Cryptograhy systems: issues Number of keys? Locus of decrypt key origination? Locus of decrypt key utilization? Does decrypt key have to travel? Is there in-transit interception risk?7© David Morgan 2003Secret (single)-key Cryptography One key - same key encrypts and decrypts Decrypt key origination: encryptor’s place Decrypt key utilization: decryptor’s place Different places Decrypt key must travel© David Morgan 2003Public (dual)-key Cryptography Two keys - one encrypts, other decrypts(keys are mathematically paired) Decrypt key origination: decryptor’s place Decrypt key utilization: decryptor’s place Same place Decrypt key never travels8© David Morgan 2003Decrypt key interception risk Secret-key: nonzero Public-key: zero© David Morgan 2003ssh implementationLOCALUSER EFFECTS KEY TRANSFER:/home/<localuser>/.ssh /home/<remoteuser>/.sshid_dsa authorized_keys2id_dsa.pubCopy asciipublic key ssh-keygen utility (local) generates: private/decrypt key in /home/<localuser>/.ssh/id_dsa public/encrypt/ascii key in /home/<localuser>/.ssh/ id_dsa.pub9© David Morgan 2003ssh implementationWhen local machine issues:ssh –l remote-user-name remote-machine-idLocal machine (ssh) sends local user’s public key to remote machine (sshd) Remote machine authenticates if 1) that key appears in remote-user-name’s authorized_keys file, if so 2) local machine can decrypt random text encrypted with it by remote machine as a challenge.© David Morgan 2003Configuration files ssh - /etc/ssh/ssh_config– Cipher selection– Compresssion level– Port forwardings sshd - /etc/ssh/sshd_config– authentication options Key-based Password both– Logging options10© David Morgan 2003ssh feature: port forwardingPrivate Network – 192.168.1.0192.168.1.1206.170.218.30 64.54.209.204ssh port forwarding:correspond some port on the client (e.g., 3000) tosome port (e.g., 80) on a machine reachable thru the server….Example: http://127.0.0.1:3000 in client’s browser gets served from 192.168.1.111sshserver192.168.1.111:80http (web) serversshclient© David Morgan 2003puTTY11© David Morgan 2003puTTY© David Morgan 2003puTTY12© David Morgan 2003Don’t leave back door ajar!“System security is not improved unless rshd, rlogind, rexecd, and rexd are disabled (thus completely disabling rlogin and rsh into that machine).”sshd man page© David Morgan 2003Getting ssh commercialhttp://www.ssh.com/http://www.f-secure.com/ freehttp://www.openssh.com/(ssl is prerequisite http://www.openssl.org/) ftp site – encryption downloadhttp://www.zedz.net/13© David Morgan 2003Free windows clients puTTYhttp://www.chiark.greenend.org.uk/~sgtatham/putty/ cygwin under Windows / openSSH under cygwinhttp://www.cygwin.com/© David Morgan 2003fopenapi for OS services, eg fopen( )fopenlin appfopen( )win appfopen( )OS/kerneluserspaceLinux computer Windows computer14© David Morgan 2003fopenapi mapping by cygwinwin appfopen( )Windows computerlin appfopen( )cygwinfopen( )fopen( ) cygwin is general any lin app that’s been adapted can run openSSH has been adapted openSSH can run under Windows© David Morgan 2003ssh information ssh FAQhttp://www.ssh.org/ “Getting Started with ssh”http://kimmo.suominen.com/ssh/ ssh resource pagehttp://www.csri.utoronto.ca/~djast/ssh.html15© David Morgan 2003Please don’t tell…… it’s a


View Full Document

SMC CS 78 - ssh – The Secure Shell

Download ssh – The Secure Shell
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view ssh – The Secure Shell and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view ssh – The Secure Shell 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?