400 likes | 557 Views
Cryptography. Introduction postponed to next week. Course Outline. 10 labs @ 4% 40% 2 Lab tests @ 10% 20% Two tests @15% 30% Week 7 and 14 Professionalism 10% No text, we use on-line and other resources
E N D
Cryptography Introduction postponed to next week
Course Outline 10 labs @ 4% 40% 2 Lab tests @ 10% 20% Two tests @15% 30% Week 7 and 14 Professionalism 10% No text, we use on-line and other resources Half of labs to be completed in the lab period Labs about even mix of windows and linux platforms
Elements of Cryptography Encryption (Cyphers) Symmetric-key Block Stream Public-key Hash Functions Unkeyed Symmetric-key Signatures Symmetric-key Public-key
What is SSH? SSH – Secure Shell SSH is a protocol for secure remote login and other secure network services over an insecure network Developed by SSH Communications Security Corp., Finland Two distributions are available: commercial version freeware (www.openssh.com) Specified in a set of Internet drafts
SSH security features Strong algorithms uses well established strong algorithms for encryption, integrity, key exchange, and public key management Large key size requires minimum 128 bit keys supports larger keys Algorithm negotiation Symmetric encryption, integrity (hash and message authentication algorithms), key exchange method, and public key algorithms are negotiated it is easy to switch to some other algorithm without modifying the base protocol
What does it do? Replaces unix “r” commands Rlogin, rcp, rsh Telnet, ftp Adds strong encryption and authentication Not really a shell login Remote command execution Port and X forwarding Compression Authentication forwarding Terminal handling ssh scp sftp sshfs
SSH rfc's SSH Assigned Numbers (RFC 4250) SSH Protocol Architecture (RFC 4251) SSH Authentication Protocol (RFC 4252) SSH Transport Layer Protocol (RFC 4253) SSH Connection Protocol (RFC 4254) The Secure Shell (SSH) Public Key File Format [RFC 4716] Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints [RFC 4255] Generic Message Exchange Authentication For The Secure Shell Protocol (SSH) [RFC 4255] The Secure Shell (SSH) Transport Layer Encryption Modes [RFC 4344]
SSH Layers SSH application User authentication Connection management Host transport TCP
Major SSH components SSH Transport Layer Protocol Server authentication, confidentiality, and integrity it may provide compression too runs on top of any reliable transport layer (e.g., TCP) SSH User Authentication Protocol user authentication runs on top of the SSH Transport Layer Protocol SSH Connection Protocol multiplexes the secure tunnel provided by the SSH Transport Layer and User Authentication Protocols into several logical channels these logical channels can be used for secure interactive shell sessions TCP port forwarding carrying X11 connections
SSH TCP Session– Overview client server TCP connection setup SSH version string exchange SSH key exchange (includes algorithm negotiation) SSH data exchange termination of the TCP connection
TCP Connection setup TCP connection setup the server listens on port 22 the client initiates the connection Followed by Version String Exchange And Key exchange Usually 2 round-trips for key exchange, host authentication, service request, and acceptance of service request. Sometimes 3.
Version string exchange SSH version string exchange both sides must send a version string of the following form: “SSH-protoversion-softwareversion comments” \CR \LF used to indicate the capabilities of an implementation triggers compatibility extensions current protocol version is 2.0 all packets that follow the version string exchange are sent using the Binary Packet Protocol
Binary Packet Protocol packet length: length of the packet not including the MAC and the packet length field padding length: length of padding payload: useful contents might be compressed max payload size is 32768 random padding: 4 – 255 bytes total length of packet not including the MAC must be multiple of max(8, cipher block size) even if a stream cipher is used MAC: message authentication code computed over the clear packet and an implicit sequence number packet length (4) padding length (1) payload (may be compressed) random padding MAC encryption compression
SSH Integrity Algorithms(per RFC) hmac-sha1 Hash Message Authentication Code REQUIRED key length = 20 Digest length = 20, hmac-sha1-96 RECOMMENDED Digest length = 12, key length = 20 hmac-md5 OPTIONAL HMAC-MD5 digest length 16 key length = 16 Others ...
SidetrackTwo Types of Hash Functions Hash functions are typically publicly known and involve no secret keys. When used to detect whether the message input has been altered, they are called modification detection codes (MDCs) Hash functions which involve a secret key, and provide data origin authentication as well as data integrity are called message authentication codes (MACs) Often called hash message authentication codes (HMACs)
Some SSH Encryption Algorithms 3des-cbc required three-key 3DES CBC (cypher block chaining) mode Blowfish-cbc Recommended Blowfish in CBC mode ... aes256-cbc optional AES (Rijndael) CBC mode 256-bit key
SidetrackBlock Cypher Modes Block cyphers encrypt smaller units than the typical plain text message typically 8 or 16 bytes in cypher block Simplest mode is called Electronic Code Book mode (ECB) Same cypher used for each block in message Leads to watermarking attacks Patterns that are predictable from plaintext
CBC Cypher Block Chaining mode Plaintext block XORed with the previous ciphertext block Then encrypted Initialization vector used with first block IV needn't be secret
SSH TCP Session– Overview client server TCP connection setup SSH version string exchange SSH key exchange (includes algorithm negotiation) SSH data exchange termination of the TCP connection
Algorithm Negotiation After version string exchange, each side sends SSH_MSG_KEXINIT packet with list of acceptable algorithms for Key Exchange, encryption, MAC and compression First on client list that is also on server list is chosen by both sides
Key Exchange Two methods are defined as required: diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 Diffie-hellman Server generates random number and does some math Client does some math and sends a number to server Server does more math and sends a number to client End result is that both sides know what the key will be But someone watching the entire exchange wouldn't be able to calculate the key Both server and client knew something that the watcher couldn't know
Host Authentication Verifies the identity of the host to the client To prevent MITM Client has to store host's public key in a “known_hosts” file First time, client doesn't have host's key Client is warned and given host key signature to verify Signature is short hash of key, easier to check by hand Once client knows host's public key Host uses key to sign a hash on its half of DH exchange Client verifies signature to authenticate host This establishes authenticity of host And exchanges symmetric keys for encryption Also produces a hash to use as session ID
Host Authentication To display signature: homer:~ # ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 1024 28:b8:ab:46:9c:12:b5:64:64:7d:b7:c3:0e:85:a7:a3 /etc/ssh/ssh_host_rsa_key.pub To display ascii art signatures cmblap:~ # ssh-keygen -lv -f ~/.ssh/known_hosts 1024 2d:62:7d:be:e3:c9:de:ae:91:df:2d:3d:a6:28:95:ec fivefortyfour.com,216.58.11 2.55 (RSA1) +--[RSA1 1024]----+ | | | | | | | . . | | o S + . | | . . + = | | * . | | o.E...+.| | oO=+.+.o| +-----------------+
A known hosts file 192.168.12.51 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyKD+v8x4BfF 192.168.12.52 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwTAs5U+BmsO b.mx.totaltravelmarketing.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwA www.totaltravelmarketing.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA 10.97.14.48 1024 35 12895373125913604243769888891943457108873 homer,192.168.17.16 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAszeA1 10.97.14.7 1024 35 155138852322608020713637503600974242052562 mail2.lastminuteclub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA itts2.lastminuteclub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA 10.97.14.9 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwCJ+m3EL7HPAwq 206.186.60.5 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5x7hAYBWgRER mediator ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2YeI5CmX65oJYjyv 10.97.14.35 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2YeI5CmX65oJY mediator,10.97.14.35 1024 35 14996491843666475071063333877838 mediator.lastminuteclub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAA
Another view SLaJYOyfXOLgS0rwk08= xRTFF3gY5c4rtRPfQoc= wBr11XPrx+bh962GndsgkwGD0brTv+Uz/Zk= F8KI+9lHYJkVwRBfFb2ByDivgBu2lTAPbM= 4599884669740005042028594721883148389604277996826586599497246430653711565611582 QcrBGBvXYBokvGEkdHr4LnE/k= 8175203978261619091468813866484328977175743463934340307454238611243156938933262 XPrx+bh962GndsgkwGD0brTv+Uz/Zk= llQEtKhm6zCqKRtsJ7N8j+Ihzr9hFE= tsJ7N8j+Ihzr9hFE= ZTUF4RQT9+u59NajO0= mEaCsbKh4p3kjs= E7ZmEaCsbKh4p3kjs= 8385481329970109128167262190633384844166430073386280512289399510790425589793102
Myth From known hosts: myth ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxSx3Gu --snip -- Hoe0ahSlRhEyS/NQd8N1sf4goYrYbiw5EHdEgmAy60u+XPXZbyV7Llf/nBod8DQg8OphFgx0= In /etc/ssh/ssh_host_rsa_key.pub on myth ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAxSx3Gu -- snip -- y60u+XPXZbyV7Llf/nBod8DQg8OphFgx0= root@linux
Key Generation After key exchange, master key and hash are used to calculate Initial IV sent from client to server and server to client Encryption keys (client to server and server to client) Integrity keys (client to server and server to client)
User Authentication Password Exchange takes place over secured connection Key exchange and host authentication has already taken place User needs to sign in to account on the server Password is the usual password for the account Authentication performed by PAM (or AD)
User Authentication Public keys We will be doing this in the lab Client's public key stored in .ssh sub directory in home directory of user account on server Client uses correspnding private key to prove identity Better security than password Allows automated connections Kerberos An open authentication protocol
Public Key Authentication Server encrypts random number with client user's public key and sends to client Server must have client's public key for this to happen Client can copy key to server using scp Client decrypts random number with private key and sends back to server Server compares original number to decrypted number supplied by client If they match, client must have corresponding private key so identity is authenticated
Connection Protocol Connection protocol multiplexes functions through the encrypted tunnel: Login sessions Remote command execution ssh user@host command X forwarding tcp/ip port forwarding Note: X forwarding is a variation of port forwarding X uses port 6000 +n
Connection Protocol Port forwarding sends packets back and forth from a local port through the encrypted tunnel to a port on the server Or accessible to the server Port forwarding can be used to collect mail securely ssh username@host.domain -L 1100:localhost:110
TCP/IP port forwarding TCP client to TCP server Picture copied from http://www.bitvise.com/port-forwarding.html
SFTP Basically ftp over ssh connection Has ssh encryption and authentication Uses ftp like commands Provides ftp like functionality
SSHFS – SSH file system Uses sftp to connect to remote host Uses fuse to provide file system interface Allows remote drive, or directory, to be mounted on local file system Like a windows share Platform independent Not always as efficient as CIPS, Samba, SPX or NFS
Lab Hints ssh is fussy about file permissions Permissions for user's .ssh directory should be 700 rwx for owner only Must be owned by user Permissions for authorized key file should be 744 rwx for owner r for group and world Must be owned by user Private keys should be 700, owned by user Public keys can be 744, owned by user Known host should be 644, owned by user