160 likes | 404 Views
SSH Tricks. Matthew G. Marsh. Overview. SSH What is it How does it work Discussion of Network Topology Tricks for multiple hosts Keys and config files MultiHop tricks Q&A. SSH. What is it
E N D
SSH Tricks Matthew G. Marsh
Overview • SSH • What is it • How does it work • Discussion of Network Topology • Tricks for multiple hosts • Keys and config files • MultiHop tricks • Q&A
SSH • What is it • Secure Shell was developed to solve the two most acute problems in the Internet, secure remote terminal logins and secure file transfers. • Essentially an encrypted Remote Utilities replacement • How does it work • Set up and generation of an encrypted TCP connection • Authentication can be Password or PubPriv key • Yes there are others but that is where the cracks are… • Arbitrary TCP ports - WKP = 22 • In this session we will concentrate on SSH1 using key based authentication
Simple Examples • Two hosts • 1 has a sshd running on WKP • 2 has a client root@2: ssh 1 root@1’s password: # • This allows root to login remotely using a password - BAD! • Better is to define: ‘PermitRootLogin no’ in the sshd_config file
Simple Examples • Two hosts - preshared key • 1 has a sshd running on WKP • 2 has a client tech@2: ssh 1 tech@2$ • The way to set this up is as follows: tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “” tech@2$ scp .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys tech@1’s password: tech@2$ cat > .ssh/config Host 1 User tech Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1 ^D
A wee bit less Simple Examples • Two hosts - preshared key • 1 has a sshd running on port 17 • 2 has a client tech@2: ssh 1 tech@2$ • The way to set this up is as follows: tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “” tech@2$ scp -P17 .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys tech@1’s password: tech@2$ cat > .ssh/config Host 1 User tech Port 17 Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1 ^D
A wee bit less Simple Examples • Three hosts - Assume: preshared keys • 1 has sshd running on port 17 • 2 has sshd running on port 27 tech@3: ssh 2 ‘ssh 1’ tech@1$ • The way to set this up is as follows: tech@3$ cat > .ssh/config Host 2 User tech Port 27 Protocol 1 IdentityFile /home/tech/.ssh/key4mac2 Hostname 10.1.2.2 ^D • Note you may need ssh -t 2 ‘ssh -t 1’ ...
AN4SCD • Buy a copy of “SSH” by Daniel J. Barrett & Richard E. Silverman pub. O’Reilly (ISBN: 0-596-00011-1) • Read it • I use openssl 0.9.7c with openssh 2.9.9p2-PS2.4.18 • I do not use any other version of SSH • I use Protocol 1 on purpose • I use TCP Wrappers w/ IPv6 extensions • I keep tight controls using TCP Wrappers
AN4SCD - 2 • Static Compile methods Get the latest openssl 1. Compile it static with the /usr/static directory target ./config --openssldir=/usr/static --prefix=/usr/static no-shared 2. Get openssh-2.9.9p2-PS2.4.18 http://www.paksecured.com ./configure --prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddr-display --with-ipv4-default –with-tcp-wrappers compile it and install Edit the sshd config file Make sure you also change the paths for the keys!!
AN4SCD – sshd_config Port 17 Protocol 1 ListenAddress 192.168.1.1 HostKey /usr/static//etc/ssh_host_key KeyRegenerationInterval 3600 ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes RhostsAuthentication no IgnoreRhosts yes RhostsRSAAuthentication no PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes
Fun Examples - 1 • Using commands attached to keys • On the server define a command in the authorized_keys file associated with a key • Format is “command=“my/command/string”…key data… EX: command=“/bin/ls -al /logs”ABCDEF1234567 Then ssh with the appropriate key will only allow you to execute this command. Note that this is per key so…
Fun Examples – 1A • Each connection performs a different function: command=“/bin/tar –C /var –zc logs/”1024 35 140112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755352093456208519164097137651780560357432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 mgm@mgmlap.paksecured.org command=“/bin/tar –C / –zc etc/”1024 35 220112719741995760396399231074454130954438374725973451608977118896776745893938550429062663931320851916409713765178056037233675531699057432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 mgm@mgmlap.paksecured.org command=“/bin/tar –C /home –zc mgm/mail/”1024 35 230112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755316990313209800203382369752603085191640971376517805603574323665740145639795378769018934783639072113278131695749474776444237515391657324013921180513478445898911260784215908465231234811128850247612281250015390957 mgm@mgmlap.paksecured.org • First one is keytar1 • Second one is keytar2 • Third one is keytar3
Fun Examples – 1B • Assuming we have setup the config file then: ssh 1 | tar –zxv Will generate a copy including timestamps and permissions of the logs/ directory ssh 2 | tar –zxv Will generate a backup copy of our remote etc/ directory (assuming we have permission…)
Fun Examples - 2 • MultiBounce Sessions • Using the three hosts example from earlier • Consider: ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv Note that there are limits…