1 / 17

CSCE 815 Network Security Lecture 26

CSCE 815 Network Security Lecture 26. SSH and SSH Implementation. April 24, 2003. Machines to Attack. 129.252.140.3 129.252.140.7 NOT!!! 129.252.140.1 - gateway. SSH (Secure Shell). http://www.openssh.org/ SSH 3.6.1 Released April 1, 2003

tillie
Download Presentation

CSCE 815 Network Security Lecture 26

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003

  2. Machines to Attack • 129.252.140.3 • 129.252.140.7 • NOT!!! • 129.252.140.1 - gateway

  3. SSH (Secure Shell) http://www.openssh.org/ SSH 3.6.1 Released April 1, 2003 • OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks • OpenSSH provides a myriad of secure tunneling capabilities • E.g. tunneling X connections • OpenSSH provides variety of authentication methods. • Port 22 when used over TCP/IP (most common)

  4. SSH Picture

  5. SSH Suite • ssh replaces telnet and rsh • scp (secure copy) which replaces rcp • sftp (secure ftp) which replaces ftp • sshd (secure shell daemon) which is the server • Others: ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server • Protocols: SSH 1.3 thru SSH 2.0 are supported

  6. OpenSSH SSH client configuration • ssh_config (5) ssh_config SSH client configuration files • $HOME/.ssh/config • /etc/ssh/ssh_config

  7. SSH Protocol 2.0 • SSH Protocol Architecture - Architecture describes the overall design of SSH-2 • SSH Transport Layer Protocol - provides a single, full-duplex, flow-controlled, byte-oriented connection from client to server, with privacy, integrity, and man-in-the-middle protection • SSH Authentication Protocol - identifies the client to the server • SSH Connection Protocol - provides richer, application-support services such as TCP port and X forwarding

  8. SSH Architecture • Host Keys - Each server host SHOULD have a host key • Two different trust models can be used: • client has a local database that associates each host name with the corresponding public host key • host name-to-key association is certified by some trusted certification authority • All implementations SHOULD provide an option to not accept host keys that cannot be verified. • Extensibility - should evolve over time • protocol allows full negotiation of encryption, integrity, key exchange, compression, and public key algorithms and formats

  9. SSH Packets • Minimum Packets Size is 28 • Negligible for large packets, but for character by character ala telnet this is significant • 28 + 32(TCP/IP) + ethernet • But minimum ethernet packet payload size is 46 • So the increase over the minimum is 4/46 = ~10%

  10. SSH Message Numbers • SSH packets have message numbers in the range 1 to 255. • Transport layer protocol: • 1 to 19 Transport layer generic (e.g. disconnect, ignore, debug, etc.) • 20 to 29 Algorithm negotiation • 30 to 49 Key exchange method specific (numbers can be reused for different authentication methods) • User authentication protocol: • 50 to 59 User authentication generic • 60 to 79 User authentication method specific (numbers can be reused for different authentication methods) • Connection protocol: • 80 to 89 Connection protocol generic • 90 to 127 Channel related messages • Reserved for client protocols: 128 to 191 • Reserved Local extensions: 192 to 255

  11. Authentication requests • Requests • byte - SSH_MSG_USERAUTH_REQUEST • string - user name (in ISO-10646 UTF-8 encoding [RFC2279]) • string - service name (in US-ASCII) • string - method name (US-ASCII) • The rest of the packet is method-specific • Response • byte SSH_MSG_USERAUTH_FAILURE • string “authentications that can continue” • boolean partial success • “Authentications that can continue" is a comma-separated list of authentication method names that may productively continue the authentication dialog.

  12. XWindows Normal Connection

  13. SSH X Connection • SSH attempts to connect to port 22 on remote host • SSHD on the machine Remote forks off a child SSHD process. If X11 forwarding is enabled, the process listens on port 6000 + x (first open one) • child SSHD • now forks off the command received from the original SSH client, usually xterm. • SSHD sets the DISPLAY environment xterm to "Remote • xterm sends all X information to the fake server on it's own host • fake SSHD-X server encrypts the X information, then sends it to the SSH client on the Local machine. • SSH client decrypts the information and sends it to the real X server

  14. SSH and Proxy Servers in General • Two methods “-L” and “-R” options • ssh -L local-port:remote-machine:remote-port \ • remote-machine • This forwards a port (local-port) on the local machine across an encrypted channel to a server port (remote-port) on the remote machine • ssh -R remote-port:remote-machine:local-port \ • remote-machine • command to have a port on a remote host act as a proxy for a local port

  15. SSH References • Implementation SSH 1 • http://www.cise.ufl.edu/help-system/ssh/ • SSH 3.2 http://www.ssh.com/ • Open SSH http://www.openssh.org/ • Protocols http://www.snailbook.com/protocols.html

More Related