Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Slides:



Advertisements
Similar presentations
SOI-ASIA Unofficial Operators Meeting 10 May 2004.
Advertisements

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
APACHE SERVER By Innovationframes.com »
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Working with Workgroups and Domains
Chapter 10: Authentication Guide to Computer Network Security.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
Security Planning and Administrative Delegation Lesson 6.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Unit 1: Protection and Security for Grid Computing Part 2
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Security Planning and Administrative Delegation Lesson 6.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
SCSC 455 Computer Security Chapter 3 User Security.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
FTP COMMANDS OBJECTIVES. General overview. Introduction to FTP server. Types of FTP users. FTP commands examples. FTP commands in action (example of use).
File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.
1 Chapter Overview Understanding Shared Folders Planning, Sharing, and Connecting to Shared Folders Combining Shared Folder Permissions and NTFS Permissions.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Computer Security Sample security policy Dr Alexei Vernitski.
1 Example security systems n Kerberos n Secure shell.
Skype.
SSH - Lab We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2.
Setting and Upload Products
Ssh: secure shell.
Configuring and Troubleshooting Routing and Remote Access
FTP - File Transfer Protocol
Getting SSH to Work Between Computers
File Transfer Olivia Irving and Cameron Foss
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008

Agenda Overview of SSH Keys Pros/Cons of using SSH Keys How to Create and Use Keys Authentication Details Security Troubleshooting Online Documentation Open Discussion

Overview What is SSH key authentication: SSH is a protocol for secure, remote logins and file copying. Key authentication lets you prove your identity to a remote host using a cryptographic key instead of a login password. SSH keys are more secure than passwords because keys are never transmitted over the network, whereas passwords are (albeit encrypted). An SSH key is actually a matched pair of keys stored in two files. The private or secret key remains on the client machine. The public key is copied to the remote (server) machine. When establishing a connection, the SSH client and server perform a complex negotiation based on the private and public key, and if they match (in a cryptographic sense), your identity is proven and the connection succeeds.

Pros/Cons Pros : - Secure password less authentication - Users no longer need to know credentials - Scripts no longer require a password file - Reduces the risk of remote exploits due to weak credentials Cons : - Unwanted access to other remote accounts - Difficult to maintain multiple keys - If compromised, key needs to be replaced in several locations

Creating SSH Keys Definition : A RSA key pair must be generated on the client system. The public portion of this key pair will reside on the servers being connected to, while the private portion needs to remain on a secure local area of the client system. The key generation can be done with the ssh-keygen utility. Steps : User must generate a key pair User (or administrator) must place the public key on the appropriate server

Creating SSH Keys Cont. Create a 2048 bit RSA key on client: /usr/bin/ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: c7:2a:ac:0f:24:ad:ee:93:fe:e2:45:04:9c:c3:b6:7e

Creating SSH Keys Cont. Create/Modify the public key on server: 1.Transfer the /home/user/.ssh/id_rsa.pub file to the server you want to connect to. /usr/bin/scp /home/user/.ssh/id_rsa.pub 2.Login to the server as the ID you want to use the public key for. 3.Concatenate the contents of id_rsa.pub to /home/user/.ssh/authorized_keys /bin/cat /home/user/id_rsa.pub >> /home/user/.ssh/authorized_keys 4.Remove the public key file: /bin/rm /home/user/id_rsa.pub

Using SSH Keys Test Authentication: -Login to the client where you created the key. -Try to connect to the server where you copied the public key to using the /usr/bin/ssh command. -If you are successful you will not be prompted for a password. If you are prompted for a password verify that the steps have been followed correctly. If you are still prompted then review the troubleshooting slide. -Otherwise, congratulations! You have successfully setup SSH public key authentication.

Authentication Details Things to know about key authentication: Uses a cryptographic key instead of a login password. More secure since the keys are never passed over the network. Concatenate … Do not overwrite ~/.ssh/authorized_keys on server. Servers that you are connecting to must be in ~/.ssh/known_hosts on client prior to any batch running. Use FQDN’s instead of the short host names when connecting from the client. The system considers depot, depot.isc-seo & depot.isc-seo.upenn.edu as three different hosts. Developers are responsible for creating keys on test systems. SEO is responsible for creating keys on the equivalent production systems.

Security Always use 2048 bit RSA encryption. This is the strongest, fastest and most reliable encryption method that the industry offers. DSA encryption can be used for encryption but it is slower than RSA. This method is only required when sending encrypted files out of the country and will only be used for those special cases. Be responsible, do not share the private key with anyone or any other account, no exceptions! If the client account is compromised, the client needs to complete the following tasks: – Generate a new key pair. – Remove references to the old key pair on the client and servers that it connects to. – Distribute the public key to every server it connects to.

Troubleshooting Things to know: If you are still being prompted for a password please verify the steps have been completed successfully. Verify that the permissions of the ~/.ssh directory are 700 (rwx------) on both the client and server. Verify that the permissions of the home directory are only writeable by the user and not the group/world. Verify that the account has not be locked due to too many failed login attempts. Some cases have shown that the account may have remote login disabled.

Documentation Presentation: FAQ: Help Distribution List Man Pages Type ‘man ssh-keygen’ on any AIX/Linux server

Q & A Open Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.