OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security – 2009/10
Silvio C. Sampaio 2 Outline Overview Protocol details Experiments References
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 3 Overview: What is OpenSSH? “OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on”. (SOURCE: SSH is a set of standards and associated protocols to establish a secure channel between two computers. Covers authentication, encryption, and data integrity. Originally, a replacement of insecure applications like telnet and some others “r-commands”
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 4 Overview: History and Development In 1995, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, designed the first version of the protocol (now called SSH-1) "Secsh" was the official Internet Engineering Task Force's (IETF) name for the IETF working group responsible for version 2 of the SSH protocol. In 1996, a revised version of the protocol, SSH-2, was adopted as a standard. This version is incompatible with SSH-1. A complete description about the history and development of the SSH can be found at [1].
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 5 Overview: SSH Features Secure Remote Logins Secure File Transfer and Backup Secure Remote Command Execution Keys and Agents Access Control Port Forwarding and Tunneling
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 6 Overview: Some SSH Implementations Source: Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes – SSH: The Secure Shell (The Definitive Guide), O'Reilly 2005 (2nd edition).
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 7 Protocol details: Introduction The SSH protocol ensures that all communication over the network is secure through the following safeguards: Encryption of data during transmission to protect privacy Prevention of data corruption, whether deliberate or otherwise, through integrity checking Authentication of users and hosts to prevent unauthorized logins/connections Authorization or controlling access and privileges Protection of other TCP/IP sessions through tunneling or forwarding
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 8 Protocol details: Authentication Methods Different methods can be used to authenticate users and servers in SSH Secure Shell. These authentication methods can be combined or used separately, depending on the level of functionality and security you want. Methods: For Server authentication: Public-Key Authentication Certificate Authentication For Users authentication: Password Authentication Public-Key Authentication Host-Based Authentication Certificate Authentication Kerberos Authentication Pluggable Authentication Module (PAM) SecurID
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 9 Protocol details: Architecture The Architecture of an general SSH System Source: Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes – SSH: The Secure Shell (The Definitive Guide), O'Reilly 2005 (2nd edition).
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 10 Protocol details: Architecture of SSH1 The Architecture of an SSH1 System Source: Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes – SSH: The Secure Shell (The Definitive Guide), O'Reilly 2005 (2nd edition).
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 11 Protocol details: Architecture of SSH2 The Architecture of an SSH2 System Source: Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes – SSH: The Secure Shell (The Definitive Guide), O'Reilly 2005 (2nd edition).
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 12 Protocol details: SSH1 x SSH2 SSH1 is older, slower protocol with significant security problems SSH2 is the newest, most efficient protocol Resolves all known weaknesses in SSH1 security IETF standard SSH1 “hardcodes” most of it’s cryptography SSH2 negotiates cryptographic algorithms at runtime Makes it easier to use internationally A good summary of the difference between versions 1 and 2 of the SSH protocol can be found at:
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 13 Protocol details: SSH1 x SSH2 The major differences between SSH-1 and SSH-2 are, namely [1]: Expanded algorithm negotiation between client and server Multiple methods for key-exchange Certificates for public keys More flexibility with authentication, including partial authentication Stronger integrity checking through cryptography Periodic replacement of the session key (“rekeying”)
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 14 Protocol details: Algorithms Used SSH-1 Ciphers 3DESIDEARC4DES(Blowfish) SSH1xxoox OpenSSHx---x SSH-2 Ciphers 3DESBlowfishTwofishCAST-128IDEARC4 SSH2xxx--x F-Secure SSH2 xxxx-x OpenSSH xx-x-x x : The implementation supports the algorithm and is included in the default build. o : The implementation supports the algorithm, but it isn't included in the default build (it must be specifically enabled when compiling). - : The implementation doesn't support the algorithm.
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 15 Exp #1: Secure Remote Login (1) Remote Login Command line ssh ssh –l user servidor Using some ssh client At the first connection Cliente(known_hosts) += Server(ssh_host_rsa_key.pub)
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 16 Exp #1: Secure Remote Login (2) X11 Forwarding Automatic on Linux/Unix client ssh –X Windows client: XServer is needed (e.g. Xming) Some applications (e.g. PuTTy) has especific configurations (but you can always use the comand export DISPLAY=Client_IP)
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 17 Exp #2: Secure File Copy Secure copy Copies files between host machines Authenticates user and host Encrypts copied data during transmission If keys are set up correctly for the user, no password entry will be required for access to remote machine. Ex: scp […] scp scp -r ~/simulations/*
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 18 Exp #3: Secure Remote Command Execution Executes command(s) on a remote machine from a local machine Authenticates user and host Encrypts transmitted data between machines If keys are set up correctly for the user, no password entry will be required for access to remote machine. Ex: ssh command ssh ls -la
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 19 Exp #4: Port Forwarding and Tunneling Experiment assumptions: Servidor POP3: pop3.server.com, porta 110 Servidor SMTP: smtp.server.com, porta 25 Seu “username” em server.com: user ssh -L7110:pop3.servidor.com:110 - L7025:smtp.server.com:25 Sintaxe: -L localport:server:remoteport In the webmail client: Replace the POP3 pop3.servidor.com by localhost and the port 110 by 7110 Replace the POP3 smtp.servidor.com by localhost and the port 25 by 7025
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 20 Exp #5: Automatic Authentication Key creation ssh-keygen -t rsa ssh-keygen -b t rsa Enter file in which to save the key (/home/ac/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Just to make sure!!!: chmod 0600 ~/.ssh/id_rsa Copying the key to remote servers scp ~/.ssh/id_rsa.pub ssh cat rsa.pub_imported >>.ssh/authorized_keys Testing ssh (and i hope it works!!!)
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 21 Exp #6: File Transfer SFTP SFTP stands for ‘Secure File Transfer Protocol’. It provides secure file transfer functionality over any reliable data stream. It uses SSH. SFTP protocol runs on secure channel. Encrypts all traffic (including passwords) to effectively. Provides variety of authentication methods. It can be automated by public and private key authentication. sftp Once you are connected: sftp> lcd /files [change local directory to /files] sftp> cd /tmp [change remote directory to /etc] sftp> get test.txt [download /tmp/test.txt to /files/test.txt] sftp> ? [view summary help] sftp> bye [terminate connection]
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 22 References 1.Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes – SSH: The Secure Shell (The Definitive Guide), O'Reilly 2005 (2nd edition)
PRODEI011 - Computer Systems Security – 2009/10 Silvio C. Sampaio 23 Thank you! Silvio C. Sampaio Any Questions?