Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Slides:



Advertisements
Similar presentations
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Advertisements

OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.
Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Telnet/SSH: Connecting to Hosts Internet Technology1.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
Course 201 – Administration, Content Inspection and SSL VPN
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.
Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
Server Hardening Moses Ike and Paul Murley TexSAW 2015 Credit to Daniel Waymel and Corrin Thompson.
Linux Services Configuration
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
SSH Scott Nykl Jim Wyllie. SSH - Overview Secure Shell Designed to replace “r-tools” [1]  rlogin, rsh, rcp  3 main attacks [1]:  Password eavesdropping.
File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
1 Example security systems n Kerberos n Secure shell.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris.
1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.
OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
Ssh: secure shell.
Working at a Small-to-Medium Business or ISP – Chapter 8
NTP, Syslog & Secure Shell
FTP Lecture supp.
Managing Software.
XWN740 X-Windows Configuring and Using Remote Access
Getting SSH to Work Between Computers
Telnet/SSH Connecting to Hosts Internet Technology.
File Transfer Protocol
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Chapter 7 Network Applications
MESSAGE ACCESS AGENT: POP AND IMAP
Presentation transcript:

ssh: secure shell

overview Purpose Protocol specifics Configuration Security considerations Other uses

purpose A network protocol Uses public-key cryptography to establish a secure connection between hosts Intended to replace the clear-text telnet protocol Client-server model Commonly used to connect to a shell remotely o Also supports o port forwarding o tunneling o file transfers o …

Important Note Two programs needed to make a secure connection SSH client Typically ssh Typically comes enabled on a lot of systems SSH server Typically sshd Typically needs to be installed and configured Allows a one-way connection from client to server If another connection is required back another client and server pair is required for the other direction

2 versions (SSH-1, SSH-2) o Version 1 is deprecated o Did not use Diffie-Hellman key exchange Server listens on TCP port 22 (default) Authentication based on: o Passwords o RSA/DSA key pairs o GSSAPI (Kerberos, NTLM) protocol

diffie-hellman

For public cryptography each party has 2 keys: o 1 public, 1 private o Keeps private, distributes public o For each ID or client Stored on client o Server public key(s): ~/.ssh/known_hosts o One for each server you want to go to o Client private key: ~/.ssh/id_rsa Stored on server o Server private key: /etc/ssh/ssh_host_rsa_key o Client public key(s): ~/.ssh/authorized_keys o One for each person allowed o Note: this is for one-way authentication o Another key pair is needed if want to connect from the other direction keys

Sample keys: Public Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8VXxhszucLV0jOu8GlNt6T/eJYW5VICh1GomcsGfhDRS0nNKMHy9IJvCrT9toj+06pdFt4ODVEcqp40IClZnPxq1 duFu/6TrExkDO+LsaZ4M+GWB1sUGIDiPtkafLieN9trUT417RND9/y1nVZ8AutLx3rT15fpi5rN/TJC6A6BIRNeOn/ETTkGB3NT3cytULBh2fWkaBuzZMpUNXgW xgsxMDOpc2NTZQGd59Kn/qUlB94lmB1UCytpkINTn9b9H1bM9kIxfMiuomV1QMJ5A15qMeZiOgTl5qLi63Kotb7WYW7nt6BKTbBVMc9w1kdLNCcRPrYXaMF YCz3+K2ZN1GPAvGdccNeQy9z925UgYnuPbvpj1cMNSEgylZlPXNRjpQKwz6/JcUDTD9brB+eOf7uM1MwSOSLim2baZ+e3bfu/VfmBEnSPAl15Ba9CyOByM DuHlAOsflmeOfmxMM86Jz03xUy+DDmBCBfSztwOaxJSTJMDhq6hY6AUytRzLErOeMFGM0+yTTux3dJX4i2xe4ieZWAlsqCR0yjGTaINAY2iY6IKo8NFjKTLW n8TxgIdCxRKMBbrFOJq7zfomLbZwDcWXl4Wo+7s1mov+SmtwiWuGxLkLMPGDci/W1CGhbcwwLMIYGGHzUQ6wevcwb7GClIlAbnf5dAJi3feTzZGDsIQ== -----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAvFV8YbM7nC1dIzrvBpTbek/3iWFuVSAodRqJnLBn4Q0UtJzSjB8vSCbwq0/baI/tOqXRbeDg1RHKqeNCApWZz8atXbhbv+k6xMZAzvi7GmeD PhlgdbFBiA4j7ZGny4njfba1E+Ne0TQ/f8tZ1WfALrS8d609eX6Yuazf0yQugOgSETXjp/xE05BgdzU93MrVCwYdn1pGgbs2TKVDV4FsYLMTAzqXNjU2UBnefSp/6lI QfeJZgdVAsraZCDU5/W/R9WzPZCMXzIrqJldUDCeQNeajHmYjoE5eai4utyqLW+1mFu57egSk2wVTHPcNZHSzQnET62F2jBWAs9/itmTdRjwLxnXHDXkMvc/duV IGJ7j276Y9XDDUhIMpWZT1zUYxkCsM+vyXFA0w/W6wfnjn+7jNTMEjki4ptm2mfnt237v1X5gRJ0jwJdeQWvQsjgcjA7h5QDrH5Znjn5sTDPOic9N8VMvgw5gQgX0 s7cDmsSUkyTA4auoWOgFMrUcyxKznjBRjNPsk07sd3SV+ItsXuInmVgJbKgkdMoxk2iDQGNomOiCqPDRYyky1p/E8YCHQsUSjAW6xTiau836Ji22cA3Fl5eFqPu7 NZqL/kprcIlrhsS5CzDxg3Iv1tQhoW3MMCzCGBhh81EOsHr3MG+xgpSJQG53+XQCYt33k82Rg7CECAwEAAQKCAgEAqQRTBt8yLPvtLRPTtWVb/s3LSchdmxm sFUQGoc8Sur7hiSGANu45oZgIvsWBE7qu3MY5SFHblHxOE972u5kEm5oitgwgkv89laCSQuyoBY9GEjH2BklYlUCTb74bBygtOAIDSeDwk/E+13JooYNlzsS2qvS XSfSaHXAOws8iyN78b+Ob9oMIRZG5cOIgLYj+XtFTPlJnGkAn/+sEn4BwAexTsL8hOy3QG1zL9ipw95pEYKUFTOZUFM6YUexqqY5zr7zB9o0j65Xzgws2S14qJq VgWISzjkcmpkXh+NG+lXZc+1F1ENEgHcsOht0UcMXmpkcS6Ffkat1VTpgrPyMQDFDqgHRJHkrNcW8donE9NE3cmI1vcMgyFo2QSnNS9qFcnINocr1tvR5N1mxx UGeOL9aMURB/Q2A5MP/oZNE7t6OS6ZPL2yBxFP3s6FILUIDxOwTTuO01BHX4urpDrJRmYHQIpir3IkdU9crfg4c7gcXeh0WuW3rmRtVIkTC/hNTA0hYKqCz+aA MnmWofZfETHetOiSYuJYa1FRcIoRsCrJYJhqQs/ktk+k/JAzZXVe2XM/VJVj8/954bdvP1Fn2Pclt4cu8WNUFrjwzjUa6yuBQmF7wr0GO5befYG/LJd5W8JowLwMRW 3Yei4Bj9yzr6kop8dzzAzVC7mhw15c1Hlm0CxxEBAN6PlRh2Co6vd7ARQbgUJAIwokF6wuCmdYGaSQ3Y24/VXFtlXD+ugzd46d/g314N2aAW43MddJmT9B+hBt0 PuDS4vdXrJaMORo1nqTHRYgw/S3KPygYaF79CB3AA29MOW5WMiauUanUR6ovCLDE9U9p5TzBEmKMgcWbN5z3bll2Hp0AFvENTAD8mVsAmLF7QEF/bWB g/cnbxei42exbDifGK33FH/VI4b8h6GhfpAg4L7Io8zKVAPevJJDMjTdIYxLGJqp79C88m6vkmK1qz7DeA7DuoIdEXL/SZRB2f8x+P31qR4vyVppQTX49PKv2Sz9wP p0Xll2Osy9vbaEKfYdMCggEBANihbHKz6ejzbhH6knq5uVKmx1zmOoO0+U9LDN+NaF0YaSO2g54BzeXQtYkTTR1tH8pxXyEPTfQUSf0pKzJnM+16Tbtr+JEtCk+ hcsbfFItawXhOzznhbGTxp1ZSR912C3X41lyq/IPZI5g9LY4vliPHG0A2QUFOnP8UE1IH35mplsZAKy+nW4KekVpHsCUXk+e93rUVTpK2U4Vyi8BEwKFGg591hpd Z8cwwXQ3swMceQ89Mnn4JJjXlavFaGoOEUy5aSCvhGrus8Lif81F2Hae8hfbFhykSbqS3BBElJtpbWMjWfx1QnOFieHya7gfWPXjIDICg1/T9HBL/KZNYTbsCggEAf A+lmMEUGX2ORkMYUzhG6kGZ8M4xm3Cux9PtLR7ZJVBV70yNI6Jv2pg4Jmf/mzo1OZwIpb6hpIpo5sioPsnocNsaVwiBLmdixKgoFHEXKqSNtgqZHtWkryRraO/R mdDDFJYGl/JfdWrLR6SxZbE98Ob2UX2raCNJk3jrkfu50eEwRevsicrWtFz2tp2Q1jk9J3HppXqYn9zzspcD/ih52H8FFux+NTrodOQ7b2CfmJzk+hnyKZup6Kly2F6xn o/X9O88gOuljY+wI7o3KJRq9HWVOZv7XcaDIOHeqnTi3ZEhfCceVJZHCPvTpNsIp9kSrSS8paXZweIssR2Y/KpDqQKCAQEApY0Xd8EOrTv7jjnT3343pnZWPSSk 6ypOrM5KFD3Y1+xjzSsaApKWa17InOznLenLNcbWUEmF5VXsBVCE9ovwHzgsV2L4Htow2xIiyOCKrsS4vdxceXtQfwQ+QbW3vgMMVyfHiiIRwCEdFqcKPXMYZl cu+C9+Rw5w5G7PJQ1nT+NOmktHta9MO9I6eqf2cSJHof50SCb0WSKFSaJ0ModYPufIhwAlz1ypcMY1FwMrgAAdCjsflGohjWa6B6A4SvHBL9dG+GGbMHnFrRJ vvH1rxFhKeIAT/stbSv2iWgfuXUkZ3MIvepO0kHnUYkV0SwDrEXawN0y0PUGBRvNBLp15KQKCAQA6hhbTIQ8vRsM8ZkzkuJs5HiFLIAAKsqs0fanIDjjhxvvjSd+DZ ajqcNniCj4yQMGYOcTj4jFBVJQhdLkwZ6h+o1OhbSaecdWuk8y3B02AKRbzlsSTWRwsOVYQkCEXuYWp+g/CKFCWgXwsI7KDwcCAny1hpvCWBxk0JsYBtwbbk 2yb4TB0hCekzfP2aSu0LQoKm1VGGeENQVpnB6rcdVHeuMUmPfOci8XTSKhOzm54sXm/sx/44eF4wfmd35QhChVay9U23BCb3czoncOhWZ2nk1gP4OvNbTA5 0XhfYl0VKOcnwQIqrIjHXUmq6zf34/n6O6YSXr5gBHTCupvtVR/3-----END RSA PRIVATE KEY-----

configuration client Example: open-ssh Install the openssh package Create keys o ssh-keygen -t rsa -b 4096 Creates id_rsa and id_rsa.pub keys in ~/.ssh/ Give your public key to the ssh server in ~/.ssh/authorized_keys Your private key will be used from ~/.ssh/id_rsa Side question: why does the ssh directory begin with a period?

configuration server Install the openssh-server package Configuration file is located in /etc/ssh/sshd_conf o listening port o protocol (1 or 2) o authentication specifics

configuration server Show config files on laptop /etc/ssh

configuration Users can transfer files from client to server with So, to copy a file (/home/johnny/file.txt) from Debian to CentOS (/home/alice/file.txt) what is the values for the command? scp :/path/to/file :/path/to/file Note: this can copy from any computer to any computer (remote or local that has an appropriate key pair for each user on the computers

security considerations ssh is often a target of (automated) attacks as outside parties try to gain access to a system Brute-force attacks o target port 22 (default) o try to login using common usernames and passwords o (only effective against password-based authentication) Prevention: o use key-based authentication (with >2048 bit length) o change the port sshd listens on o use tools to block access after n failed login attempts ( denyhosts, fail2ban)

denyhosts One of many utilities to detect and block brute-force attacks against secure shell Blocks attacker IP addresses using TCP wrappers Capable of downloading and sharing attacker information with other users Default configuration usually acceptable

tcp wrappers Host-based Network ACL Filters network access to network services Services must be compiled against it o Most are these days /etc/hosts.allow and /etc/hosts.deny

other uses X11 forwarding ssh -X SOCKS Proxy ssh -ND 9999 File transfers (SSH FTP, Secure Copy) sftp (put/get / ls, etc.) scp srcFile

Resume 1/30

Hak5 SSH Video: 1 st segment SSH starts 2:15 in (18:01) Ad 13:30-14:oo 2 nd segment continues to 5:15 (19:21) 7:00 continues with Windows and PuTTY example to 18:30 3 rd segment (22:11) Linux example Configuring SSH server Ad at 16:45 Show notes:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.