SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap 127.0.0.1 [Better] netstat -lpunt.

Slides:



Advertisements
Similar presentations
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
Internet Applications: Telnet, Ping and Traceroute.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.
SSH Keys William Stearns
Linux Filesystem Management
1 Web Server Administration Chapter 9 Extending the Web Environment.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.
Chapter 10 Networking and the Internet ITSC 1458.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
HP World 2005 Securing your Unix environment with HP Secure Shell Steven E Protter Senior Systems Administrator I.S.N. Corporation.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Workbook 10 Chapter 8. Remote Shell Commands Pace Center for Business and Technology 1.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin.
BIF713 Basic Unix/Linux Commands Getting Help with Commands.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted.
Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.
Linux Services Configuration
Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.
 Last lesson, the Windows Operating System was discussed along with the Windows command shell  Unix is a computer operating system, that similarly manages.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.
OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
Secure services Unit-IV CHAP-1
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
Andy Wang Object Oriented Programming in C++ COP 3330
Getting SSH to Work Between Computers
Linux Users and Groups Management
Exploiting Metasploitable
Understanding Cisco Router Security
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
COP 4343 Unix System Administration
Andy Wang Object Oriented Programming in C++ COP 3330
Remote Computing Services Cloud connection Distributed system
Logging into the linux machines
Linux Filesystem Management
Presentation transcript:

SSH

Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt

SSH Intro At its highest level, ssh provides secure (encrypted) communications between user accounts on two machines. There were several other non-secure communications protocols popular before ssh: telnet (port 23) rsh (Remote SHell, port 22) rexec (Remote EXECution, port 512) Two problems with insecure shells: Sniffing data Sniffing login passwords

Telnet Developed in 1969 with RFC 15 Before the popularity of ‘login accounts’ and ‘passwords’ Useful for closed networks where everybody was trusted From kali or your personal VM: telnet username: msfadmin password: msfadmin This establishes a telnet session with the metasploitable VM. You can enter any command and it will run on the remote machine. e.g. whoami ifconfig netstat –lpunt

User types ‘C’ host ACKs receipt of echoed ‘C’ host ACKs receipt of ‘C’, echoes back ‘C’ Host B Host A Seq=42, ACK=79, data = ‘C’ Seq=79, ACK=43, data = ‘C’ Seq=43, ACK=80 Telnet Comms – 1 keypress per packet Start tcpdump to watch your messages: sudo tcpdump –n –X

SSH Intro Cryptographic network protocol (Layer-7) Remote login ssh Remote command execution ssh cmd Secure data communications scp

SSH Intro Requires SSH server (sshd) on remote machine Defaults to port 22 Requires ssh client (ssh) on local machine

SSH Intro User logs in with use credentials of remote machine. Assume each machine maintains its own /etc/passwd file The two ‘owner’ accounts are not related – just same name Any user on MachineB can ssh to ‘owner’ on Machine A. user:owner password: user:smith password:password user: owner password: trustno1 MachineAMachineB

SSH Examples Remote login ssh ssh Remote command execution ssh ifconfig ssh cat /etc/shadow

SSH Examples Secure data communications scp (“Secure CoPy”) scp /local/dir/ scp /local/file.txt scp –r /local/dir/... # Copies dir recursively Try copying a file in both directions from your personal VM: scp cat echo “hello” > yourlastname.txt scp yourlastname.txt ssh cat /home/owner/yourlastname.txt

SSH With Public/Private Keys You can set up ssh to use stored keys instead of a password Password == private because only one person knows it Private key == private because it is in a user’s home directory and can only be accessed by that user (*This is a lot of trust) ‘owner’ can ssh from B to A without a password: ssh MachineA user:owner ~/.ssh/authorized_keys # Contains owner’s public key user: owner ~/.ssh/id_dsa #Contains owner’s private key MachineAMachineB

How to set up SSH with keys 1. Create personal user account on the webserver: ssh sudo useradd –m yourloginname sudo passwd yourloginname exit 2. Create keys on your personal VM ssh-keygen –t dsa #Press at each prompt cd ~/.ssh ls –al #Two new files: ida_dsa, ida_dsa.pub

How to set up SSH with keys 3. Copy public key to webserver: ssh-add # Loads your new key into the ssh agent ssh-copy-id # Appends id_dsa.pub to :~/.ssh/authorized_keys 4. Login to the webserver ssh # No username or password required cd.ssh ls -al cat authorized/keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.