Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security Chapter 16

Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

Lecture 6: Web security: SSL

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Cryptography and Network Security

OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Cunsheng Ding HKUST, Hong Kong, CHINA

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.

EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

The Secure Shell Protocol Jia Zhu Seminar WS 06/07 Computer Security Chair holder ： Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…

Cs490ns-cotter1 SSH / SSL Supplementary material.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

SSH Secure Login Connections over the Internet

Telnet/SSH: Connecting to Hosts Internet Technology1.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Computation for Physics 計算物理概論 Introduction to Linux.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

Secure Socket Layer (SSL)

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.

Secure Remote Access: SSH. 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services over an insecure.

Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.

Network Security Essentials Chapter 5

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

Tunneling and Securing TCP Services Nathan Green.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.

Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.

Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.

Secure services Unit-IV CHAP-1

CSCI 555 Adv Computer Security

Ssh: secure shell.

Secure Sockets Layer (SSL)

SECURE SHELL MONIKA GUPTA COT 4810.

SSH – The ‘Secure’ Shell

Telnet/SSH Connecting to Hosts Internet Technology.

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

SSH – the practical solution

MESSAGE ACCESS AGENT: POP AND IMAP

Presentation transcript:

Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications (ITA) 11 Secure Shell ssh, scp, sftp

Andreas Steffen, , 11-SSH.pptx 2 SSH - History SSH version 1 was created in 1995 by Tatu Ylönen and first released under an open-source license. SSH quickly became a popular replacement for the insecure telnet protocol which doesn't offer server authentication and transmits the user credentials in the open. Tatu Ylönen founds SSH Communications Security which sells commercial SSH implementations. Under the auspices of the IETF, version 2 of the SSH protocol is developed. In a rewrite the protocol is split into a transport, connection, and authentication layers. The complete suite of SSH RFCs was released in January 2006 SSH version 1 is vulnerable to various kinds of attacks and should not be used any more. No security flaws are known for the current SSH version 2.

Andreas Steffen, , 11-SSH.pptx 3 SSH 2 - Architecture TCP/IP Stack SSH Transport Layer SSH Authentication Layer SSH Connection Layer

Andreas Steffen, , 11-SSH.pptx 4 SSH 2 – Transport Layer The transport layer provides algorithm negotiation, key exchange and server authentication and sets up a cryptographically secured connection that provides integrity, confidentiality and optional compression. The key exchange uses the Diffie-Hellman protocol with a 1024 bit modulus and thus ensures perfect forward secrecy. The server authentication is based on RSA or DSS signatures and uses either raw public keys or X.509, PGP or SPKI certificates. Packet Length Padding Length Packet Data Random Padding MAC optional compression encryption

Andreas Steffen, , 11-SSH.pptx 5 Initial Server Key Discovery The first time a client connects to a ssh server, it is asked to verify the server’s key. djm]$ ssh The authenticity of host ’hachi.mindrot.org ( )’ can’t be established. RSA key fingerprint is cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ’localhost’ (RSA) to the list of known hosts. password: xxxxxxxx Last login: Tue Aug 27 10:56: root]# This is done to prevent an attacker impersonating a server, which would give them the opportunity to capture the password or the contents of the session. Once the server’s key has been verified, it is recorded by the client in ~/.ssh/known_hosts so it can be automatically checked upon each connection.

Andreas Steffen, , 11-SSH.pptx 6 SSH 2 – Authentication Layer The authentication layer provides several mechanisms for user authentication. These include traditional password authentication as well as public-key or host-based authentication mechanisms. Password-based authentication: username and password are transmitted securely over the encrypted ssh transport layer. On the server a normal password-based login takes place. Public-key-based authentication: The user signs a challenge sent by the server with her private key. The public portion id_rsa.pub of the user's key must either be installed by the server in the file ~/.ssh/authorized_keys first or sent interactively embedded in a trusted certificate.

Andreas Steffen, , 11-SSH.pptx 7 SSH 2 – Connection Layer The connection layer provides interactive login sessions: ssh –l antje srv.kool.net remote execution of commands: ssh “rm *” Secure remote copy of files and directories via scp or sftp commands forwarded TCP/IP connections and forwarded X11 connections All of these channels are multiplexed into a single encrypted tunnel.

Andreas Steffen, , 11-SSH.pptx 8 SSH 2 – TCP/IP Port Forwarding SSH clientSSH server listens on port 8080 HTTP browser connects to port 8080 forwards to port HTTP server listens on port 80 ssh –L8080: :

Andreas Steffen, , 11-SSH.pptx 9 SSH 2 – Implementations OpenSSH for OpenBSD Portable OpenSSH for Linux, Unix, Mac OS X PuTTY for Windows WinSCP graphical Windows scp and sftp client