SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.

Slides:



Advertisements
Similar presentations
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Advertisements

VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Guide To UNIX Using Linux Third Edition
Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
A crash course in njit’s Afs
L INUX HARDENING پروژه ی درس امنیت سیستم عامل استاد پهلوان هدی سادات محمدقلی رضا حمزه 1.
Telnet/SSH: Connecting to Hosts Internet Technology1.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
SSH Keys William Stearns
Help session: Unix basics Keith 9/9/2011. Login in Unix lab  User name: ug0xx Password: ece321 (initial)  The password will not be displayed on the.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
Chapter 10 Networking and the Internet ITSC 1458.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.
SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.
User Authentication By Eric Sita. Message Security Privacy: To expect confidentiality from a sender. Authentication: To be sure of someone's identity.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Workbook 10 Chapter 8. Remote Shell Commands Pace Center for Business and Technology 1.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
1 Chapter 34 Internet Applications (Telnet, FTP).
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
1 Example security systems n Kerberos n Secure shell.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.
OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
Security with SSH ISP Services Workshop SANOG 9 Hervey Allen.
Ssh: secure shell.
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
Chapter 5 Linux Services
Getting SSH to Work Between Computers
SSSD and OpenSSH Integration
Telnet/SSH Connecting to Hosts Internet Technology.
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
SSH Foo KW-LUG Presentation Epoch jasoneckert.net.
Presentation transcript:

SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh

SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks for multiple hosts –Keys and config files –MultiHop tricks  Q&A

SSH Tricks Slide 3 SSH  What is it –Secure Shell was developed to solve the two most acute problems in the Internet, secure remote terminal logins and secure file transfers. –Essentially an encrypted Remote Utilities replacement  How does it work –Set up and generation of an encrypted TCP connection –Authentication can be Password or PubPriv key Yes there are others but that is where the cracks are… –Arbitrary TCP ports - WKP = 22  In this session we will concentrate on SSH1 using key based authentication

SSH Tricks Slide 4 Simple Examples  Two hosts –1 has a sshd running on WKP –2 has a client ssh 1 password: #  This allows root to login remotely using a password - BAD!  Better is to define: ‘PermitRootLogin no’ in the sshd_config file

SSH Tricks Slide 5 Simple Examples  Two hosts - preshared key –1 has a sshd running on WKP –2 has a client ssh 1  The way to set this up is as follows: ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “” scp.ssh/key4mac1.pub password: cat >.ssh/config Host 1 User tech Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname ^D

SSH Tricks Slide 6 A wee bit less Simple Examples  Two hosts - preshared key –1 has a sshd running on port 17 –2 has a client ssh 1  The way to set this up is as follows: ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “” scp -P17.ssh/key4mac1.pub password: cat >.ssh/config Host 1 User tech Port 17 Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname ^D

SSH Tricks Slide 7 A wee bit less Simple Examples  Three hosts - Assume: preshared keys –1 has sshd running on port 17 –2 has sshd running on port 27 ssh 2 ‘ssh 1’  The way to set this up is as follows: cat >.ssh/config Host 2 User tech Port 27 Protocol 1 IdentityFile /home/tech/.ssh/key4mac2 Hostname ^D  Note you may need ssh -t 2 ‘ssh -t 1’...

SSH Tricks Slide 8 AN4SCD  Buy a copy of “SSH” by Daniel J. Barrett & Richard E. Silverman pub. O’Reilly (ISBN: )  Read it  I use openssl 0.9.7c with openssh 2.9.9p2-PS  I do not use any other version of SSH  I use Protocol 1 on purpose  I use TCP Wrappers w/ IPv6 extensions  I keep tight controls using TCP Wrappers

SSH Tricks Slide 9 AN4SCD - 2  Static Compile methods Get the latest openssl 1. Compile it static with the /usr/static directory target./config --openssldir=/usr/static --prefix=/usr/static no-shared 2. Get openssh-2.9.9p2-PS prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddr- display --with-ipv4-default –with-tcp-wrappers compile it and install Edit the sshd config file Make sure you also change the paths for the keys!!

SSH Tricks Slide 10 AN4SCD – sshd_config Port 17 Protocol 1 ListenAddress HostKey /usr/static//etc/ssh_host_key KeyRegenerationInterval 3600 ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes RhostsAuthentication no IgnoreRhosts yes RhostsRSAAuthentication no PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes

SSH Tricks Slide 11 Fun Examples - 1  Using commands attached to keys –On the server define a command in the authorized_keys file associated with a key –Format is “command=“my/command/string”…key data… EX: command=“/bin/ls -al /logs”ABCDEF Then ssh with the appropriate key will only allow you to execute this command. Note that this is per key so…

SSH Tricks Slide 12 Fun Examples – 1A  Each connection performs a different function: command=“/bin/tar –C /var –zc logs/” command=“/bin/tar –C / –zc etc/” command=“/bin/tar –C /home –zc mgm/mail/”  First one is keytar1  Second one is keytar2  Third one is keytar3

SSH Tricks Slide 13 Fun Examples – 1B  Assuming we have setup the config file then: ssh 1 | tar –zxv Will generate a copy including timestamps and permissions of the logs/ directory ssh 2 | tar –zxv Will generate a backup copy of our remote etc/ directory (assuming we have permission…)

SSH Tricks Slide 14 Fun Examples - 2  MultiBounce Sessions –Using the three hosts example from earlier  Consider: ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv Note that there are limits…

SSH Tricks Slide 15 Q & A

SSH Tricks Slide 16 This is The

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.