Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview – SOE Openssh Dec 2013.

Published byTyrone Dixon Modified over 7 years ago

Similar presentations

Presentation on theme: "Overview – SOE Openssh Dec 2013."— Presentation transcript:

1 Overview – SOE Openssh Dec 2013

2 What is SOE Openssh? It’s a FREE version of the SSH connectivity tools
Provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. An Open Source replacement for both SSH and everything SSH can replace Implements v2 of the SSH protocol The SSH protocol encrypts all traffic between machines are encrypted. Telnet does not encrypt any information, passwords and account ids are passed in the clear. Using OpenSSH as a replacement for telnet, rlogin, rsh, rcp, ftp, X11.

3 What Security does SOE Openssh provide?
Data Privacy through Encryption Data Integrity to guarantee unaltered communications Authentication of users and servers. Authorisation of user actions. Forwarding to protect other TCP/IP based applications Secure X11 sessions

4 How OpenSSH Differ from SSH?
OpenSSH is Open Source OpenSSH has an active user community for support SSH offers commercial support contracts SSH has recently revised their license to allow for more free use on Linux and BSD platforms SSH is a commercial product with all the pros and cons associated with that An Open Source product can become an integral part of your security planning

5 SOE OpenSSH Composition
Openssh-6.3p1 - Secure shell component OpenSSL-1.0.1e - Cryptography toolkit that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Zlib Compression library that provides in-memory compression and de-compression functions Prngd Random number generator daemon for systems that lack the /dev/random device.

6 SOE OpenSSH Examples Remote host login $/opt/soe/local/bin/ssh Hostx
File transfer $/opt/soe/local/bin/scp /etc/hosts hostx:/hosts.sourcehost Non-interactive file transfer without passphrase generate and distribute a public key $opt/soe/local/bin/ssh-keygen -t rsa –N "“ Copy the public key $/opt/soe/local/bin/scp ~/.ssh/id_rsa.pub hostx:~/.ssh/authorized_keys2 $/opt/soe/local/bin/scp /etc/hosts hostx:~/hosts.sourcehost Compression Test $ /opt/soe/local/bin/ssh -l userx -C hostx

7 SOE OpenSSH Supported OS
Operating System Version Architecture Sun Solaris 8 Sun Sparc Solaris 9 Solaris 10 Sun Sparc/x86-64 Architecture Solaris 11 HP-UX HP-UX11i HP PA-RISC HP-UX11i V2 (11.23) HP PA-RISC/ HP Itanium HP-UX11i V3 (11.31)  AIX AIX 5.3 IBM pSeries AIX 6.1 AIX 7.1 Linux RHEL Server 5.x x86-64 Architecture RHEL Server 6.x RHEL Workstation 6.x Suse 10 Suse11 Cent OS 5.x(5.5 onwards) Cent OS 6.x Oracle Enterprise Linux 5.x Oracle Enterprise Linux 6.x Zlinux Zlinux 6.x

8 UnixSOE Openssh 6.3p1– What is New?
New features sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,or hostkeys on smartcards. ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. sshd(8): standardise logging of information during user authentication. The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. Including all relevant information on a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. ssh(1): add the ability to query which ciphers, MAC algorithms, key types and key exchange methods are supported in the binary. ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy. ssh(1): allow IdentityFile=none ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog. sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option. ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods.

9 UnixSOE Openssh 6.3p1– What is New (Contd.)?
Bug Fixes sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key. ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 ssh(1): reset the order in which public keys are tried after partial authentication success. ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#2120 ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations; bz#2122 ssh(1): set TCP nodelay for connections started with -N; bz#2124 ssh(1): correct manual for permission requirements on ~/.ssh/config; bz#2078 ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. bz#1917 ssh(1): properly deatch a ControlPersist master from its controlling terminal. sftp(1): avoid crashes in libedit when it has been compiled with multi-byte character support. bz#1990 sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. bz#1976, ssh(1): fix incomplete bzero; bz#2100 sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges. Many improvements to the regression test suite. In particular log files are now saved from ssh and sshd after failures. Fix a number of memory leaks. bz#1967 bz#2096 and others sshd(8): fix public key authentication when a :style is appended to the requested username. ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened. bz#2079

10 Solution Pack Unix SOE & TI Services
Questions & Feedback Product Support Helpline

Download ppt "Overview – SOE Openssh Dec 2013."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.

Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Cs490ns-cotter1 SSH / SSL Supplementary material.

Cs490ns-cotter1 SSH / SSL Supplementary material.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.

Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.

Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.
Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

Similar presentations

Ads by Google