Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

Published byCori Abigail Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications."— Presentation transcript:

1 Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications (ITA) 11 Secure Shell ssh, scp, sftp

2 Andreas Steffen, 15.11.2011, 11-SSH.pptx 2 SSH - History SSH version 1 was created in 1995 by Tatu Ylönen and first released under an open-source license. SSH quickly became a popular replacement for the insecure telnet protocol which doesn't offer server authentication and transmits the user credentials in the open. Tatu Ylönen founds SSH Communications Security which sells commercial SSH implementations. Under the auspices of the IETF, version 2 of the SSH protocol is developed. In a rewrite the protocol is split into a transport, connection, and authentication layers. The complete suite of SSH RFCs was released in January 2006 SSH version 1 is vulnerable to various kinds of attacks and should not be used any more. No security flaws are known for the current SSH version 2.

3 Andreas Steffen, 15.11.2011, 11-SSH.pptx 3 SSH 2 - Architecture TCP/IP Stack SSH Transport Layer SSH Authentication Layer SSH Connection Layer

4 Andreas Steffen, 15.11.2011, 11-SSH.pptx 4 SSH 2 – Transport Layer The transport layer provides algorithm negotiation, key exchange and server authentication and sets up a cryptographically secured connection that provides integrity, confidentiality and optional compression. The key exchange uses the Diffie-Hellman protocol with a 1024 bit modulus and thus ensures perfect forward secrecy. The server authentication is based on RSA or DSS signatures and uses either raw public keys or X.509, PGP or SPKI certificates. Packet Length Padding Length Packet Data Random Padding MAC optional compression encryption

5 Andreas Steffen, 15.11.2011, 11-SSH.pptx 5 Initial Server Key Discovery The first time a client connects to a ssh server, it is asked to verify the server’s key. [djm@roku djm]$ ssh root@hachi.mindrot.org The authenticity of host ’hachi.mindrot.org (203.36.198.102)’ can’t be established. RSA key fingerprint is cd:41:70:30:48:07:16:81:e5:30:34:66:f1:56:ef:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ’localhost’ (RSA) to the list of known hosts. root@hachi.mindrot.org’s password: xxxxxxxx Last login: Tue Aug 27 10:56:25 2002 [root@hachi root]# This is done to prevent an attacker impersonating a server, which would give them the opportunity to capture the password or the contents of the session. Once the server’s key has been verified, it is recorded by the client in ~/.ssh/known_hosts so it can be automatically checked upon each connection.

6 Andreas Steffen, 15.11.2011, 11-SSH.pptx 6 SSH 2 – Authentication Layer The authentication layer provides several mechanisms for user authentication. These include traditional password authentication as well as public-key or host-based authentication mechanisms. Password-based authentication: username and password are transmitted securely over the encrypted ssh transport layer. On the server a normal password-based login takes place. Public-key-based authentication: The user signs a challenge sent by the server with her private key. The public portion id_rsa.pub of the user's key must either be installed by the server in the file ~/.ssh/authorized_keys first or sent interactively embedded in a trusted certificate.

7 Andreas Steffen, 15.11.2011, 11-SSH.pptx 7 SSH 2 – Connection Layer The connection layer provides interactive login sessions: ssh –l antje srv.kool.net remote execution of commands: ssh antje@srv.kool.net “rm *” Secure remote copy of files and directories via scp or sftp commands forwarded TCP/IP connections and forwarded X11 connections All of these channels are multiplexed into a single encrypted tunnel.

8 Andreas Steffen, 15.11.2011, 11-SSH.pptx 8 SSH 2 – TCP/IP Port Forwarding 11.22.33.4455.66.77.88 SSH clientSSH server listens on 127.0.0.1 port 8080 HTTP browser connects to 127.0.0.1 port 8080 forwards to 10.1.0.10 port 80 10.1.0.10 HTTP server listens on 10.1.0.10 port 80 ssh –L8080:10.1.0.10:80 55.66.77.88

9 Andreas Steffen, 15.11.2011, 11-SSH.pptx 9 SSH 2 – Implementations OpenSSH for OpenBSD http://www.openssh.org Portable OpenSSH for Linux, Unix, Mac OS X http://www.openssh.org PuTTY for Windows http://www.chiark.greenend.org.uk/~sgtatham/putty/ WinSCP graphical Windows scp and sftp client http://winscp.net/

Download ppt "Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security

Cryptography and Network Security
OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –

OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Cunsheng Ding HKUST, Hong Kong, CHINA

Cunsheng Ding HKUST, Hong Kong, CHINA
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.

Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.
EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
The Secure Shell Protocol Jia Zhu 2621081 Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel.

The Secure Shell Protocol Jia Zhu Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…

Similar presentations

Ads by Google