Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSH Operation The Swiss Army Knife of encryption tools…

Published byHugh Edward Black Modified over 9 years ago

Similar presentations

Presentation on theme: "SSH Operation The Swiss Army Knife of encryption tools…"— Presentation transcript:

1 SSH Operation The Swiss Army Knife of encryption tools…

2 SSH Features Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non- terminal traffic

3 Brief History SSH.com’s SSH1, originally completely free with source code, then license changed with version 1.2.13 SSH.com’s SSH2, originally only commercial, but now free for some uses. OpenSSH team took the last free SSH1 release, refixed bugs, added features, and added support for the SSH2 protocol.

4 Installation OpenSSH is included with a number of Linux distributions, and available for a large number of Unices On RPM-based linuxes: “rpm –Uvh openssh*.rpm”

5 Basic use ssh SshServerName ssh –l UserName SshServerName ssh SshServerName CommandToRun ssh –v SshServerName Server Host Key checks Uses same login password And if we need to encrypt other traffic?

6 Port Forwarding – real server on remote machine I want to listen on port 5110 on this machine; all packets arriving here get sent to mailserver, port 110: ssh –L 5110:mailserver:110 mailserver

7 Port Forwarding – real server on this machine All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead: ssh –R 80:MyMachine:8000 firewall

8 X Windows forwarding No setup – already done! Run the X Windows application in the terminal window: xclock & The screen display shows up on your computer, and any keystrokes and mouse movements are sent back, all encrypted.

9 SSH key background Old way: password stored on server, user supplied password compared to stored version New way: private key kept on client, public key stored on server.

10 SSH key creation General command: ssh-keygen –b 1024 –c “Comment” –f ~/.ssh/identity_file Different forms for each of the SSH flavors Assign a hard-to-guess passphrase to the private key during creation. Key can be used for multiple servers

11 SSH key installation 3 versions of ssh: interoperability is good, but poorly documented ssh-keyinstall utility automates the creation and installation “ssh-keyinstall –s SshServerName” creates keys, if needed, and installs them on the remote server Need password during key install only

12 Using SSH keys ssh SshServerName Ssh –l UserName SshServerName ssh SshServerName CommandToRun Ssh –v SshServerName

13 ssh-agent Remembers your private key(s) Other applications can ask ssh-agent to authenticate you automatically. Unattended remote sessions. ssh-agent bash ssh-agent startx eval `ssh-agent`#Less preferred ssh-add [KeyName]

14 Fanout Runs command on multiple machines by opening separate ssh session to each fanout “machine1 machine2 user@machine3” “command params” user@machine3 Gives organized output from each machine

15 Links and references http://www.ssh.com http://www.openssh.org SSH, The Secure Shell, The Definitive Guide ssh-keyinstall, fanout and other apps at http://www.stearns.org/ http://www.stearns.org/ More docs at http://www.stearns.org/doc/http://www.stearns.org/doc/ http://www.employees.org/~satch/ssh/faq/ss h-faq.html http://www.employees.org/~satch/ssh/faq/ss h-faq.html William Stearns wstearns@pobox.comwstearns@pobox.com

Download ppt "SSH Operation The Swiss Army Knife of encryption tools…"

Similar presentations

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
1 SEEM3460 Tutorial Access to Unix Workstations in SE.

1 SEEM3460 Tutorial Access to Unix Workstations in SE.
COS 420 DAY 24. Agenda Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.

COS 420 DAY 24. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
SSH Keys William Stearns 6-0647.

SSH Keys William Stearns

Similar presentations

Ads by Google