1. SSH Scott Nykl Jim Wyllie

2. SSH - Overview Secure Shell Designed to replace “r-tools” [1]  rlogin, rsh, rcp  3 main attacks [1]:  Password eavesdropping  Man-in-the-middle  Replay attacks

3. SSH1 SSH1 -- First incantation of SSH [3] Created in 1995, obsolete in 1996  Allowed rhost authentication (not secure)  Man-in-the-middle

4. SSH2 What we use today More secure session key generation Dropped rhost authentication

5. SSH Authentication

6. Authentication Methods Public-key (more on this later) RhostsRSA (lame) Keyboard Interactive  RSA SecurID  password

7. Default Authentication Methods SSH2  Client will try to authenticate using  1) Host-based method  2) Public key authentication  3) Keyboard-interactive and password authentication

8. Default Authentication Methods Host-based method  If user’s machine is listed on remote machine  /etc/hosts.equiv or  /etc/shosts.equiv  And user names are the same on both sides  The user is immediately logged in

9. Default Authentication Methods Public Key Authentication  Using keychain or pagent

10. Default Authentication Methods Keyboard-interactive and password authentication  You all know this one <-1337 Haxor

11. Keying System Diffie-Hellman key exchange Clear-text key transfer DH-encrypted “session” key  Symmetric keys are faster New key exchanged over DH periodically

12. Cool stuff with SSH All previous slides were to ensure I covered the bases and got a good grade on this presentation I really don’t care too much about “how” it works (that’s for the crypto guys), but what it can do for me

13. Public-Key authentication Far fewer passwords to memorize Robust against brute force guessing Easy to grant / deny access to an account Creating a key: ssh-keygen -t dsa  Follow the menus

14. Public-key Authentication Question: What do I do with it now?  Desktop: Copy id_dsa to ~/.ssh/id_dsa  Remote box:  cat id_dsa.pub >> ~/.ssh/authorized_keys You now have public-key access

15. Public-key Authentication “Ok, now I type the key password instead of my account password. Lame.” Not if we cache passwords

16. Caching Passwords The hard way  ssh-agent  Entering a zillion lines  See [5] for more info about it The easy way  keychain  Terminal front-end to ssh-agent

17. keychain Terminal standard for key mgmt.  By the folks at Gentoo Download / Install Paste into ~/.bashrc:  keychain -q ~/.ssh/id_rsa . ~/.keychain/$HOSTNAME-sh That’s it. One password entry.

18. Overview So, to use keys:  Use ssh-keygen -t dsa to create public / private keys  Copy / append your public key to any box you’re going into  Keep your private key on any box you work from  Use keychain to stop typing passwords

19. ~/.ssh/config Allows you to set up some cool things  Aliases for common connections  jwyllie@primus.cs.ohiou.edu -> primus  Agent forwarding (a little risky) See [6] for my config file example man ssh_config

20. X11 Forwarding X11 uses sockets to connect  Sockets can communicate over networks You can tunnel X11 GUIs through SSH X11Forwarding = yes Slow over the Internet, fast on a LAN Just run any graphical app like normal  Requires sane xorg.conf

21. SOCKS Proxy SSH can act as a SOCKS Proxy  pr0n at work  Safari from off-campus Point proxy at localhost:SSH port  Wait, what port did SSH use? It’s random! ssh -D 16950 p1.cs.ohiou.edu

22. SOCKS Proxy Edit -> Preferences… -> Connection Settings

23. SOCKS Proxy (PuTTY) PuTTY: A Free Telnet/SSH Client Do what Jim said, but without installing a thing (from a windows box)!

24. SOCKS Proxy What does tunnelling web traffic give me?  Security through wireless access  safari.oreilly.com remotely  Privacy through a workplace  Protection against DNS hijacking  Bypassing web filters

25. General Tunneling You can tunnel anything with SSH ssh -L port:host:hostport dest  Starts daemon on port; spits traffic out from dest to host:hostport ssh -R port:host:hostport dest  Port on the remote (server) host is to be forwarded to the given host and port on the local side (opposite as above)

26. Tunneling -L

27. Tunneling -R

28. General Tunneling Remember!!!  Tunneling forwards traffic through an intermediate link  Slowness may result if this intermediate link is slow  eg, you tunnel pr0n from work through your home dialup… You will wait!

29. Tunneling examples “Secure” POP over wireless ssh -l 110:oak.cats.ohiou.edu:110 p1 In /etc/hosts:  oak.cats.ohiou.edu127.0.0.1  Or just connect over localhost:110 No more wireless email sniffing (PS: Don’t use POP: Use secure IMAP)

30. Tunneling examples RSYNC through a blocking firewall ssh -l 873:rsync.gentoo.org:873 p1  Same deal with /etc/hosts as before “Hides” your RSYNC traffic in SSH

31. SSH as a pipe SSH can also act as a simple pipe ssh p1 “ls -l” lists your prime home directory cat /dev/cdrom | ssh p1 “cat - > my_local_cd.iso”

32. Tunnels w/o prompts Want all the tunnels without minimized idle SSH sessions? screen to the rescue  Puts you in a nested shell  Ctrl+a d puts it in the background  screen -r retrieves it to your terminal Barely scratching the surface; man screen for more

33. Put it together: rbackup I use something like this to back up every box I control tar / bzips your entire box, sends over SSH to a remote host for storage  With cron, can run overnight Be careful about security risks! tar cjf - / | ssh p1 “cat ~/backup.tar.bz2”

34. PuTTY Collection of useful Windows Utilities that provide SSH capability. PuTTY - Telnet and SSH client PSCP - SCP client, i.e. command-line secure file copy PSFTP - SFTP client, i.e. general file transfer sessions much like FTP PuTTYtel - Telnet-only client

35. PuTTY Plink - a command-line interface to the PuTTY back ends (remember our plink –D example) Pageant - SSH authentication agent for PuTTY, PSCP and Plink PuTTYgen (an RSA and DSA key generation utility).

36. Cygwin Cygwin is a Linux-like environment for Windows. It consists of two parts: A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux API functionality. A collection of tools which provide Linux look and feel. This includes SSH and SSHD!

37. Quick Detour – LAN Setup How To Setup Your LAN

38. Quick Detour – Dynamic DNS Use Dynamic DNS (DynDNS) Leethaxor.ath.cx (FREE) http://www.dyndns.com/ Run ddclient on Firewall Remotely connect using DNS Name ssh skippy@leethaxor.ath.cx ssh –D 1650 skippy@leethaxor.ath.cx  (set firefox to use SOCKS at 127.0.0.1:1650)

39. More SSH Uses Copy Files (FAST+SAFE)  Push (current machine to remote machine)  scp -r -P 222./myDir/ root@mydomain.ath.cx:/test  tar -cf -./myDir/ | ssh -p 222 root@mydomain.ath.cx "cd /test/; tar -xf -"  Pull (remote machine to current machine)  scp -r -P 222 root@mydomain.ath.cx:/test/myDir./  ssh -p 222 root@mydomain.ath.cx "cd /test/; tar -cf -./myDir" | tar -xf -  Faster than SCP!  Only 1 TCP connection for ALL files (SSH)  No three-way handshake per file (SCP)  http://www.dearm.co.uk/cotwssh/

40. Summary SSH keys for better authentication SOCKS with SSH keychain for fewer passwords General tunneling for privacy SSH pipes Remote backups Faster Recursive File Copy than SCP, SFTP, FTP, etc SSH can do more than this

41. References [1] http://www.vandyke.com/solutions/ssh_overview/ssh_overview.pdf [2] http://www.tacc.utexas.edu/services/userguides/ssh_detailed/ [3] http://en.wikipedia.org/wiki/Secure_Shell [4] RFC 4251 [5] http://www.securityfocus.com/infocus/1812 [6] http://irg.cs.ohiou.edu/~jwyllie/ssh_config [7] http://http://www.hmug.org/man/1/ssh.php [8] http://www.chiark.greenend.org.uk/~sgtatham/putty/