Technical Report : SSH. FS-TR01-01 April, 2001 (9 pages) ( ) {dolbe, Abstract( )

Transcription

1 FS-TR01-01 April, 2001 (9 pages) Technical Report : SSH 1, ( ) {dolbe, chlim}@future.co.kr Abstract( ) telnet, ftp, rlogin, rcp, rsh IP plain text.,. TCP/IP address spoofing sniffing SSH OpenSSH SSH 1, 2. ( ) Cryptography & Network Security Center, Future Systems, Inc. (

2 : SSH, ( ), {dolbe, chlim}@future.co.kr : ( : ) telnet, ftp, rlogin, rcp, rsh IP plain text.,.tcp/ip address spoofing sniffing SSH OpenSSH SSH 1, 2. 1 Introduction Telnet, rlogin, rcp, rsh, rexec sniffing. 1.(Sniffing [6].) 1: כ. (Plaintext) 1

3 (Encryption Key: ) (Ciphertext). (Decryption Key: ) (Decryption). 2. Secure channel Encryption Insecure channel Decryption 2: SSH(Secure Shell) 2, telnet, rlogin, ftp. SSH. SSH /. ( router )..rhosts trust trusted spoofing כ. trusted hostname/ip DNS spoofing. IP source routing. 2 Secure Shell(SSH) SSH כ [1]. 1. Transport Layer Protocol [2] SSH low level כ (Authentication), (Confidentiality), (Integrity). public/private host key public host key. private host key כ. MAC.. SSH Transport layer TCP/IP (port 22),TCP (reliable transport) data stream. 2. User Authentication Protocol [3] SSH Transport., SSH Transport layer.,,,. 3. Connection Protocol [4] TCP/IP connection X11 connection. SSH Connection. 2

4 SSH SSH1 SSH2,. SSH1 RSA encryption 3DES Blowfish, IDEA, RC4. SSH1 CRC checksum. SSH2 HMAC RSA 1 DH. SSH. SSH Protocol version 2 SSH Protocol version 1 Transport, Authentication, Connection integrity check password changing connection channel public key certificates periodic replacement hostbased authentication network address proxying mobile clients. User authentication exchange, access Diffie-Hellman key agreement כ public-key(dsa, RSA, OpenPGP) hostsbased password (Rhosts ) CRC-32 integrity check insertion attack connection RhostsRSA. Authentication session key public-key(rsa only) RhostsRSA password Rhosts (rsh-style) TIS Kerberos 1: SSH - from SSH: The Secure Shell(The Definitive Guide), O Reilly 2.1 SSH Feature RSA, SecurID, S/Key, Kerberos, TIS. trust shosts, rhosts, RSA. RSA UNIX /. SSH SUN,HP,IBM,LINUX,OpenBSD. MAC.,. SSH V2 SSH Communication IETF proposal, VPN. sftp RSA. 3

5 SSH V1 configuration ( /etc/ssh2/ssh2 config). SSH V1 SSH V1. SSH V1 SSH V1. DSA Diffie-Hellman. 2.2 Implementation SSH V1, V2 Freware כ. F- Secure F-Secure SSH, SSH communication SSH 2.4, OpenBSD Open SSH, FreSSH.org FreSSH. SSH VAN DYKE Tecchnologies SecureCRT, SecureFX, SSH Communication SSH, F-Secure SSH Client Version 4.1, Silicon Circus PenguiNet, EmTec Innovative Software ZOC, Century Software TinyTerm, Intersoft Secure NetTerm. SSH Java Mindterm, TTSSH, Open SSH. 3 OpenSSH SSH / OpenSSH SSH 1 2, OpenBSD. telnet, rlogin ssh rcp ftp scp, sftp, sshd, Key ssh-keygen OpenBSD, FreeBSD, AIX, HP/UX, IRIX, LInux, SCO, Solaris, Digital Unix/Tru64/OSF, MacOS. Source Solaris Linux PAM.SOCKS proxing IPv6. pseudo-random number. OpenSSH OpenSSL Zlib. Random number /etc/random OS EDG Perl random number generating. OpenSSH SSH1 SSH2, SSH1 3DES Blowfish, SSH2 3DES, Blowfish, CAST128, Arcfour AES,,RSA. Sun Solaris 7 - X86 כ OS document. 3.1 Pre-requsite Sun Solaris 7 - X86 gcc or cc and make PATH. Solaris random device : andi/ zlib : openssl : openssh-2.5.1p1 :ftp://sunsite.kren.ne.kr/pub/os/openbsd/openssh/openssh tgz release. 4

6 3.2 OpenSSH. OpenSSH כ OpenSSL Zlib, כ make. README, INSTALL כ כ.pre-requsite כ כ. Open-SSL Zlib EDG Perl. #su - root #mkdir /work #mv zlib.tar.gz openssl tar.gz openssh tgz /work random device package. #umask 022 #pkgadd -d ANDIrand sparc-1.pkg Zlib. #cd /work #gzip -dc zlib.tar.gz tar xvf - #cd zlib-1.1.3/ #configure #make;make install OpenSSL. #cd /work #gzip -dc openssl tar.gz tar xvf - #cd openssl #./Configure ;./config #make #make test #make install OpenSSH. README, INSTALL. #cd /work #gzip -dc openssh-2.5.1p1.tar.gz tar xvf - #cd openssh-2.5.1p1 #./configure #make #make install sshd /usr/local/sbin/sshd /usr/local/man/, /usr/local/bin/ Key configuration /usr/local/etc/ כ. OpenSSH sshd(8) - ssh. כ listening כ authentication. ssh(1) - remote. slogin. scp(1)-remote. ssh-keygen(1) - Public Key. ssh-agent(1) - agent. RSA. 5

7 ssh-add(1) - agent key. sftp-server(8) - SFTP sftp(1)-secureftp ssh-keyscan(1) - SSH. # /usr/local/etc > ls./ ssh_host_dsa_key ssh_host_rsa_key sshd_config../ ssh_host_dsa_key.pub ssh_host_rsa_key.pub primes ssh_host_key ssh_prng_cmds ssh_config ssh_host_key.pub sshd.pid # /usr/local/bin > ls sftp* ssh* ssh-agent* ssh-keyscan* scp* slogin@ ssh-add* ssh-keygen* # /usr/local/sbin > ls./../ sshd rc (System V ). #vi /etc/init.d/opensshd #!/bin/sh # cp startup-script /etc/init.d/opensshd PATH=/bin:/usr/bin:/usr/local/sbin/bin SSHD=/usr/local/sbin/sshd PID=/var/sshd.pid case $1 in start ) start=false if [! -s $PID ] then start=true else kill -0 cat $PID >/dev/null 2>&1 start=true fi if [ $start = true -a -x $SSHD ] then $SSHD echo OpenSSH Secure shell daemon started. else echo OpenSSH Secure shell daemon not started. fi ;; stop ) if [ -s $PID ] 6

8 then if kill cat $PID >/dev/null 2>&1 then echo OpenSSH Secure shell daemon terminated. fi fi ;; *) echo Usage: /etc/init.d/opensshd start stop ;; esac # END. # ln -s /etc/init.d/opensshd /etc/rc2.d/s10opensshd # ln -s /etc/init.d/opensshd /etc/rc0.d/k10opensshd. #vi /etc/rc.d/init.d/opensshd echo Usage: /etc/init.d/opensshd start stop echo Usage: /etc/rc.d/init.d/opensshd start stop.. # ln -s /etc/rc.d/init.d/opensshd /etc/rc.d/rc2.d/s10opensshd # ln -s /etc/rc.d/init.d/opensshd /etc/rc.d/rc0.d/k10opensshd SSH 22 /etc/services. #vi/etc/services ssh 22/tcp #secure shell rc script SSH. #sh/etc/init.d/opensshd start # sh /etc/rc.d/init.d/opensshd start. #ps -ef grep sshd root :03:55? 0:00 /usr/local/sbin/sshd SSH. #ssh localhost root@localhost s password: EnterPASSWORD Last login: Thu Feb 22 14:42: from XXXX Sun Microsystems Inc. SunOS 5.7 Generic October 1998 Sun Microsystems Inc. SunOS 5.7 Generic October 1998 # ftp rcp scp sftp.-sftp. 7

9 #scp -p./myfile remote-ssh-server:/tmp/myfile ( ) #scp -p remote-ssh-server:/tmp/myfile /tmp ( ) #sftp [option] remote-ssh-server כ. disable /usr/local/etc/sshd config PermitRootLogin yes no remote. workstation 22, telnet ftp disable, rlogin, rsh, rcp r-command disable, SSH. PAM System Administration Guide, Volume 2 Using Authentication Services (Tasks) [5] Installing and Configuring Secure Shell., SSL כ. כ. 3.3 ssh ssh כ. 3.4 sftp sftp terminal access. F-secure F-Secure SSH for Windows Van Dyke SecureFX. 4 SSH OpenSSH., כ. כ כ., כ כ. כ כ. [1] Internet Draft : SSH Protocol Architecture, IETF SecSH working group, November (draft-ietfsecsh-architecture-11) [2] Internet Draft : SSH Transport Layer Protocol, IETF SecSH working group, November (draftietf-secsh-transport-11) [3] Internet Draft : SSH Authentication Protocol, IETF SecSH working group, November (draft-ietfsecsh-userauth-13) [4] Internet Draft : SSH Connection Protocol, IETF SecSH working group, November (draft-ietfsecsh-connect-14) [5] SSH Secure Shell for UNIX Servers Administrator s Guide, SSH Communication Security Corp. 2000, available at 8

10 [6] Robert Graham, Sniffing (network wiretap, sniffer) FAQ, September 14, 2000, available at A DES : DES 1977 IBM/NSA.. (56 ) AES. 3DES : DES key 3DES, 3-key 3DES. IDEA : IDEA (International Data Encryption Standard) Xuejia Lai James Massey 128 key size. DSA :. Diffie-Hellman :. RSA : 1977 MIT Ron Rivest, Adi Shamir, Len Adleman.. MD5 : MD5 Message Digest MIT Ron Rivest. 128 Message Digest כ. MAC(Message Authentication Code) :. Kerberos : MIT כ. Public Key : 1970 (Public Key Cryptosystem:PKC).. /. כ RSA.RSA. Secrete Key :.. Symmtric Cryptosystem : Asymmtric Cryptosystem : 9