SSH. Partly a tool, partly an application Features:

Similar documents
CPSC 467: Cryptography and Computer Security

Linux Network Administration

CPSC 467b: Cryptography and Computer Security

ssh and handson Matsuzaki maz Yoshinobu 1

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

19.1. Security must consider external environment of the system, and protect it from:

Expedition. Hardening Guide Version Palo Alto Networks, Inc.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Some SSH tips & tricks you may enjoy (plus, iptables)

Security+ SY0-501 Study Guide Table of Contents

SSH SECURITY. If you ve never used SSH before on a computer, the chances are very high that

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Transport Level Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

Fundamentals of Linux Platform Security

(2½ hours) Total Marks: 75

Information Security CS 526

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Content and Purpose of This Guide... 1 User Management... 2

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

Key Agreement Schemes

Most Common Security Threats (cont.)

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Information Security: Principles and Practice Second Edition. Mark Stamp

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Cryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh

Authentication Handshakes

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13

Transport Layer Security

Strategic Infrastructure Security

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CSC 474/574 Information Systems Security

Using keys with SSH Rob Judd

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

CSC 774 Network Security

CS November 2018

CS530 Authentication

Defending Yourself Against The Wily Wireless Hacker

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Crypto meets Web Security: Certificates and SSL/TLS

SSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

written by ssh Nikkei Linux

Verteilte Systeme (Distributed Systems)

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Cryptography and Network Security

Syllabus: The syllabus is broadly structured as follows:

Cryptography (Overview)

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Introduction and Overview. Why CSCI 454/554?

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

WHITE PAPER. Authentication and Encryption Design

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

CSC/ECE 774 Advanced Network Security

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Kurose & Ross, Chapters (5 th ed.)

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

CSCE 813 Internet Security Final Exam Preview

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Encryption. INST 346, Section 0201 April 3, 2018

Computer Security 3/20/18

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Real-time protocol. Chapter 16: Real-Time Communication Security

David Wetherall, with some slides from Radia Perlman s security lectures.

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Proving who you are. Passwords and TLS

Network Security Chapter 8

VNC SDK security whitepaper

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 19

Pulseway Security White Paper

Securing Internet Communication: TLS

CS Computer Networks 1: Authentication

PROTECTING CONVERSATIONS

Project #6: Using ssh, scp and sftp with Key-Based Authentication

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Security and Anonymity

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Ethical Hacking and Prevention

Chapter 19 Security. Chapter 19 Security

UH, FB Inf, SVS, 18-Okt covers all traffic on that link, independent of protocols above. application has no visibility of Internet layer.

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Outline Key Management CS 239 Computer Security February 9, 2004

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

CT30A8800 Secured communications

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

An Overview of the Secure Shell (SSH)

CS 494/594 Computer and Network Security

AIT 682: Network and Systems Security

Transcription:

Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication Interesting case study with regards to deployability 2 1

Login sequence Client contacts server Server sends its public RSA host key (> 1024 bits), an RSA server key (> 768 bits), and list of ciphers (server key changes hourly) Client authenticates server Client generates session key and encrypts it using both host and server key Server decrypts it and uses it for traffic encryption Client authenticates to host 3 Two server keys: why? Long key: for authentication Shorter key: approx. of forward secrecy Why not Diffie-Hellman? Speed: 768-bit RSA faster Tatu Ylönen, the author, inspired amateur in 1995... 4 2

Authentication? Server authentication by client? Server is sending key not certificate First time keys == ask user to accept it Don t know if this is correct key! Cache keys in known hosts file One does not know that the key is correct Only know that key is the same as last time Vulnerability on initial login only! But user has to know what is happening 5 Sample initial login $ ssh foo The authenticity of host foo (192.168.77.222) can t RSA key fingerprint is cf:26:92:6c:01:c1:05:c7:51:de Are you sure you want to continue connecting (yes/no) Warning: Permanently added foo (RSA) to the list of 6 3

An attack? $ ssh foo @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is f1:68:d8:0d:0a:1b:78:2c:48:3a:aa:1b:4a:8c:cb:ca. Please contact your system administrator. Add correct host key in /home/smb/.ssh/known_hosts to get rid of this message. Offending key in /home/smb/.ssh/known_hosts:86 RSA host key for foo has changed and you have requested strict checking. Host key verification failed. 7 Cipher list Server sends options Client picks Rollback, downgrade attack: Attacker substitutes list to contain only weak or cracked ciphers Solution: after start of encryption send an authenticated list of original proposed algorithms 8 4

Client authentication Many Password authentication + Simple - Password guessing possible Public key authentication Client sends public key to server Server encrypts 256-bit random number with cleint public key Client decrypts it and sends MD5 hash back + better security - simple key not certificate! Host-based authentication Client s host has public/private key pair Useful only for two machines under common administration 9 Password guessing 00:01:36 foo sshd: Invalid user duane from 206.231.8 00:01:37 foo sshd: Invalid user murray from 206.231. 00:01:38 foo sshd: Invalid user kovic from 206.231.8 00:01:39 foo sshd: Invalid user mitchell from 206.23 00:01:40 foo sshd: Invalid user nance from 206.231.8 00:01:41 foo sshd: Invalid user liberty from 206.231 00:01:42 foo sshd: Invalid user alan from 206.231.8. 00:01:43 foo sshd: Invalid user wilfe from 206.231.8 00:01:45 foo sshd: Invalid user ruthy from 206.231.8 00:01:46 foo sshd: Invalid user oriana from 206.231. 00:01:47 foo sshd: Invalid user mauzone from 206.231 00:01:48 foo sshd: Invalid user leopold from 206.231 10 5

Storing private keys Compromised private key => all security bets are off Minimum Read-protected To circumvent, e.g., NFS problems, encrypt with some symmetric cipher... 11 Too many prompts! Problem: need to constantly enter password Solution: ssh agent Prompts for passphrase once Decrypts in memory Performs public key operation on one s behalf SSH agent secured: Problem: Uses Unix sockets (lives in file system) File permissions on Unix-domain sockets may not be enforced Solution: But all systems verify permissions on containing directory Put socket in protected directory (Use shell to pass info) 12 6

SSH agent usage $ set grep SSH SSH_AGENT_PID=363 SSH_AUTH_SOCK=/tmp/ssh-00000418aa/agent.418 $ ls -la /tmp/ssh-00000418aa total 8 drwx------ 2 smb wheel 20 Oct 11 03:15. drwxrwxrwt 4 root wheel 260 Oct 12 00:13.. srwxr-xr-x 1 smb wheel 0 Oct 10 20:57 agent.41 13 Connection forwarding Circumvents ssh firewall Talking to an internal POP3 server: ssh -L 110:mbox:110 firewall followed by (in another window) telnet 127.0.0.1 110 Or, of course, configure your mailer to talk to 127.0.0.1 Forwarding remote connections to local machine is also possible 14 7

Connection forwarding (2) Forwarding access to authentication agent possible Never do connection-forwarding to an insecure machine! Circumventing policies possible X11 forwarding Authentication? Some people don t... Kerberos magic cookie mode app has to read a secret value from a file and send it to X server remote sshd generates new secret local client replaces remote cookie with local one and contacts local-x-server 15 SSH: deployability SSH success story No infrastructure No PKI, CAs, no central server Usability Drop-in replacement for rlogin Same trust model Little user training Nice features (connection/x11-forwarding) Many Unix variants Security Defended against real attacks Extra fuctionality Add-ons: scp 16 8

SSH: limitations Doesn s solve all problems Cryptographic mistakes (i.e.: CRC instead of MD5) Compromised hosts Trojans possible X11 and authentication agents can be captured Password-guessing Deliberate user misbehavior SSH worms Known host files indicates trust patterns Transitive trust patterns Encrypt your private keys 17 SSH conclusion Professional cryptographer would have designed a system around certificates issued bz properlyisolated and secured CAs Would have been more secure Would likely have been undeployable Got real security from partially-secured implementation that better matched deployment patterns 18 9

Course overview Introduction Attacks and threats, cryptography overview Authentication (Kerberos, SSL) Applications Web, email, ssh Lower layer network security IPsec, firewalls, wireless Monitoring / information gathering Intrusion detection, network scans Availability Worms, denial of service, network infrastructure 19 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback