Cryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh

Similar documents
SSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

LAB :: Secure SHell (SSL)

2-1-1 ssh Secure SHell

2-1-1 ssh Secure SHell

SSH and keys. Network Startup Resource Center

ssh and handson Matsuzaki maz Yoshinobu 1

Using keys with SSH Rob Judd

LECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo

FEPS. SSH Access with Two-Factor Authentication. RSA Key-pairs

Project #6: Using ssh, scp and sftp with Key-Based Authentication

IT Services Security. The Dark Arts Of SSH. Author: John Curran Version: 0.1

Configuring SSH Public Key Authentication

Common Report Engine Leipzig. Ref. 0003

Linux Network Administration

This is a guide about using Putty on Windows with OpenSSH on Linux. You would learn about how to:

Introduction to Linux Workshop 2. The George Washington University SEAS Computing Facility

Application Note. Configuring SSH on Vocality units. Software From V07_04_01. Revision v1.5

An Overview of SSH. Presentation to Linux Users of Victoria. Melbourne, August 26, 2017

Setting up PuTTY. CTEC1767 Data Communications & Networking CTEC1863 Operating Systems CTEC1906 Internet Computing

Introduction to the ITA computer system

File transfer clients manual File Delivery Services

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

Tutorial: SSH. Secure SHell: Connect remotely anything, anywhere. UL High Performance Computing (HPC) Team Sebastien Varrette

Key File Generation. November 14, NATIONAL STUDENT CLEARINGHOUSE 2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171

Security with SSH. Network Startup Resource Center

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

UNIVERSITY OF CYPRUS Computer Science Department

Setting up a Chaincoin Masternode

Build

UL HPC School 2017[bis] PS1: Getting Started on the UL HPC platform

Setting up PuTTY. Version Updated for 2015 Fall (with corrections)

Setting up PuTTY. Software* Downoad PuTTY. Download PuTTY Download the putty.zip file. It contains several programs for SSH, SFTP, and SCP.

Ross Whetten, North Carolina State University

Linux Introduction to Linux

Setting up PuTTY. Software* Download PuTTY 6/9/18. Microsoft Windows 7 (64-bit) PuTTY 0.70 (64-bit) PuTTYgen 0.70 (64-bit) WinSCP 5.13.

Content and Purpose of This Guide... 1 User Management... 2

Using Encryption CHAPTER. In this chapter, you will learn about How encryption works Encrypting remote access with OpenSSH Encrypting Linux files

Secure SHell Explained!

SSH. Partly a tool, partly an application Features:

User Authentication Principles and Methods

Joint Venture Hospital Laboratories. Secure File Transfer Protocol (SFTP) Secure Socket Shell (SSH) User s Guide for plmweb.jvhl.

Titan FTP Server SSH Host Key Authentication with SFTP

Connect using Putty to a Linux Server

KB How to upload large files to a JTAC Case

SSH PK Authentication and Auto login configuration for Chassis Management Controller

Data Server for PC5200 as Remote Terminal V1.00 9/22/05

TELE301 Lab16 - The Secure Shell

Gitlab Setup/Usage by Yifeng Zhu modified by Vince Weaver 30 January 2019

Immersion Day. Getting Started with Linux on Amazon EC2

First-Time Login Procedure on XWin32

Table of Contents 1 SSH Configuration 1-1

curl Manager Manual Contents Intro

School of Computing Science Gitlab Platform - User Notes

CPSC 467: Cryptography and Computer Security

Regulatory Reporting Hub SFTP Connection How to connect via SFTP & upload Files

Regulatory Reporting Hub SFTP Connection How to connect via SFTP & upload Files

Programming Tools. Computer Organization Tools. Most of the programming assignments will require using the C language.

NoMachine NX Client Configuration Guide

Transport Level Security

SSH to your DC/OS cluster on Unix/Linux (macos, Ubuntu, etc) SSH to your DC/OS cluster on Windows

Security with SSH. SANOG VI IP Services Workshop. Hervey Allen

Enable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018

Topics. Security with SSH. Cryptographic Methods and Apps. SSH Application Layer Security

FWB / Eurex Client & Member Reference Data Upload How to connect via SFTP & upload Files

CPSC 467b: Cryptography and Computer Security

CISE Research Infrastructure: Mid-Scale Infrastructure - NSFCloud (CRI: NSFCloud)

Configuring SSH and Telnet

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

This document is intended to help you connect to the CVS server on a Windows system.

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Configuring SSH and Telnet

How to Back Up and Restore Application Consistent Snapshots of SQL and Exchange Databases

Tectia Client/Server 6.3 (Windows) Quick Start Guide

Remote Terminal Services

Lab - Examining Telnet and SSH in Wireshark

SSH - Secure SHell. Lecture 23 CSIT571. Slides prepared by Joseph Zhaojun Wu Revised by Cunsheng Ding

Siemens PLM Software. HEEDS MDO Setting up a Windows-to- Windows Compute Resource.

Configuring the Management Interface and Security

Bitnami Apache Solr for Huawei Enterprise Cloud

Integration Guide. Auvik

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Tectia Client/Server 6.4 (Windows) Quick Start Guide

Most of the programming assignments in CS 2505 will require using the C language. We will use a (relatively) current version of the GCC C compiler.

Configuring 802.1X Settings on the WAP351

Jackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

Linux Systems Security. Access Control and Authentication NETS1028 Fall 2016

Siemens PLM Software. HEEDS MDO Setting up a Windows-to- Linux Compute Resource.

Tutorial 1. Account Registration

Remote Access and Management

The Unix Shell. The Secure Shell

MarketC - Masternode Setup Guide

BR*Tools Studio 7.10 for Oracle Multi-instance Server Standalone Part 2: Server, Database Instances and their Users

Allinea DDT Debugger. Dan Mazur, McGill HPC March 5,

Due: October 8, 2013: 7.30 PM

SSH with Globus Auth

Transcription:

Cryptography Application : SSH Cyber Security & Network Security 20-22 March, 2017 Dhaka, Bangladesh Issue Date: [31-12-2015] Revision: [v.1]

What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows Who I Am The Traffic is Encrypted

Traditional (Telnet) Servers Terminal Routers

Encrypted (SSH) Servers Terminal Routers

Secure Shell (SSH) Provides authenticated and encrypted shell access to a remote host It s not only a secure shell; it is much more Transport protocol (eg. SCP, SFTP, SVN) Connection forwarder. You can use it to build custom tunnels

SSH (Ordinary Password Authentication) 1. The user makes an initial TCP connection and sends a username. ssh username sshd Terminal ý Server

SSH (Ordinary Password Authentication) 2. The ssh daemon on the server responds with a demand for a password, and access to the system has not yet been granted in any way. ssh password? sshd Terminal ý Server

SSH (Ordinary Password Authentication) 3. The ssh client prompts the user for a password, which is relayed through the encrypted connection to the server where it is compared against the local user base. ssh password sshd Terminal ý Server

SSH (Ordinary Password Authentication) 4. If the user's password matches the local credential, access to the system is granted and a two-way communications path is established, usually to a login shell. ssh access granted sshd Terminal þ Server

Password Authentication Password Authentication is that it's simple to set up - usually the default - and is easy to understand. Allows brute-force password guessing. Passwords must be remembered and entered separately upon every login.

Public Key Access User creates a pair of public and private keys. The public key - nonsensitive information. The private key - is protected on the local machine by a strong passphrase. Installs the public key in his $HOME/.ssh/authorized_keys file on the target server. This key must be installed on the target system - one time.

Public Key Access 1. The user makes an initial connection and sends a username along with a request to use a key. 2. The ssh daemon on the server looks in the user's authorized_keys file, constructs a challenge based on the public key found there, and sends this challenge back to the user's ssh client. 3. The ssh client receives the key challenge. It finds the user's private key on the local system, but it's protected by an encrypting passphrase. 4. The user is prompted for the passphrase to unlock the private key. 5. ssh uses the private key to construct a key response, and sends it to the waiting sshd on the other end of the connection. It does not send the private key itself! 6. sshd validates the key response, and if valid, grants access to the system. 12

How key challenge work (Under the hood) 1. User ssh to server, he presents his username to the server with a request to set up a key session. 2. The server creates a "challenge". It creates and remembers a large random number, then encrypts it with the user's public key. Key Challenge Creation random number encrypt user s public key key challenge

How key challenge work (Under the hood) 3. Agent decrypts it with the private key and get the random number generated by the server. key challenge Key Response Generation user s private key 4. The agent takes this random number, appends the previously negotiated SSH session ID and creates an MD5 hash value of the resultant string: this result is sent back to the server as the key response. decrypt Challenge (clear text) sessio n ID MD5 hash key response

How key challenge work (Under the hood) 5. The server computes the same MD5 hash (random number + session ID) and compares it with the key response from the agent. 6. If they match, the user must have been in possession of the private key, and access is granted. key challenge key response

Public Key Access Public keys cannot be easily brute-forced. The same private key (with passphrase) can be used to access multiple systems: no need to remember many passwords. Requires one-time setup of public key on target system. Requires unlocking private key with secret passphrase upon each connection.

Public Key Access Never store Private Key on a multi-user host. Store Private Key ONLY on your laptop and protect your laptop (Encrypt Disk!). It is OK to use SSH_AGENT to remember your key ONLY if your laptop/computer locks very quickly.

Private Key on Unix / MacOSX SSH is Built In UNIX Linux MacOS X

Generate Key (Unix / MacOSX) $/usr/home/foo> ssh-keygen -t rsa -b 4096 -C your_email@example.com Generating public/private rsa key pair. Enter file in which to save the key (/usr/home/foo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/home/foo/.ssh/id_rsa. Your public key has been saved in /usr/home/foo/.ssh/id_rsa.pub. The key fingerprint is: 27:99:35:e4:ab:9b:d8:50:6a:8b:27:08:2f:44:d4:20 foo@bdnog.org

Generate Key (Unix / MacOSX) ~/.ssh/id_rsa: The private key. DO NOT SHARE THIS FILE! ~/.ssh/id_rsa.pub: The associated public key. This can be shared freely without consequence.

Password vs Passphrase source : http://xkcd.com/936/

Private Key on Windows http://www.chiark.greenend.org.uk/~sgtatham/putty/downlo ad.html PuTTY (the Telnet and SSH client itself) PuTTYgen (an RSA and DSA key generation utility). Pageant (an SSH authentication agent for PuTTY, PSCP, PSFTP, and Plink)

Generate Key (Windows) 1. Run PuttyGen

Generate Key (Windows) 2. Generate Key

Generate Key (Windows) 3. Enter Passphrase & Save Private Key 4. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All and copy the key

Putting the Key on the Target Host You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command ssh-copy-id user@serverip Alternatively, you can paste in the keys using SSH: cat ~/.ssh/id_rsa.pub ssh user@serverip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys

Generate Key (Windows) 4. Load Key in Putty

Generate Key (Windows) 5. SSH to host username@ipaddress

Generate Key (Windows) 6. Accept Host s Key

Generate Key (Windows) 7. passphrase for Key

PuTTY Agent: Pageant Select Add Key, browse to your key, select, enter passphrase Enter passphrase again. Eventually you'll get it right. SSH to your server PuTTY enable/disable agent: Connection -> SSH -> Auth, "Attempt Authentication using Pageant" checkbox

Exercise Create your key Follow the lab manual ssh-lab.pdf

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback