SSH and SSL - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

SSH and SSL

Description:

Encrypted connections between parties known ... A Simple Example. ssh -l harry harry. ... Authorities) provide the certificates that contain the public keys. ... – PowerPoint PPT presentation

Number of Views:140
Avg rating:3.0/5.0
Slides: 19
Provided by: harry97
Category:
Tags: ssh | ssl | keys

less

Transcript and Presenter's Notes

Title: SSH and SSL


1
SSH and SSL
  • COM380
  • University of Sunderland
  • Harry R. Erwin, PhD

2
Resources
  • Daniel J. Barrett and Richard E. Silverman, 2001,
    SSH, the Secure Shell, OReilly, ISBN
    0-596-00011-1
  • Eric Rescorla, 2001, SSL and TLS Designing and
    Building Secure Systems, Addison-Wesley, ISBN
    0-201-61598-3

3
The Problem
  • IPv4 is insecure. Most TCP/IP services are
    unencrypted. This allows anyone to monitor and
    reconstruct connection traffic on the internet.
  • Requirements for the following can be identified
  • Encrypted connections between parties known to
    each other.
  • Third-party authentication and encrypted
    connection establishment when parties are not
    known to each other.

4
Solutions
  • SSH to support encrypted sessions
  • SSL to provide trusted third-party authentication
    and to support encrypted sessions.

5
SSH
  • Secure shell
  • Transparent encryption.
  • Modern, secure encryption algorithms
  • Reliable, fast, and effective
  • Client/server interaction
  • Eliminates .rhosts and hosts.equiv

6
Services Provided
  • Replaces
  • rsh and telnet with ssh
  • rlogin with slogin
  • rcp with scp
  • ftp with sftp
  • Protocols
  • ssh-1
  • ssh-2

7
SSH1 Authentication Mechanisms
  • Kerberos
  • Rhosts (trusted host authentication, insecure)
  • RhostsRSA (trusted host authentication, insecure)
  • Public-key (RSA)
  • TIS
  • Password (various flavors, relatively insecure)

8
SSH2 Authentication Mechanisms
  • Public-key (DSA, RSA, OpenPGP)
  • Hostbased
  • Password

9
Ciphers
  • SSH1
  • 3DES, IDEA, ARCFOUR (alleged RC4), DES
  • SSH2
  • 3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR

10
Port Forwarding
  • SSH can forward or tunnel ports, allowing you to
    run insecure services securely.
  • ssh -L 3002localhost119 news.yoyo.com

11
A Simple Example
  • ssh -l harry harry.sunderland.ac.uk
  • This allows me to log into harry_at_harry.sunderland.
    ac.uk
  • Another way of doing the same thing is
  • ssh harry_at_harry.sunderland.ac.uk

12
Using scp
  • scp harry_at_harry.sunderland.ac.ukmyfile afile
  • This transfers myfile from my home directory on
    harry.sunderland.ac.uk to afile locally.
  • You can also use sftp similarly to ftp.

13
Threats Countered
  • Eavesdropping
  • DNS and IP Spoofing
  • Connection Hijacking
  • Man-in-the-Middle Attacks
  • Insertion Attack

14
SSL
  • Secure Sockets Layer
  • An authentication and encryption technique that
    provides security services to TCP by a
    socket-style API.
  • Relies on certificates issued by a trusted third
    party.
  • Invented by Netscape.
  • Is being replaced by TLS (Transport Layer
    Security)

15
Services Provided
  • Secure http
  • pop
  • imap
  • smtp
  • ftp
  • rmi
  • corba
  • iiop
  • telnet
  • ldap

16
SSL Functions
  • Confidential transmission
  • Message integrity
  • Endpoint authentication

17
How It Works
  • An understanding of how SSL works is necessary to
    use it safely.
  • Uses public key cryptography.
  • Trusted third parties (Certificate Authorities)
    provide the certificates that contain the public
    keys.
  • Supports many encryption algorithms.

18
SSL-Enabled UNIX Clients
  • curl,
  • ethereal,
  • ettercap,
  • lynx,
  • stunnel,
  • gabber,
  • links,
  • mutt,
  • xchat,
  • bitchx,
  • lftp,
  • neon,
  • openldap,
  • openslp,
  • pine,
  • various database managers.
Write a Comment
User Comments (0)
About PowerShow.com