SSH

1
SSH

• Jim Wyllie
• Scott Nykl

2
SSH - Overview

• Secure Shell
• Designed to replace r-tools 1
• rlogin, rsh, rcp
• 3 main attacks 1
• Password eavesdropping
• Man-in-the-middle
• Replay attacks

3
SSH1

• SSH1 -- First incantation of SSH 3
• Created in 1995, obsolete in 1996
• Allowed rhost authentication (not secure)
• Man-in-the-middle

4
SSH2

• What we use today
• More secure session key generation
• Dropped rhost authentication

5
SSH Authentication
6
Authentication Methods

• Public-key (more on this later)
• RhostsRSA (lame)
• Keyboard Interactive
• RSA SecurID
• password

7
Default Authentication Methods

• SSH2
• Client will try to authenticate using
• 1) Host-based method
• 2) Public key authentication
• 3) Keyboard-interactive and password
  authentication

8
Default Authentication Methods

• Host-based method
• If users machine is listed on remote machine
• /etc/hosts.equiv or
• /etc/shosts.equiv
• And user names are the same on both sides
• The user is immediately logged in

9
Default Authentication Methods

• Public Key Authentication
• Using keychain or pagent

10
Default Authentication Methods

• Keyboard-interactive and password authentication
• You all know this one

lt-1337 Haxor
11
Keying System

• Diffie-Hellman key exchange
• Clear-text key transfer
• DH-encrypted session key
• Symmetric keys are faster
• New key exchanged over DH periodically

12
Cool stuff with SSH

• All previous slides were to ensure I covered the
  bases and got a good grade on this presentation
• I really dont care too much about how it works
  (thats for the crypto guys), but what it can do
  for me

13
Public-Key authentication

• Far fewer passwords to memorize
• Robust against brute force guessing
• Easy to grant / deny access to an account
• Creating a key ssh-keygen -t dsa
• Follow the menus

14
Public-key Authentication

• Question What do I do with it now?
• Desktop Copy id_dsa to /.ssh/id_dsa
• Remote box
• cat id_dsa.pub gtgt /.ssh/authorized_keys
• You now have public-key access

15
Public-key Authentication

• Ok, now I type the key password instead of my
  account password. Lame.
• Not if we cache passwords

16
Caching Passwords

• The hard way
• ssh-agent
• Entering a zillion lines
• See 5 for more info about it
• The easy way
• keychain
• Terminal front-end to ssh-agent

17
keychain

• Terminal standard for key mgmt.
• By the folks at Gentoo
• Download / Install
• Paste into /.bashrc
• keychain -q /.ssh/id_rsa
• . /.keychain/HOSTNAME-sh
• Thats it. One password entry.

18
Overview

• So, to use keys
• Use ssh-keygen -t dsa to create public / private
  keys
• Copy / append your public key to any box youre
  going into
• Keep your private key on any box you work from
• Use keychain to stop typing passwords

19
/.ssh/config

• Allows you to set up some cool things
• Aliases for common connections
• jwyllie_at_primus.cs.ohiou.edu -gt primus
• Agent forwarding (a little risky)
• See 6 for my config file example
• man ssh_config

20
X11 Forwarding

• X11 uses sockets to connect
• Sockets can communicate over networks
• You can tunnel X11 GUIs through SSH
• X11Forwarding yes
• Slow over the Internet, fast on a LAN
• Just run any graphical app like normal
• Requires sane xorg.conf

21
SOCKS Proxy

• SSH can act as a SOCKS Proxy
• pr0n at work
• Safari from off-campus
• Point proxy at localhostSSH port
• Wait, what port did SSH use? Its random!
• ssh -D 16950 p1.cs.ohiou.edu

22
SOCKS Proxy
Edit -gt Preferences -gt Connection Settings
23
SOCKS Proxy (PuTTY)

• PuTTY A Free Telnet/SSH Client
• Do what Jim said, but without installing a thing
  (from a windows box)!
• Useful if youre my little brother and want to
  get the ladies

24
SOCKS Proxy

• What does tunnelling web traffic give me?
• Security through wireless access
• safari.oreilly.com remotely
• Privacy through a workplace
• Protection against DNS hijacking
• Bypassing web filters

25
General Tunneling

• You can tunnel anything with SSH
• ssh -L porthosthostport dest
• Starts daemon on port spits traffic out from
  dest to hosthostport
• ssh -R porthosthostport dest
• Port on the remote (server) host is to be
  forwarded to the given host and port on the local
  side (opposite as above)

26
Tunneling -L
27
Tunneling -R
28
General Tunneling

• Remember!!!
• Tunneling forwards traffic through an
  intermediate link
• Slowness may result if this intermediate link is
  slow
• eg, you tunnel pr0n from work through your home
  dialup You will wait!

29
Tunneling examples

• Secure POP over wireless
• ssh -l 110oak.cats.ohiou.edu110 p1
• In /etc/hosts
• oak.cats.ohiou.edu 127.0.0.1
• Or just connect over localhost110
• No more wireless email sniffing
• (PS Dont use POP Use secure IMAP)

30
Tunneling examples

• RSYNC through a blocking firewall
• ssh -l 873rsync.gentoo.org873 p1
• Same deal with /etc/hosts as before
• Hides your RSYNC traffic in SSH

31
SSH as a pipe

• SSH can also act as a simple pipe
• ssh p1 ls -l lists your prime home directory
• cat /dev/cdrom ssh p1 cat - gt my_local_cd.iso

32
Tunnels w/o prompts

• Want all the tunnels without minimized idle SSH
  sessions?
• screen to the rescue
• Puts you in a nested shell
• Ctrla d puts it in the background
• screen -r retrieves it to your terminal
• Barely scratching the surface man screen for more

33
Put it together rbackup

• I use something like this to back up every box I
  control
• tar / bzips your entire box, sends over SSH to a
  remote host for storage
• With cron, can run overnight
• Be careful about security risks!
• tar cjf - / ssh p1 cat /backup.tar.bz2

34
PuTTY

• Collection of useful Windows Utilities that
  provide SSH capability.
• PuTTY - Telnet and SSH client
• PSCP - SCP client, i.e. command-line secure file
  copy
• PSFTP - SFTP client, i.e. general file transfer
  sessions much like FTP
• PuTTYtel - Telnet-only client

35
PuTTY

• Plink - a command-line interface to the PuTTY
  back ends (remember our plink D example)
• Pageant - SSH authentication agent for PuTTY,
  PSCP and Plink
• PuTTYgen (an RSA and DSA key generation utility).

36
Cygwin

• Cygwin is a Linux-like environment for Windows.
  It consists of two parts
• A DLL (cygwin1.dll) which acts as a Linux API
  emulation layer providing substantial Linux API
  functionality.
• A collection of tools which provide Linux look
  and feel.
• This includes SSH and SSHD!

37
Summary

• SSH keys for better authentication
• SOCKS with SSH
• keychain for fewer passwords
• General tunneling for privacy
• SSH pipes
• Remote backups
• SSH can do more than this

38
References

• 1 http//www.vandyke.com/solutions/ssh_overview/
  ssh_overview.pdf
• 2 http//www.tacc.utexas.edu/services/userguides
  /ssh_detailed/
• 3 http//en.wikipedia.org/wiki/Secure_Shell
• 4 RFC 4251
• 5 http//www.securityfocus.com/infocus/1812
• 6 http//irg.cs.ohiou.edu/jwyllie/ssh_config
• 7 http//http//www.hmug.org/man/1/ssh.php
• 8 http//www.chiark.greenend.org.uk/sgtatham/pu
  tty/

39
(No Transcript)