SSH - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

SSH

Description:

3: VPN (1 specifically VPN tunneling via SSH) Added SSL since it fits some ... SSH2, F-Secure, and OpenSSH (& Cygwin) SSH2: command line only, ~10 sessions ... – PowerPoint PPT presentation

Number of Views:431
Avg rating:3.0/5.0
Slides: 49
Provided by: pburkh
Category:

less

Transcript and Presenter's Notes

Title: SSH


1
SSH SSL
Peter Burkholder CO-SAGE 14 November 2001
2
Why this talk
  • Co-SAGE interest in SSH and security
  • 5 Security or security tool usage
  • 2 Configuring SSH
  • 3 VPN (1 specifically VPN tunneling via SSH)
  • Added SSL since it fits some niches better

3
Layer model insecure protocols
  • Application layer RSH, Telnet, FTP
  • Transport layer TCP, UDP
  • Network layer IP, IPX, EtherTalk
  • Link layer Ethernet, PPP
  • Physical layer CAT-5 cable, Wireless
  • Network security? Confidentiality, Integrity,
    and Endpoint Authentication

4
Layer model secured protocols
  • Application layer SSH, PGP, Kerberos,
    S-HTTP
  • Transport layer SSL/TLS as extension of
    TCP socket model
  • Network layer IPSec, IPv6
  • Link Layer WEP, PPP/ECP
  • Physical layer Alarmed, pressurized
    conduits
  • The two approaches we will look at today are
    using SSL(TLS) and SSH.

5
SSL Overview
  • SSL (Secure Sockets Layer)
  • Protocol built on top of TCP
  • Encryption, Host Authentication, Integrity
  • Applications can be SSL-enabled
  • SSL ports
  • https (443), smtps (465), nntps (563), ldaps
    (636), imaps (993), pop3s (995), ftps (989990).
  • Netscape SSLv2 in 1994. SSLv3 in 1995. TLS
    (RFC2246) completed in January, 1999.

6
SSH Overview
  • SSH Secure SHell
  • Application-level protocol (v1v2)
  • Encryption, Host user authentication, Integrity
  • Port 22 (w/ port tunneling, X-forwarding)
  • Designed to replace rsh/rcp
  • Tatu Ylonen, first publicly released in July,
    1995. SSHv2 (SECSH) IETF draft published
    February 1997.
  • Reportedly 2 million users by late 2000

7
Network Encryption primitives
  • Symmetric encryption shared session keys, e.g.
    DES, 3DES, AES-Rijndael, Blowfish
  • Asymmetric or public-key encryption RSA,
    ElGamal
  • Message digest one-way hash MD5, SHA
  • Digital signatures DSS, RSA
  • Key Exchange Diffie-Helman

8
SSL, PKI, and Authentication
  • The trickiest part of network security is proving
    the identity of the other end of the connection.
  • For example, I can say that I'm Bill Gates,
    here's my public key, anything I send you with my
    digital signature, you can verify that it is from
    me.
  • True, it is from "me", but a) there's no linkage
    between my public key and my claimed identity,
    and b) anyone else who has that private key can
    also claim to be "me".

9
PKI Public Key Infrastructure
  • PKI relies on "God" to prove identities, where
    "God" is a Certificate Authority (CA). If I can
    prove my identity to a CA (and pay), I'll be
    issued a Digital Certificate my public key
    signed by the CA's private key identifying
    information.
  • If my private key is compromised (or if I fooled
    the CA about my identity), then the CA can add
    the corresponding certificate to a Certificate
    Revocation List (CRL).

10
PKI 2 Certificate Clients
  • Certificates are accepted if signed by a root CA.
    CA root certs are often encoded in the client
    software (IE, Netscape, Opera).
  • Certificates may also be self-signed or signed by
    an unknown CA. The user must exercise discretion
    in accepting or adding certificates.
  • Uses SSL, S/MIME, Signed Software, IpSec/IPv6
    (ISAKMP)
  • Failure points Issuing CRL's and "user
    discretion"
  • Netcraft 1.5 million servers run SSL, but only
    60,000 have 3rd-party signed certificates

11
OpenSSL Introduction
  • SSL RSA's BSAFE, Netscape, Certicom, Sun,...
  • OpenSSL is based on Eric A. Young's SSLeay.
  • Both a cryptographic library and an SSL
    implemention. BSD-style license.
  • "Solid package...but serious lack of
    documentation....SSL implementation is quite
    complex to use properly" ViegaMcGraw2001
  • Implements SSLv2, SSLv3 and TLS

12
OpenSSL Generate Keys
  • Generate keys
  • Only certificate owner knows private key
  • Make RSA key pair, and encrypt
  • openssl genrsa -des3 1024 gt privkey.pem
  • using -des-des3 will encrypt key
  • Generate certificate request
  • Sign certificate
  • Present certificate

13
OpenSSL Certificate Request
  • Generate keys
  • Generate certificate request
  • openssl req -new -key ../private/privkey.pem gt
    www.pburkholder.me.csr
  • enter identifying information when prompted --
    the Common Name must match DNS name
  • Sign certificate
  • Present certificate

14
CA-signed Certificates
  • Generate keys
  • Generate certificate request
  • Certificate signing
  • CAs require documentation. E.g.,
  • Letter of Authorization
  • Proof of Organizational Name / Domain Name
  • Money 125 - 895 per year per server
  • Test certs (free) signed by untrusted root CA
  • Present certificate

15
SSL The Client Perspective
16
OpenSSL Self-signed Certificate
  • Generate keys
  • Generate certificate request
  • Certificate signing
  • openssl req -x509 -key ../private/privkey.pem
    -in www.pburkholder.me.csr gt www.pburkholder.me.cr
    t
  • I am who I am claim to be
  • Clients will generate warnings
  • Present certificate

17
SSL Client Unknown Root Cert
18
OpenSSL Using Certificates
  • Generate keys
  • Generate certificate request
  • Certificate signing
  • Present certificate
  • Modify httpd.conf directives
  • SSLCertificateFile SSL/certs/www.pburkholder.me.c
    rt
  • SSLCertificateKeyFile SSL/private/privkey.pem
  • If encrypted private key, need passphrase on
    start
  • Spoofing only requires private key and certificate

19
OpenSSL Roll-your own CA
  • For developing own software, or small deployments
  • Install root certificate on client browsers
  • To Apache httpd.conf add line
  • AddType application/x-x509-ca-cert .cacert
  • Copy cacert.pem to a web-accessible file, e.g,
    WWW/MyRoot.cacert
  • Point browser to URL. Browser will prompt to
    install

20
Installing a Root Certificate
21
SSL Attacks Dug Song's dsniff
  • dnsspoof /etc/dnspoof.hosts
  • ltmy_host_ipgt login.yahoo.com
  • webmitm -d login.yahoo.com make webmitm.cert

22
STunnel
  • STunnel wrapper for SSL services.
    (www.stunnel.org)
  • Sslwrap -same idea, not as actively developed.
  • As with all SSL services, STunnel needs a
    certificate
  • openssl req -new -x509 -days 365 -nodes -out
    stunnel.pem -keyout stunnel.pem

23
STunnel POP3 Server Client
HOST A
HOST B
ClientPOP3
POP3 Server
port 110
l
localhost110
port 995
STUNNEL
STUNNEL
24
STunnel POP3 server example
  • On Server, an inetd entry to provide pop3 service
    may be something like pop3 stream tcp nowait
    root /usr/sbin/tcpd ipopd
  • You can instead put a service on pop3s
    (995) /usr/sbin/stunnel -r localhostpop3 \ -p
    /path/to/stunnel.pem
  • STunnel will SSL-encrypt on port 995 (pop3s),
    and tunnel the unencrypted traffic to localhost
  • Use /etc/hosts.allow,deny to limit ipop daemon
    to localhost only for SSL-secured POP3 service

25
STunnel on Windows
  • Download openssl.dll and ssleay.dll to
    WIN/system stunnel.exe to a convenient place
  • Test "stunnel -c -d 110 -r mail.server995"
  • As service? Easiest is to create
    stunnel.bat START stunnel -c -d 110 -r
    mail995and run stunnel.bat from Scheduled Tasks
    at user login. But must contend with Command
    window
  • Running as a real service requires add'l software

26
STunnel Debugging
  • Run STunnel with -D 6 (debug level 6) and -f
    (foreground)
  • Use Eric Rescorla's SSLDUMP (rtfm.org)
  • ssldump -k ./stunnel.pem -d -i vmnet1 port 995
  • see all traffic decrypted
  • Note STunnel by default not picky about
    certification

27
SSH
  • If SSL is a toolbox, SSH is a Leatherman
  • Features
  • Encryption AES, ARC4, Blowfish,...
  • Secure logins, remote command, file transfer
  • Authentication Password, PubKey, Host-based,...
  • Access control by host, user
  • Key management
  • Port-forwarding

28
SSH Protocol Version 1
  • Monolithic protocol
  • Authentication by KerberosIV, Rhosts,
    RhostsRSA, Public-Key, TIS/SecureID, Password
    (many flavors)
  • RSA for authentication and key exchange
  • Weaknesses
  • CRC-32 integrity, attacks, keystroke monitoring
    (sshow)
  • SSH-1 still common Licensing, Cost, and First to
    Market. 2 million users estimated

29
SSH Protocol Version 2
  • DSS for authentication, Diffie-Hellman keys
  • Supports x.509 PKI certificates

Server
Client
SSH Connection
SSH Connection
SSH Authentication
SSH Authentication
SSH Transport
SSH Transport
TCP/IP, IPX/SPX, etc.
TCP/IP, IPX/SPX, etc.
Ethernet, etc...
PacketLength
PaddingLength
Payload (compressed)
RandomPadding
IntegrityData (MAC)
encrypted
30
SSH Server implementations
  • OpenSSH (v 3.0 released Nov. 6)
  • SSHv2 and SSHv1
  • Standard implementation for this talk
  • SSH Communications Security SSH3.0.1
  • nix Servers 475 / Windows Servers 565
  • Free servers for non-commercial use
  • F-Secure SSH 2.4.0 (Unix server client)
  • nix Server 594/Windows 834
  • ftp//metalab.unc.edu/pub/packages/security/ssh/

31
Compiling Installing
  • /dev/random or EGD
  • ./configure, make, make install...
  • OpenSSH
  • Requires zlib, OpenSSL
  • ./configure --disable-suid-ssh --with-tcp-wrappers
    --with-pam
  • Potential SetUID binaries for host-base auth
  • OSSH ssh
  • SSH2 ssh-signer

32
Server Configuration
  • Command-line opts
  • Compile-time flags
  • Configuration file (sshd_config)
  • /etc/hosts.equiv /etc/shosts.equiv
  • key files in CONF/
  • ssh_host_dsa_key moduli ltkeygt.pub
  • Host Access
  • ssh_known_hosts /ssh/known_hosts
  • /etc/hosts.allow,deny
  • /etc/nologin
  • User authentication files
  • /.ssh/authorized_keys,
  • .rhosts/.shosts
  • /etc/pam.d/sshd

33
sshd_config - typical settings
  • PermitRootLogin (yes(without-passwdnopwd)forced
    -command-onlyno)
  • StrictModes yes
  • PubkeyAuthentication yes
  • HostbasedAuthentication no v2 /etc/hosts.equiv
  • PasswordAuthentication yes
  • PermitEmptyPasswords no
  • X11Forwarding no ???
  • Allow,DenyUsers,Groups luser_at_rem_machine
  • Protocol 2

34
Running Server
  • Make install runs key generation
  • sshd detaches and forks daemons
  • sshd -d -p ltsome-portgt is great for testing,
    messages to stderr, doesn't fork
  • sshd2 -v -p ltsome-portgt

35
Client basic operation
  • SSH remote logins, remote commands
  • ssh user_at_remotehost.example.com
  • ssh user_at_remotehost "command to run"
  • -v option provides connection details
  • SCP secure copy
  • scp user_at_remoteremote/file ./local/file
  • SFTP secure file transfer (a al FTP)
  • sftp user_at_remote
  • Clients try public-key, then password fallback

36
Using Public-key Authentication
  • ssh client sends public key
  • if server finds key in .ssh(2)/ltfilegt, encrypts a
    challenge to client
  • client with private key, proving ID
  • .ssh/.ssh2 path permissions
  • ssh pb_at_remote host
  • Enter passphrase for key '/home/peter/.ssh/id_dsa'

37
Generate Public-key Pairs
  • Generate a key-pair for each identity
  • ssh-keygen -t dsa (enter passphrase for
    default id )
  • use '-f file' to save to different identity
    files
  • Concatenate public part of key-pair to remote
    account's .ssh/authorized_keys2
  • Place ltpublic-key-filegt in .ssh2/ Add "Key
    ltpublic-key-file" line to .ssh2/authorization
  • OpenSSH's ssh-keygen translates SSH2 format

38
Forced commands
  • ssh -keygen -f pb_command -t dsa
  • /.ssh/authorized_keys2
  • fromlthostgt, command"/bin/cat SSH_ORIGINAL_COMMA
    ND" ...key...
  • /.ssh2/authorization
  • Key pb_command_pubkey no pass-phrase
  • Command "/bin/cat SSH2_ORIGINAL_COMMAND"
  • ssh -i path/to/pb_command_id pb_at_remote
    "file_to_see"

39
Forced commands continued
  • Command gets stdin, args in SSH2_... env var
  • Can also set "environment", "fromhost", etc
  • Enviroment, host restrictions only if script
    called
  • Command executes in user shell, after
    (.profile/.cshrc)
  • Unencrypted private keys and forced commands can
    be used for unattended scripting

40
SSH Key Agents
  • An ssh-agent process stores keys in memory, and
    clients use it to sign authenticators
  • ssh-agent SHELL invoke a subshell -- shell
    dies if agent dies
  • eval 'ssh-agent' process sets env and
    detaches, doesn't die on logout
  • X
  • ssh-agent startx
  • .xsession exec ssh-agent ./.xsession-stuff
  • ssh-add loads identity files, connect at will!

41
Remote Agent Forwarding
ZERO
ONE
TWO
no private keys pubkey authorized for
pb_at_one SSH_AUTH_.. ssh pb_at_two client uses
socket to zero for auth
pubkey authorized for pb_at_zero I'm in!
eval ssh-agent SSH_AUTH_.. ssh-add ssh
pb_at_one
SSH
SSH
Agent
42
SSH Port Forwarding
MYHOST
REMOTEHOST
POP3Server
POP3Client
l
localhost110
port 22
SSHClient
SSHServer
43
Port Forwarding
  • If the TCP client application (whose conx you
    want to forward) is running on local machine, use
    local forwarding. If client is on remote
    machine, use remote forwarding.
  • ssh -Lltlocalportgtlocalhostltremportgt
    pb_at_remote
  • ssh -Rlt
  • X-forwarding happens automatically if server
    accepts local host connections

44
Windows Servers
  • SSH2, F-Secure, and OpenSSH ( Cygwin)
  • SSH2 command line only, 10 sessions
  • VNC server port 5800, runs under Win2k
  • Set VNC registry to allow loopback connect
  • ssh -L5801localhost5800 peter_at_win2k
  • vncviewer localhost5801

45
Windows, Mac Java Clients
  • See snailbook.com. Free Mac clients are weak
  • My favorites are PuTTY for Windows and Mindterm
    (appgate.com) for anything else

46
File Transfer SFTP
  • Handy interface, but s...l...o...w
  • netcat 100Mb random data 35s
  • sftp 100Mb random data 10m51s
  • Barrett Silverman claim 1/4 speed of scp
  • I've seen 1/10 of FTP speed

47
SSL SSH Recommendations
  • SSH is an essential tool for remote
    administration. OpenSSH excellent SSH2 has some
    better configuration options and more advanced
    features. X-forwarding a great feature.
    ssh-agent/forced-command a boon for scripting
  • SSL-enabled apps and PKI becoming ubiquitous. A
    better choice for securing particular apps,
    especially with STunnel

48
Web SSL References
  • Thawte http//www.thawte.com
  • Thawte.Apache SSL Key and CSR Generation
    Instructions. http//www.thawte.com/certs/\server
    /keygen/apachessl.html
  • Frederick Hirsch, SSLeay Certificate Cookbook.
    http//www.ultranet.com/fhirsch/Papers/cook/ssl_c
    ook.html
  • Dug Song's dsniff. http//www.monkey.org/dugsong
    /dsniff/
  • STunnel
  • OpenSSL
Write a Comment
User Comments (0)
About PowerShow.com