SSH / SSL

1
SSH / SSL

• Supplementary material

2
Secure Shell (SSH)

• One of the primary goals of the ARPANET was
  remote access
• Several different connections allowed
• rlogin
• rcp
• rsh
• All data was unencrypted
• This was a different world than exists today.

3
SSH

• SSH is a UNIX-based command interface and
  protocol for securely accessing a remote computer
  
• Suite of four utilitiesslogin, ssh, sftp, and
  scp
• Can protect against
• IP spoofing
• DNS spoofing
• Intercepting information

4
SSH Objectives

• Protect data sent over the network
• Negotiate an encryption algorithm between sender
  and receiver
• Use that algorithm and a session key to encrypt /
  decrypt data sent
• Provide site authentication
• Use public key / fingerprint to ensure identity
  of remote host.
• Relies on locally generated keys, so no
  certifying authority is generally available.

5
SSH Graphical Client
6
SSH Command Line Client (Linux)
cs490ns-cotter
6
7
SSH CommunicationsUsing password
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname,pwd)
OK
S_key(data)
8
SSH Wire Shark Trace
9
SSH CommunicationsUsing Public Key

• Problems with Password Authentication
• Passwords can be guessed.
• Default allows multiple attempts against account
• Only 1 account / password needs to be guessed
• Alternate approach is to use public / private
  keys to authenticate user
• Public Key Authentication
• Create public / private keypair
• Ensure that private
• Upload public key to server user account
  .ssh/authorized_keys
• ssh o PreferredAuthenticationspublickey
  server.example.org

10
SSH CommunicationsUsing Public Key
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname)
Client_Pub_key(Random)
Client_Pri_key(msg)
Hash(Random)
OK
S_key(data)
cs490ns-cotter
11
sFTP in Linux
cs490ns-cotter
11
12
SFTP
13
SFTP
14
SSH Tunneling

• Use SSH to create an encrypted channel between
  remote host and server
• Use that encrypted channel to carry other traffic.

LAN
www access
Internet
Web Server 192.168.1.10
Local port 12345
SSH Tunnel
15
SSH Tunneling

• ssh L 12345192.168.1.1080 l root homenet.net

16
SSH Tunneling
17
Secure Copy (scp)

• Allows encrypted transfer of files between
  machines
• Download files from server
• scp user_at_server.netmyfile1.txt myfile1.txt
• user_at_server.nets password xxxxx
• Upload files to server
• Scp myfile.txt user_at_server.netmyfile.txt
• user_at_server.nets password xxxxx

18
SSH Passwordless Login

• On remote client
• Create key pair. Store in .ssh subdirectory
• On ssh server
• Modify sshd_config to allow shosts based
  authentication
• Create .shosts file in users subdirectory
• Copy public key from remote client to .ssh
  subdirectory/authorized_keys

19
SSH Passwordless Login
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname)
Client_Pub_key(Random)
Client_Pri_key(msg)
Hash(Random)
OK
S_key(data)
20
SecureSockets Layer (SSL)Transport Layer
Security (TLS)

• Originally developed by Netscape to support
  encrypted access to web servers.
• SSL v3 released 1996.
• Served as the basis for IETF standard TLS (1999)
• Used by major financial institutions for secure
  commerce over the Internet
• Early problem with weak keys resolved with longer
  (128-bit) keys

21
SSL / TLS
Application (www)
SSL / TLS
TCP
IP
22
SSL/TLS Handshake
SSL Client
SSL Server
Client hello Ciphers I have
Server Hello Cipher I choose
Server certificate (S_Pub)
S_Pub(Session_key)
OK
Session_key(data)
OK
23
SSL/TLS Security

• Depends on integrity of public key certificate
• Public Key Infrastructure (PKI)
• Components necessary to securely distribute
  public keys
• Certificate Authorities Organizations that
  certify the relationship between a public key and
  its owner.
• Verisign,Thawte

24
SSL/TLS Implementations

• SSL v2 Still in use
• SSL v3 Most widely deployed
• TLS v1 Starting Deployment
• OpenSSL Linux/UNIX toolkit that supports all 3
  protocols listed above.
• Private Communication Technology (PCT)
• Developed by Microsoft
• Compatible with SSL v2
• Versions are not completely compatible

25
SSL/TLS Vulnerability

• SSL/TLS supports the concept of session
  renegotiation due to errors, requests, etc.
• This feature assumes that the renegotiation is
  with the original party, and any requests or
  messages transmitted before the renegotiation are
  combined (pre-pended) with the requests after
  renegotiation
• This behavior can be abused to allow
  man-in-the-middle attacks
• Demonstrated with https, but the vulnerability
  exists with any application that uses SSL/TLS

26
SSL/TLS Vulnerability
Client
MITM
Server
TLS handshake session 1
TLS handshake session 2
GET /ebanking/paymemoney.cgi? AccLU00000000?amoun
t1000 Ignore-what-comes-now
Trigger renegotiation
X
TLS handshake session 1 continued within the
encrypted session 2
Server receives GET /ebanking/paymemoney.cgi? Ac
cLU00000000?amount1000 Ignore-what-comes-now GE
T /ebanking/ Cookie AS2398648756083745
Client has authenticated session At app layer
(with cookie) GET /ebanking/ Cookie
AS2398648756083745
27
References

• SSH
• SSH Tutorial (http//www.suso.org/docs/shell/ssh.s
  df)
• www.openssh.org
• UNIX Secure Shell Carasik McGraw-Hill, 1999
• SSH Agent Forwarding (unixwiz.net/techtips/ssh-ag
  ent-forwarding.html)
• SSL
• www.openSSL.org
• RFCs 2246, 3546
• SSL Authentication Gap (SSL Gap)
  (http//www.phonefactor.com/sslgap )
• TLS/SSL renegotiation vulnerability explained
  (http//www.g-sec.lu/practicaltls.pdf )

cs490ns-cotter
27
28
SSH RFCs

• 4250 The Secure Shell (SSH) Protocol Assigned
  Numbers.
• S. Lehtinen, C. Lonvick, Ed.. January 2006.
  (Format TXT44010 bytes)
• (Status PROPOSED STANDARD)
• 4251 The Secure Shell (SSH) Protocol
  Architecture.
• T. Ylonen, C. Lonvick, Ed.. January 2006.
  (Format TXT71750 bytes)
• (Status PROPOSED STANDARD)
• 4252 The Secure Shell (SSH) Authentication
  Protocol.
• T. Ylonen, C. Lonvick, Ed.. January 2006.
  (Format TXT34268 bytes)
• (Status PROPOSED STANDARD)
• 4253 The Secure Shell (SSH) Transport Layer
  Protocol.
• T. Ylonen, C. Lonvick, Ed.. January 2006.
  (Format TXT68263 bytes)
• (Status PROPOSED STANDARD)
• 4254 The Secure Shell (SSH) Connection Protocol.
• T. Ylonen, C. Lonvick, Ed.. January 2006.
  (Format TXT50338 bytes)
• (Status PROPOSED STANDARD)
• 4255 Using DNS to Securely Publish Secure Shell
  (SSH) Key Fingerprints.
• J. Schlyter, W. Griffin. January 2006. (Format
  TXT18399 bytes)
• (Status PROPOSED STANDARD)
• 4256 Generic Message Exchange Authentication for
  the Secure Shell Protocol (SSH).

29
Summary

• SSH
• Supports secure remote access to hosts
• SSH secure shell
• SCP secure copy
• SFTP secure file transfer
• SSL
• Provides a framework for incorporating secure
  communications into applications
• Uses strong cryptography
• Can rely on PKI for reliable sharing of public
  keys