Intro to SSH
Upcoming SlideShare
Loading in...5
×
 

Intro to SSH

on

  • 1,596 views

Rochester 2600

Rochester 2600

Statistics

Views

Total Views
1,596
Views on SlideShare
1,596
Embed Views
0

Actions

Likes
1
Downloads
14
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Apple Keynote

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Intro to SSH Intro to SSH Presentation Transcript

  • Using Mongolian Throat Singing AsEntropy for Your SSH keys@PunkrokkRochester Security Podcast @www.syncurity.net
  • What SSH Does Do Prevents Eavsdropping Name Service and IP Spoofing Connection Hi-Jacking MITM
  • What SSH Can’t Do SSH Can not prevent: Password Cracking DOS based IP and TCP Attacks (Syn Floods/TCP RST/TCP desynchronization & hijacking Traffic Analysis Dumbasses
  • SSH System Architecture Source: SSH, The Secure Shell, The Definitive Guide
  • What is CORE SSH? SSH-TRANS SSH-AUTH SSH-CONN
  • SSH-2 Protocol Family Source: SSH, The Secure Shell, The Definitive Guide
  • SSH-TRANSSSH Transport Protocol session ID Server auth* privacy and integrity* data compression* session key exchange* *Negotiable
  • SSH-AUTHpublic keyhost basedpasswordOthers: gssapi, external keyx...
  • Building a SSHConnection• ssh -vv host.foo.net • read config file (~/.ssh/ssh_config) • Protocol version Selection (v2 should be forced)
  • Building a SSHConnection• Key Exchange (2 way) • KEXINIT - exchange and choose compatible encryption suites (e.g. diffie-hellman-group2- sha1) • Outputs: • K = shared secret • H = Exchange Hash (becomes session ID) • Perform Server Auth (comparing with hash fingerprints of known hosts) • Can be repeated after a period of T
  • Building a SSHConnectionKey Exchange (Cont) Choose SSH host Key types (ssh-rsa, ssh- dsa, null (for Kerberos)) Choose Data Encryption Ciphers (none, aes-128-cbc, 3des-cbc...) *extendable for private Ciphers Choose Integrity Algorithms (hmac-md5, hmac-sha1...) * Prevents replay attacks Choose Compression (None, zlib...)
  • Building a SSHConnectionKey Exchange (Cont) Important: All the preceding negotiation is one way -- we could have: Client -> Server: ssh-rsa|aes128-cbc| hmac-md5|none Server -> Client: ssh-dsa|3des-cbc| hmac-sha1|zlib
  • Key Exchange (Cont) The actual Key Exchange debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 520/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 10.0.1.35 is known and matches the RSA host key. debug1: Found key in /Users/jpbourget/.ssh/known_hosts:6 debug2: bits set: 501/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/jpbourget/.ssh/id_rsa (0x0) debug2: key: /Users/jpbourget/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,password
  • Building a SSHConnectionKey Exchange (Cont) At this point we can send our credentials one of these ways: ssh-rsa, ssh-dsa other servers (other than open-SSH) support x509, spki-sign, pgp-sign (rss & dsa options for all password
  • Last SSH-AUTHComment Mitigating MITM Client Sends a RANDOM challenge Server returns challenge signed with it’s host key Client verifies this sig w/the Server/Key binding An attacker can’t spoof the random challenge, nor force the server to return a challenge from a different client = NO MITM or replay attacks
  • SSH-CONN Now that we have the SSH-AUTH and SSH-TRANS bits completed, we now have a SSH-CONN session We can do alot with this: port forwarding shell redirection X redirection tunnelling SCP/SFTP Hack all the protocols!
  • now what? Well Doogie, I have a SSL connection
  • Let’s Setup SomeKeys Key Creation Where do I put my keys? List of places Explanation
  • Let’s Setup SomeKeys Paths to our Keys: Backtrack - ~/.ssh/ Apple OS-X - /Users/ <username>/.ssh Putty - in putty
  • Let’s Setup SomeKeys Copying our key to the server scp /Users/jpbourget/.ssh/id_rsa.pub root@10.0.1.35:/root/.ssh/ authorized_keys Make sure to check if authorized_keys file exists - if so append to it (>>)
  • SSH Key Conn Acheivements Unlocked: m/ Keys Created m/ Keys Copied --> Login With Key
  • Public Key Loginssh-keygen
  • Public Key Logincopy our keyssh -vv root@host
  • Other ssh-tools
  • Other ssh-toolsssh-agent
  • Other ssh-toolsssh-agentssh-keyscan
  • Other ssh-toolsssh-agentssh-keyscanputty
  • Other ssh-toolsssh-agentssh-keyscanputty
  • Tube View
  • Tube Viewmy pcap
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:On the server in /etc/ssh/sshd_config
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:On the server in /etc/ssh/sshd_config Cipher none
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:On the server in /etc/ssh/sshd_config Cipher nonessh -vv -c none root@mr.t.com
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:On the server in /etc/ssh/sshd_config Cipher nonessh -vv -c none root@mr.t.comWait -- our openSSH server won’t start with Ciphernone --- BOO!
  • Tube Viewmy pcapwait -- after the KEXINIT it’s all encrypted you say?well according to ssh man pages you can:On the server in /etc/ssh/sshd_config Cipher nonessh -vv -c none root@mr.t.comWait -- our openSSH server won’t start with Ciphernone --- BOO!
  • Who do you think hasa workaround?
  • Who do you think hasa workaround?
  • Who do you think hasa workaround?
  • PENN STATE?
  • PENN STATE?
  • PENN STATE?
  • PENN STATE?Yea -- if you go to: http://www.psc.edu/networking/projects/hpn-ssh/They have a high performance ssh clientwith capabilites for the “none cipher”- mod to openSSHIF YOU CAN’T GO TO COLLEGE GO TO STATE...
  • CreditsSSH: The Definitive Guide by Barrett,Silverman & ByrnesAn Illustrated Guide to SSH Forwarding http://unixwiz.net/techtips/ssh-agent-forwarding.html#fwd@mubix for Hack Fortress imageMr T
  • Questions?@punkrokk / http://www.syncurity.net Look for writeups of Shmoocon Labs soon on my siteLink to this presentation: http://bit.ly/z5t9aiCheck out the Roc Sec Podcast: http://syncurity.net/?page_id=450 Looking for Episode IdeasBike from Baltimore to Boston in August: www.cycleoverride.orgDefcon Bike Ride: http://bit.ly/z7P8cu