Secure SHell

5,015 views

Published on

Encrypted command-line communication issue

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,015
On SlideShare
0
From Embeds
0
Number of Embeds
134
Actions
Shares
0
Downloads
302
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Secure SHell

  1. Secure SHell Ecrypted command-line communicationcagriCOM08 | Information Security
  2. Content@ Definitions@ What SSH Does@ Core SSH programs@ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication@ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding@ ConclusioncagriCOM08 | Information Security
  3. Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards TrackSSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006cagriCOM08 | Information Security
  4. Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards TrackSSH Communications Security Corp wikipediacagriCOM08 | Information Security
  5. Definition-III StructurecagriCOM08 | Information Security
  6. What SSH doesSecureSHell handles the set up and generation of an encrypted TCP connection.cagriCOM08 | Information Security
  7. What SSH does: which means….......-SSH can handle secure remote logins (ssh)-SSH can handle secure file copy (scp)-SSH can even drive secure FTP (sftp)cagriCOM08 | Information Security
  8. Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh»cagriCOM08 | Information Security
  9. SSH Authentication Methods$ Password$ Public/private keypair$ Host-based authenticationcagriCOM08 | Information Security
  10. I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other>cagriCOM08 | Information Security
  11. II Key-pair Authentication Example without SSH Keys you server ssh sshdcagriCOM08 | Information Security
  12. II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keyscagriCOM08 | Information Security
  13. II Key-pair Authentication public/private key-pair you~/.ssh/id_rsa~/.ssh/id_rsa.pubcagriCOM08 | Information Security
  14. II Key-pair Authentication public/private key-pair Private Key: id_rsa you you~/.ssh/id_rsa~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyonecagriCOM08 | Information Security
  15. II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you~/.ssh/id_rsa~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyonecagriCOM08 | Information Security
  16. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pubcagriCOM08 | Information Security
  17. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keyscagriCOM08 | Information Security
  18. II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other>cagriCOM08 | Information Security
  19. III Host-based Authentication• Doesn’t require user credentials (password or key)• Provides trust based on hostname and user id• User id on both system has to be the same• Disabled by default -- not that usefulcagriCOM08 | Information Security
  20. SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/cagriCOM08 | Information Security
  21. SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostnamecagriCOM08 | Information Security
  22. SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2cagriCOM08 | Information Security
  23. SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2cagriCOM08 | Information Security
  24. SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2cagriCOM08 | Information Security
  25. SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_keycagriCOM08 | Information Security
  26. SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2cagriCOM08 | Information Security
  27. SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2cagriCOM08 | Information Security
  28. SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step!cagriCOM08 | Information Security
  29. SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2cagriCOM08 | Information Security
  30. SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session.cagriCOM08 | Information Security
  31. SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private NetworkcagriCOM08 | Information Security
  32. SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private NetworkcagriCOM08 | Information Security
  33. SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private NetworkcagriCOM08 | Information Security
  34. SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> successcagriCOM08 | Information Security
  35. SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> successcagriCOM08 | Information Security
  36. SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IPcagriCOM08 | Information Security
  37. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel tocagriCOM08 | Information Security
  38. SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> successcagriCOM08 | Information Security
  39. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded portcagriCOM08 | Information Security
  40. SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, SeptembercagriCOM08 | Information Security
  41. SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore.cagriCOM08 | Information Security
  42. ReferencesSSHSecure Shell forWorkstations Windows Client version 3.2.9 User ManualGüvenli kanallardan iletişim ( SSH ) User Manualhttp://en.wikipedia.org/wiki/Secure_SHellhttp://en.wikipedia.org/wiki/Secure_channelhttp://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3bhttp://www.openssh.org/txt/ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/http://www.javakursu.net/sshnedircagriCOM08 | Information Security
  43. Thanks For AttentioncagriCOM08

×