SlideShare a Scribd company logo

Secure SHell

Download as PPTX, PDF
Ç
Çağrı Çakır

Encrypted command-line communication issue

Technology
1 of 43
Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
Definition-III Structure cagriCOM08 | Information Security
What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security
Thanks For Attention cagriCOM08

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH
SSHSSH
SSHZach Dennis
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH
SSHSSH
SSHZach Dennis
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure ShellWILLA REYES
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
DHCP
DHCPDHCP
DHCPselvakumar_b1985
 
Nfs
NfsNfs
NfsWaqas !!!!
 
802.1x
802.1x802.1x
802.1xakruthi k
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Dhcp
DhcpDhcp
DhcpTapan Khilar
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
SSL
SSLSSL
SSLtheekuchi
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxySANKET SENAPATI
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcpduraimurugan89
 
Nfs
NfsNfs
Nfstmavroidis
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routingOlivier Bonaventure
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 

More Related Content

What's hot

ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure ShellWILLA REYES
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSECAPNIC
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 

What's hot (20)

ssh.ppt
ssh.pptssh.ppt
ssh.ppt
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure Shell
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
 
DHCP
DHCPDHCP
DHCP
 
Nfs
NfsNfs
Nfs
 
802.1x
802.1x802.1x
802.1x
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
 
Dhcp
DhcpDhcp
Dhcp
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
SSL
SSLSSL
SSL
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxy
 
Linux User Management
Linux User ManagementLinux User Management
Linux User Management
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcp
 
Nfs
NfsNfs
Nfs
 
9 ipv6-routing
9 ipv6-routing9 ipv6-routing
9 ipv6-routing
 
Server configuration
Server configurationServer configuration
Server configuration
 

Viewers also liked

Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

Viewers also liked (20)

PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duo
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Similar to Secure SHell

Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Ssh
SshSsh
Sshgh02
 

Similar to Secure SHell (20)

Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Configure ssh cell
Configure ssh cellConfigure ssh cell
Configure ssh cell
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IO
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Ssh
SshSsh
Ssh
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Secure SHell

  • 1. Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
  • 2. Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
  • 3. Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
  • 4. Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
  • 5. Definition-III Structure cagriCOM08 | Information Security
  • 6. What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
  • 7. What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
  • 8. Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
  • 9. SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
  • 10. I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
  • 11. II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
  • 12. II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
  • 13. II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 14. II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
  • 15. II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
  • 16. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 17. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
  • 18. II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
  • 19. III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
  • 20. SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
  • 21. SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
  • 22. SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
  • 23. SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
  • 24. SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
  • 25. SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
  • 26. SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
  • 27. SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
  • 28. SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
  • 29. SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
  • 30. SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
  • 31. SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
  • 32. SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 33. SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 34. SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 35. SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 36. SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
  • 37. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
  • 38. SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
  • 39. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
  • 40. SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
  • 41. SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
  • 42. References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security