SlideShare a Scribd company logo

Secure SHell

Download as PPTX, PDF
Ç
Çağrı Çakır

Encrypted command-line communication issue

Technology
1 of 43
Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
Definition-III Structure cagriCOM08 | Information Security
What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security
Thanks For Attention cagriCOM08

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSLRitaThakkar1
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 

More Related Content

What's hot

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 

What's hot (20)

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Ipsec
IpsecIpsec
Ipsec
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
SSL intro
SSL introSSL intro
SSL intro
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
802.1x
802.1x802.1x
802.1x
 
Pgp
PgpPgp
Pgp
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Email security
Email securityEmail security
Email security
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 

Viewers also liked

Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

Viewers also liked (20)

PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duo
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
SSH
SSHSSH
SSH
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Similar to Secure SHell

Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Ssh
SshSsh
Sshgh02
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowNovell
 

Similar to Secure SHell (20)

Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Configure ssh cell
Configure ssh cellConfigure ssh cell
Configure ssh cell
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IO
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Ssh
SshSsh
Ssh
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Secure SHell

  • 1. Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
  • 2. Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
  • 3. Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
  • 4. Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
  • 5. Definition-III Structure cagriCOM08 | Information Security
  • 6. What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
  • 7. What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
  • 8. Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
  • 9. SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
  • 10. I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
  • 11. II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
  • 12. II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
  • 13. II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 14. II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
  • 15. II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
  • 16. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 17. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
  • 18. II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
  • 19. III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
  • 20. SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
  • 21. SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
  • 22. SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
  • 23. SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
  • 24. SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
  • 25. SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
  • 26. SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
  • 27. SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
  • 28. SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
  • 29. SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
  • 30. SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
  • 31. SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
  • 32. SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 33. SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 34. SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 35. SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 36. SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
  • 37. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
  • 38. SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
  • 39. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
  • 40. SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
  • 41. SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
  • 42. References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security