Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure shell protocol

Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.

  • Login to see the comments

  • Be the first to like this

Secure shell protocol

  1. 1. P D N T S P A
  2. 2. By B. Sai Anirudh 1005-11-735027
  3. 3.  Introduction  History  Functions  Architecture  Protect against  Disadvantages  Conclusion  References
  4. 4.  a network protocol  allows secure communication between two computers  Shell-a command line interface present on every computer, used to log into a remote machine and execute commands
  5. 5.  Encryption provides confidentiality and integrity of data  uses public-key cryptography
  6. 6.  Tatu Ylonen designed the first version of the protocol (SSH-1) in 1995  Goal of SSH is to replace the earlier rlogin, TELNET and rsh  It was made as open source later and gained popularity
  7. 7.  In 1996 SSH-2 was designed which is incompatible with previous version  SSH-2 featured both security and feature improvements over SSH-1 Better security through Diffie-Hellman key exchange Strong integrity checking via message authentication codes
  8. 8.  Bjorn Gronvall's OSSH developed from this codebase  “Portability" branch was formed to port OpenSSH to other operating systems  As of 2005  OpenSSH is the single most popular ssh implementation  The default in a large number of operating systems.  OSSH meanwhile has become obsolete  In 2006, SSH-2 protocol became a proposed Internet standard
  9. 9. 1) Secure Command Shell 2) Port Forwarding 3) Secure file transfer.
  10. 10.  Allow you to edit files.  View the contents of directories.  Custom based applications.  Create user accounts.  Change permissions.  Anything can be done from command prompt can be done remotely and securely.
  11. 11.  provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in-house applications.  allows data from normally unsecured TCP/IP applications to be secured.
  12. 12.  A subsystem of the Secure Shell protocol.  to handle file transfers.  encrypts both the username/password and the data being transferred.  Uses the same port as the Secure Shell server, eliminating the need to open another port on the firewall or router.
  13. 13.  The SSH-2 protocol has a clean internal architecture with well-separated layers:  Transport Layer  User Authentication Layer  Connection Layer  Defined in “RFC 4251”
  14. 14.  Handles initial key exchange and server authentication  sets up encryption, compression and integrity verification.  It exposes to the upper layer an interface for sending and receiving plaintext packets of up to 32kb  also arranges for key re-exchange
  15. 15.  It handles client authentication  Provides a number of authentication methods.  Authentication is client-driven
  16. 16.  Password  Public key  Keyboard-interactive  GSSAPI authentication
  17. 17.  A method for straightforward password authentication  Includes a facility allowing a password to be changed
  18. 18.  A method for public key-based authentication  Symmetric key (secret)  Asymmetric key (public and private)
  19. 19.  The server sends one or more prompts to enter information  The client displays them and sends back responses keyed-in by the user  Used to provide one-time password authentication such as S/Key or SecurID.  Used by some OpenSSH configurations when PAM is the underlying host authentication provider to effectively provide password authentication
  20. 20.  Stands for Generic Security Services Application Program Interface.  the exchange of opaque messages (tokens) which hide the implementation detail from the higher-level application.
  21. 21.  Defines the concept of channels, channel requests and global requests using which SSH services are provided.  A single SSH connection can host multiple channels simultaneously, in duplex mode  Channel requests are used to relay out-of-band channel specific data, such as the changed size of a terminal window or the exit code of a server-side process.  The SSH client requests a server-side port to be forwarded using a global request.
  22. 22.  IPS Spoofing  DNS Spoofing  IP Source Routing
  23. 23.  Dynamic ports cannot be forwarded.  Sometimes port forwarding also introduces security problems.  A client on the internet that uses SSH to access the intranet, can expose the intranet by port forwarding.
  24. 24.  As compared to the other link, network, and application security measures like IPsec, n PGP, Secure Shell is relatively secure, reliable, quick and easy.  By deploying Secure Shell, companies create a comprehensive general-purpose tunneling platform that can be used to implement a wide variety of security policies, ensuring the privacy, authenticity, authorization and integrity of many different applications.
  25. 25.  [1] Cusack, F. and Forssen, M. "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)," RFC 4256, January 2006.  [2] Lehtinen, S. and Lonvick, C., "The Secure Shell (SSH) Protocol Assigned Numbers," RFC 4250, January 2006.  [3] JSchlyter, J. and Griffin, W. "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints," RFC 4255, January 2006.  [4] Ylonen, T., "SSH – Secure Login Connections over the Internet," Proceedings, Sixth USENIX UNIX Security Symposium, July 1996.