This document provides an overview of secure shell (SSH) including what it does and does not do, its system architecture, key components like SSH-TRANS, SSH-AUTH and SSH-CONN, and the process of building an SSH connection. It also discusses setting up SSH keys, copying keys to servers, using SSH agents, key scanning tools and other SSH tools. While the document discusses decrypting SSH traffic by disabling encryption, it notes this is not possible with OpenSSH and provides an alternative high performance SSH client that allows decryption. It concludes by providing credits and soliciting questions.

1. Using Mongolian Throat Singing As
Entropy for Your SSH keys
@Punkrokk
Rochester Security Podcast @
www.syncurity.net

2. What SSH Does Do
Prevents
Eavsdropping
Name Service and IP Spoofing
Connection Hi-Jacking
MITM

3. What SSH Can’t Do
SSH Can not prevent:
Password Cracking
DOS based IP and TCP Attacks (Syn
Floods/TCP RST/TCP desynchronization
& hijacking
Traffic Analysis
Dumbasses

4. SSH System Architecture
Source: SSH, The Secure Shell, The Definitive Guide

5. What is CORE SSH?
SSH-TRANS
SSH-AUTH
SSH-CONN

6. SSH-2 Protocol Family
Source: SSH, The Secure Shell, The Definitive Guide

7. SSH-TRANS
SSH Transport Protocol
session ID
Server auth*
privacy and integrity*
data compression*
session key exchange*
*Negotiable

8. SSH-AUTH
public key
host based
password
Others: gssapi, external keyx...

9. Building a SSH
Connection
• ssh -vv host.foo.net
• read config file (~/.ssh/ssh_config)
• Protocol version Selection (v2 should
be forced)

10. Building a SSH
Connection
• Key Exchange (2 way)
• KEXINIT - exchange and choose compatible
encryption suites (e.g. diffie-hellman-group2-
sha1)
• Outputs:
• K = shared secret
• H = Exchange Hash (becomes session ID)
• Perform Server Auth (comparing with hash
fingerprints of known hosts)
• Can be repeated after a period of T

11. Building a SSH
Connection
Key Exchange (Cont)
Choose SSH host Key types (ssh-rsa, ssh-
dsa, null (for Kerberos))
Choose Data Encryption Ciphers (none,
aes-128-cbc, 3des-cbc...) *extendable for
private Ciphers
Choose Integrity Algorithms (hmac-md5,
hmac-sha1...) * Prevents replay attacks
Choose Compression (None, zlib...)

12. Building a SSH
Connection
Key Exchange (Cont)
Important: All the preceding
negotiation is one way -- we could
have:
Client -> Server: ssh-rsa|aes128-cbc|
hmac-md5|none
Server -> Client: ssh-dsa|3des-cbc|
hmac-sha1|zlib

13. Key Exchange (Cont)
The actual Key Exchange
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.1.35' is known and matches the RSA host key.
debug1: Found key in /Users/jpbourget/.ssh/known_hosts:6
debug2: bits set: 501/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/jpbourget/.ssh/id_rsa (0x0)
debug2: key: /Users/jpbourget/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password

14. Building a SSH
Connection
Key Exchange (Cont)
At this point we can send our
credentials one of these ways:
ssh-rsa, ssh-dsa
other servers (other than open-SSH)
support x509, spki-sign, pgp-sign
(rss & dsa options for all
password

15. Last SSH-AUTH
Comment
Mitigating MITM
Client Sends a RANDOM challenge
Server returns challenge signed with it’s host
key
Client verifies this sig w/the Server/Key binding
An attacker can’t spoof the random challenge, nor
force the server to return a challenge from a
different client = NO MITM or replay attacks

16. SSH-CONN
Now that we have the SSH-AUTH and SSH-TRANS
bits completed, we now have a SSH-CONN session
We can do alot with this:
port forwarding
shell redirection
X redirection
tunnelling
SCP/SFTP
Hack all the protocols!

17. now what?
Well
Doogie,
I have a
SSL
connection

18. Let’s Setup Some
Keys
Key Creation
Where do I put my keys?
List of places
Explanation

19. Let’s Setup Some
Keys
Paths to our Keys:
Backtrack - ~/.ssh/
Apple OS-X - /Users/
<username>/.ssh
Putty - in putty

20. Let’s Setup Some
Keys
Copying our key to the server
scp /Users/jpbourget/.ssh/id_rsa.pub
root@10.0.1.35:/root/.ssh/
authorized_keys
Make sure to check if
authorized_keys file exists - if so
append to it (>>)

21. SSH Key Conn
Acheivements Unlocked:
m/ Keys Created
m/ Keys Copied
--> Login With Key

22. Public Key Login
ssh-keygen

23. Public Key Login
copy our key
ssh -vv root@host

24. Other ssh-tools

25. Other ssh-tools
ssh-agent

26. Other ssh-tools
ssh-agent
ssh-keyscan

27. Other ssh-tools
ssh-agent
ssh-keyscan
putty

28. Other ssh-tools
ssh-agent
ssh-keyscan
putty

29. Tube View

30. Tube View
my pcap

31. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?

32. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:

33. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config

34. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none

35. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com

36. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com
Wait -- our openSSH server won’t start with Cipher
none --- BOO!

37. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com
Wait -- our openSSH server won’t start with Cipher
none --- BOO!

38. Who do you think has
a workaround?

39. Who do you think has
a workaround?

40. Who do you think has
a workaround?

41. PENN STATE?

42. PENN STATE?

43. PENN STATE?

44. PENN STATE?
Yea -- if you go to: http://
www.psc.edu/networking/projects/hpn-
ssh/
They have a high performance ssh client
with capabilites for the “none cipher”
- mod to openSSH
IF YOU CAN’T GO TO COLLEGE GO TO STATE...

45. Credits
SSH: The Definitive Guide by Barrett,
Silverman & Byrnes
An Illustrated Guide to SSH Forwarding http://
unixwiz.net/techtips/ssh-agent-
forwarding.html#fwd
@mubix for Hack Fortress image
Mr T

46. Questions?
@punkrokk / http://www.syncurity.net
Look for writeups of Shmoocon Labs soon on my site
Link to this presentation: http://bit.ly/z5t9ai
Check out the Roc Sec Podcast: http://syncurity.net/?
page_id=450
Looking for Episode Ideas
Bike from Baltimore to Boston in August: www.cycleoverride.org
Defcon Bike Ride: http://bit.ly/z7P8cu