SlideShare a Scribd company logo

Meeting 5.2 : ssh

Syaiful Ahdan
Syaiful Ahdan

The document discusses Secure Shell (SSH), which provides secure remote login and file transfer capabilities over insecure networks. It describes the SSH-1 and SSH-2 protocols, including their key exchanges, authentication methods, and components. Vulnerabilities are outlined for each version. SSH tools for Linux and Windows are also mentioned.

Education
1 of 19
Download to read offline
TCP/IP Protocol Suite 1 11 to Computer Network Administration Secure Shell (SSH)  Introduction SSH  SSH-1 protocol exchange  SSH-2 protocol  SSH-1 vs SSH-2  Vulnerabilities in SSH  SSH Tools  Component SSH  Port Forwarding  Format of the SSH Packet
TCP/IP Protocol Suite 2 22 to  To introduce SSH as an alternative to TELNET.  To show how different components of SSH are combined to provide a secure connection over an insecure TCP connection.  To discuss port-forwarding in SSH and how it can be used to provide security for other applications. 2
TCP/IP Protocol Suite 3 33 to  Introduction SSH  SSH-1 protocol exchange  SSH-2 protocol  SSH-1 vs SSH-2  Vulnerabilities in SSH  SSH Tools  Component SSH  Port Forwarding  Format of the SSH Packet 3
TCP/IP Protocol Suite 4 44 to SECURE SHELL (SSH) Another popular remote login application program is Secure Shell (SSH). SSH, like TELNET, uses TCP as the underlying transport protocol, but SSH is more secure and provides more services than TELNET. 4
TCP/IP Protocol Suite 5 55 to Secure What.. ?  ‘Secure shell is a de facto standard for remote logins and encrypted file transfers.’ [SSH communications inc.]  Founded in 1995 by Tatu Ylonen, a researcher at Helsinki University of Technology, Finland  It provides authentication and encryption for business critical applications to work securely over the internet.  Originally introduced for UNIX terminals as a replacement for the insecure remote access “Berkeley services" , viz. rsh, rlogin, rcp, telnet, etc.  It can also be used for port forwarding of arbitrary TCP/IP or X11 connections (interactive terminals)  It is a layer over TCP/IP and runs on the port 22. 5
TCP/IP Protocol Suite 6 66 to Why SSH?  The three core security requirements for a remote access technology – confidentiality, integrity and authentication  Most of the earlier technologies lack confidentiality and integrity. For e.g Telnet and FTP transmit username and passwords in cleartext.  They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.  Secure shell satisfies all the three requirements by using:  Data Encryption to provide confidentiality  Host-based and (or) client-based authentication  Data integrity using MACs and hashes 8/5/2019
TCP/IP Protocol Suite 7 77 to Flavors of SSH  There are two incompatible versions of the SSH protocol: SSH-1 and SSH-2  SSH-2 was introduced in order to fix several bugs in SSH-1 and also includes several new features  Both versions have technical glitches and are vulnerable to known attacks (discussed later)  SSH-1 is more popular nowadays due to licensing issues with SSH-2  OpenSSH is a free version of the SSH with open source code development. It supports both the versions and mainly used in UNIX environment. 7
TCP/IP Protocol Suite 8 88 to The SSH-1 protocol exchange Client Server Opens a TCP connection to port 22 SSH protocol version exchange e.g ASCII :” SSH-1.5-1.2.27” Server identification {H+S+list of ciphers and authentication methods+cookie} + session parameters Selected data cipher +encrypted session key K(H,S) +cookie Server acknowledgement encrypted with K Secure connection established! Server authenticated H – host key ; S- Server Key ; cookie- sequence of 8 random bytes; K- session key 8
TCP/IP Protocol Suite 9 99 to The SSH-1 protocol exchange (contd.)  Once secure connection is established, client attempts to authenticate itself to server.  Some of the authentication methods used are:  Kerberos  RHosts and RHostsRSA  Public key  Password based authentication (OTP)  Integrity checking is provided by means of a weak CRC -32  Compression is provided using the “deflate” algorithm of GNU gzip utility. It is beneficial for file transfer utilities such as ftp, scp, etc. 9
TCP/IP Protocol Suite 10 1010 to The SSH-2 protocol  SSH-1 is monolithic, encompassing multiple functions into a single protocol whereas SSH-2 has been separated into modules and consists of 3 protocols:  SSH Transport layer protocol (SSH-TRANS) : Provides the initial connection, packet protocol, server authentication and basic encryption and integrity services.  SSH Authentication protocol (SSH-AUTH) : Verifies the client’s identity at the beginning of an SSH-2 session, by three authentication methods: Public key, host based and password.  SSH Connection protocol (SSH-CONN) : It permits a number of different services to exchange data through the secure channel provided by SSH-TRANS.  A fourth protocol SSH protocol architecture (SSH-ARCH) describes the overall architecture.  All the protocols are still in the draft stage. 10
TCP/IP Protocol Suite 11 1111 to The SSH-2 protocol (contd.) TCP/IP SSH-TRANS Binary Packet Protocol Negotiated Encryption Protocol Negotiated Compression Protocol SSH-CONN Connection Protocol X11TCP Port Forwarding SSH-USERAUTH Authentication Protocol Layering of SSH-2 Protocols SSHVersion Identification Pseudo- Terminal Algorithm Negotiation (compression, encryption) KeyExchange (eg. Diffie- Hellman) Challenge- Response Pass- word Public- key Keyboard- Interactive Password
TCP/IP Protocol Suite 12 1212 to SSH-1 vs SSH-2 SSH-2 SSH-1 Separate transport, authentication and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check No server keys needed due to Diffie Hellman Key exchange Server key used for forward secrecy on the session key Supports public key certificates N/A Algorithms used: DSA, DH, SHA-1, MD5, 3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR RSA, MD5, CRC-32, 3DES, IDEA, ARCFOUR, DES Periodic replacement of session keys N/A 12
TCP/IP Protocol Suite 13 1313 to Is SSH really secure?  Secure shell does counter certain types of attacks such as:  Eavesdropping  Name service and IP spoofing  Connection hijacking  MITM  Insertion attack  However it fails against these attacks:  Password cracking  IP and TCP attacks  SYN flooding  TCP RST, bogus ICMP  TCP desynchronization and hijacking  Traffic analysis  Covert channels 13
TCP/IP Protocol Suite 14 1414 to Some known vulnerabilities in SSH  OpenSSH Challenge-Response Authentication Buffer Overflow: A hostile modification to the SSH client floods the server with authentication responses and causes a buffer overflow. [SSH-2]  Passive analysis of SSH traffic: It lets the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions. [SSH-1 & SSH-2]  Key recovery in SSH protocol 1.5 : This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form. [SSH-1]  CRC-32 integrity check vulnerability : It is based on the weakness of the CRC-32 integrity that becomes exploitable due to CBC and CFB feedback modes [SSH-1] 14
TCP/IP Protocol Suite 15 1515 to SSH tools  There are several commercial and freeware SSH tools for UNIX and windows platforms  Windows –  PuTTY  TeraTerm  SecureCRT  UNIX –  The RedHat Linux package and OpenBSD come alongwith tools such as ssh, sshd(daemon), scp(secure copy), sftp(secure ftp), etc.  OpenSSH 15
TCP/IP Protocol Suite 16 1616 to Figure 20.17 Components of SSH 16
TCP/IP Protocol Suite 17 1717 to Figure 20.18 Port forwarding 17
TCP/IP Protocol Suite 18 1818 to Figure 20.19 SSH packet format 18
TCP/IP Protocol Suite 19 1919 to Bibiliography [1] ‘Securing remote connections with SSH’ – a white paper by SSH communications Security corp. [2] Red Hat tutorials – Chapter 10 SSH : http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref- guide/ch-ssh.html [3] SSH tools - http://bach.dynet.com/sshtools/ [4] ’Firewalling a Secure Shell Service’ – a white paper http://www.esat.kuleuven.ac.be/~joclaess/pub/ceci2001.pdf [5] Cisco Security Advisory: Multiple SSH Vulnerabilities –http://www.cisco.com/warp/public/707/SSH-multiple- pub.html [6] SSH -The Secure Shell :The definitive guide Daniel Barrett & Richard E. Silvermann (O’Reilly publications) [7] ‘Analysis of a Secure Shell vulnerability’ - James M. Mike Anthis A white paper 19

Recommended

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ethernet
EthernetEthernet
EthernetArpiSaxena1
 
Network Adapter
Network AdapterNetwork Adapter
Network AdapterAnkit Agrawal
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Computer Security Lecture 5: Simplified Advanced Encryption Standard
Computer Security Lecture 5: Simplified Advanced Encryption StandardComputer Security Lecture 5: Simplified Advanced Encryption Standard
Computer Security Lecture 5: Simplified Advanced Encryption StandardMohamed Loey
 
TCP - Transmission Control Protocol
TCP - Transmission Control ProtocolTCP - Transmission Control Protocol
TCP - Transmission Control ProtocolPeter R. Egli
 
Switching
SwitchingSwitching
Switchingsheekha_11
 

Recommended

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ethernet
EthernetEthernet
EthernetArpiSaxena1
 
Network Adapter
Network AdapterNetwork Adapter
Network AdapterAnkit Agrawal
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Computer Security Lecture 5: Simplified Advanced Encryption Standard
Computer Security Lecture 5: Simplified Advanced Encryption StandardComputer Security Lecture 5: Simplified Advanced Encryption Standard
Computer Security Lecture 5: Simplified Advanced Encryption StandardMohamed Loey
 
TCP - Transmission Control Protocol
TCP - Transmission Control ProtocolTCP - Transmission Control Protocol
TCP - Transmission Control ProtocolPeter R. Egli
 
Switching
SwitchingSwitching
Switchingsheekha_11
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Arp
ArpArp
Arpleehylton
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerFaizan Shaikh
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Https
HttpsHttps
HttpsPooya Sagharchiha
 
User datagram protocol (udp)
User datagram protocol (udp)User datagram protocol (udp)
User datagram protocol (udp)Ramola Dhande
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram ProtocolPeter R. Egli
 
Tcp ip
Tcp ipTcp ip
Tcp ipPrincipal,Guru Nanak Institute of Technology, Nagpur
 
Circuit and packet_switching
Circuit and packet_switchingCircuit and packet_switching
Circuit and packet_switchinghoanv
 
SOME_IP_29408.pdf
SOME_IP_29408.pdfSOME_IP_29408.pdf
SOME_IP_29408.pdfRaghuKiran29
 
Transport layer protocol
Transport layer protocolTransport layer protocol
Transport layer protocolN.Jagadish Kumar
 
Skype
SkypeSkype
SkypeAbhishek Jaisingh
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
RSA Signature Verification
RSA Signature VerificationRSA Signature Verification
RSA Signature VerificationGeorgeCallow
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
Steps to build and run oai
Steps to build and run oaiSteps to build and run oai
Steps to build and run oaissuser38b887
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
Icmp
IcmpIcmp
IcmpAbhishek Kesharwani
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptPandiya Rajan
 
Ssh
SshSsh
Sshgh02
 

More Related Content

What's hot

Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerFaizan Shaikh
 
User datagram protocol (udp)
User datagram protocol (udp)User datagram protocol (udp)
User datagram protocol (udp)Ramola Dhande
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram ProtocolPeter R. Egli
 
Circuit and packet_switching
Circuit and packet_switchingCircuit and packet_switching
Circuit and packet_switchinghoanv
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
RSA Signature Verification
RSA Signature VerificationRSA Signature Verification
RSA Signature VerificationGeorgeCallow
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
 
Steps to build and run oai
Steps to build and run oaiSteps to build and run oai
Steps to build and run oaissuser38b887
 

What's hot (20)

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Arp
ArpArp
Arp
 
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemTutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi Subsystem
 
Tcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication headerTcp header/IP Header/Authentication header
Tcp header/IP Header/Authentication header
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Https
HttpsHttps
Https
 
User datagram protocol (udp)
User datagram protocol (udp)User datagram protocol (udp)
User datagram protocol (udp)
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram Protocol
 
Tcp ip
Tcp ipTcp ip
Tcp ip
 
Circuit and packet_switching
Circuit and packet_switchingCircuit and packet_switching
Circuit and packet_switching
 
SOME_IP_29408.pdf
SOME_IP_29408.pdfSOME_IP_29408.pdf
SOME_IP_29408.pdf
 
Transport layer protocol
Transport layer protocolTransport layer protocol
Transport layer protocol
 
Skype
SkypeSkype
Skype
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
RSA Signature Verification
RSA Signature VerificationRSA Signature Verification
RSA Signature Verification
 
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
 
Steps to build and run oai
Steps to build and run oaiSteps to build and run oai
Steps to build and run oai
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
Icmp
IcmpIcmp
Icmp
 

Similar to Meeting 5.2 : ssh

Ssh
SshSsh
Sshgh02
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Team 5 presentation
Team 5 presentationTeam 5 presentation
Team 5 presentationrob420
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Ports and services
Ports and servicesPorts and services
Ports and servicesIlan Mindel
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & groupSourav Roy
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure ShellWILLA REYES
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Hannes Tschofenig
 

Similar to Meeting 5.2 : ssh (20)

SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Ssh
SshSsh
Ssh
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentation
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Team 5 presentation
Team 5 presentationTeam 5 presentation
Team 5 presentation
 
Secure shell
Secure shellSecure shell
Secure shell
 
Ports and services
Ports and servicesPorts and services
Ports and services
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
ssl
sslssl
ssl
 
Remote1
Remote1Remote1
Remote1
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & group
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure Shell
 
Protocols
Protocols Protocols
Protocols
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3Advancing IoT Communication Security with TLS and DTLS v1.3
Advancing IoT Communication Security with TLS and DTLS v1.3
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 

More from Syaiful Ahdan

Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391Syaiful Ahdan
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...Syaiful Ahdan
 
Sertifikat ec00202059774
Sertifikat ec00202059774Sertifikat ec00202059774
Sertifikat ec00202059774Syaiful Ahdan
 
Sertifikat ec00202059775
Sertifikat ec00202059775Sertifikat ec00202059775
Sertifikat ec00202059775Syaiful Ahdan
 
Sertifikat EC00202045078
Sertifikat EC00202045078Sertifikat EC00202045078
Sertifikat EC00202045078Syaiful Ahdan
 
Sertifikat EC00202044723
Sertifikat EC00202044723 Sertifikat EC00202044723
Sertifikat EC00202044723Syaiful Ahdan
 
Sertifikat EC00202023523
Sertifikat EC00202023523Sertifikat EC00202023523
Sertifikat EC00202023523Syaiful Ahdan
 
Sertifikat EC00201826309
Sertifikat EC00201826309Sertifikat EC00201826309
Sertifikat EC00201826309Syaiful Ahdan
 
Sertifikat EC00202023149
Sertifikat EC00202023149Sertifikat EC00202023149
Sertifikat EC00202023149Syaiful Ahdan
 
Sertifikat EC00202022868
Sertifikat EC00202022868Sertifikat EC00202022868
Sertifikat EC00202022868Syaiful Ahdan
 
Sertifikat EC00202021343
Sertifikat EC00202021343Sertifikat EC00202021343
Sertifikat EC00202021343Syaiful Ahdan
 
Sertifikat EC00202022755
Sertifikat EC00202022755Sertifikat EC00202022755
Sertifikat EC00202022755Syaiful Ahdan
 
Sertifikat EC00201987196
Sertifikat EC00201987196Sertifikat EC00201987196
Sertifikat EC00201987196Syaiful Ahdan
 
Sertifikat EC00201856484
Sertifikat EC00201856484Sertifikat EC00201856484
Sertifikat EC00201856484Syaiful Ahdan
 
Sertifikat EC00201856352
Sertifikat EC00201856352Sertifikat EC00201856352
Sertifikat EC00201856352Syaiful Ahdan
 
Sertifikat EC00201856994
Sertifikat EC00201856994Sertifikat EC00201856994
Sertifikat EC00201856994Syaiful Ahdan
 
Sertifikat EC00201856895
Sertifikat EC00201856895Sertifikat EC00201856895
Sertifikat EC00201856895Syaiful Ahdan
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administratorSyaiful Ahdan
 

More from Syaiful Ahdan (20)

Sertifikat EC00202128391
Sertifikat EC00202128391 Sertifikat EC00202128391
Sertifikat EC00202128391
 
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
SP2JPB - Aplikasi Sistem Pelayanan Pemesanan Jasa Perbaikan Pada Bengkel Alam...
 
Sertifikat ec00202059774
Sertifikat ec00202059774Sertifikat ec00202059774
Sertifikat ec00202059774
 
Sertifikat ec00202059775
Sertifikat ec00202059775Sertifikat ec00202059775
Sertifikat ec00202059775
 
Sertifikat EC00202045078
Sertifikat EC00202045078Sertifikat EC00202045078
Sertifikat EC00202045078
 
Sertifikat EC00202044723
Sertifikat EC00202044723 Sertifikat EC00202044723
Sertifikat EC00202044723
 
Sertifikat EC00202023523
Sertifikat EC00202023523Sertifikat EC00202023523
Sertifikat EC00202023523
 
Sertifikat EC00201826309
Sertifikat EC00201826309Sertifikat EC00201826309
Sertifikat EC00201826309
 
Sertifikat EC00202023149
Sertifikat EC00202023149Sertifikat EC00202023149
Sertifikat EC00202023149
 
Sertifikat EC00202022868
Sertifikat EC00202022868Sertifikat EC00202022868
Sertifikat EC00202022868
 
Sertifikat EC00202021343
Sertifikat EC00202021343Sertifikat EC00202021343
Sertifikat EC00202021343
 
Sertifikat EC00202022755
Sertifikat EC00202022755Sertifikat EC00202022755
Sertifikat EC00202022755
 
Sertifikat EC00201987196
Sertifikat EC00201987196Sertifikat EC00201987196
Sertifikat EC00201987196
 
Sertifikat EC00201856484
Sertifikat EC00201856484Sertifikat EC00201856484
Sertifikat EC00201856484
 
Sertifikat EC00201856352
Sertifikat EC00201856352Sertifikat EC00201856352
Sertifikat EC00201856352
 
Sertifikat EC00201856994
Sertifikat EC00201856994Sertifikat EC00201856994
Sertifikat EC00201856994
 
Sertifikat EC00201856895
Sertifikat EC00201856895Sertifikat EC00201856895
Sertifikat EC00201856895
 
Meeting 2 introdcution network administrator
Meeting 2 introdcution network administratorMeeting 2 introdcution network administrator
Meeting 2 introdcution network administrator
 
Pertemuan 5
Pertemuan 5Pertemuan 5
Pertemuan 5
 
Pertemuan 4
Pertemuan 4Pertemuan 4
Pertemuan 4
 

Recently uploaded

Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfVivekanand Anglo Vedic Academy
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...Sayali Powar
 
Forest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDFForest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDFVivekanand Anglo Vedic Academy
 
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptSourabh Kumar
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfTamralipta Mahavidyalaya
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfbu07226
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxricssacare
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportAvinash Rai
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasiemaillard
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...Nguyen Thanh Tu Collection
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxCapitolTechU
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
 
[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online PresentationGDSCYCCE
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfjoachimlavalley1
 

Recently uploaded (20)

NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. SalemOperations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
Forest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDFForest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDF
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdfB.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 

Meeting 5.2 : ssh

  • 1. TCP/IP Protocol Suite 1 11 to Computer Network Administration Secure Shell (SSH)  Introduction SSH  SSH-1 protocol exchange  SSH-2 protocol  SSH-1 vs SSH-2  Vulnerabilities in SSH  SSH Tools  Component SSH  Port Forwarding  Format of the SSH Packet
  • 2. TCP/IP Protocol Suite 2 22 to  To introduce SSH as an alternative to TELNET.  To show how different components of SSH are combined to provide a secure connection over an insecure TCP connection.  To discuss port-forwarding in SSH and how it can be used to provide security for other applications. 2
  • 3. TCP/IP Protocol Suite 3 33 to  Introduction SSH  SSH-1 protocol exchange  SSH-2 protocol  SSH-1 vs SSH-2  Vulnerabilities in SSH  SSH Tools  Component SSH  Port Forwarding  Format of the SSH Packet 3
  • 4. TCP/IP Protocol Suite 4 44 to SECURE SHELL (SSH) Another popular remote login application program is Secure Shell (SSH). SSH, like TELNET, uses TCP as the underlying transport protocol, but SSH is more secure and provides more services than TELNET. 4
  • 5. TCP/IP Protocol Suite 5 55 to Secure What.. ?  ‘Secure shell is a de facto standard for remote logins and encrypted file transfers.’ [SSH communications inc.]  Founded in 1995 by Tatu Ylonen, a researcher at Helsinki University of Technology, Finland  It provides authentication and encryption for business critical applications to work securely over the internet.  Originally introduced for UNIX terminals as a replacement for the insecure remote access “Berkeley services" , viz. rsh, rlogin, rcp, telnet, etc.  It can also be used for port forwarding of arbitrary TCP/IP or X11 connections (interactive terminals)  It is a layer over TCP/IP and runs on the port 22. 5
  • 6. TCP/IP Protocol Suite 6 66 to Why SSH?  The three core security requirements for a remote access technology – confidentiality, integrity and authentication  Most of the earlier technologies lack confidentiality and integrity. For e.g Telnet and FTP transmit username and passwords in cleartext.  They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.  Secure shell satisfies all the three requirements by using:  Data Encryption to provide confidentiality  Host-based and (or) client-based authentication  Data integrity using MACs and hashes 8/5/2019
  • 7. TCP/IP Protocol Suite 7 77 to Flavors of SSH  There are two incompatible versions of the SSH protocol: SSH-1 and SSH-2  SSH-2 was introduced in order to fix several bugs in SSH-1 and also includes several new features  Both versions have technical glitches and are vulnerable to known attacks (discussed later)  SSH-1 is more popular nowadays due to licensing issues with SSH-2  OpenSSH is a free version of the SSH with open source code development. It supports both the versions and mainly used in UNIX environment. 7
  • 8. TCP/IP Protocol Suite 8 88 to The SSH-1 protocol exchange Client Server Opens a TCP connection to port 22 SSH protocol version exchange e.g ASCII :” SSH-1.5-1.2.27” Server identification {H+S+list of ciphers and authentication methods+cookie} + session parameters Selected data cipher +encrypted session key K(H,S) +cookie Server acknowledgement encrypted with K Secure connection established! Server authenticated H – host key ; S- Server Key ; cookie- sequence of 8 random bytes; K- session key 8
  • 9. TCP/IP Protocol Suite 9 99 to The SSH-1 protocol exchange (contd.)  Once secure connection is established, client attempts to authenticate itself to server.  Some of the authentication methods used are:  Kerberos  RHosts and RHostsRSA  Public key  Password based authentication (OTP)  Integrity checking is provided by means of a weak CRC -32  Compression is provided using the “deflate” algorithm of GNU gzip utility. It is beneficial for file transfer utilities such as ftp, scp, etc. 9
  • 10. TCP/IP Protocol Suite 10 1010 to The SSH-2 protocol  SSH-1 is monolithic, encompassing multiple functions into a single protocol whereas SSH-2 has been separated into modules and consists of 3 protocols:  SSH Transport layer protocol (SSH-TRANS) : Provides the initial connection, packet protocol, server authentication and basic encryption and integrity services.  SSH Authentication protocol (SSH-AUTH) : Verifies the client’s identity at the beginning of an SSH-2 session, by three authentication methods: Public key, host based and password.  SSH Connection protocol (SSH-CONN) : It permits a number of different services to exchange data through the secure channel provided by SSH-TRANS.  A fourth protocol SSH protocol architecture (SSH-ARCH) describes the overall architecture.  All the protocols are still in the draft stage. 10
  • 11. TCP/IP Protocol Suite 11 1111 to The SSH-2 protocol (contd.) TCP/IP SSH-TRANS Binary Packet Protocol Negotiated Encryption Protocol Negotiated Compression Protocol SSH-CONN Connection Protocol X11TCP Port Forwarding SSH-USERAUTH Authentication Protocol Layering of SSH-2 Protocols SSHVersion Identification Pseudo- Terminal Algorithm Negotiation (compression, encryption) KeyExchange (eg. Diffie- Hellman) Challenge- Response Pass- word Public- key Keyboard- Interactive Password
  • 12. TCP/IP Protocol Suite 12 1212 to SSH-1 vs SSH-2 SSH-2 SSH-1 Separate transport, authentication and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check No server keys needed due to Diffie Hellman Key exchange Server key used for forward secrecy on the session key Supports public key certificates N/A Algorithms used: DSA, DH, SHA-1, MD5, 3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR RSA, MD5, CRC-32, 3DES, IDEA, ARCFOUR, DES Periodic replacement of session keys N/A 12
  • 13. TCP/IP Protocol Suite 13 1313 to Is SSH really secure?  Secure shell does counter certain types of attacks such as:  Eavesdropping  Name service and IP spoofing  Connection hijacking  MITM  Insertion attack  However it fails against these attacks:  Password cracking  IP and TCP attacks  SYN flooding  TCP RST, bogus ICMP  TCP desynchronization and hijacking  Traffic analysis  Covert channels 13
  • 14. TCP/IP Protocol Suite 14 1414 to Some known vulnerabilities in SSH  OpenSSH Challenge-Response Authentication Buffer Overflow: A hostile modification to the SSH client floods the server with authentication responses and causes a buffer overflow. [SSH-2]  Passive analysis of SSH traffic: It lets the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions. [SSH-1 & SSH-2]  Key recovery in SSH protocol 1.5 : This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form. [SSH-1]  CRC-32 integrity check vulnerability : It is based on the weakness of the CRC-32 integrity that becomes exploitable due to CBC and CFB feedback modes [SSH-1] 14
  • 15. TCP/IP Protocol Suite 15 1515 to SSH tools  There are several commercial and freeware SSH tools for UNIX and windows platforms  Windows –  PuTTY  TeraTerm  SecureCRT  UNIX –  The RedHat Linux package and OpenBSD come alongwith tools such as ssh, sshd(daemon), scp(secure copy), sftp(secure ftp), etc.  OpenSSH 15
  • 16. TCP/IP Protocol Suite 16 1616 to Figure 20.17 Components of SSH 16
  • 17. TCP/IP Protocol Suite 17 1717 to Figure 20.18 Port forwarding 17
  • 18. TCP/IP Protocol Suite 18 1818 to Figure 20.19 SSH packet format 18
  • 19. TCP/IP Protocol Suite 19 1919 to Bibiliography [1] ‘Securing remote connections with SSH’ – a white paper by SSH communications Security corp. [2] Red Hat tutorials – Chapter 10 SSH : http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref- guide/ch-ssh.html [3] SSH tools - http://bach.dynet.com/sshtools/ [4] ’Firewalling a Secure Shell Service’ – a white paper http://www.esat.kuleuven.ac.be/~joclaess/pub/ceci2001.pdf [5] Cisco Security Advisory: Multiple SSH Vulnerabilities –http://www.cisco.com/warp/public/707/SSH-multiple- pub.html [6] SSH -The Secure Shell :The definitive guide Daniel Barrett & Richard E. Silvermann (O’Reilly publications) [7] ‘Analysis of a Secure Shell vulnerability’ - James M. Mike Anthis A white paper 19