The document discusses the Secure Shell (SSH) protocol, detailing its history, functions, and architecture, including the transition from SSH-1 to SSH-2 with improvements in security. It highlights protocols for secure communication and file transfer between computers while addressing potential security issues like IP and DNS spoofing. SSH serves as a general-purpose tunneling platform, enhancing security across various applications by implementing robust encryption and authentication methods.

1. P
D
N
T
S
P
A

2. By
B. Sai Anirudh
1005-11-735027

3.  Introduction
 History
 Functions
 Architecture
 Protect against
 Disadvantages
 Conclusion
 References

4.  a network protocol
 allows secure communication between two
computers
 Shell-a command line interface present on
every computer, used to log into a remote
machine and execute commands

5.  Encryption provides confidentiality and integrity
of data
 uses public-key cryptography

6.  Tatu Ylonen designed the first version of the
protocol (SSH-1) in 1995
 Goal of SSH is to replace the earlier rlogin,
TELNET and rsh
 It was made as open source later and gained
popularity

7.  In 1996 SSH-2 was designed which is
incompatible with previous version
 SSH-2 featured both security and feature
improvements over SSH-1
Better security through Diffie-Hellman key
exchange
Strong integrity checking via message
authentication codes

8.  Bjorn Gronvall's OSSH developed from this codebase
 “Portability" branch was formed to port OpenSSH to other operating
systems
 As of 2005
 OpenSSH is the single most popular ssh implementation
 The default in a large number of operating systems.
 OSSH meanwhile has become obsolete
 In 2006, SSH-2 protocol became a proposed Internet standard

9. 1) Secure Command Shell
2) Port Forwarding
3) Secure file transfer.

10.  Allow you to edit files.
 View the contents of directories.
 Custom based applications.
 Create user accounts.
 Change permissions.
 Anything can be done from command
prompt can be done remotely and securely.

11.  provide security to TCP/IP applications
including e-mail, sales and customer contact
databases, and in-house applications.
 allows data from normally unsecured TCP/IP
applications to be secured.

13.  A subsystem of the Secure Shell protocol.
 to handle file transfers.
 encrypts both the username/password and
the data being transferred.
 Uses the same port as the Secure Shell
server, eliminating the need to open another
port on the firewall or router.

15.  The SSH-2 protocol has a clean internal
architecture with well-separated layers:
 Transport Layer
 User Authentication Layer
 Connection Layer
 Defined in “RFC 4251”

16.  Handles initial key exchange and server authentication
 sets up encryption, compression and integrity
verification.
 It exposes to the upper layer an interface for sending
and receiving plaintext packets of up to 32kb
 also arranges for key re-exchange

17.  It handles client authentication
 Provides a number of authentication methods.
 Authentication is client-driven

18.  Password
 Public key
 Keyboard-interactive
 GSSAPI authentication

19.  A method for straightforward password
authentication
 Includes a facility allowing a password to be
changed

20.  A method for public key-based authentication
 Symmetric key (secret)
 Asymmetric key (public and private)

22.  The server sends one or more prompts to enter
information
 The client displays them and sends back responses
keyed-in by the user
 Used to provide one-time password authentication
such as S/Key or SecurID.
 Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to
effectively provide password authentication

23.  Stands for Generic Security Services
Application Program Interface.
 the exchange of opaque messages (tokens)
which hide the implementation detail from the
higher-level application.

24.  Defines the concept of channels, channel requests and
global requests using which SSH services are provided.
 A single SSH connection can host multiple channels
simultaneously, in duplex mode
 Channel requests are used to relay out-of-band channel
specific data, such as the changed size of a terminal
window or the exit code of a server-side process.
 The SSH client requests a server-side port to be forwarded
using a global request.

25.  IPS Spoofing
 DNS Spoofing
 IP Source Routing

26.  Dynamic ports cannot be forwarded.
 Sometimes port forwarding also introduces
security problems.
 A client on the internet that uses SSH to access
the intranet, can expose the intranet by port
forwarding.

27.  As compared to the other link, network, and application
security measures like IPsec, n PGP, Secure Shell is
relatively secure, reliable, quick and easy.
 By deploying Secure Shell, companies create a
comprehensive general-purpose tunneling platform that
can be used to implement a wide variety of security
policies, ensuring the privacy, authenticity, authorization
and integrity of many different applications.

28.  [1] Cusack, F. and Forssen, M. "Generic Message Exchange
Authentication for the Secure Shell Protocol (SSH)," RFC 4256,
January 2006.
 [2] Lehtinen, S. and Lonvick, C., "The Secure Shell (SSH) Protocol
Assigned Numbers," RFC 4250, January 2006.
 [3] JSchlyter, J. and Griffin, W. "Using DNS to Securely Publish Secure
Shell (SSH) Key Fingerprints," RFC 4255, January 2006.
 [4] Ylonen, T., "SSH – Secure Login Connections over the Internet,"
Proceedings, Sixth USENIX UNIX Security Symposium, July 1996.