SSH – The Secure Shell
Need of Secure Shell
Accessing machines remotely became a necessity a long time ago and we can barely
imagine how it would be if we couldn’t control computers from remote locations.
There are many ways to establish a connection with a remote machine
depending on the operating system you are running, but the two most used protocols are:
•Secure Shell (SSH) for Linux-based machines.
•Remote Desktop Protocol (RDP) for Windows-based machines.
The two protocols use the client and server applications to establish a remote
connection. These tools allow you to gain access and remotely manage other computers,
transfer files, and do virtually anything you can do while physically sitting in front of the
machine.
What is SSH ?
“SSH, the Secure Shell is a powerful, software-based
approach to network security that provides a secure channel for
data transmission through a network”
ssh (SSH client) is a program for logging into a remote
machine and for executing commands on a remote machine. It is
intended to provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections,
arbitrary TCP ports and UNIX-domain sockets can also be
forwarded over the secure channel.
What is SSH ?
Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol
which allows you to connect securely to a remote computer or a server by
using a text-based interface.
When a secure SSH connection is established, a shell session
will be started, and you will be able to manipulate the server by typing
commands within the client on your local computer.
System and network administrators use this protocol the most,
as well as anyone who needs to manage a computer remotely in a highly
secure manner.
Why SSH ?
The three core security requirements for a remote access technology – confidentiality,
integrity and authentication.
Authentication
Reliably determines someone's identity. If you try to log into an account on a remote
computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise SSH rejects
the connection.
Encryption
Scrambles data so it is unintelligible except to the intended recipients. This protects your data
as it passes over the network.
Integrity
Guarantees the data traveling over the network arrives unaltered. If a third party captures and
modifies your data in transit, SSH detects this fact.
Why SSH ?
Most of the earlier technologies lack confidentiality and integrity. For e.g. Telnet
and FTP transmit username and passwords in cleartext.
They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.
Secure shell satisfies all the three requirements by using:
 Data Encryption to provide confidentiality
 Host-based and (or) client-based authentication
 Data integrity using MACs and hashes
How Does SSH Work
 In order to establish an SSH connection, you need two components: a
client and the corresponding server-side component. An SSH client is an
application you install on the computer which you will use to connect to
another computer or a server. The client uses the provided remote host
information to initiate the connection and if the credentials are verified,
establishes the encrypted connection.
 On the server’s side, there is a component called an SSH daemon that
is constantly listening to a specific TCP/IP port for possible client
connection requests. Once a client initiates a connection, the SSH
daemon will respond with the software and the protocol versions it
supports and the two will exchange their identification data. If the
provided credentials are correct, SSH creates a new session for the
appropriate environment.
 The default SSH protocol version for SSH server and SSH client
communication is version 2.
SSH Syntax
ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]
[-c cipher_spec] [-D [bind_address:]port] [-E log_file]
[-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]
[-J destination] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]
How to Connect via SSH
 Now that you have the OpenSSH client and server installed on every machine you need, you can establish a
secure remote connection with your servers. To do so:
 Open the SSH terminal on your machine and run the following command:
 ssh your_username@host_ip_address
 If the username on your local machine matches the one on the server you are trying to connect to, you can
just type:
 ssh host_ip_address
 And hit Enter.
 Type in your password and hit Enter. Note that you will not get any feedback on the screen while typing. If
you are pasting your password, make sure it is stored safely and not in a text file.
 When you are connecting to a server for the very first time, it will ask you if you want to continue connecting.
Just type yes and hit Enter. This message appears only this time since the remote server is not identified on
your local machine.
 An ECDSA key fingerprint is now added and you are connected to the remote server

SSh_part_1.pptx

  • 1.
    SSH – TheSecure Shell
  • 2.
    Need of SecureShell Accessing machines remotely became a necessity a long time ago and we can barely imagine how it would be if we couldn’t control computers from remote locations. There are many ways to establish a connection with a remote machine depending on the operating system you are running, but the two most used protocols are: •Secure Shell (SSH) for Linux-based machines. •Remote Desktop Protocol (RDP) for Windows-based machines. The two protocols use the client and server applications to establish a remote connection. These tools allow you to gain access and remotely manage other computers, transfer files, and do virtually anything you can do while physically sitting in front of the machine.
  • 3.
    What is SSH? “SSH, the Secure Shell is a powerful, software-based approach to network security that provides a secure channel for data transmission through a network” ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel.
  • 4.
    What is SSH? Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol which allows you to connect securely to a remote computer or a server by using a text-based interface. When a secure SSH connection is established, a shell session will be started, and you will be able to manipulate the server by typing commands within the client on your local computer. System and network administrators use this protocol the most, as well as anyone who needs to manage a computer remotely in a highly secure manner.
  • 5.
    Why SSH ? Thethree core security requirements for a remote access technology – confidentiality, integrity and authentication. Authentication Reliably determines someone's identity. If you try to log into an account on a remote computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise SSH rejects the connection. Encryption Scrambles data so it is unintelligible except to the intended recipients. This protects your data as it passes over the network. Integrity Guarantees the data traveling over the network arrives unaltered. If a third party captures and modifies your data in transit, SSH detects this fact.
  • 6.
    Why SSH ? Mostof the earlier technologies lack confidentiality and integrity. For e.g. Telnet and FTP transmit username and passwords in cleartext. They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping. Secure shell satisfies all the three requirements by using:  Data Encryption to provide confidentiality  Host-based and (or) client-based authentication  Data integrity using MACs and hashes
  • 7.
    How Does SSHWork  In order to establish an SSH connection, you need two components: a client and the corresponding server-side component. An SSH client is an application you install on the computer which you will use to connect to another computer or a server. The client uses the provided remote host information to initiate the connection and if the credentials are verified, establishes the encrypted connection.  On the server’s side, there is a component called an SSH daemon that is constantly listening to a specific TCP/IP port for possible client connection requests. Once a client initiates a connection, the SSH daemon will respond with the software and the protocol versions it supports and the two will exchange their identification data. If the provided credentials are correct, SSH creates a new session for the appropriate environment.  The default SSH protocol version for SSH server and SSH client communication is version 2.
  • 8.
    SSH Syntax ssh [-46AaCfGgKkMNnqsTtVvXxYy][-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]
  • 9.
    How to Connectvia SSH  Now that you have the OpenSSH client and server installed on every machine you need, you can establish a secure remote connection with your servers. To do so:  Open the SSH terminal on your machine and run the following command:  ssh your_username@host_ip_address  If the username on your local machine matches the one on the server you are trying to connect to, you can just type:  ssh host_ip_address  And hit Enter.  Type in your password and hit Enter. Note that you will not get any feedback on the screen while typing. If you are pasting your password, make sure it is stored safely and not in a text file.  When you are connecting to a server for the very first time, it will ask you if you want to continue connecting. Just type yes and hit Enter. This message appears only this time since the remote server is not identified on your local machine.  An ECDSA key fingerprint is now added and you are connected to the remote server

Editor's Notes

  • #6 Telnet. Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the internet). Using telnet client software on your computer, you can make a connection to a telnet server (that is, the remote host). Once your telnet client establishes a connection to the remote host, your client becomes a virtual terminal, allowing you to communicate with the remote host from your computer. In most cases, you'll need to log into the remote host, which requires that you have an account on that system. Occasionally, you can log in as guest or public without having an account. FTP "File Transfer Protocol." FTP is a protocol designed for transferring files over the Internet. Files stored on an FTP server can be accessed using an FTP client, such as a web browser, FTP software program, or a command line interface. An FTP server can be configured to enable different types of access. For example, an "anonymous FTP" configuration allows anyone to connect to the server. However, anonymous users may only be allowed to view certain directories and may not be able to upload files. If anonymous FTP access is disabled, users are required to log in in order to view and download files. The standard FTP protocol is not encrypted, meaning it is vulnerable to packet sniffers and other types of snooping attacks.
  • #7 Telnet. Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the internet). Using telnet client software on your computer, you can make a connection to a telnet server (that is, the remote host). Once your telnet client establishes a connection to the remote host, your client becomes a virtual terminal, allowing you to communicate with the remote host from your computer. In most cases, you'll need to log into the remote host, which requires that you have an account on that system. Occasionally, you can log in as guest or public without having an account. FTP "File Transfer Protocol." FTP is a protocol designed for transferring files over the Internet. Files stored on an FTP server can be accessed using an FTP client, such as a web browser, FTP software program, or a command line interface. An FTP server can be configured to enable different types of access. For example, an "anonymous FTP" configuration allows anyone to connect to the server. However, anonymous users may only be allowed to view certain directories and may not be able to upload files. If anonymous FTP access is disabled, users are required to log in in order to view and download files. The standard FTP protocol is not encrypted, meaning it is vulnerable to packet sniffers and other types of snooping attacks. Ip spoofing IP spoofing is the creation of Internet Protocol (IP) packets which have a modified source address in order to either hide the identity of the sender, to impersonate another computer system, or both. It is a technique often used by bad actors to invoke DDoS attacks against a target device or the surrounding infrastructure. Dos A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. MITM A man-in-the-middle attack requires three players. There’s the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who’s intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the man in the middle.