Pandiya Rajan, profile picture
Uploaded byPandiya Rajan
PPT, PDF151 views

SSH.ppt

Secure Shell (SSH) is a cryptographic network protocol for secure data communication. It was created as a secure replacement for insecure remote shell protocols like Telnet. SSH uses encryption to provide confidentiality and integrity of data as well as authentication to securely conduct remote login and other secure network services over unsecured networks like the Internet. While SSH improves security over earlier protocols, it still has some vulnerabilities like password cracking, traffic analysis, and buffer overflows that can be exploited in both SSH version 1 and 2.

Embed presentation

Download to read offline
4/21/2023 1 SSH – The ‘Secure’ Shell Presented by Karthik Sadasivam Course: CSCI 5931 Web Security Instructor : Dr.Yang
4/21/2023 2 Secure What.. ?  ‘Secure shell is a de facto standard for remote logins and encrypted file transfers.’ [SSH communications inc.]  Founded in 1995 by Tatu Ylonen, a researcher at Helsinki University of Technology, Finland  It provides authentication and encryption for business critical applications to work securely over the internet.  Originally introduced for UNIX terminals as a replacement for the insecure remote access “Berkeley services" , viz. rsh, rlogin, rcp, telnet, etc.  It can also be used for port forwarding of arbitrary TCP/IP or X11 connections (interactive terminals)  It is a layer over TCP/IP and runs on the port 22.
4/21/2023 3 Why SSH?  The three core security requirements for a remote access technology – confidentiality, integrity and authentication  Most of the earlier technologies lack confidentiality and integrity. For e.g Telnet and FTP transmit username and passwords in cleartext.  They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.  Secure shell satisfies all the three requirements by using:  Data Encryption to provide confidentiality  Host-based and (or) client-based authentication  Data integrity using MACs and hashes
4/21/2023 4 Flavors of SSH  There are two incompatible versions of the SSH protocol: SSH-1 and SSH-2  SSH-2 was introduced in order to fix several bugs in SSH-1 and also includes several new features  Both versions have technical glitches and are vulnerable to known attacks (discussed later)  SSH-1 is more popular nowadays due to licensing issues with SSH-2  OpenSSH is a free version of the SSH with open source code development. It supports both the versions and mainly used in UNIX environment.
4/21/2023 5 The SSH-1 protocol exchange Client Server Opens a TCP connection to port 22 SSH protocol version exchange e.g ASCII :” SSH-1.5-1.2.27” Server identification {H+S+list of ciphers and authentication methods+cookie} + session parameters Selected data cipher +encrypted session key K(H,S) +cookie Server acknowledgement encrypted with K Secure connection established! Server authenticated H – host key ; S- Server Key ; cookie- sequence of 8 random bytes; K- session key
4/21/2023 6 The SSH-1 protocol exchange (contd.)  Once secure connection is established, client attempts to authenticate itself to server.  Some of the authentication methods used are:  Kerberos  RHosts and RHostsRSA  Public key  Password based authentication (OTP)  Integrity checking is provided by means of a weak CRC -32  Compression is provided using the “deflate” algorithm of GNU gzip utility. It is beneficial for file transfer utilities such as ftp, scp, etc.
4/21/2023 7 The SSH-2 protocol  SSH-1 is monolithic, encompassing multiple functions into a single protocol whereas SSH-2 has been separated into modules and consists of 3 protocols:  SSH Transport layer protocol (SSH-TRANS) : Provides the initial connection, packet protocol, server authentication and basic encryption and integrity services.  SSH Authentication protocol (SSH-AUTH) : Verifies the client’s identity at the beginning of an SSH-2 session, by three authentication methods: Public key, host based and password.  SSH Connection protocol (SSH-CONN) : It permits a number of different services to exchange data through the secure channel provided by SSH-TRANS.  A fourth protocol SSH protocol architecture (SSH-ARCH) describes the overall architecture.  All the protocols are still in the draft stage.
4/21/2023 8 The SSH-2 protocol (contd.) TCP/IP SSH-TRANS Binary Packet Protocol Negotiated Encryption Protocol Negotiated Compression Protocol SSH-CONN Connection Protocol X11 TCP Port Forwarding SSH-USERAUTH Authentication Protocol Layering of SSH-2 Protocols SSH Version Identification Pseudo- Terminal Algorithm Negotiation (compression, encryption) Key Exchange (eg. Diffie- Hellman) Challenge- Response Pass- word Public- key Keyboard- Interactive Password [Source: ‘Analysis of Secure shell vulnerability’ – white paper ]
4/21/2023 9 SSH-1 vs SSH-2 SSH-2 SSH-1 Separate transport, authentication and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check No server keys needed due to Diffie Hellman Key exchange Server key used for forward secrecy on the session key Supports public key certificates N/A Algorithms used: DSA, DH, SHA- 1, MD5, 3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR RSA, MD5, CRC-32, 3DES, IDEA, ARCFOUR, DES Periodic replacement of session keys N/A
4/21/2023 10 Is SSH really secure?  Secure shell does counter certain types of attacks such as:  Eavesdropping  Name service and IP spoofing  Connection hijacking  MITM  Insertion attack  However it fails against these attacks:  Password cracking  IP and TCP attacks  SYN flooding  TCP RST, bogus ICMP  TCP desynchronization and hijacking  Traffic analysis  Covert channels
4/21/2023 11 Some known vulnerabilities in SSH  OpenSSH Challenge-Response Authentication Buffer Overflow: A hostile modification to the SSH client floods the server with authentication responses and causes a buffer overflow. [SSH-2]  Passive analysis of SSH traffic: It lets the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions. [SSH-1 & SSH-2]  Key recovery in SSH protocol 1.5 : This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form. [SSH-1]  CRC-32 integrity check vulnerability : It is based on the weakness of the CRC-32 integrity that becomes exploitable due to CBC and CFB feedback modes [SSH-1]
4/21/2023 12 Case study : The ‘GOBBLES’ exploit  This exploits the weakness in the challenge-response authentication mechanism of OpenSSH.  SSH_MSG_USERAUTH_REQUEST, SSH_MSG_USERAUTH_INFO_REQUEST , SSH_MSG_USERAUTH_INFO_RESPONSE
4/21/2023 13 Case study : The ‘GOBBLES’ exploit (contd.)  Instead of sending the requested number of responses, the client sends a large integer  The server allocates memory for these response strings
4/21/2023 14 Case study : The ‘GOBBLES’ exploit (contd.)
4/21/2023 15 Case study : The ‘GOBBLES’ exploit (contd.)
4/21/2023 16 Case study : The ‘GOBBLES’ exploit (contd.)
4/21/2023 17 Case study : The ‘GOBBLES’ exploit (contd.)
4/21/2023 18 SSH tools  There are several commercial and freeware SSH tools for UNIX and windows platforms  Windows –  PuTTY  TeraTerm  SecureCRT  UNIX –  The RedHat Linux package and OpenBSD come alongwith tools such as ssh, sshd(daemon), scp(secure copy), sftp(secure ftp), etc.  OpenSSH
4/21/2023 19 Bibiliography [1] ‘Securing remote connections with SSH’ – a white paper by SSH communications Security corp. [2] Red Hat tutorials – Chapter 10 SSH : http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref- guide/ch-ssh.html [3] SSH tools - http://bach.dynet.com/sshtools/ [4] ’Firewalling a Secure Shell Service’ – a white paper http://www.esat.kuleuven.ac.be/~joclaess/pub/ceci2001.pdf [5] Cisco Security Advisory: Multiple SSH Vulnerabilities – http://www.cisco.com/warp/public/707/SSH-multiple- pub.html [6] SSH -The Secure Shell :The definitive guide Daniel Barrett & Richard E. Silvermann (O’Reilly publications) [7] ‘Analysis of a Secure Shell vulnerability’ - James M. Mike Anthis A white paper

More Related Content

PPTX
Chapitre 6 - Protocoles TCP/IP, UDP/IP
byTarik Zakaria Benmerar
 
PPT
ssh.ppt
byjoekr1
 
PPT
Introduction to SSH
byHemant Shah
 
PDF
Alphorm.com Formation Cisco ICND2
byAlphorm
 
PDF
Cours sécurité 2_asr
byTECOS
 
PPTX
Sécurité informatique
byoussama Hafid
 
PPTX
Linux SD/MMC device driver
by艾鍗科技
 
ODP
SSL/TLS Présentation en Français.
byPhilippe Lhardy
 
Chapitre 6 - Protocoles TCP/IP, UDP/IP
byTarik Zakaria Benmerar
 
ssh.ppt
byjoekr1
 
Introduction to SSH
byHemant Shah
 
Alphorm.com Formation Cisco ICND2
byAlphorm
 
Cours sécurité 2_asr
byTECOS
 
Sécurité informatique
byoussama Hafid
 
Linux SD/MMC device driver
by艾鍗科技
 
SSL/TLS Présentation en Français.
byPhilippe Lhardy
 

What's hot

PDF
Cours Administration Reseau-Domga-2020_2021_New.pdf
byJEANMEBENGAMBALLA
 
PPTX
Understanding the Windows Server Administration Fundamentals (Part-2)
byTuan Yang
 
PDF
An introduction to SSH
bynussbauml
 
PPT
IPsec
byIvandro Ismael
 
PPTX
Installation et configuration du serveur exchange2016 sous windows server 2012
byYaya N'Tyeni Sanogo
 
PPTX
Admin reseaux sous linux cours 3
byStephen Salama
 
PDF
Metasploit et Metasploitable2 : exploiter VSFTPD v2.3.4
byKhalid EDAIG
 
PPTX
ret2plt
bysounakano
 
PDF
Network Drivers
byAnil Kumar Pugalia
 
PPTX
Cisco Routers
byShoaib Iqbal
 
PDF
The linux networking architecture
byhugo lu
 
PPTX
SERVER AND ITS TYPES.pptx
bykaransingh4126
 
PDF
CCNAv5 - S2: Chapter 9 Access Control Lists
byVuz Dở Hơi
 
PPTX
Pare_feu.pptx
bybrrrbrrr2
 
PDF
SR-IOV+KVM on Debian/Stable
byjuet-y
 
PDF
CCNAv5 - S3: Chapter2 Lan Redundancy
byVuz Dở Hơi
 
PDF
Network security
byChristalin Nelson
 
PDF
Composants et fonctionnement d'un Switch Cisco
byDJENNA AMIR
 
PPT
Chapter 3: Block Ciphers and the Data Encryption Standard
byShafaan Khaliq Bhatti
 
PDF
Cours3 ospf-eigrp
byBadr Guennoun
 
Cours Administration Reseau-Domga-2020_2021_New.pdf
byJEANMEBENGAMBALLA
 
Understanding the Windows Server Administration Fundamentals (Part-2)
byTuan Yang
 
An introduction to SSH
bynussbauml
 
IPsec
byIvandro Ismael
 
Installation et configuration du serveur exchange2016 sous windows server 2012
byYaya N'Tyeni Sanogo
 
Admin reseaux sous linux cours 3
byStephen Salama
 
Metasploit et Metasploitable2 : exploiter VSFTPD v2.3.4
byKhalid EDAIG
 
ret2plt
bysounakano
 
Network Drivers
byAnil Kumar Pugalia
 
Cisco Routers
byShoaib Iqbal
 
The linux networking architecture
byhugo lu
 
SERVER AND ITS TYPES.pptx
bykaransingh4126
 
CCNAv5 - S2: Chapter 9 Access Control Lists
byVuz Dở Hơi
 
Pare_feu.pptx
bybrrrbrrr2
 
SR-IOV+KVM on Debian/Stable
byjuet-y
 
CCNAv5 - S3: Chapter2 Lan Redundancy
byVuz Dở Hơi
 
Network security
byChristalin Nelson
 
Composants et fonctionnement d'un Switch Cisco
byDJENNA AMIR
 
Chapter 3: Block Ciphers and the Data Encryption Standard
byShafaan Khaliq Bhatti
 
Cours3 ospf-eigrp
byBadr Guennoun
 

Similar to SSH.ppt

PPT
Secure shell protocol
byBaspally Sai Anirudh
 
PPTX
Secure Shell(ssh)
byPina Parmar
 
PPTX
Ssh (The Secure Shell)
byMehedi Farazi
 
PDF
SSH - Secure Shell
byPeter R. Egli
 
PDF
Meeting 5.2 : ssh
bySyaiful Ahdan
 
PPTX
Telnet presentation
bytravel_affair
 
PPT
Secure shell ppt
bysravya raju
 
PPTX
Secure shell
byArjun Aj
 
PDF
OpenSSH: keep your secrets safe
byGiovanni Bechis
 
PPT
Ssh
bygh02
 
PPTX
Ssh
byRaghu nath
 
PPTX
Telnet & Secure Shell
byWILLA REYES
 
PDF
0696-ssh-the-secure-shell.pdf
byAnasElbaz
 
PPTX
SSh_part_1.pptx
byShelly119532
 
PPTX
A presentation on SSH (Secure Shell or Secure Socket Shell)
byPrabhat K.C.
 
PPTX
Technical fsajfndskanfkanfklanlfnklmfkldsndfklnsdkl
bymowas40923
 
PPT
Presentation nix
byfangjiafu
 
PPT
Presentation nix
byfangjiafu
 
DOCX
Research and Analysis of SSH
byMatthew Chang
 
PDF
Windowshadoop
byarunkumar sadhasivam
 
Secure shell protocol
byBaspally Sai Anirudh
 
Secure Shell(ssh)
byPina Parmar
 
Ssh (The Secure Shell)
byMehedi Farazi
 
SSH - Secure Shell
byPeter R. Egli
 
Meeting 5.2 : ssh
bySyaiful Ahdan
 
Telnet presentation
bytravel_affair
 
Secure shell ppt
bysravya raju
 
Secure shell
byArjun Aj
 
OpenSSH: keep your secrets safe
byGiovanni Bechis
 
Ssh
bygh02
 
Ssh
byRaghu nath
 
Telnet & Secure Shell
byWILLA REYES
 
0696-ssh-the-secure-shell.pdf
byAnasElbaz
 
SSh_part_1.pptx
byShelly119532
 
A presentation on SSH (Secure Shell or Secure Socket Shell)
byPrabhat K.C.
 
Technical fsajfndskanfkanfklanlfnklmfkldsndfklnsdkl
bymowas40923
 
Presentation nix
byfangjiafu
 
Presentation nix
byfangjiafu
 
Research and Analysis of SSH
byMatthew Chang
 
Windowshadoop
byarunkumar sadhasivam
 

More from Pandiya Rajan

PPTX
thermal pollution.pptx
byPandiya Rajan
 
PPTX
marinepollution.pptx
byPandiya Rajan
 
PDF
Software defined netwoks is useful to learn NFV and virtual Lans
byPandiya Rajan
 
PPTX
environmentalpollution-.pptx
byPandiya Rajan
 
PDF
React Lab Programs with Descriptions and explanations
byPandiya Rajan
 
PPTX
selinuxbasicusage.pptx
byPandiya Rajan
 
PPTX
UNIT-I Introduction to CICD.pptx
byPandiya Rajan
 
PPTX
22IT508 - Full Stack Development with Node and React.pptx
byPandiya Rajan
 
PPTX
HTML-Basic.pptx
byPandiya Rajan
 
PPT
page_fault pbm.ppt
byPandiya Rajan
 
PPTX
UNIT-I Introduction to CICD.pptx
byPandiya Rajan
 
PPTX
css1.pptx
byPandiya Rajan
 
PPTX
HTML-Advance.pptx
byPandiya Rajan
 
PPT
logical volume manager.ppt
byPandiya Rajan
 
PPT
process syn.ppt
byPandiya Rajan
 
PPTX
lvm.pptx
byPandiya Rajan
 
PPTX
UNIT-I Introduction to Ansible.pptx
byPandiya Rajan
 
PPTX
CICD.pptx
byPandiya Rajan
 
PPTX
Selenium.pptx
byPandiya Rajan
 
PPTX
DM.pptx
byPandiya Rajan
 
thermal pollution.pptx
byPandiya Rajan
 
marinepollution.pptx
byPandiya Rajan
 
Software defined netwoks is useful to learn NFV and virtual Lans
byPandiya Rajan
 
environmentalpollution-.pptx
byPandiya Rajan
 
React Lab Programs with Descriptions and explanations
byPandiya Rajan
 
selinuxbasicusage.pptx
byPandiya Rajan
 
UNIT-I Introduction to CICD.pptx
byPandiya Rajan
 
22IT508 - Full Stack Development with Node and React.pptx
byPandiya Rajan
 
HTML-Basic.pptx
byPandiya Rajan
 
page_fault pbm.ppt
byPandiya Rajan
 
UNIT-I Introduction to CICD.pptx
byPandiya Rajan
 
css1.pptx
byPandiya Rajan
 
HTML-Advance.pptx
byPandiya Rajan
 
logical volume manager.ppt
byPandiya Rajan
 
process syn.ppt
byPandiya Rajan
 
lvm.pptx
byPandiya Rajan
 
UNIT-I Introduction to Ansible.pptx
byPandiya Rajan
 
CICD.pptx
byPandiya Rajan
 
Selenium.pptx
byPandiya Rajan
 
DM.pptx
byPandiya Rajan
 

Recently uploaded

PPTX
Slide sur les concepts_Module_5_STP.pptx
bydine46
 
PPTX
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
PPTX
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
PPTX
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
PPTX
UNIT-1.pptx...................................
byRavinderKaur647214
 
PPT
CHAPTER 09 - Digital signatures cryptography note
bySherin Wilson
 
PDF
RAMON Scrap quality detection system.pdf
bymohamedassar81
 
PPT
Escape-17-plenary-gani-grossmann-final.ppt
bynewjourneynewlife201
 
PPTX
SOFTWARE PROJECT MANAGEMENT PART 2-2.pptx
byssuserbafe2d
 
PPTX
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
PDF
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
PPT
DECISION MAKING SYSTEMS Modelling and Support
byAnu S S
 
PPTX
SOFTWARE PROJECT MANAGEMENT PART 1-.pptx
byssuserbafe2d
 
PPTX
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
PPTX
Unit 2 - ABRASIVE PROCESS AND BROACHING.pptx
byarivazhaganrajangam
 
PPT
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
PDF
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
PPTX
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
PPTX
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
PPT
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
Slide sur les concepts_Module_5_STP.pptx
bydine46
 
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
TR334_Foundation_Engineering_I_Slope stability _i.pptx
byalexander402774
 
UNIT-1.pptx...................................
byRavinderKaur647214
 
CHAPTER 09 - Digital signatures cryptography note
bySherin Wilson
 
RAMON Scrap quality detection system.pdf
bymohamedassar81
 
Escape-17-plenary-gani-grossmann-final.ppt
bynewjourneynewlife201
 
SOFTWARE PROJECT MANAGEMENT PART 2-2.pptx
byssuserbafe2d
 
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
DECISION MAKING SYSTEMS Modelling and Support
byAnu S S
 
SOFTWARE PROJECT MANAGEMENT PART 1-.pptx
byssuserbafe2d
 
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
Unit 2 - ABRASIVE PROCESS AND BROACHING.pptx
byarivazhaganrajangam
 
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 

SSH.ppt

  • 1.
    4/21/2023 1 SSH –The ‘Secure’ Shell Presented by Karthik Sadasivam Course: CSCI 5931 Web Security Instructor : Dr.Yang
  • 2.
    4/21/2023 2 Secure What..?  ‘Secure shell is a de facto standard for remote logins and encrypted file transfers.’ [SSH communications inc.]  Founded in 1995 by Tatu Ylonen, a researcher at Helsinki University of Technology, Finland  It provides authentication and encryption for business critical applications to work securely over the internet.  Originally introduced for UNIX terminals as a replacement for the insecure remote access “Berkeley services" , viz. rsh, rlogin, rcp, telnet, etc.  It can also be used for port forwarding of arbitrary TCP/IP or X11 connections (interactive terminals)  It is a layer over TCP/IP and runs on the port 22.
  • 3.
    4/21/2023 3 Why SSH? The three core security requirements for a remote access technology – confidentiality, integrity and authentication  Most of the earlier technologies lack confidentiality and integrity. For e.g Telnet and FTP transmit username and passwords in cleartext.  They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.  Secure shell satisfies all the three requirements by using:  Data Encryption to provide confidentiality  Host-based and (or) client-based authentication  Data integrity using MACs and hashes
  • 4.
    4/21/2023 4 Flavors ofSSH  There are two incompatible versions of the SSH protocol: SSH-1 and SSH-2  SSH-2 was introduced in order to fix several bugs in SSH-1 and also includes several new features  Both versions have technical glitches and are vulnerable to known attacks (discussed later)  SSH-1 is more popular nowadays due to licensing issues with SSH-2  OpenSSH is a free version of the SSH with open source code development. It supports both the versions and mainly used in UNIX environment.
  • 5.
    4/21/2023 5 The SSH-1protocol exchange Client Server Opens a TCP connection to port 22 SSH protocol version exchange e.g ASCII :” SSH-1.5-1.2.27” Server identification {H+S+list of ciphers and authentication methods+cookie} + session parameters Selected data cipher +encrypted session key K(H,S) +cookie Server acknowledgement encrypted with K Secure connection established! Server authenticated H – host key ; S- Server Key ; cookie- sequence of 8 random bytes; K- session key
  • 6.
    4/21/2023 6 The SSH-1protocol exchange (contd.)  Once secure connection is established, client attempts to authenticate itself to server.  Some of the authentication methods used are:  Kerberos  RHosts and RHostsRSA  Public key  Password based authentication (OTP)  Integrity checking is provided by means of a weak CRC -32  Compression is provided using the “deflate” algorithm of GNU gzip utility. It is beneficial for file transfer utilities such as ftp, scp, etc.
  • 7.
    4/21/2023 7 The SSH-2protocol  SSH-1 is monolithic, encompassing multiple functions into a single protocol whereas SSH-2 has been separated into modules and consists of 3 protocols:  SSH Transport layer protocol (SSH-TRANS) : Provides the initial connection, packet protocol, server authentication and basic encryption and integrity services.  SSH Authentication protocol (SSH-AUTH) : Verifies the client’s identity at the beginning of an SSH-2 session, by three authentication methods: Public key, host based and password.  SSH Connection protocol (SSH-CONN) : It permits a number of different services to exchange data through the secure channel provided by SSH-TRANS.  A fourth protocol SSH protocol architecture (SSH-ARCH) describes the overall architecture.  All the protocols are still in the draft stage.
  • 8.
    4/21/2023 8 The SSH-2protocol (contd.) TCP/IP SSH-TRANS Binary Packet Protocol Negotiated Encryption Protocol Negotiated Compression Protocol SSH-CONN Connection Protocol X11 TCP Port Forwarding SSH-USERAUTH Authentication Protocol Layering of SSH-2 Protocols SSH Version Identification Pseudo- Terminal Algorithm Negotiation (compression, encryption) Key Exchange (eg. Diffie- Hellman) Challenge- Response Pass- word Public- key Keyboard- Interactive Password [Source: ‘Analysis of Secure shell vulnerability’ – white paper ]
  • 9.
    4/21/2023 9 SSH-1 vsSSH-2 SSH-2 SSH-1 Separate transport, authentication and connection protocols One monolithic protocol Strong cryptographic integrity check Weak CRC-32 integrity check No server keys needed due to Diffie Hellman Key exchange Server key used for forward secrecy on the session key Supports public key certificates N/A Algorithms used: DSA, DH, SHA- 1, MD5, 3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR RSA, MD5, CRC-32, 3DES, IDEA, ARCFOUR, DES Periodic replacement of session keys N/A
  • 10.
    4/21/2023 10 Is SSHreally secure?  Secure shell does counter certain types of attacks such as:  Eavesdropping  Name service and IP spoofing  Connection hijacking  MITM  Insertion attack  However it fails against these attacks:  Password cracking  IP and TCP attacks  SYN flooding  TCP RST, bogus ICMP  TCP desynchronization and hijacking  Traffic analysis  Covert channels
  • 11.
    4/21/2023 11 Some knownvulnerabilities in SSH  OpenSSH Challenge-Response Authentication Buffer Overflow: A hostile modification to the SSH client floods the server with authentication responses and causes a buffer overflow. [SSH-2]  Passive analysis of SSH traffic: It lets the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions. [SSH-1 & SSH-2]  Key recovery in SSH protocol 1.5 : This vulnerability may lead to the compromise of the session key. Once the session key is determined, the attacker can proceed to decrypt the stored session using any implementation of the crypto algorithm used. This will reveal all information in an unencrypted form. [SSH-1]  CRC-32 integrity check vulnerability : It is based on the weakness of the CRC-32 integrity that becomes exploitable due to CBC and CFB feedback modes [SSH-1]
  • 12.
    4/21/2023 12 Case study: The ‘GOBBLES’ exploit  This exploits the weakness in the challenge-response authentication mechanism of OpenSSH.  SSH_MSG_USERAUTH_REQUEST, SSH_MSG_USERAUTH_INFO_REQUEST , SSH_MSG_USERAUTH_INFO_RESPONSE
  • 13.
    4/21/2023 13 Case study: The ‘GOBBLES’ exploit (contd.)  Instead of sending the requested number of responses, the client sends a large integer  The server allocates memory for these response strings
  • 14.
    4/21/2023 14 Case study: The ‘GOBBLES’ exploit (contd.)
  • 15.
    4/21/2023 15 Case study: The ‘GOBBLES’ exploit (contd.)
  • 16.
    4/21/2023 16 Case study: The ‘GOBBLES’ exploit (contd.)
  • 17.
    4/21/2023 17 Case study: The ‘GOBBLES’ exploit (contd.)
  • 18.
    4/21/2023 18 SSH tools There are several commercial and freeware SSH tools for UNIX and windows platforms  Windows –  PuTTY  TeraTerm  SecureCRT  UNIX –  The RedHat Linux package and OpenBSD come alongwith tools such as ssh, sshd(daemon), scp(secure copy), sftp(secure ftp), etc.  OpenSSH
  • 19.
    4/21/2023 19 Bibiliography [1] ‘Securingremote connections with SSH’ – a white paper by SSH communications Security corp. [2] Red Hat tutorials – Chapter 10 SSH : http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref- guide/ch-ssh.html [3] SSH tools - http://bach.dynet.com/sshtools/ [4] ’Firewalling a Secure Shell Service’ – a white paper http://www.esat.kuleuven.ac.be/~joclaess/pub/ceci2001.pdf [5] Cisco Security Advisory: Multiple SSH Vulnerabilities – http://www.cisco.com/warp/public/707/SSH-multiple- pub.html [6] SSH -The Secure Shell :The definitive guide Daniel Barrett & Richard E. Silvermann (O’Reilly publications) [7] ‘Analysis of a Secure Shell vulnerability’ - James M. Mike Anthis A white paper