Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,



Similar documents
SSH Secure Shell. What is SSH?

Network Security Essentials Chapter 5

Chapter 7 Transport-Level Security

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Chapter 17. Transport-Level Security

Transport Level Security

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

VPN. VPN For BIPAC 741/743GE

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

IP Security. Ola Flygt Växjö University, Sweden

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Chapter 10. Network Security

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Communication Security for Applications

XFTP 5 User Guide. The Powerful SFTP/FTP File Transfer Program. NetSarang Computer Inc.

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

IPsec Details 1 / 43. IPsec Details

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Secure network protocols: how SSL/TLS, SSH, SFTP and FTPS work

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Tera Term Telnet. Introduction

IT Networks & Security CERT Luncheon Series: Cryptography

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Communication Systems SSL

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Network Security Part II: Standards

, ) I Transport Layer Security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Experian Secure Transport Service

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Client Server Registration Protocol

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Project: Simulated Encrypted File System (SEFS)

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Hash Functions. Integrity checks

EXAM questions for the course TTM Information Security May Part 1

Virtual Private Networks

Cryptography and Network Security Chapter 15

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

How To Industrial Networking

Chapter 4 Virtual Private Networking

Chapter 8 Virtual Private Networking

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Understanding the Cisco VPN Client

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

SBClient SSL. Ehab AbuShmais

Application Note: Onsight Device VPN Configuration V1.1

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Network Security. Lecture 3

Network Management Card Security Implementation

Security vulnerabilities in the Internet and possible solutions

Cryptographic Hash Functions Message Authentication Digital Signatures

Transport Layer Security Protocols

Topics in Network Security

Chapter 6 Electronic Mail Security

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure File Multi Transfer Protocol Design

SSL SSL VPN

DRAFT Standard Statement Encryption

Einführung in SSL mit Wireshark

WS_FTP Professional 12. Security Guide

Network FAX Driver. Operation Guide

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Centers for Medicare and Medicaid Services. Connect: Enterprise Secure Client (SFTP) Gentran. Internet Option Manual

File Transfer Protocol (FTP) & SSH

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

An Overview of the Secure Shell (SSH)

Authentication requirement Authentication function MAC Hash function Security of

Web Security Considerations

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Cisco Configuring Secure Shell (SSH) on Cisco IOS Router

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Dashlane Security Whitepaper

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

An Overview of Communication Manager Transport and Storage Encryption Algorithms

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Bit Chat: A Peer-to-Peer Instant Messenger

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6

Online Banking for Business Secure FTP with SSL (Secure Socket Layer) USER GUIDE

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

Security. Learning Objectives. This module will help you...

Transcription:

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main idea of SSH is to establish a common key between a client and a server using secure key exchange technique. The followed communications are then encrypted and authenticated. So the main idea is not very complicated. However, as a real application, we will see that many things need to be considered more careful in details. 1

SSH consists of three major components: The Transport Layer Protocol provides server authentication, confidentiality and integrity with perfect forward secrecy. The User Authentication Protocol authenticates the client to the server. The Connection Protocol multiplexes the encrypted tunnel into several logical channels. 2

SSH was described in Internet-Draft written by secsh group. Recently, SSH has been published as RFC 4251-4256 (January 2006). The Transport Layer Protocol can be described as follows. In SSH, the server listens for connections (on port 22). The client initiates a connection. When the connection has been established, both sides do the following. In what follows, C denote the client and S denote the server. Send an identification string to each other. The main contents of the string is the version of SSH and the version of software they used. An example is as follows. SSH-2.0-billsSSH 3.6.3q3<CR><LF> 3

In this example, the user uses protocol version 2.0 and a software billsssh 3.6.3q3. The identification string must be terminated by a single Carriage Return (CR) and a single Line Feed (LF) character (ASCII 13 and 10, respectively). Both side send out a KEXINIT packet. This packet includes: cookie (random bytes), list of algorithms supported by the machine such as key exchange algorithms, encryption algorithms, MAC algorithms, compression algorithms, languages. All the algorithms are listed in order of preference. This packet is used for each side to choose the same algorithm they will use later. The purpose of the cookie is to make it impossible for either side to fully determine the keys and the session identifier. 4

Run key exchange program. For example the following Diffie-Hellman key exchange can be used. 1. C generates a random number x, (1 < x < q) and sends the value e = α x mod p to S. 2. S generates a random value y, (0 < y < q) and computes f = α y mod p, K = e y = α xy mod p and H = hash(v C V S I C I S K S e f K), where V C, V S are the version strings for C and S respectively, I C (I S ) is the payload of C s (respectively S s) KEXINIT, K S is S s public key used to verify the signature. A payload means the useful contents of the packet. Then S computes the signature s on the message H and sends K S f s to C. 5

3. C checks K S from a local database or some trusted certification authority. C computes K = f x mod p and H = hash(v C V S I C I S K S e f K). Then C verifies the signature s. K is the session key. A session key should be re-changed after some time. It is recommended that the keys are changed after each gigbyte of transmitted data or after each hour of connection time, whichever comes sooner. 6

User Authentication protocol and connection protocol may start after the key exchange. C requests a service from S and S provides the service. In this stage, all the communications should be encrypted and authenticated. Either party sends out a disconnection message. In each step of the communication, if any party finds something wrong, then the connection will be broken. 7

All packets following the identification string use the following binary packet protocol. PKL PDL Payload Padding MAC The fields of the packet is as follows. The total size of the packet is 35, 000 bytes or less. PKL (32 bits): The length of the packet (in bytes), not including MAC and PKL field itself. PDL (8 bits): The Length of padding (in bytes). 8

Payload (n 1 bytes): The useful contents of the packet. If compression has been negotiated, this field is compressed. n 1 = PKL-PDL - 1. Padding (PDL bytes): Added random padding bytes, such that the total length of the packet is a multiple of the cipher block size or 8, whichever is larger. The length of the padding (PDL) is between 4 bytes to 255 bytes. MAC: If message authentication has been negotiated, this field contains the MAC bytes. Initially, the MAC algorithm is none. 9

The encryption method required in SSH is 3-DES (3 keys) of CBC mode. Other method recommended for SSH are AES-128, AES-192, AES-256. Optional encryption algorithms can be used in SSH such as: Blowfish, Twofish, Serpend, IDEA, CAST. The compression method currently defined is zlib. The message authentication used in SSH is HMAC. The hash function used is SHA-1, but the MD5 is still an option. So we first use HMAC to get the authenticated digest of a message m. Then the message m is encrypted by the decided encryption method. The actually transmitted data is the encrypted message together with the authenticated digest. The signature scheme used in SSH is DSS. 10

SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol. The service name for this protocol is ssh-userauth. Basically, the server sends authentication requests using the following format: SSH-MSG-USERAUTH-RQUEST (code 50) user name service name method name method specific fields. 11

The server should have a timeout for authentication, and disconnect if the authentication has not been accepted within the timeout period. If the authentication is successful, then the server sends out a response: SSH-MSG-USERAUTH-SUCCESS (code 52) Otherwise the server responds: SSH-MSG-USERAUTH-FAILURE (code 51) 12

There are three authentication methods used in SSH. One is the public key authentication method. In this method, the user uses a public key signature scheme to sign on a message that contains session identifier, user name, public key algorithm name, public key to be used for authentication etc. When the server receives this message, it checks whether the supplied key is acceptable for authentication, and if so, it then check whether the signature is correct. The second method is password authentication method. In this method, the user needs to transmit the password to server. Since this transmitted packet is on the transport layer, it is encrypted. In this case, both the server and the client should check whether the underlying transport layer provides confidentiality (i.e., if encryption is being used). 13

The third method is host-based authentication. This form of authentication is optional, since it is not suitable for high-security sites. It is similar to the UNIX rhosts and hosts.equiv styles of authentication, except that the identity of the client host is checked more rigorously. In this method, the client sends a public key signature with the key of the client host. The message signed contains session identifier, user name, public key algorithm for host key, public host key and certificates for client host, client host name, etc. The server verifies that the host key actually belongs to the client host name in the message, that the given user on that host is allowed to log in, and that the signature is a valid signature on the appropriate value by the given host key. If it is possible, the server performs additional checks to verify that the network address obtained from the network matches the given client name. 14

The SSH connection protocol has been designed to run on top of the SSH transport layer and user authentication protocols. It provides interactive login session, remote execution of commands, forward TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encryption tunnel. We will omit the details of this protocol, since the most security considerations are addressed in transport layer protocol and user authentication protocol. The design of protocols of SSH considered security, efficiency and flexibility. It is intended to be implemented at the application level. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information