ssh and scp Eric McCreath

Similar documents
TELE 301 Network Management. Lecture 16: Remote Terminal Services

File Transfer Examples. Running commands on other computers and transferring files between computers

Secure access to the DESY network using SSH

Cryptography: RSA and Factoring; Digital Signatures; Ssh

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Connecting to Linux From Other Systems

Lukasz Pater CMMS Administrator and Developer

CS615 - Aspects of System Administration

Client Server Registration Protocol

SSH The Secure Shell

Secure Shell. The Protocol

How to Tunnel Remote Desktop Through SSH on a Windows Computer

Tera Term Telnet. Introduction

Lab 2.5.2a Configure SSH

OpenSSH: Secure Shell

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

F-Secure SSH. for Windows. User s Guide

Security Policy Revision Date: 23 April 2009

F-Secure. Securing the Mobile Distributed Enterprise. F-Secure SSH User's and Administrator's Guide

10/23/12. Fundamentals of Linux Platform Security. Linux Platform Security. Roadmap. Security Training Course. Module 9 Application Security

Securing Ship-to-Shore Data Flow

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Securing Windows Remote Desktop with CopSSH

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

SSH with private/public key authentication

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

OPC UA vs OPC Classic

An Overview of the Secure Shell (SSH)

SSH and FTP on Ubuntu WNYLUG Neal Chapman 09/09/2009

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Configuring SSH and Telnet

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

Experimental Techniques 8

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

TELNET CLIENT 5.11 SSH SUPPORT

CS 494/594 Computer and Network Security

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Exam Questions SY0-401

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

CSCE 465 Computer & Network Security

File Transfer Protocol (FTP) & SSH

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

Tunnels and Redirectors

Security Configuration Guide P/N Rev A05

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

F-SECURE MESSAGING SECURITY GATEWAY

SSH! Keep it secret. Keep it safe

Tighter SSH Security with Two-Factor

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

Securing Windows Remote Desktop with CopSSH

Computer Security: Principles and Practice

Securing Data on Microsoft SQL Server 2012

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

NAS 224 Remote Access Manual Configuration

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Computer Networks. Secure Systems

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

File transfer clients manual File Delivery Services

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

MS-55096: Securing Data on Microsoft SQL Server 2012

Using etoken for SSL Web Authentication. SSL V3.0 Overview

SoftNAS Application Guide: In-Flight Encryption 12/7/2015 SOFTNAS LLC

Defeating Firewalls : Sneaking Into Office Computers From Home

Secure File Transfer Using USB

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network Security. HIT Shimrit Tzur-David

Chapter 7 Transport-Level Security

Know your tools SSH. Dariusz Puchalak Dariusz_Puchalak < at > ProbosIT.pl

SCP - Strategic Infrastructure Security

How to gain direct access to SQL Server at Garching via SSH

SSH Secure Shell for Workstations Windows Client version User Manual

Chapter 7: Network security

Q: Why security protocols?

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Lab Configure Basic AP Security through IOS CLI

Public Key Cryptography and RSA. Review: Number Theory Basics

Modeling and verification of security protocols

How To Secure A Computer System From A Hacker

There are many different ways in which we can connect to a remote machine over the Internet. These include (but are not limited to):

How To Use Amazon Cloud 2 On Linux And Windows 2 On A Pc Or Mac Or Ipad (For Pc) On A Microsoft Mac Or Macbook Or Ipa (For Mac) On An Ubuntu Or Ipro (For Windows

Firewall Piercing. Alon Altman Haifa Linux Club

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

Windows Remote Access

Strong Encryption for Public Key Management through SSL

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

MySQL Security: Best Practices

RemotelyAnywhere. Security Considerations

A Comparative Study of Security Features in FreeBSD and OpenBSD

Security Protocols: SSH. Michael E. Locasto University of Calgary

Network Security Protocols

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Contents. This document contains the following sections:

CS Computer Security Third topic: Crypto Support Sys

Chapter 17. Transport-Level Security

Transcription:

ssh and scp Eric McCreath

2 ssh "ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel. ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods depending on the protocol version used" - from the ssh manual (man page)

3 Authentication ssh uses a client server model. The server on the remote machine you wish to log into listens on port 22 for clients to connect. When the client connects with the server a secret session key is agreed by both parties. This session key is used for encrypting communication between the client and the server. This session key is never passed between the client and server. Rather, a Diffie-Hellman approach is used. ssh can use a number of authentication approaches. The main ones are: password based authentication (assuming the remote machine permits this), public key authentication.

4 Symetric Key Cryptography In symmetric key cryptography the same key is used for encryption and decryption of a message. Common symetric key approaches are: DES, 3DES, AES, and TwoFish. Alice Bob

Diffie-Hellman-Merkle key Exchange Scheme 5 The problem with symmetric key cryptography is "How do you share keys over an unsecured channel?" In about 1976 Diffie, Hellman and Merkle came up with what is known as the Diffie-Hellman-Merkle key exchange scheme. Alice???? Bob Eve

Diffie-Hellman-Merkle key Exchange Scheme 6 Alice Alice thinks up a random number, say 4. This is not shared. Both Alice and Bob know the number 5 and 7 (we can assume Eve may also know them) Bob Bob also thinks up a random number, say 3. This is not shared. 5^4 (mod 7) =2 5^3 (mod 7) = 6 2 6 6^4 (mod 7) = 1 2^3 (mod 7) = 1 So both Alice and Bob share the same key, namely 1. Even if Eve sees 5,7,2, and 6, because "a^x (mod b)" is easy to calculate but hard to invert it is difficult for Eve to work out the shared key.

Asymetric Key Cryptography In asymmetric key cryptography two keys are used. encryption and a different one for decryption. One for Alice Bob In 1973 Diffie came up with this great idea of using two different keys. In 1977 Rivest, Shamir and Adleman worked out a way of implementing it (RSA). 7

8 password authentication password ssh sshd client password server PAM Strengths: simple - you don't need to store or maintain keys so you can log in from different clients, generally people will have a password on a unix based system when they obtain an account. Weaknesses: people forget their passwords people use the same password for different systems passwords can be guessed

9 Public Key Authentication ssh_keygen private key public key passphrase ~/.ssh/authorized_keys ssh encrypted private key sshd passphrase private key public key remote login client server

10 Public Key Authentication Public Key Authentication provides you with 2 factors. Namely, something you know, the passphrase, and something you have, the encrypted private key. This approach, combined with an authentication agent, such as ssh-agent, provides one with a convenient and secure way of accessing a remote machine. Weaknesses of this approach include: the server can not check that strong passphrases are used (or even if a passphrases is used at all!) if someone is able to alter the authorized_keys file then they could include an extra key which may not be detected.

11 authorized_keys The ~/.ssh/authorized_keys file holds a list of public keys that are authorized for logging in as the user. Lines starting with "#" are ignored, and can be used for comments. Each line in the file has: options [which are optional], key type, encoded public key, and a comment. Options are comma separated without spaces and can be used to control and constrain what the user can assess with that particular key. Two useful options include: command="command" which specifies the command to be used when this key is used, from="pattern-list" which only permits authentication from particular host name or IP address. see: 'man sshd' for the details of the format and options.

12 ssh_config The ssh "-i" option enables you to select a specific private key to use. Note the default is ~/.ssh/id_rsa or ~/.ssh/id_dsa. Also a configuration file may be used to control which private key to use for which server.

13 scp and rsync The scp command uses ssh to provide a secure remote file copy program. The command line option works in a similar way to the normal cp command however you man also specify a remote user and host. e.g. To copy a file to my RSCS account I could: $ scp file.txt u1234567@partch.anu.edu.au: rsync is a fast and versatile tool for copying files and directories. It is designed to reduce the amount of data sent over the Internet by only sending the files that are different. It may use ssh as the remote-shell program for the transport. It was originally developed by our own Andrew Tridgell and Paul Mackerras.

14 Port Forwarding ssh enables you to forward ports between a client machine and a remote server. This enables you to obtain a secure connection for what may be an insecure service. It also enables you to access resources that sit behind a firewall. For e.g. Say I run a web server at home for sharing files between my various devices. It sits behind a firewall so it is not exposed to the internet. However, I do permit ssh (port 22) access from external machines to my home server. If I wanted to access my home web server from work, I could create a tunnel using ssh with: % ssh -L 5432:localhost:80 myname@myhomecomputeripaddress X11 forwarding can be done (if the server permits) using ssh.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information