SSH Background
SSH, secure shell, is a software based approach to network security.
All data sent and received using SSH is encrypted and later decrypted.
It has a client-server architecture, so you will need an ssh client on your local computer and an ssh on the remote computer (the computer you want to connect to).
“SSH” is not a true shell such as the unix bourne or C shell, it is not a command line interpreter, does not provide wildcard expansion and has no command history. It is simply end-to-end encryption between a local and remote computer.
SSH is a protocol, not a product. It is the rules guiding the secure communication over the network for:
- Authentication – proof of identity
- Encryption – scrambling data
- Integrity – detection of altered data
SSH can mean any one of the following:
- The Protocol – rules governing secure communication over a network
- The Product – the common product that uses the Protocol
- Client Programs – commands used to execute ssh related activities in the product
SSH: Demystifying Terms
- SSH – generic term for ssh protocols and products
- SSH-1 – SSH Protocol version 1
- SSH-2 – SSH protocol version 2
- SSH1 – Software implementing the SSH-1 protocol, the original SSH created by Tatu Ylonen.
- SSH2 – “SSH Secure Shell” a commercial SSH-2 implementation.
- ssh – A client program included in SSH1, SSH2 and other SSH products.
Using SSH:
Secure Remote Logins
ssh -l [username] [host]
eg. ssh -l king ssh.number1.co.za
Secure File Transfer
Traditional file transfer: ftp, rcp and email doesn’t provide a secure solution, a third party can intercept and read packets.
scp [filename] [account on other computer]
eg. scp myfile queen@number1.co.za
Secure remote Command Execution
ssh [machine] [command]
eg. ssh lemon /usr/ucb/w
Port Forwarding
Port forwarding or tunneling is the rerouting of traffic to pass through a particular connection. In this case TCP/IP to pass through a SSH connection.It can also be used to route traffic through firewalls that would normally prevent their use.
ssh -L [destination port]:[host]:[source port] [host]
eg. ssh -L 14256:localhost:80 dev.number1.co.za
The above means: ssh please connect from TCP 14256 on my local to TCP 80 on dev.number1.co.za…to view the development server securely.
Other Aspects of SSH:
Keys and Agents
Say you have multiple passwords for ssh logins, sometimes you type the password in the username field or you type a password into the wrong account. Everytime you type a password in, it’s vulnerability increases.
With SSH it is possible to identify yourself only once. Keys are a small blob of bits uniquely identifying a user. A key is kept encrypted, it may be used only after entering a secret passphrase to decrypt it.
Access Control
SSH can also allow you to give permission to another user to access a particular program on your account.
Related Securities:
rsh suite (R-commands)
rsh, rlogin and rcp. Works similarly to ssh but r-commands do not encrypt their connections and have weak easily subverted authentication. The server obtains the network address of the host and permits access only if the hostname exists in /etc/hosts. The server also checks the tcp port, if it is between 1 and 1023 – these port numbers can only be used by the root user.
The translation of network address to hostname is done with Sun’s NIS(Network Information Service) or DNS (Domain name Service), most NIS and DNS implementations have security holes tricking the server to have a specific hostname.
Also blind trust in TCP ports represent a serious security risk. A cracker who gains root access can simply run a tailored version of the rsh client and log in as any user.
If user databases on trusted hosts were always synchronised with the server, installation of privileged programs was monitored well and root privileges guarenteed to be held by trusted people then r commands could be secure. These assumptions don’t make sense in today’s internet.
PGP (Pretty Good Privacy)
File based encryption and authentication. One file or message at a time on a single computer, whereas ssh encrypts an ongoing session. nonetheless SSH uses some of the same encryption algorithms as PGP.
Kerberos
A secure authentication system for monitored networks where there is no central control. Kerberos authenticates with tickets, small sequences of bytes with limited lifespans, while user passwords remain secure on a central machine.
SSH is lightweight and easily deployed. Kerberos requires significant infrastructure, administrative accounts, a heavily secured central host and software for network wide clock synchronization. Kerberos ensures that the passwords travel as little as possible and are stored only on a central host. SSH sends passwords across the network on each login and stores keys on each host.
IPSec (Internet Protocol Security)
Authentication and encryption at the IP Level. A lower level of the network stack than SSH (SSH is on transport layer, IPSec is on network layer). It is transparent to the end user, they need not use SSH as their insecure network is automatically protected by the underlying system. IPSec connects a machine to an untrusted network or it can connect entire networks, this is the idea of the VPN (Virtual Private network).
IPSec requires additions to the host operating systems and routers on both sides, SSH provides user authentication IPSec deals with individual hosts.
However securing an existing insecure protocol (such as ftp) can be protected with IPSec.
IPSec can provide authentication with the Authentication header or both Authentication and Encryption with an Encapsulated Security Payload (ESP).
SRP (Secure Remote Passwords)
An authentication protocol. Whereas SSH is authentication, encryption, integrity and session management. Using SSH public-key authentication is difficult if you are travelling using other peoples machines. You will have to keep your private key with you, which is an inherent security threat.
Nonetheless with traditional password schemes the server maintains a sensitive database that must be protected in /etc/passwd and etc/shadow files. The design of srp avoids such a database and allows passwords to be less random and more memorable, since it prevents dictionary attacks. SRP avoids encryption algorithms in its operation , avoiding cryptographic export laws prohibiting certain encryption technologies being shared with foreign countries.
SSL (Secure Socket Layer)
An authentication and encryption technique providing security to TCP clientsby way of Berkeley sockets-style API. Developed by netscape to secure HTTP between web clients and servers, although nothing about it is specific to HTTP. It is named TLS (Transport Layer Security).
An SSL participant proves its identity by a digital certificate, crytographic data. A certificate indicates that a trusted third party has verified the binding between an identity and a given cryptographic key. Browsers automatically check the certificate provided by the web server ensuring that it is the server the user intended to contact. Certificate Authorities (CA’s) serve as the trusted third party.
SSL-Enhanced Telnet and FTP
Essentially making telnet, ssh. This is however not their intended purpose and were not written from ground up for this purpose.
STunnel
An SSL tool that adds SSL protection to existing TCP-based services in a unix environment such as POP or IMAP.
Firewalls
A firewall is a hardware or software device that prevents certain data from entering or exiting a network.
The source of the information is from : O’Reilly – SSH Secure Shell : The Definitive Guide