SSH / SSL - School of Computing and Engineering
Download
Report
Transcript SSH / SSL - School of Computing and Engineering
SSH / SSL
Supplementary material
cs490ns-cotter
1
Secure Shell (SSH)
• One of the primary goals of the
ARPANET was remote access
• Several different connections allowed
– rlogin
– rcp
– rsh
• All data was unencrypted
– This was a different world than exists
today.
cs490ns-cotter
2
SSH
• SSH is a UNIX-based command interface
and protocol for securely accessing a
remote computer
• Suite of four utilities—slogin, ssh, sftp, and
scp
• Can protect against:
– IP spoofing
– DNS spoofing
– Intercepting information
cs490ns-cotter
3
SSH Objectives
• Protect data sent over the network
– Negotiate an encryption algorithm between
sender and receiver
– Use that algorithm and a session key to
encrypt / decrypt data sent
• Provide site authentication
– Use public key / fingerprint to ensure identity
of remote host.
– Relies on locally generated keys, so no
certifying authority is generally available.
cs490ns-cotter
4
SSH Graphical Client
cs490ns-cotter
5
SSH Command Line Client (Linux)
cs490ns-cotter
6
SSH Communications
Using password
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname,pwd)
OK
S_key(data)
cs490ns-cotter
7
SSH Wire Shark Trace
cs490ns-cotter
8
SSH Communications
Using Public Key
• Problems with Password Authentication
–
–
–
–
Passwords can be guessed.
Default allows multiple attempts against account
Only 1 account / password needs to be guessed
Alternate approach is to use public / private keys to authenticate
user
• Public Key Authentication
–
–
–
–
Create public / private keypair
Ensure that private
Upload public key to server user account: ~.ssh/authorized_keys
ssh –o PreferredAuthentications=publickey server.example.org
SSH Communications
Using Public Key
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname)
Client_Pub_key(Random)
Client_Pri_key(msg)
Hash(Random)
OK
S_key(data)
cs490ns-cotter
sFTP in Linux
cs490ns-cotter
11
SFTP
cs490ns-cotter
12
SFTP
cs490ns-cotter
13
SSH Tunneling
• Use SSH to create an encrypted channel
between remote host and server
• Use that encrypted channel to carry other
traffic.
www
access
LAN
Internet
Web Server
192.168.1.10
Local port
12345
cs490ns-cotter
SSH
Tunnel
14
SSH Tunneling
ssh –L 12345:192.168.1.10:80 –l root homenet.net
SSH Tunneling
cs490ns-cotter
16
Secure Copy (scp)
• Allows encrypted transfer of files between
machines
• Download files from server:
– scp [email protected]:myfile1.txt myfile1.txt
– [email protected]’s password: xxxxx
• Upload files to server
– Scp myfile.txt [email protected]:myfile.txt
– [email protected]’s password: xxxxx
cs490ns-cotter
17
SSH Passwordless Login
• On remote client:
– Create key pair. Store in .ssh subdirectory
• On ssh server:
– Modify sshd_config to allow shosts based
authentication
– Create .shosts file in user’s subdirectory
– Copy public key from remote client to .ssh
subdirectory/authorized_keys
cs490ns-cotter
18
SSH Passwordless Login
SSH Client
SSH Server
SSH2?
SSH2
Diffie-Helman, etc?
Diffie-Helman
Send Serv_Pub_Key
Serv_Pub_key(S_key)
OK
S_key(Uname)
Client_Pub_key(Random)
Client_Pri_key(msg)
Hash(Random)
OK
S_key(data)
cs490ns-cotter
19
SecureSockets Layer (SSL)
Transport Layer Security (TLS)
• Originally developed by Netscape to support
encrypted access to web servers.
• SSL v3 released 1996.
• Served as the basis for IETF standard TLS
(1999)
• Used by major financial institutions for secure
commerce over the Internet
• Early problem with weak keys resolved with
longer (128-bit) keys
cs490ns-cotter
20
SSL / TLS
Application (www)
SSL / TLS
TCP
IP
cs490ns-cotter
21
SSL/TLS Handshake
SSL Client
SSL Server
Client hello
Ciphers I have
Server Hello
Cipher I choose
Server certificate
(S_Pub)
S_Pub(Session_key)
OK
Session_key(data)
OK
cs490ns-cotter
22
SSL/TLS Security
• Depends on integrity of public key
certificate
• Public Key Infrastructure (PKI)
– Components necessary to securely distribute
public keys
– Certificate Authorities: Organizations that
certify the relationship between a public key
and its owner.
– Verisign,Thawte
cs490ns-cotter
23
SSL/TLS Implementations
•
•
•
•
SSL v2 – Still in use
SSL v3 – Most widely deployed
TLS v1 – Starting Deployment
OpenSSL – Linux/UNIX toolkit that supports all
3 protocols listed above.
• Private Communication Technology (PCT)
– Developed by Microsoft
– Compatible with SSL v2
• Versions are not completely compatible
cs490ns-cotter
24
SSL/TLS Vulnerability
• SSL/TLS supports the concept of session renegotiation
due to errors, requests, etc.
• This feature assumes that the renegotiation is with the
original party, and any requests or messages transmitted
before the renegotiation are combined (pre-pended) with
the requests after renegotiation
• This behavior can be abused to allow man-in-the-middle
attacks
• Demonstrated with https, but the vulnerability exists with
any application that uses SSL/TLS
SSL/TLS Vulnerability
Client
MITM
Server
TLS handshake session #1
TLS handshake session #2
Trigger renegotiation
GET /ebanking/paymemoney.cgi?
Acc=LU00000000?amount=1000
Ignore-what-comes-now;
X
TLS handshake session #1 continued
within the encrypted session #2
Client has authenticated session
At app layer (with cookie)
GET /ebanking/
Cookie: AS2398648756083745
Server receives:
GET /ebanking/paymemoney.cgi?
Acc=LU00000000?amount=1000
Ignore-what-comes-now;
GET /ebanking/
Cookie: AS2398648756083745
References
• SSH
–
–
–
–
SSH Tutorial (http://www.suso.org/docs/shell/ssh.sdf)
www.openssh.org
UNIX Secure Shell – Carasik – McGraw-Hill, 1999
SSH Agent Forwarding
(unixwiz.net/techtips/ssh-agent-forwarding.html)
• SSL
– www.openSSL.org
– RFCs – 2246, 3546
– SSL Authentication Gap (SSL Gap)
(http://www.phonefactor.com/sslgap )
– TLS/SSL renegotiation vulnerability explained
(http://www.g-sec.lu/practicaltls.pdf )
cs490ns-cotter
27
SSH RFCs
•
4250 The Secure Shell (SSH) Protocol Assigned Numbers.
–
–
•
4251 The Secure Shell (SSH) Protocol Architecture.
–
–
•
TXT=24728 bytes)
M. Bellare, T. Kohno, C. Namprempre. January 2006. (Format: TXT=27521
(Status: PROPOSED STANDARD)
M. Friedl, N. Provos, W. Simpson. March
(Status: PROPOSED STANDARD)
2006. (Format: TXT=18356 bytes)
4716 The Secure Shell (SSH) Public Key File Format
–
–
•
F. Cusack, M. Forssen. January 2006. (Format:
(Status: PROPOSED STANDARD)
bytes)
4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol.
–
–
•
TXT=18399 bytes)
4344 The Secure Shell (SSH) Transport Layer Encryption Modes.
–
–
•
J. Schlyter, W. Griffin. January 2006. (Format:
(Status: PROPOSED STANDARD)
4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH).
–
–
•
T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=50338 bytes)
(Status: PROPOSED STANDARD)
4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints.
–
–
•
T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=68263 bytes)
(Status: PROPOSED STANDARD)
4254 The Secure Shell (SSH) Connection Protocol.
–
–
•
T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=34268 bytes)
(Status: PROPOSED STANDARD)
4253 The Secure Shell (SSH) Transport Layer Protocol.
–
–
•
T. Ylonen, C. Lonvick, Ed.. January 2006. (Format: TXT=71750 bytes)
(Status: PROPOSED STANDARD)
4252 The Secure Shell (SSH) Authentication Protocol.
–
–
•
S. Lehtinen, C. Lonvick, Ed.. January 2006. (Format: TXT=44010 bytes)
(Status: PROPOSED STANDARD)
. J. Galbraith, R. Thayer. November 2006. (Format: TXT=18395 bytes)
(Status: INFORMATIONAL)
4819 Secure Shell Public Key Subsystem.
–
–
J. Galbraith, J. Van Dyke, J. Bright. March 2007. (Format: TXT=32794 bytes)
(Status: PROPOSED STANDARD)
Summary
• SSH
–
–
–
–
Supports secure remote access to hosts
SSH – secure shell
SCP – secure copy
SFTP – secure file transfer
• SSL
– Provides a framework for incorporating secure
communications into applications
– Uses strong cryptography
– Can rely on PKI for reliable sharing of public keys
cs490ns-cotter
29