Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Intro to SSH
1. Using Mongolian Throat Singing As
Entropy for Your SSH keys
@Punkrokk
Rochester Security Podcast @
www.syncurity.net
2. What SSH Does Do
Prevents
Eavsdropping
Name Service and IP Spoofing
Connection Hi-Jacking
MITM
3. What SSH Can’t Do
SSH Can not prevent:
Password Cracking
DOS based IP and TCP Attacks (Syn
Floods/TCP RST/TCP desynchronization
& hijacking
Traffic Analysis
Dumbasses
9. Building a SSH
Connection
• ssh -vv host.foo.net
• read config file (~/.ssh/ssh_config)
• Protocol version Selection (v2 should
be forced)
10. Building a SSH
Connection
• Key Exchange (2 way)
• KEXINIT - exchange and choose compatible
encryption suites (e.g. diffie-hellman-group2-
sha1)
• Outputs:
• K = shared secret
• H = Exchange Hash (becomes session ID)
• Perform Server Auth (comparing with hash
fingerprints of known hosts)
• Can be repeated after a period of T
12. Building a SSH
Connection
Key Exchange (Cont)
Important: All the preceding
negotiation is one way -- we could
have:
Client -> Server: ssh-rsa|aes128-cbc|
hmac-md5|none
Server -> Client: ssh-dsa|3des-cbc|
hmac-sha1|zlib
13. Key Exchange (Cont)
The actual Key Exchange
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.0.1.35' is known and matches the RSA host key.
debug1: Found key in /Users/jpbourget/.ssh/known_hosts:6
debug2: bits set: 501/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/jpbourget/.ssh/id_rsa (0x0)
debug2: key: /Users/jpbourget/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
14. Building a SSH
Connection
Key Exchange (Cont)
At this point we can send our
credentials one of these ways:
ssh-rsa, ssh-dsa
other servers (other than open-SSH)
support x509, spki-sign, pgp-sign
(rss & dsa options for all
password
15. Last SSH-AUTH
Comment
Mitigating MITM
Client Sends a RANDOM challenge
Server returns challenge signed with it’s host
key
Client verifies this sig w/the Server/Key binding
An attacker can’t spoof the random challenge, nor
force the server to return a challenge from a
different client = NO MITM or replay attacks
16. SSH-CONN
Now that we have the SSH-AUTH and SSH-TRANS
bits completed, we now have a SSH-CONN session
We can do alot with this:
port forwarding
shell redirection
X redirection
tunnelling
SCP/SFTP
Hack all the protocols!
17. now what?
Well
Doogie,
I have a
SSL
connection
18. Let’s Setup Some
Keys
Key Creation
Where do I put my keys?
List of places
Explanation
19. Let’s Setup Some
Keys
Paths to our Keys:
Backtrack - ~/.ssh/
Apple OS-X - /Users/
<username>/.ssh
Putty - in putty
20. Let’s Setup Some
Keys
Copying our key to the server
scp /Users/jpbourget/.ssh/id_rsa.pub
root@10.0.1.35:/root/.ssh/
authorized_keys
Make sure to check if
authorized_keys file exists - if so
append to it (>>)
21. SSH Key Conn
Acheivements Unlocked:
m/ Keys Created
m/ Keys Copied
--> Login With Key
32. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
33. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
34. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
35. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com
36. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com
Wait -- our openSSH server won’t start with Cipher
none --- BOO!
37. Tube View
my pcap
wait -- after the KEXINIT it’s all encrypted you say?
well according to ssh man pages you can:
On the server in /etc/ssh/sshd_config
Cipher none
ssh -vv -c none root@mr.t.com
Wait -- our openSSH server won’t start with Cipher
none --- BOO!
44. PENN STATE?
Yea -- if you go to: http://
www.psc.edu/networking/projects/hpn-
ssh/
They have a high performance ssh client
with capabilites for the “none cipher”
- mod to openSSH
IF YOU CAN’T GO TO COLLEGE GO TO STATE...
45. Credits
SSH: The Definitive Guide by Barrett,
Silverman & Byrnes
An Illustrated Guide to SSH Forwarding http://
unixwiz.net/techtips/ssh-agent-
forwarding.html#fwd
@mubix for Hack Fortress image
Mr T
46. Questions?
@punkrokk / http://www.syncurity.net
Look for writeups of Shmoocon Labs soon on my site
Link to this presentation: http://bit.ly/z5t9ai
Check out the Roc Sec Podcast: http://syncurity.net/?
page_id=450
Looking for Episode Ideas
Bike from Baltimore to Boston in August: www.cycleoverride.org
Defcon Bike Ride: http://bit.ly/z7P8cu