SlideShare ist ein Scribd-Unternehmen logo

Intro to SSH

Als KEY, PDF herunterladen
JP Bourget
JP Bourget

Rochester 2600

TechnologieBildung
1 von 46
Using Mongolian Throat Singing As Entropy for Your SSH keys @Punkrokk Rochester Security Podcast @ www.syncurity.net
What SSH Does Do Prevents Eavsdropping Name Service and IP Spoofing Connection Hi-Jacking MITM
What SSH Can’t Do SSH Can not prevent: Password Cracking DOS based IP and TCP Attacks (Syn Floods/TCP RST/TCP desynchronization & hijacking Traffic Analysis Dumbasses
SSH System Architecture Source: SSH, The Secure Shell, The Definitive Guide
What is CORE SSH? SSH-TRANS SSH-AUTH SSH-CONN
SSH-2 Protocol Family Source: SSH, The Secure Shell, The Definitive Guide
SSH-TRANS SSH Transport Protocol session ID Server auth* privacy and integrity* data compression* session key exchange* *Negotiable
SSH-AUTH public key host based password Others: gssapi, external keyx...
Building a SSH Connection • ssh -vv host.foo.net • read config file (~/.ssh/ssh_config) • Protocol version Selection (v2 should be forced)
Building a SSH Connection • Key Exchange (2 way) • KEXINIT - exchange and choose compatible encryption suites (e.g. diffie-hellman-group2- sha1) • Outputs: • K = shared secret • H = Exchange Hash (becomes session ID) • Perform Server Auth (comparing with hash fingerprints of known hosts) • Can be repeated after a period of T
Building a SSH Connection Key Exchange (Cont) Choose SSH host Key types (ssh-rsa, ssh- dsa, null (for Kerberos)) Choose Data Encryption Ciphers (none, aes-128-cbc, 3des-cbc...) *extendable for private Ciphers Choose Integrity Algorithms (hmac-md5, hmac-sha1...) * Prevents replay attacks Choose Compression (None, zlib...)
Building a SSH Connection Key Exchange (Cont) Important: All the preceding negotiation is one way -- we could have: Client -> Server: ssh-rsa|aes128-cbc| hmac-md5|none Server -> Client: ssh-dsa|3des-cbc| hmac-sha1|zlib
Key Exchange (Cont) The actual Key Exchange debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 520/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.0.1.35' is known and matches the RSA host key. debug1: Found key in /Users/jpbourget/.ssh/known_hosts:6 debug2: bits set: 501/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/jpbourget/.ssh/id_rsa (0x0) debug2: key: /Users/jpbourget/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,password
Building a SSH Connection Key Exchange (Cont) At this point we can send our credentials one of these ways: ssh-rsa, ssh-dsa other servers (other than open-SSH) support x509, spki-sign, pgp-sign (rss & dsa options for all password
Last SSH-AUTH Comment Mitigating MITM Client Sends a RANDOM challenge Server returns challenge signed with it’s host key Client verifies this sig w/the Server/Key binding An attacker can’t spoof the random challenge, nor force the server to return a challenge from a different client = NO MITM or replay attacks
SSH-CONN Now that we have the SSH-AUTH and SSH-TRANS bits completed, we now have a SSH-CONN session We can do alot with this: port forwarding shell redirection X redirection tunnelling SCP/SFTP Hack all the protocols!
now what? Well Doogie, I have a SSL connection
Let’s Setup Some Keys Key Creation Where do I put my keys? List of places Explanation
Let’s Setup Some Keys Paths to our Keys: Backtrack - ~/.ssh/ Apple OS-X - /Users/ <username>/.ssh Putty - in putty
Let’s Setup Some Keys Copying our key to the server scp /Users/jpbourget/.ssh/id_rsa.pub root@10.0.1.35:/root/.ssh/ authorized_keys Make sure to check if authorized_keys file exists - if so append to it (>>)
SSH Key Conn Acheivements Unlocked: m/ Keys Created m/ Keys Copied --> Login With Key
Public Key Login ssh-keygen
Public Key Login copy our key ssh -vv root@host
Other ssh-tools
Other ssh-tools ssh-agent
Other ssh-tools ssh-agent ssh-keyscan
Other ssh-tools ssh-agent ssh-keyscan putty
Other ssh-tools ssh-agent ssh-keyscan putty
Tube View
Tube View my pcap
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say?
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can:
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com Wait -- our openSSH server won’t start with Cipher none --- BOO!
Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com Wait -- our openSSH server won’t start with Cipher none --- BOO!
Who do you think has a workaround?
Who do you think has a workaround?
Who do you think has a workaround?
PENN STATE?
PENN STATE?
PENN STATE?
PENN STATE? Yea -- if you go to: http:// www.psc.edu/networking/projects/hpn- ssh/ They have a high performance ssh client with capabilites for the “none cipher” - mod to openSSH IF YOU CAN’T GO TO COLLEGE GO TO STATE...
Credits SSH: The Definitive Guide by Barrett, Silverman & Byrnes An Illustrated Guide to SSH Forwarding http:// unixwiz.net/techtips/ssh-agent- forwarding.html#fwd @mubix for Hack Fortress image Mr T
Questions? @punkrokk / http://www.syncurity.net Look for writeups of Shmoocon Labs soon on my site Link to this presentation: http://bit.ly/z5t9ai Check out the Roc Sec Podcast: http://syncurity.net/? page_id=450 Looking for Episode Ideas Bike from Baltimore to Boston in August: www.cycleoverride.org Defcon Bike Ride: http://bit.ly/z7P8cu

Empfohlen

Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Ssh
SshSsh
SshRaghu nath
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 

Empfohlen

Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Ssh
SshSsh
SshRaghu nath
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Ssh
SshSsh
Sshgh02
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH
SSHSSH
SSHZach Dennis
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricksAssem CHELLI
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadooparunkumar sadhasivam
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesRafael Luque Leiva
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAIMUSTAFA SAKHAI
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
Presentacion siklicos pro
Presentacion siklicos proPresentacion siklicos pro
Presentacion siklicos proEXCEL PRO
 
El servidor ssh (cap32)
El servidor ssh (cap32)El servidor ssh (cap32)
El servidor ssh (cap32)D'alejo Rave
 
Criptoy sr son06
Criptoy sr son06Criptoy sr son06
Criptoy sr son06Comdat4
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ssh
SshSsh
Sshgh02
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAIMUSTAFA SAKHAI
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 

Was ist angesagt? (19)

Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Ssh
SshSsh
Ssh
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
SSH
SSHSSH
SSH
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer ssl
 

Andere mochten auch

Presentacion siklicos pro
Presentacion siklicos proPresentacion siklicos pro
Presentacion siklicos proEXCEL PRO
 
El servidor ssh (cap32)
El servidor ssh (cap32)El servidor ssh (cap32)
El servidor ssh (cap32)D'alejo Rave
 
Criptoy sr son06
Criptoy sr son06Criptoy sr son06
Criptoy sr son06Comdat4
 
Protocolo SSL, TLS Y SSH
Protocolo SSL, TLS Y SSHProtocolo SSL, TLS Y SSH
Protocolo SSL, TLS Y SSHAbner Torres
 
How to monitor MongoDB
How to monitor MongoDBHow to monitor MongoDB
How to monitor MongoDBServer Density
 

Andere mochten auch (6)

Presentacion siklicos pro
Presentacion siklicos proPresentacion siklicos pro
Presentacion siklicos pro
 
El servidor ssh (cap32)
El servidor ssh (cap32)El servidor ssh (cap32)
El servidor ssh (cap32)
 
Criptoy sr son06
Criptoy sr son06Criptoy sr son06
Criptoy sr son06
 
Protocolo SSL, TLS Y SSH
Protocolo SSL, TLS Y SSHProtocolo SSL, TLS Y SSH
Protocolo SSL, TLS Y SSH
 
How to monitor MongoDB
How to monitor MongoDBHow to monitor MongoDB
How to monitor MongoDB
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 

Ähnlich wie Intro to SSH

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Bob Novas
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowNovell
 

Ähnlich wie Intro to SSH (20)

SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Ssh and sshfp dns records v04
Ssh and sshfp dns records v04Ssh and sshfp dns records v04
Ssh and sshfp dns records v04
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IO
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
Rhel5
Rhel5Rhel5
Rhel5
 

Kürzlich hochgeladen

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Kürzlich hochgeladen (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Intro to SSH

  • 1. Using Mongolian Throat Singing As Entropy for Your SSH keys @Punkrokk Rochester Security Podcast @ www.syncurity.net
  • 2. What SSH Does Do Prevents Eavsdropping Name Service and IP Spoofing Connection Hi-Jacking MITM
  • 3. What SSH Can’t Do SSH Can not prevent: Password Cracking DOS based IP and TCP Attacks (Syn Floods/TCP RST/TCP desynchronization & hijacking Traffic Analysis Dumbasses
  • 4. SSH System Architecture Source: SSH, The Secure Shell, The Definitive Guide
  • 5. What is CORE SSH? SSH-TRANS SSH-AUTH SSH-CONN
  • 6. SSH-2 Protocol Family Source: SSH, The Secure Shell, The Definitive Guide
  • 7. SSH-TRANS SSH Transport Protocol session ID Server auth* privacy and integrity* data compression* session key exchange* *Negotiable
  • 9. Building a SSH Connection • ssh -vv host.foo.net • read config file (~/.ssh/ssh_config) • Protocol version Selection (v2 should be forced)
  • 10. Building a SSH Connection • Key Exchange (2 way) • KEXINIT - exchange and choose compatible encryption suites (e.g. diffie-hellman-group2- sha1) • Outputs: • K = shared secret • H = Exchange Hash (becomes session ID) • Perform Server Auth (comparing with hash fingerprints of known hosts) • Can be repeated after a period of T
  • 11. Building a SSH Connection Key Exchange (Cont) Choose SSH host Key types (ssh-rsa, ssh- dsa, null (for Kerberos)) Choose Data Encryption Ciphers (none, aes-128-cbc, 3des-cbc...) *extendable for private Ciphers Choose Integrity Algorithms (hmac-md5, hmac-sha1...) * Prevents replay attacks Choose Compression (None, zlib...)
  • 12. Building a SSH Connection Key Exchange (Cont) Important: All the preceding negotiation is one way -- we could have: Client -> Server: ssh-rsa|aes128-cbc| hmac-md5|none Server -> Client: ssh-dsa|3des-cbc| hmac-sha1|zlib
  • 13. Key Exchange (Cont) The actual Key Exchange debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 520/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.0.1.35' is known and matches the RSA host key. debug1: Found key in /Users/jpbourget/.ssh/known_hosts:6 debug2: bits set: 501/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/jpbourget/.ssh/id_rsa (0x0) debug2: key: /Users/jpbourget/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,password
  • 14. Building a SSH Connection Key Exchange (Cont) At this point we can send our credentials one of these ways: ssh-rsa, ssh-dsa other servers (other than open-SSH) support x509, spki-sign, pgp-sign (rss & dsa options for all password
  • 15. Last SSH-AUTH Comment Mitigating MITM Client Sends a RANDOM challenge Server returns challenge signed with it’s host key Client verifies this sig w/the Server/Key binding An attacker can’t spoof the random challenge, nor force the server to return a challenge from a different client = NO MITM or replay attacks
  • 16. SSH-CONN Now that we have the SSH-AUTH and SSH-TRANS bits completed, we now have a SSH-CONN session We can do alot with this: port forwarding shell redirection X redirection tunnelling SCP/SFTP Hack all the protocols!
  • 17. now what? Well Doogie, I have a SSL connection
  • 18. Let’s Setup Some Keys Key Creation Where do I put my keys? List of places Explanation
  • 19. Let’s Setup Some Keys Paths to our Keys: Backtrack - ~/.ssh/ Apple OS-X - /Users/ <username>/.ssh Putty - in putty
  • 20. Let’s Setup Some Keys Copying our key to the server scp /Users/jpbourget/.ssh/id_rsa.pub root@10.0.1.35:/root/.ssh/ authorized_keys Make sure to check if authorized_keys file exists - if so append to it (>>)
  • 21. SSH Key Conn Acheivements Unlocked: m/ Keys Created m/ Keys Copied --> Login With Key
  • 23. Public Key Login copy our key ssh -vv root@host
  • 31. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say?
  • 32. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can:
  • 33. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config
  • 34. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none
  • 35. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com
  • 36. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com Wait -- our openSSH server won’t start with Cipher none --- BOO!
  • 37. Tube View my pcap wait -- after the KEXINIT it’s all encrypted you say? well according to ssh man pages you can: On the server in /etc/ssh/sshd_config Cipher none ssh -vv -c none root@mr.t.com Wait -- our openSSH server won’t start with Cipher none --- BOO!
  • 38. Who do you think has a workaround?
  • 39. Who do you think has a workaround?
  • 40. Who do you think has a workaround?
  • 44. PENN STATE? Yea -- if you go to: http:// www.psc.edu/networking/projects/hpn- ssh/ They have a high performance ssh client with capabilites for the “none cipher” - mod to openSSH IF YOU CAN’T GO TO COLLEGE GO TO STATE...
  • 45. Credits SSH: The Definitive Guide by Barrett, Silverman & Byrnes An Illustrated Guide to SSH Forwarding http:// unixwiz.net/techtips/ssh-agent- forwarding.html#fwd @mubix for Hack Fortress image Mr T
  • 46. Questions? @punkrokk / http://www.syncurity.net Look for writeups of Shmoocon Labs soon on my site Link to this presentation: http://bit.ly/z5t9ai Check out the Roc Sec Podcast: http://syncurity.net/? page_id=450 Looking for Episode Ideas Bike from Baltimore to Boston in August: www.cycleoverride.org Defcon Bike Ride: http://bit.ly/z7P8cu

Hinweis der Redaktion

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n