SlideShare ist ein Scribd-Unternehmen logo

Secure shell(ssh) AND telnet AND CONSOLE

A
AmiraMohamedGalal

The document discusses secure shell (SSH) and methods for remotely accessing network devices. It explains that SSH uses encryption to securely connect to devices, protecting usernames, passwords, and data from being sent in plaintext like telnet. It provides details on how SSH implements encryption using asymmetric and symmetric encryption algorithms like RSA to encrypt the session key exchange and AES for data transmission. Configuration steps are also provided to set up and enable SSH access on network devices.

Technologie
1 von 15
Downloaden Sie, um offline zu lesen
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Ok! Secure Shell (SSH) I have to go; I will connect with you by SSH.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Methods to Access CLI Physical access (Out-of-band) console Remote access(in-band) Telnet SSH Access methods: write commands to tell that device what to do. ✓ Configure or manage ✓ Run or stop service ✓ Create folders ✓ Delete files …. plaintext encrypted
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 methods to access the operating system (OS) of network devices 1.console method: • When performing an initial configuration • when the networking services have failed and remote access. Console cable terminal emulation software • Terminal emulation software is connected to the console port of the device using a special cable. Configuration commands for setting up the switch or router can be entered on the connected computer. ✓ Putty ✓ SecureCRT
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Second Method to access the operating system (OS) of network devices 2. Telnet (remote access) Telnet 10.89.238.82 Username: ? Password: ? Username: admin Password: cisco1234 Plaintext, Nice 1.I access the server by. telnet 2.who? Please send me authentication 3. Hi admin, I’m ready to receive your commands Telnet is a type of client-server protocol that can be used to open a command line on a remote computer. Telnet is not a secure protocol and is unencrypted. By monitoring a user's connection, anyone can access a person's username, password and other private information that is typed over the Telnet session in plaintext.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Network #ip address 10.89.238.82 255.0.0.0 // set IP address #line vty 0 2 // 3 logical sessions at the same time #login local // local database #exit #username admin privilege 15 secret admin@123 The configuration that exists on the server username: admin Password: DV# D How to enable telnet on the server and connect it remotely.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Method to access the operating system (OS) of network devices 3. Secure Shell (SSH) What is shell? Shell is a program that takes commands from the user and gives them to the operating system to execute these commands. (Interface between user and OS) What is secure shell (SSH)? SSH is a protocol uses encryption to secure the connection between a user and a server when the user connects to the server remotely. All user authentication, commands, output, and file transfers are encrypted by SSH. Okay, what do you mean, encryption? Encryption is changing a message to hide it.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Encryption: changing a message to hide it. Fg Fg Hi Hi Encryption algorithm Encryption algorithm Encryption in the sender side Decryption in the receiver side Cipher text Plaintext Cipher text Plaintext network Fg?!
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Nice, how does SSH encrypt connection? SSH used two encryptions algorithm 1-asymmetric algorithm 2-symmetric algorithm Two, why?! Asymmetric algorithm: for session key exchange symmetric algorithm: for data exchange. what is the difference between asymmetric and symmetric algorithm? asymmetric algorithm: uses two different keys one to encrypt and another to decrypt symmetric algorithm: uses the same key for encryption and decryption
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Types of encryption algorithms symmetric encryption ✓ used the same key for encryption and decryption. ✓ it’s useful for encrypting databases and files. asymmetric encryption basic type of symmetric encryption known as the Caesar cipher. Example Plaintext: Good morning Private key: shift 9 Encryption G P O X D m Cipher text: pxxm vxawrwp Shift 9 Decryption Cipher text: pxxm vxawrwp Private key: shift -9 P G X O M D Plaintext: Good morning Symmetric Encryption Algorithms • Data Encryption Standard (DES) (64-bit, 128-bit and 192-bit keys). • Triple Data Encryption Standard (TDEA/3DES) • Advanced Encryption Standard (AES) (128-bit, 192-bit and 256 bits). uses mathematically linked public- and private-key pairs to encrypt and decrypt senders’ and recipients’ sensitive data. Public key: is shared by all Private key: must not share it, stay it private. Examples of asymmetric encryption Algorithms: • Rivest Shamir Adleman (RSA) • the Digital Signature Standard (DSS) • Elliptical Curve Cryptography (ECC) • the Diffie-Hellman exchange method • TLS/SSL protocol
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Asymmetric algorithm RSA How does RSA work? 1) Public and Private key generation. 2) Message encryption. 3) Message decryption. Receiver public key Plaintext encrypted Receiver private key Cipher plaintext Sender encrypts message with receiver’s public key receiver decrypts message with him private key Ummm, how does SSH use the RSA algorithm? SSH uses RSA in 1-server verification 2-client verification 3-exchange session key
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 SYN SYN, ACK ACK Server public key Client public key Encrypted message Decrypted message Encrypted session key Encrypted /decrypted data by the same key (session key) FIN, ACK Secure shell (SSH) • Public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the private key. Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized keys file. • Private key that remains (only) with the user. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. Client’s private key TCP connection establish Authorized _keys 10.89.238.82 Fingerprint cache Client Verify the identity of the server Server Verify the identity of the client Key exchange Session key is encrypted by client’s public key Session key is decrypted by client’s private key Data exchange by symmetric algorithm End connection server Generates a random message and encrypts it with the client's public key and sends it to the client who has the private key to decrypt it and resend it so, the server verifies him.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Step 1: Configure device authentication. The device name and domain are used as part of the crypto key when it is generated. Therefore, these names must be entered prior to issuing the crypto key command. a. Configure device name. router(config)# hostname R1 b. Configure the domain for the device. R1(config)# ip domain-name ccna-lab.com Step 2: Configure the encryption key method. R1(config)# crypto key generate rsa modulus 1024 Step 3: Configure a local database username. Configure a username using admin as the username and Adm1nP@55 as the password. R1(config)# username admin secret Adm1nP@55 Step 4: Enable SSH on the VTY lines. a. Enable Telnet and SSH on the inbound VTY lines using the transport input command. R1(config)# line vty 0 4 R1(config-line) # transport input ssh b. Change the login method to use the local database for user verification. R1(config-line)# login local R1(config-line) # end Step 5: Save the running configuration to the startup configuration file. R1# copy running-config startup-config Configure SSH on network devices
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 key generation message encryption message decryption 1. Choose 2 large prime numbers p and q 2. Compute n= p*q (modulus) 3. Calculate the totient function as ꝕ(𝑛)= (p−1) *(q−1) 4. Choose an integer e such that 1 < e < ꝕ(n), e and ꝕ(n) are coprime, it is usually 65537 (0x010001). 5. Calculate d such that e*d mod ϕ(n) = 1 Public key {e, n} Private key {d, n} Cipher text C = Me mod n //where M = plaintext plaintext M = Cd mod n where D //where C = Cipher text The mathematical side of RSA You don't have to do the math or implement the key exchange yourself. The SSH server and client programs take care of this for you.
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Key generation 1- Choose 2 prime numbers p=11, q=13 2- Calculate n= p*q= 11*13=143 3- Calculate ꝕ(n)=(p-1) *(q-1) = (11-1) *(13-1) = 10*12= 120 4- Choose an integer e, 1<e< ꝕ(n), e and ꝕ(n) are coprime 1<e<120, possible e is 7,17,19,23,29,31,37, 41, … e=7 5-calculate d such that e*d mod ꝕ(n)=1 7*d mod 120=1, possible d is 103,223,434, … d=223 public key (e, n): (7, 143) private key (d, n): (223,143) encryption Plaintext Message =H (encoded 72, 73 in ASCII) Cipher text C = Me mod n= 72 ^7 mod143 =19 decryption Cipher Message =19 Cipher text M = Cd mod n= 1983 ^223 mod143 =72 H H Example
AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 https://www.ssh.com/academy/ssh/protocol https://www.youtube.com/watch?v=zlv9dI-9g1U https://www.youtube.com/watch?v=y2SWzw9D4RA https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients- and-keys https://serverpilot.io/docs/how-to-use-ssh-public-key-authentication/

Empfohlen

Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Ssh
SshSsh
SshRaghu nath
 

Empfohlen

Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationPrathan Phongthiproek
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_Pratik Bhide
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Network security cs8
Network security cs8Network security cs8
Network security cs8Infinity Tech Solutions
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
Linux securities
Linux securitiesLinux securities
Linux securitiesGaurav Mishra
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabMykhaylo Skrypka
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabMykhaylo Skrypka
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 

Was ist angesagt? (20)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Secure shell
Secure shellSecure shell
Secure shell
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu Exploitation
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and Softwarization
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
Linux securities
Linux securitiesLinux securities
Linux securities
 
Palo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration LabPalo Alto VM-100 Configuration Lab
Palo Alto VM-100 Configuration Lab
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 

Ähnlich wie Secure shell(ssh) AND telnet AND CONSOLE

Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9muthulx
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...ghorilemin
 
this is ppt this is ppt this is ppt this is ppt
this is ppt this is ppt this is ppt this is pptthis is ppt this is ppt this is ppt this is ppt
this is ppt this is ppt this is ppt this is pptghorilemin
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)Maarten Mulders
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)Maarten Mulders
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Pgp security mule
Pgp security mulePgp security mule
Pgp security muleSindhu VL
 
Encrption in mule
Encrption in muleEncrption in mule
Encrption in muleSindhu VL
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageShakas Technologies
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 

Ähnlich wie Secure shell(ssh) AND telnet AND CONSOLE (20)

Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9
 
Application Security
Application SecurityApplication Security
Application Security
 
03-SSL (1).ppt
03-SSL (1).ppt03-SSL (1).ppt
03-SSL (1).ppt
 
03-SSL (2).ppt
03-SSL (2).ppt03-SSL (2).ppt
03-SSL (2).ppt
 
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
 
this is ppt this is ppt this is ppt this is ppt
this is ppt this is ppt this is ppt this is pptthis is ppt this is ppt this is ppt this is ppt
this is ppt this is ppt this is ppt this is ppt
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)SSL/TLS for Mortals (GOTO Berlin)
SSL/TLS for Mortals (GOTO Berlin)
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Pgp security mule
Pgp security mulePgp security mule
Pgp security mule
 
Cryptography&Security
Cryptography&SecurityCryptography&Security
Cryptography&Security
 
Encrption in mule
Encrption in muleEncrption in mule
Encrption in mule
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Kürzlich hochgeladen (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Secure shell(ssh) AND telnet AND CONSOLE

  • 1. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Ok! Secure Shell (SSH) I have to go; I will connect with you by SSH.
  • 2. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Methods to Access CLI Physical access (Out-of-band) console Remote access(in-band) Telnet SSH Access methods: write commands to tell that device what to do. ✓ Configure or manage ✓ Run or stop service ✓ Create folders ✓ Delete files …. plaintext encrypted
  • 3. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 methods to access the operating system (OS) of network devices 1.console method: • When performing an initial configuration • when the networking services have failed and remote access. Console cable terminal emulation software • Terminal emulation software is connected to the console port of the device using a special cable. Configuration commands for setting up the switch or router can be entered on the connected computer. ✓ Putty ✓ SecureCRT
  • 4. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Second Method to access the operating system (OS) of network devices 2. Telnet (remote access) Telnet 10.89.238.82 Username: ? Password: ? Username: admin Password: cisco1234 Plaintext, Nice 1.I access the server by. telnet 2.who? Please send me authentication 3. Hi admin, I’m ready to receive your commands Telnet is a type of client-server protocol that can be used to open a command line on a remote computer. Telnet is not a secure protocol and is unencrypted. By monitoring a user's connection, anyone can access a person's username, password and other private information that is typed over the Telnet session in plaintext.
  • 5. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Network #ip address 10.89.238.82 255.0.0.0 // set IP address #line vty 0 2 // 3 logical sessions at the same time #login local // local database #exit #username admin privilege 15 secret admin@123 The configuration that exists on the server username: admin Password: DV# D How to enable telnet on the server and connect it remotely.
  • 6. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Method to access the operating system (OS) of network devices 3. Secure Shell (SSH) What is shell? Shell is a program that takes commands from the user and gives them to the operating system to execute these commands. (Interface between user and OS) What is secure shell (SSH)? SSH is a protocol uses encryption to secure the connection between a user and a server when the user connects to the server remotely. All user authentication, commands, output, and file transfers are encrypted by SSH. Okay, what do you mean, encryption? Encryption is changing a message to hide it.
  • 7. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Encryption: changing a message to hide it. Fg Fg Hi Hi Encryption algorithm Encryption algorithm Encryption in the sender side Decryption in the receiver side Cipher text Plaintext Cipher text Plaintext network Fg?!
  • 8. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Nice, how does SSH encrypt connection? SSH used two encryptions algorithm 1-asymmetric algorithm 2-symmetric algorithm Two, why?! Asymmetric algorithm: for session key exchange symmetric algorithm: for data exchange. what is the difference between asymmetric and symmetric algorithm? asymmetric algorithm: uses two different keys one to encrypt and another to decrypt symmetric algorithm: uses the same key for encryption and decryption
  • 9. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Types of encryption algorithms symmetric encryption ✓ used the same key for encryption and decryption. ✓ it’s useful for encrypting databases and files. asymmetric encryption basic type of symmetric encryption known as the Caesar cipher. Example Plaintext: Good morning Private key: shift 9 Encryption G P O X D m Cipher text: pxxm vxawrwp Shift 9 Decryption Cipher text: pxxm vxawrwp Private key: shift -9 P G X O M D Plaintext: Good morning Symmetric Encryption Algorithms • Data Encryption Standard (DES) (64-bit, 128-bit and 192-bit keys). • Triple Data Encryption Standard (TDEA/3DES) • Advanced Encryption Standard (AES) (128-bit, 192-bit and 256 bits). uses mathematically linked public- and private-key pairs to encrypt and decrypt senders’ and recipients’ sensitive data. Public key: is shared by all Private key: must not share it, stay it private. Examples of asymmetric encryption Algorithms: • Rivest Shamir Adleman (RSA) • the Digital Signature Standard (DSS) • Elliptical Curve Cryptography (ECC) • the Diffie-Hellman exchange method • TLS/SSL protocol
  • 10. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Asymmetric algorithm RSA How does RSA work? 1) Public and Private key generation. 2) Message encryption. 3) Message decryption. Receiver public key Plaintext encrypted Receiver private key Cipher plaintext Sender encrypts message with receiver’s public key receiver decrypts message with him private key Ummm, how does SSH use the RSA algorithm? SSH uses RSA in 1-server verification 2-client verification 3-exchange session key
  • 11. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 SYN SYN, ACK ACK Server public key Client public key Encrypted message Decrypted message Encrypted session key Encrypted /decrypted data by the same key (session key) FIN, ACK Secure shell (SSH) • Public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the private key. Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized keys file. • Private key that remains (only) with the user. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. Client’s private key TCP connection establish Authorized _keys 10.89.238.82 Fingerprint cache Client Verify the identity of the server Server Verify the identity of the client Key exchange Session key is encrypted by client’s public key Session key is decrypted by client’s private key Data exchange by symmetric algorithm End connection server Generates a random message and encrypts it with the client's public key and sends it to the client who has the private key to decrypt it and resend it so, the server verifies him.
  • 12. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Step 1: Configure device authentication. The device name and domain are used as part of the crypto key when it is generated. Therefore, these names must be entered prior to issuing the crypto key command. a. Configure device name. router(config)# hostname R1 b. Configure the domain for the device. R1(config)# ip domain-name ccna-lab.com Step 2: Configure the encryption key method. R1(config)# crypto key generate rsa modulus 1024 Step 3: Configure a local database username. Configure a username using admin as the username and Adm1nP@55 as the password. R1(config)# username admin secret Adm1nP@55 Step 4: Enable SSH on the VTY lines. a. Enable Telnet and SSH on the inbound VTY lines using the transport input command. R1(config)# line vty 0 4 R1(config-line) # transport input ssh b. Change the login method to use the local database for user verification. R1(config-line)# login local R1(config-line) # end Step 5: Save the running configuration to the startup configuration file. R1# copy running-config startup-config Configure SSH on network devices
  • 13. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 key generation message encryption message decryption 1. Choose 2 large prime numbers p and q 2. Compute n= p*q (modulus) 3. Calculate the totient function as ꝕ(𝑛)= (p−1) *(q−1) 4. Choose an integer e such that 1 < e < ꝕ(n), e and ꝕ(n) are coprime, it is usually 65537 (0x010001). 5. Calculate d such that e*d mod ϕ(n) = 1 Public key {e, n} Private key {d, n} Cipher text C = Me mod n //where M = plaintext plaintext M = Cd mod n where D //where C = Cipher text The mathematical side of RSA You don't have to do the math or implement the key exchange yourself. The SSH server and client programs take care of this for you.
  • 14. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 Key generation 1- Choose 2 prime numbers p=11, q=13 2- Calculate n= p*q= 11*13=143 3- Calculate ꝕ(n)=(p-1) *(q-1) = (11-1) *(13-1) = 10*12= 120 4- Choose an integer e, 1<e< ꝕ(n), e and ꝕ(n) are coprime 1<e<120, possible e is 7,17,19,23,29,31,37, 41, … e=7 5-calculate d such that e*d mod ꝕ(n)=1 7*d mod 120=1, possible d is 103,223,434, … d=223 public key (e, n): (7, 143) private key (d, n): (223,143) encryption Plaintext Message =H (encoded 72, 73 in ASCII) Cipher text C = Me mod n= 72 ^7 mod143 =19 decryption Cipher Message =19 Cipher text M = Cd mod n= 1983 ^223 mod143 =72 H H Example
  • 15. AMIRA M. GALAL https://www.linkedin.com/in/amira-mohamed-galal-5446b7183 https://www.ssh.com/academy/ssh/protocol https://www.youtube.com/watch?v=zlv9dI-9g1U https://www.youtube.com/watch?v=y2SWzw9D4RA https://www.geeksforgeeks.org/rsa-algorithm-cryptography/ https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients- and-keys https://serverpilot.io/docs/how-to-use-ssh-public-key-authentication/