SlideShare ist ein Scribd-Unternehmen logo

Secure Shell(ssh)

Als PPTX, PDF herunterladen
Pina Parmar
Pina Parmar

The presentation gives detailed information about Secure Shell.

Bildung
1 von 35
PREPARED BY : PINA CHHATRALA 1 Secure Shell (SSH)
Secure Shell (SSH) Secure Shell (SSH) is a protocol for secure network communication designed to be relatively simple and inexpensive to implement. The initial version, SSH1 was focused on providing a secure remote logon facility to replace TELNET and other remote logon schemes that provided no security. SSH also provides a more general client / server capability and can be used for such network functions as file transfer and e – mail. A new version, SSH2, fixes a number of security flaws in the original scheme. SSH2 is documented as a proposed standard in IETF RFCs 4250 through 4256. PREPARED BY : PINA CHHATRALA 2
Secure Shell (SSH) SSH client and server applications are widely available for most operating systems. It has become the method of choice for remote login and X tunnelling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems. SSH is organized as three protocols that typically run on top of TCP (figure on next slide). PREPARED BY : PINA CHHATRALA 3
PREPARED BY : PINA CHHATRALA 4
Secure Shell (SSH) Transport Layer Protocol • Host Keys : - Server authentication occurs at the transport layer, based on the server possessing a public/private key pair. - A server may have multiple host keys using multiple different asymmetric encryption algorithms. - Multiple hosts may share the same host key. - In any case, the server host key is used during key exchange to authenticate the identity of the host. - For this to be possible, the client must have a priori knowledge of the server’s public host key. PREPARED BY : PINA CHHATRALA 5
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Once the connection established between the client and server they can exchange data, referred to as packets, in the data field of a TCP segment. - Each packet is in the following format.  Packet length : Length of the packet in bytes not including the packet length and MAC fields.  Padding length : Length of the random padding fields. PREPARED BY : PINA CHHATRALA 6
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Each packet is in the following format.  Payload : Useful content of the packet.  Random Padding : Once an encryption algorithm has been negotiated, this field is added. It contains random bytes of padding so that total length of the packet is a multiple of the cipher block size, or 8 bytes for a stream cipher.  MAC : If message authentication has been negotiated, this field contains the MAC value. PREPARED BY : PINA CHHATRALA 7
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The first step, the identification string exchange, begins with the client sending a packet with the identification string to the form : SSH – protoversion – softwareversion SP comments CR LF, Where, SP = Space character, CR = Carriage return, LF = Line Feed.  The server responds with its own identification string. PREPARED BY : PINA CHHATRALA 8
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  Next comes algorithm negotiation.  Each side sends an SSH_MSG_KEXINIT containing list of supported algorithms in the order of preference to the sender.  The algorithm includes key exchange, encryption, MAC algorithm and compression algorithm. PREPARED BY : PINA CHHATRALA 9
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The next step is key exchange.  The specification allows for alternative methods of key exchange, but at present only two versions of Deffiee – Hellman key exchange are specified. PREPARED BY : PINA CHHATRALA 10
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The the end of key exchange is signalled by the exchange of SSH_MSG_NEWKEYS packets.  At this point, both sides may start using the keys generated from K. PREPARED BY : PINA CHHATRALA 11
Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The final step is service request.  The client sends SSH_MSG_SERVICE_REQUEST packet to request either the user authentication or the connection protocol. PREPARED BY : PINA CHHATRALA 12
Secure Shell (SSH) Transport Layer Protocol • Key Generation - The key is used for encryption and MAC are generated from the shared secret key K, the hash value from the key exchange H, and the session identifier, which is equal to H unless there has been a subsequent key exchange after the initial key exchange. - The values are computed as follows :  Initial IV client to server : HASH(K||H||”A”||session_id) PREPARED BY : PINA CHHATRALA 13
Secure Shell (SSH) Transport Layer Protocol • Key Generation - The values are computed as follows :  Initial IV server to client : HASH(K||H||”B”||session_id)  Encry. key client to server : HASH(K||H||”C”||session_id)  Encry. Key server to client : HASH(K||H||”D”||session_id)  Integrity key client to server: HASH(K||H||”E”||session_id)  Integrity key server to client: HASH(K||H||”F”||session_id) PREPARED BY : PINA CHHATRALA 14
Secure Shell (SSH) User Authentication Protocol The user authentication protocol provides the means by which the client is authenticated to the server • Message Types and Formats - Three types of messages are always used in the user authentication protocol. - Authentication requests from the client have the format :  byte SSH_MSG_USERAUTH_REQUEST  string username PREPARED BY : PINA CHHATRALA 15
Secure Shell (SSH) User Authentication Protocol • Message Types and Formats - Authentication requests from the client have the format :  string service name  string method name  … method specified field - If the server either (1) rejects the authentication request or (2) accepts the request but requires one or more additional authentication methods, the server sends a message with the format :  byte SSH_MSG_USERAUTH_FAILURE (51) PREPARED BY : PINA CHHATRALA 16
Secure Shell (SSH) User Authentication Protocol • Message Types and Formats  Name-list authentications that can continue  Boolean partial success - If the server accepts authentication, it sends a single byte message : SSH_MSG_USERAUTH_SUCCESS (52). PREPARED BY : PINA CHHATRALA 17
Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method of none.  The server checks to determine if the username is valid. If not, the server returns SSH_MSG_USERAUTH_FAILURE with the partial success value of false. If the user name is valid, the server proceeds to step 3. PREPARED BY : PINA CHHATRALA 18
Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more authentication methods to be used.  The client selects one of the acceptable authentication methods and sends a SSH_MSG_USERAUTH_REQUEST with that method name and the required method – specific field. At this point, there may be a sequence of exchanges to perform the method. PREPARED BY : PINA CHHATRALA 19
Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  If the authentication succeeds and more authentication methods are required, the server proceeds to step 3, using a partial success value of true. If the authentication fails, the server proceeds to step3, using a partial value of false.  When all required authentication methods succeed, the server sends a SSH_MSG_USERAUTH_SUCCESS message, and the authentication protocol is over. PREPARED BY : PINA CHHATRALA 20
Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  publickey : The details of this method depend on the public – key algorithm chosen. In essence, the client sends a message to the server that contains the client’s public key, with the message signed by the client’s private key. When the server receives the message, it check s whether the supplied key is acceptable for authentication and, if so, it checks whether the signature is correct. PREPARED BY : PINA CHHATRALA 21
Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  password : The client sends a message containing a plaintext password, which is protected by encryption by the transport layer protocol.  hostbased : Authentication is performed on the client’s host rather than the client’s itself. Thus, a host then supports multiple clients would provide authentication for all of its client. PREPARED BY : PINA CHHATRALA 22
Secure Shell (SSH) Connection Protocol The SSH Connection protocol runs on the top of the SSH transport layer protocol and assumes that a secure authentication connection is in use. That secure authentication connection, referred to as tunnel, is used by the connection protocol to multiplex a number of logical channels. PREPARED BY : PINA CHHATRALA 23
Secure Shell (SSH) Connection Protocol • Channel Mechanism - All types of communication using SSH, such as a terminal session, are supported using separate channels. Either side may open channel. - For each channel, each side associates a unique channel number, which need not to be the same on both sides. - Channels are flow controlled using a window mechanism. - No data may be sent to the channel until a message is received to indicate that window space is available. PREPARED BY : PINA CHHATRALA 24
Secure Shell (SSH) Connection Protocol • Channel Mechanism - The life of channel progress through three stages : opening a channel, data transfer and closing a channel. - When either side wishes to open a channel, it allocates a local number of channel and sends a message of the form :  byte SSH_MSG_CHANNEL_OPEN  string channel type  unit32 sender channel PREPARED BY : PINA CHHATRALA 25
Secure Shell (SSH) Connection Protocol • Channel Mechanism  unit32 initial window  unit32 maximum packet size  … channel type specific data follows - If the remote side is able to open channel, it returns a SSH_MSG_CHANNEL_CONFIRMATION message, which includes the sender channel number, and window and packet size values for incoming traffic. - Otherwise, the remote channel returns a SSH_MSG_CHANNEL_FAILURE message with a reason code indicating the reason of failure. PREPARED BY : PINA CHHATRALA 26
Secure Shell (SSH) Connection Protocol • Channel Mechanism - Once channel is open, data transfer is performed using a SSH_MSG_CHANNEL_DATA message, which includes the recipient channel number and a block of data. - These messages in both directions, may continue as long as the channel is open. - When either side wishes to close a channel, it sends a SSH_MSG_CHANNEL_CLOSE message, which includes the recipient channel number. PREPARED BY : PINA CHHATRALA 27
Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  session : The remote execution of a program. The program may be a shell, an application such as file transfer or e – mail, a system command, or some built – in subsystem. Once a session channel is opened, subsequent requests are used to start the remote program. PREPARED BY : PINA CHHATRALA 28
Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  x11 : This refers to the X window system, a computer software system and network protocol that provides a GUI for networked computers. X allows applications to run on a network server but to be displayed on a desktop machine. PREPARED BY : PINA CHHATRALA 29
Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  forwarded – tcpip : This is remote port forwarding.  direct – tcpip : this is local port forwarding. PREPARED BY : PINA CHHATRALA 30
Secure Shell (SSH) Connection Protocol • Port Forwarding - One of the most useful features of SSH is port forwarding. - In essence, port forwarding provides the ability to convert any insecure TCP connection into a secure SSH connection. - This is also referred to as SSH tunnelling. - A port is an identifier of a user of TCP. - So, any application that runs on top of TCP has a port number. PREPARED BY : PINA CHHATRALA 31
Secure Shell (SSH) Connection Protocol • Port Forwarding - Incoming TCP traffic is delivered to the appropriate application on the basis of the port number. - An application may employ multiple port numbers. - SSH supports two types of port forwarding : local forwarding and remote forwarding. - Local forwarding allows the client to set up a “hijacker” process. PREPARED BY : PINA CHHATRALA 32
Secure Shell (SSH) Connection Protocol • Port Forwarding - This will intercept selected application – level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel. - SSH is configured to listen on selected ports. - SSH grabs all traffic using a selected port and sends it through an SSH tunnel. - On the other hand, the SSH server sends the incoming traffic to the destination port dedicated by the client application. PREPARED BY : PINA CHHATRALA 33
Secure Shell (SSH) Connection Protocol • Port Forwarding - With remote forwarding, the user’s SSH client acts on the server’s behalf. - The client receives traffic with a given destination port number, places the traffic on the correct port and sends it to the destination the user chooses. PREPARED BY : PINA CHHATRALA 34
PREPARED BY : PINA CHHATRALA 35 Thank  You

Empfohlen

Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Ssh
SshSsh
Ssh
Raghu nath
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 

Empfohlen

Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Ssh
SshSsh
Ssh
Raghu nath
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
SSH
SSHSSH
SSH
Zach Dennis
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
ssh.ppt
ssh.pptssh.ppt
ssh.ppt
joekr1
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
User management
User managementUser management
User management
Mufaddal Haidermota
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
Tola LENG
 
AMQP 1.0 introduction
AMQP 1.0 introductionAMQP 1.0 introduction
AMQP 1.0 introduction
Clemens Vasters
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
Sou Jana
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
Vinod Gour
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Edureka!
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital Signature
Sou Jana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
Chris Swan
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
Eric Wilson
 

Weitere ähnliche Inhalte

Was ist angesagt?

Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Edureka!
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 

Was ist angesagt? (20)

SSH
SSHSSH
SSH
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
ssh.ppt
ssh.pptssh.ppt
ssh.ppt
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
User management
User managementUser management
User management
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
 
AMQP 1.0 introduction
AMQP 1.0 introductionAMQP 1.0 introduction
AMQP 1.0 introduction
 
PGP S/MIME
PGP S/MIMEPGP S/MIME
PGP S/MIME
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Elgamal Digital Signature
Elgamal Digital SignatureElgamal Digital Signature
Elgamal Digital Signature
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 

Andere mochten auch

Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
Eric Wilson
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
Anton Arhipov
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
iimjobs and hirist
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
Brendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
Brendan Gregg
 

Andere mochten auch (19)

Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duo
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Ähnlich wie Secure Shell(ssh)

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Ssh
SshSsh
Ssh
gh02
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
Mousmi Pawar
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 

Ähnlich wie Secure Shell(ssh) (20)

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Ssh
SshSsh
Ssh
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Cryptography by Afroz haider mir
Cryptography by Afroz haider mirCryptography by Afroz haider mir
Cryptography by Afroz haider mir
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 

Kürzlich hochgeladen

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Kürzlich hochgeladen (20)

ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 

Secure Shell(ssh)

  • 1. PREPARED BY : PINA CHHATRALA 1 Secure Shell (SSH)
  • 2. Secure Shell (SSH) Secure Shell (SSH) is a protocol for secure network communication designed to be relatively simple and inexpensive to implement. The initial version, SSH1 was focused on providing a secure remote logon facility to replace TELNET and other remote logon schemes that provided no security. SSH also provides a more general client / server capability and can be used for such network functions as file transfer and e – mail. A new version, SSH2, fixes a number of security flaws in the original scheme. SSH2 is documented as a proposed standard in IETF RFCs 4250 through 4256. PREPARED BY : PINA CHHATRALA 2
  • 3. Secure Shell (SSH) SSH client and server applications are widely available for most operating systems. It has become the method of choice for remote login and X tunnelling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems. SSH is organized as three protocols that typically run on top of TCP (figure on next slide). PREPARED BY : PINA CHHATRALA 3
  • 4. PREPARED BY : PINA CHHATRALA 4
  • 5. Secure Shell (SSH) Transport Layer Protocol • Host Keys : - Server authentication occurs at the transport layer, based on the server possessing a public/private key pair. - A server may have multiple host keys using multiple different asymmetric encryption algorithms. - Multiple hosts may share the same host key. - In any case, the server host key is used during key exchange to authenticate the identity of the host. - For this to be possible, the client must have a priori knowledge of the server’s public host key. PREPARED BY : PINA CHHATRALA 5
  • 6. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Once the connection established between the client and server they can exchange data, referred to as packets, in the data field of a TCP segment. - Each packet is in the following format.  Packet length : Length of the packet in bytes not including the packet length and MAC fields.  Padding length : Length of the random padding fields. PREPARED BY : PINA CHHATRALA 6
  • 7. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Each packet is in the following format.  Payload : Useful content of the packet.  Random Padding : Once an encryption algorithm has been negotiated, this field is added. It contains random bytes of padding so that total length of the packet is a multiple of the cipher block size, or 8 bytes for a stream cipher.  MAC : If message authentication has been negotiated, this field contains the MAC value. PREPARED BY : PINA CHHATRALA 7
  • 8. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The first step, the identification string exchange, begins with the client sending a packet with the identification string to the form : SSH – protoversion – softwareversion SP comments CR LF, Where, SP = Space character, CR = Carriage return, LF = Line Feed.  The server responds with its own identification string. PREPARED BY : PINA CHHATRALA 8
  • 9. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  Next comes algorithm negotiation.  Each side sends an SSH_MSG_KEXINIT containing list of supported algorithms in the order of preference to the sender.  The algorithm includes key exchange, encryption, MAC algorithm and compression algorithm. PREPARED BY : PINA CHHATRALA 9
  • 10. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The next step is key exchange.  The specification allows for alternative methods of key exchange, but at present only two versions of Deffiee – Hellman key exchange are specified. PREPARED BY : PINA CHHATRALA 10
  • 11. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The the end of key exchange is signalled by the exchange of SSH_MSG_NEWKEYS packets.  At this point, both sides may start using the keys generated from K. PREPARED BY : PINA CHHATRALA 11
  • 12. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The final step is service request.  The client sends SSH_MSG_SERVICE_REQUEST packet to request either the user authentication or the connection protocol. PREPARED BY : PINA CHHATRALA 12
  • 13. Secure Shell (SSH) Transport Layer Protocol • Key Generation - The key is used for encryption and MAC are generated from the shared secret key K, the hash value from the key exchange H, and the session identifier, which is equal to H unless there has been a subsequent key exchange after the initial key exchange. - The values are computed as follows :  Initial IV client to server : HASH(K||H||”A”||session_id) PREPARED BY : PINA CHHATRALA 13
  • 14. Secure Shell (SSH) Transport Layer Protocol • Key Generation - The values are computed as follows :  Initial IV server to client : HASH(K||H||”B”||session_id)  Encry. key client to server : HASH(K||H||”C”||session_id)  Encry. Key server to client : HASH(K||H||”D”||session_id)  Integrity key client to server: HASH(K||H||”E”||session_id)  Integrity key server to client: HASH(K||H||”F”||session_id) PREPARED BY : PINA CHHATRALA 14
  • 15. Secure Shell (SSH) User Authentication Protocol The user authentication protocol provides the means by which the client is authenticated to the server • Message Types and Formats - Three types of messages are always used in the user authentication protocol. - Authentication requests from the client have the format :  byte SSH_MSG_USERAUTH_REQUEST  string username PREPARED BY : PINA CHHATRALA 15
  • 16. Secure Shell (SSH) User Authentication Protocol • Message Types and Formats - Authentication requests from the client have the format :  string service name  string method name  … method specified field - If the server either (1) rejects the authentication request or (2) accepts the request but requires one or more additional authentication methods, the server sends a message with the format :  byte SSH_MSG_USERAUTH_FAILURE (51) PREPARED BY : PINA CHHATRALA 16
  • 17. Secure Shell (SSH) User Authentication Protocol • Message Types and Formats  Name-list authentications that can continue  Boolean partial success - If the server accepts authentication, it sends a single byte message : SSH_MSG_USERAUTH_SUCCESS (52). PREPARED BY : PINA CHHATRALA 17
  • 18. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method of none.  The server checks to determine if the username is valid. If not, the server returns SSH_MSG_USERAUTH_FAILURE with the partial success value of false. If the user name is valid, the server proceeds to step 3. PREPARED BY : PINA CHHATRALA 18
  • 19. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more authentication methods to be used.  The client selects one of the acceptable authentication methods and sends a SSH_MSG_USERAUTH_REQUEST with that method name and the required method – specific field. At this point, there may be a sequence of exchanges to perform the method. PREPARED BY : PINA CHHATRALA 19
  • 20. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  If the authentication succeeds and more authentication methods are required, the server proceeds to step 3, using a partial success value of true. If the authentication fails, the server proceeds to step3, using a partial value of false.  When all required authentication methods succeed, the server sends a SSH_MSG_USERAUTH_SUCCESS message, and the authentication protocol is over. PREPARED BY : PINA CHHATRALA 20
  • 21. Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  publickey : The details of this method depend on the public – key algorithm chosen. In essence, the client sends a message to the server that contains the client’s public key, with the message signed by the client’s private key. When the server receives the message, it check s whether the supplied key is acceptable for authentication and, if so, it checks whether the signature is correct. PREPARED BY : PINA CHHATRALA 21
  • 22. Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  password : The client sends a message containing a plaintext password, which is protected by encryption by the transport layer protocol.  hostbased : Authentication is performed on the client’s host rather than the client’s itself. Thus, a host then supports multiple clients would provide authentication for all of its client. PREPARED BY : PINA CHHATRALA 22
  • 23. Secure Shell (SSH) Connection Protocol The SSH Connection protocol runs on the top of the SSH transport layer protocol and assumes that a secure authentication connection is in use. That secure authentication connection, referred to as tunnel, is used by the connection protocol to multiplex a number of logical channels. PREPARED BY : PINA CHHATRALA 23
  • 24. Secure Shell (SSH) Connection Protocol • Channel Mechanism - All types of communication using SSH, such as a terminal session, are supported using separate channels. Either side may open channel. - For each channel, each side associates a unique channel number, which need not to be the same on both sides. - Channels are flow controlled using a window mechanism. - No data may be sent to the channel until a message is received to indicate that window space is available. PREPARED BY : PINA CHHATRALA 24
  • 25. Secure Shell (SSH) Connection Protocol • Channel Mechanism - The life of channel progress through three stages : opening a channel, data transfer and closing a channel. - When either side wishes to open a channel, it allocates a local number of channel and sends a message of the form :  byte SSH_MSG_CHANNEL_OPEN  string channel type  unit32 sender channel PREPARED BY : PINA CHHATRALA 25
  • 26. Secure Shell (SSH) Connection Protocol • Channel Mechanism  unit32 initial window  unit32 maximum packet size  … channel type specific data follows - If the remote side is able to open channel, it returns a SSH_MSG_CHANNEL_CONFIRMATION message, which includes the sender channel number, and window and packet size values for incoming traffic. - Otherwise, the remote channel returns a SSH_MSG_CHANNEL_FAILURE message with a reason code indicating the reason of failure. PREPARED BY : PINA CHHATRALA 26
  • 27. Secure Shell (SSH) Connection Protocol • Channel Mechanism - Once channel is open, data transfer is performed using a SSH_MSG_CHANNEL_DATA message, which includes the recipient channel number and a block of data. - These messages in both directions, may continue as long as the channel is open. - When either side wishes to close a channel, it sends a SSH_MSG_CHANNEL_CLOSE message, which includes the recipient channel number. PREPARED BY : PINA CHHATRALA 27
  • 28. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  session : The remote execution of a program. The program may be a shell, an application such as file transfer or e – mail, a system command, or some built – in subsystem. Once a session channel is opened, subsequent requests are used to start the remote program. PREPARED BY : PINA CHHATRALA 28
  • 29. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  x11 : This refers to the X window system, a computer software system and network protocol that provides a GUI for networked computers. X allows applications to run on a network server but to be displayed on a desktop machine. PREPARED BY : PINA CHHATRALA 29
  • 30. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  forwarded – tcpip : This is remote port forwarding.  direct – tcpip : this is local port forwarding. PREPARED BY : PINA CHHATRALA 30
  • 31. Secure Shell (SSH) Connection Protocol • Port Forwarding - One of the most useful features of SSH is port forwarding. - In essence, port forwarding provides the ability to convert any insecure TCP connection into a secure SSH connection. - This is also referred to as SSH tunnelling. - A port is an identifier of a user of TCP. - So, any application that runs on top of TCP has a port number. PREPARED BY : PINA CHHATRALA 31
  • 32. Secure Shell (SSH) Connection Protocol • Port Forwarding - Incoming TCP traffic is delivered to the appropriate application on the basis of the port number. - An application may employ multiple port numbers. - SSH supports two types of port forwarding : local forwarding and remote forwarding. - Local forwarding allows the client to set up a “hijacker” process. PREPARED BY : PINA CHHATRALA 32
  • 33. Secure Shell (SSH) Connection Protocol • Port Forwarding - This will intercept selected application – level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel. - SSH is configured to listen on selected ports. - SSH grabs all traffic using a selected port and sends it through an SSH tunnel. - On the other hand, the SSH server sends the incoming traffic to the destination port dedicated by the client application. PREPARED BY : PINA CHHATRALA 33
  • 34. Secure Shell (SSH) Connection Protocol • Port Forwarding - With remote forwarding, the user’s SSH client acts on the server’s behalf. - The client receives traffic with a given destination port number, places the traffic on the correct port and sends it to the destination the user chooses. PREPARED BY : PINA CHHATRALA 34
  • 35. PREPARED BY : PINA CHHATRALA 35 Thank  You