KEMBAR78
SSH Basics and Security Guide | PDF | Computer Mediated Communication | Telecommunications
Scribd
Upload
143 views41 pages

SSH Basics and Security Guide

This document provides an overview of using SSH (Secure Shell) for remote access and administration. It discusses what SSH is, why it is useful, different SSH clients, basic usage including verifying connections and running commands remotely, transferring files with SCP and SFTP, port forwarding with SSH tunnels, and security best practices like using SSH keys instead of passwords. It also covers advanced topics like SSH configurations, shortcuts, speeding up connections, and working around firewalls that block port 22. The document is intended as an introduction and assumes the use of OpenSSH on Linux.

Uploaded by

Mc Salah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
143 views41 pages

SSH Basics and Security Guide

This document provides an overview of using SSH (Secure Shell) for remote access and administration. It discusses what SSH is, why it is useful, different SSH clients, basic usage including verifying connections and running commands remotely, transferring files with SCP and SFTP, port forwarding with SSH tunnels, and security best practices like using SSH keys instead of passwords. It also covers advanced topics like SSH configurations, shortcuts, speeding up connections, and working around firewalls that block port 22. The document is intended as an introduction and assumes the use of OpenSSH on Linux.

Uploaded by

Mc Salah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

The Keys to Using SSH

David Tomaschik
RHCE, LPIC-1
System Administrator, Kennesaw State University
MSCS Student, SPSU
david@systemoverlord.com
http://systemoverlord.com

Special ALE Central Edition!


What is SSH?

● SSH = Secure Shell


● Originally intended as “Encrypted Telnet”
● Allows remote shell (command-line) access
● Connection Encrypted Using Public Key
Cryptography
● SSH Version 1: Developed 1995, Now Insecure
● SSH Version 2: Standardized 2006
● Only use SSH2!
Why use SSH?

● Useful for remote system administration


● Transfer files securely
● Run remote applications
● Secure OTHER communications
● Requires Little Bandwidth
● Industry Standard
SSH Clients

● Linux: OpenSSH; Usually Installed by Default


● OS X: OpenSSH; Installed by Default
● Windows: PuTTY, OpenSSH under Cygwin,
Commercial SSH
● Android: ConnectBot + Others
● IOS: iSSH, Prompt, Others
About the Presentation

● Assumes OpenSSH on Linux for both Client


and Server
● Some features may require relatively recent
versions of OpenSSH
Basic Use

● ssh user@host.name
Basic Use

● ssh user@host.name
Verifying Who You're Connecting
To
● The highlighted lines show you which host you
are connecting to along with the key fingerprint.
● The key fingerprint is cryptographic proof that
your connection is not being tampered with.
● Depending on your level of paranoia:
● Get the fingerprint from the system
administrator
● Make your first connection from a 'trusted'
network
● Just ignore it and hope its ok
What You Can Do Now

● Run Commands Remotely


● Install packages/services
● Configure applications
● Start/stop services
● Edit Files Remotely
● vi, nano, etc. (Masochists may even use emacs)
● Command-line only
● Plain Text Only
Login Environment

● After connecting
● /etc/motd, unless ~/.hushlogin
● Check /etc/nologin
● Drop privileges (switch to user)
● /etc/ssh/sshrc, ~/.ssh/rc
● Run shell or command
● SSH_CONNECTION
● <client ip> <client port> <server ip> <server port>
IPv6

● SSH works well over IPv6 (naturally)


● IPv6 Addresses should be specified in square
brackets, e.g., [2600:3c03::f03c:91ff:fe93:f3fb]
● Or use a hostname
● Can be forced
● -6 to force IPv6
● -4 to force IPv4
Run a Single Command

● ssh user@host.name COMMAND


Remote GUI (X Forwarding)

● Headless/Remote Server?
● Application that “must” be GUI?
● No Problem!
● ssh -X user@host.name
● Then run command
● ssh -X user@host.name command
Remote GUI (X Forwarding)
Getting Files From Here to There
(Or from There to Here)
● scp (Secure Copy)
● Basic form similar to cp
● scp [path1] [path2]
● Path can be a local path or remote path:
● user@host:/path/to/file
● Relative paths from your home directory
● scp Documents/Presentation.pdf
david@work:Documents/
Another Way to Move Files

● SFTP
● More like FTP, but encrypted via SSH
● GUIs Available
● gftp on Linux
● WinSCP on Windows
● FireFTP (In Firefox)
SSH Tunneling (Port Forwarding)

● Tunnel Arbitrary TCP Connections Across SSH


● Encrypted
● Authenticated
● Tunnel through Firewalls
SSH Tunneling
SSH Tunneling
SSH Tunneling (Syntax)

● Forward single point


● Add -L <localport>:<remotehost>:<remoteport>
● ssh -L8000:10.10.10.10:80 user@firewall
● Open web browser to http://localhost:8000/
● Dynamic Proxy
● Add -D <localport>
● SOCKS 4/5 Protocol Support
● Works with any SOCKS-aware application
SSH Tunneling (Edge Cases)

● Reverse Tunnel
● Tunnels connections from server to client
● -R <remoteport>:<host>:<hostport>
● Allow others to use tunnels
● -g option
● Use with caution!
● Only do port forwarding
● -N (No Command)
A Word About Security

●SSH gets brute forced. A lot.


Popular Brute Force Usernames

http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
Popular Brute Force Passwords

http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
Where are they coming from?

Source: Cisco Systems


Security Measures

● Use an alternate port (reduces noise, but is


NOT security)
● Use a strong password (always a good idea)
● Use Fail2Ban (Firewall rules from too many bad
logins)
● Use SSH Keys!
SSH Keys?

● An SSH Key 'replaces' your password


● Private key: kept by user to authenticate
● Public key: placed on servers to identify user
● ssh-keygen to create new key pair
● Use a passphrase!
● ssh-copy-id will copy the public key over
SSH Key Strength

● Typically 2048 bit RSA


● ~112 bits of entropy
● Not going to happen in an online attack
● Protect private key with passphrase
● Keep the private key private!
● On the other hand...
● If your local system is compromised, you have
all kinds of problems
Avoiding the Passphrase

● ssh-agent caches the key for you


● eval `ssh-agent` to load into current session
● Type passphrase once
● Many desktop environments start ssh-agent (or
a clone) for you
● gpg-agent can also function as an agent for
SSH keys
● GPG Keys can also be used for authentication
SSH Access Control

● /etc/ssh/sshd_config
● PasswordAuthentication
● PubkeyAuthentication
● HostBased, ChallengeResponse,
KeyboardInteractive, etc.
● AllowGroups, AllowUsers (intersection)
● DenyGroups, DenyUsers (union)
● UsePAM (default no, but most distros ship yes)
– Only account and session for key-based auth
SSHD Permissions

● AllowTCPForwarding
● PermitOpen
● AllowAgentForwarding
● X11Forwarding
● PermitTunnel (tun forwarding)
● PermitUserEnvironment
Shortcuts

● You could type something like this:


● ssh -X -L 8000:10.10.10.10:80 -p 2200
johndoe@devserver.somecompany.com
● Or you could set up to do:
● ssh dev
● In a day, I make 20+ SSH connections
● What would you do?
~/.ssh/config (Example)

Host dev
User johndoe
Hostname devserver.somecompany.com
Port 2200
ForwardX11 yes
LocalForward 8000 10.10.10.10:80
Speeding Up SSH

● SSH2 Allows Multiple Channels Per Connection


● SSH Multiplexing
● ControlMaster auto
● ControlPath ~/.ssh/master/%r@%h:%p
● ControlPersist yes
Stayin' Alive

● TCPKeepAlive [yes|no]
● TCP-level Keep Alive packets
● ServerAliveInterval [sec.]
● Encrypted packets requesting response from
server.
Let's Bust Out of Here!

● Some venues block port 22


● More likely, allow limited ports
● Like... this venue.
● Alternate Port
● 443 if you're not running HTTPS on the server
● Most places just let 443 out
Layer 7 Firewalls

● SSH is encrypted!
● But the first step of the handshake is not
● SSH-2.0-OpenSSH_5.5p1 Debian-6
Really!
So what's left to do?

● Tunnel-in-tunnel
● openssl s_client → stunnel
● Bad for latency
● Virtually indistinguishable from HTTPS or other
SSL traffic (it IS SSL traffic)
● Obfuscated SSH
● Requires patched client & server
● https://github.com/inf0/obfuscated-openssh
Fun Things
(For Some Definition of “Fun”)

● Copy a file between two hosts that can't directly


communicate
● scp -3 host1:/file1 host2:/file2
● Force a user to run a certain command
(sshd_config)
● Match User <username>
● ForceCommand <command>
Questions/Demos

● Questions?
● Comments?

You might also like