SlideShare uma empresa Scribd logo

Ssh (The Secure Shell)

Transferir como PPTX, PDF
Mehedi Farazi
Mehedi Farazi

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. This presentation is made as an assignment during our university course.

Tecnologia
1 de 37
SSH The Secure Shell 1 Platform: Linux and Unix
2 Group Members: Arnob Roy (201314025) Md. Jahidul Islam (201414020) Asif Kamal Chowdhury (201414040) Asif Sanjary (201414043) Mehedi Afzal Farazi (201414045) Md. Shafiul Islam (201414049)
SSH  Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.  It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
What is SSH?  It is a protocol not a product.  Software based approach to network security.  Encrypts data sent between the computers.  SSH is replacement for telnet, rsh, rlogin and can also replace ftp.  Client/ Server Architecture.  Comes with all Linux distribution, Mac OS X, AIX, Sun Solaris, OpenBSD and other Unix variants.  Ported to other operating systems, such as Windows, Palm OS, Amiga etc.
What is not SSH?  It is not a true shell like csh, ksh, sh etc.  It is not a command interpreter.  It creates secure channel for running commands on remote computer.  It is not a complete security solution.  It will not protect against Trojans, viruses etc.
Why SSH is a replacement for telnet, rsh, rlogin and ftp? 6  Telnet and others sends all data in clear text. But SSH sends data as cipher text.  In SSH host between sender and receiver cannot see what the traffic is.
HISTORY 7  In 1995, Tatu Yionene, a researcher at Helsinki University designed the first version of the protocol (now known as SSH-1).  In July 1995, he released SSH1 as free software i.e. it was open source.  In December of 1995, he formed SSH Communication Security (SCS) to market and develop SSH.  In 1996 SSH-2 was developed, but it was incompatible with SSH-1.  SCS released SSH-2 in 1998 and had more restrictive license.  OpenSSH, free implementation of SSH-2 protocol was released from OpenBSD project.  In 2006 SECSH group (group for standardizing protocol) released SSH-2 as internet standard.
Some Necessary Terminology 8  SSH- Generic term used for SSH protocols.  ssh- Client Command for running remote command.  sshd- Server program.  SSH-1- Version 1 of the protocol.  SSH-2- Version 2 of the protocol  OpenSSH- Product from open BSD project.
SSH1 vs SSH2 9 SSH1 SSH2 Uses server and host keys to authenticate system. Uses only host keys. Different protocols are used. So, they are not compatible with each other. Different protocols are used. SSH1 is not currently developed by developers. SSH2 is currently monitored and developed by developers. Less security, performance and portability. More security, performance and portability.
SSH LAYERS 10 Application Layer ssh-connection Session multiplexing, X11 and port forwarding, remote command execution etc. ssh-userauth User authentication using public key, password, host based etc. ssh-transport Initial key exchange and server authentication, setup encryption Transport Layer TCP Internet Layer IP Network Access Layer Ethernet
SSH BASIC ARCHITECTURE 11
INSTALING SSH 12  Downloading Source Code We can download the source code from- http://www.openssh.com  Building and installing OpenSSH $ gtar –xyf openssh-4.5p1.tar.gz $ cd openssh-4.5p1 $ ./configure $ make $ make install
HOW SSH PROTOCOL WORK? 13  Works in the client-server model.  SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server.  After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
SSH ENCRYPTION ALGORITHMS 14 Secure Shell uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes
SSH ENCRYPTION ALGORITHMS 15 Secure Shell uses the following ciphers for authentication: Cipher SSH1 SSH2 RSA yes no DSA no yes
Functions 16  Secure Command Shell  Port Forwarding  Agent Forwarding  Secure file transfer.
Secure Command Shell 17  Allow us to edit files.  View the contents of directories.  Custom based applications.  Create user accounts.  Change permissions.  Anything can be done from command prompt can be done remotely and securely.
Port Forwarding 18  Powerful Tool.  provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in- house applications.  allows data from normally unsecured TCP/IP applications to be secured.
Agent Forwarding 19  Let, anyone want to login to the computer at work from home computer or from hotel while travelling. The computer at work is behind the firewall so you cannot connect to it directly.  We are allowed to connect to a bastion host, but are not allowed to store private keys on it.  What can you do?
SECURE FILE TRANSFER & PROTOCOL 20  Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol.  Separate protocol layered over the Secure Shell protocol to handle file transfers.  Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
SECURITY BENEFITS 21  User Authentication  Host Authentication  Data Encryption  Data Integrity
USER AUTHENTICATION 22  User Identity  System verifies that access is only given to intended users and denied to anyone else.
HOST AUTHENTICATION 23  A host key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
HOST AUTHENTICATION 24  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
DATA ENCRYPTION 25  Encryption, sometimes referred to as privacy, means that our data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.  When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
DATA INTEGRITY 26  Data integrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
PASSWORD AUTHENTICATION 27  Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be.  If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
PUBLIC KEY AUTHENTICATION 28  Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length.  Most secure Method to authenticate using Secure Shell.  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
PROTECT AGAINST 29  IPS Spoofing  DNS Spoofing  IP Source Routing
IPS Spoofing 30  IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
DNS Spoofing 31  DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
IPS SOURCE ROUTING 32  Where a host can pretend that an IP packet comes from another, trusted host.
OpenSSH Alternatives for windows 33  PuTTY  TTSSH  Cygwin  MSSH  WinSCP  FileZilla
ADVANTAGES 34  Strong Encryption.  Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).  Improved privacy. All communications are automatically and transparently encrypted.  Both free and commercial version available.  Proven technology.  Multi-platform.  Many authentication methods supported.  Can use it instead of VPN.
Disadvantages 35  Port ranges & dynamic ports can’t be forwarded.  A client on the Internet that uses SSH to access the Intranet, can expose the Intranet by port forwarding.
REFERENCES 36  https://www.ssh.com/  http://www.employees.org/  openssh.com  https://en.wikipedia.org/wiki/Secure_Shell  http://yakko.cs.wmich.edu/presentations/20021107-ssh/slides/img7.html  http://www.vandyke.com/solutions/ssh_overview/ssh_overview_function alit  http://michaelsteel.tripod.com/cgi-bin/
37

Recomendados

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
SSH
SSHSSH
SSHZach Dennis
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Ssh
SshSsh
SshRaghu nath
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 

Recomendados

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
SSH
SSHSSH
SSHZach Dennis
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Ssh
SshSsh
SshRaghu nath
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - SecurityHarshana Madusanka Jayamaha
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptHassanAli980906
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadooparunkumar sadhasivam
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptxShelly119532
 

Mais conteúdo relacionado

Mais procurados

Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
SSH.ppt
SSH.pptSSH.ppt
SSH.pptjoekr1
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptHassanAli980906
 

Mais procurados (20)

Secure shell
Secure shellSecure shell
Secure shell
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - Security
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Kerberos
KerberosKerberos
Kerberos
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Key management
Key managementKey management
Key management
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.ppt
 

Semelhante a Ssh (The Secure Shell)

Ssh
SshSsh
Sshgh02
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And RloginSourav Roy
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure ShellWILLA REYES
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdf0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdfAnasElbaz
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptxSaumya876452
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & groupSourav Roy
 
SSH Key Management
SSH Key ManagementSSH Key Management
SSH Key ManagementFox Pass
 
Discuss what is SSH and the advantages and disadvantages of using it.pdf
Discuss what is SSH and the advantages and disadvantages of using it.pdfDiscuss what is SSH and the advantages and disadvantages of using it.pdf
Discuss what is SSH and the advantages and disadvantages of using it.pdfinfo309708
 

Semelhante a Ssh (The Secure Shell) (20)

Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Ssh
SshSsh
Ssh
 
Understanding ssh
Understanding sshUnderstanding ssh
Understanding ssh
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure Shell
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Remote Login
Remote LoginRemote Login
Remote Login
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdf0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdf
 
Creating SSH Key.pptx
Creating SSH Key.pptxCreating SSH Key.pptx
Creating SSH Key.pptx
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & group
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
SSH Key Management
SSH Key ManagementSSH Key Management
SSH Key Management
 
Remote1
Remote1Remote1
Remote1
 
Discuss what is SSH and the advantages and disadvantages of using it.pdf
Discuss what is SSH and the advantages and disadvantages of using it.pdfDiscuss what is SSH and the advantages and disadvantages of using it.pdf
Discuss what is SSH and the advantages and disadvantages of using it.pdf
 

Mais de Mehedi Farazi

Impact of Artificial Intelligence (AI)
Impact of Artificial Intelligence (AI)Impact of Artificial Intelligence (AI)
Impact of Artificial Intelligence (AI)Mehedi Farazi
 
Class 6_English paragraph, composition, letter, application (Cadet College Ad...
Class 6_English paragraph, composition, letter, application (Cadet College Ad...Class 6_English paragraph, composition, letter, application (Cadet College Ad...
Class 6_English paragraph, composition, letter, application (Cadet College Ad...Mehedi Farazi
 
অসীম ধারার সূত্রাবলী (Infinite Series Formula)
অসীম ধারার সূত্রাবলী (Infinite Series Formula)অসীম ধারার সূত্রাবলী (Infinite Series Formula)
অসীম ধারার সূত্রাবলী (Infinite Series Formula)Mehedi Farazi
 
Petroleum various parts short details (Chemistry Hydrocarbon)
Petroleum various parts short details (Chemistry Hydrocarbon)Petroleum various parts short details (Chemistry Hydrocarbon)
Petroleum various parts short details (Chemistry Hydrocarbon)Mehedi Farazi
 
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New (যোজনী সারণী) Valency table with pronunciation (Chemistry) New
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New Mehedi Farazi
 
Google Chromecast Group ix cse 100
Google Chromecast Group ix cse 100Google Chromecast Group ix cse 100
Google Chromecast Group ix cse 100Mehedi Farazi
 

Mais de Mehedi Farazi (7)

Impact of Artificial Intelligence (AI)
Impact of Artificial Intelligence (AI)Impact of Artificial Intelligence (AI)
Impact of Artificial Intelligence (AI)
 
Class 6_English paragraph, composition, letter, application (Cadet College Ad...
Class 6_English paragraph, composition, letter, application (Cadet College Ad...Class 6_English paragraph, composition, letter, application (Cadet College Ad...
Class 6_English paragraph, composition, letter, application (Cadet College Ad...
 
অসীম ধারার সূত্রাবলী (Infinite Series Formula)
অসীম ধারার সূত্রাবলী (Infinite Series Formula)অসীম ধারার সূত্রাবলী (Infinite Series Formula)
অসীম ধারার সূত্রাবলী (Infinite Series Formula)
 
Petroleum various parts short details (Chemistry Hydrocarbon)
Petroleum various parts short details (Chemistry Hydrocarbon)Petroleum various parts short details (Chemistry Hydrocarbon)
Petroleum various parts short details (Chemistry Hydrocarbon)
 
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New (যোজনী সারণী) Valency table with pronunciation (Chemistry) New
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New
 
Valency table
Valency tableValency table
Valency table
 
Google Chromecast Group ix cse 100
Google Chromecast Group ix cse 100Google Chromecast Group ix cse 100
Google Chromecast Group ix cse 100
 

Último

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Ssh (The Secure Shell)

  • 2. 2 Group Members: Arnob Roy (201314025) Md. Jahidul Islam (201414020) Asif Kamal Chowdhury (201414040) Asif Sanjary (201414043) Mehedi Afzal Farazi (201414045) Md. Shafiul Islam (201414049)
  • 3. SSH  Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.  It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
  • 4. What is SSH?  It is a protocol not a product.  Software based approach to network security.  Encrypts data sent between the computers.  SSH is replacement for telnet, rsh, rlogin and can also replace ftp.  Client/ Server Architecture.  Comes with all Linux distribution, Mac OS X, AIX, Sun Solaris, OpenBSD and other Unix variants.  Ported to other operating systems, such as Windows, Palm OS, Amiga etc.
  • 5. What is not SSH?  It is not a true shell like csh, ksh, sh etc.  It is not a command interpreter.  It creates secure channel for running commands on remote computer.  It is not a complete security solution.  It will not protect against Trojans, viruses etc.
  • 6. Why SSH is a replacement for telnet, rsh, rlogin and ftp? 6  Telnet and others sends all data in clear text. But SSH sends data as cipher text.  In SSH host between sender and receiver cannot see what the traffic is.
  • 7. HISTORY 7  In 1995, Tatu Yionene, a researcher at Helsinki University designed the first version of the protocol (now known as SSH-1).  In July 1995, he released SSH1 as free software i.e. it was open source.  In December of 1995, he formed SSH Communication Security (SCS) to market and develop SSH.  In 1996 SSH-2 was developed, but it was incompatible with SSH-1.  SCS released SSH-2 in 1998 and had more restrictive license.  OpenSSH, free implementation of SSH-2 protocol was released from OpenBSD project.  In 2006 SECSH group (group for standardizing protocol) released SSH-2 as internet standard.
  • 8. Some Necessary Terminology 8  SSH- Generic term used for SSH protocols.  ssh- Client Command for running remote command.  sshd- Server program.  SSH-1- Version 1 of the protocol.  SSH-2- Version 2 of the protocol  OpenSSH- Product from open BSD project.
  • 9. SSH1 vs SSH2 9 SSH1 SSH2 Uses server and host keys to authenticate system. Uses only host keys. Different protocols are used. So, they are not compatible with each other. Different protocols are used. SSH1 is not currently developed by developers. SSH2 is currently monitored and developed by developers. Less security, performance and portability. More security, performance and portability.
  • 10. SSH LAYERS 10 Application Layer ssh-connection Session multiplexing, X11 and port forwarding, remote command execution etc. ssh-userauth User authentication using public key, password, host based etc. ssh-transport Initial key exchange and server authentication, setup encryption Transport Layer TCP Internet Layer IP Network Access Layer Ethernet
  • 12. INSTALING SSH 12  Downloading Source Code We can download the source code from- http://www.openssh.com  Building and installing OpenSSH $ gtar –xyf openssh-4.5p1.tar.gz $ cd openssh-4.5p1 $ ./configure $ make $ make install
  • 13. HOW SSH PROTOCOL WORK? 13  Works in the client-server model.  SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server.  After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
  • 14. SSH ENCRYPTION ALGORITHMS 14 Secure Shell uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes
  • 15. SSH ENCRYPTION ALGORITHMS 15 Secure Shell uses the following ciphers for authentication: Cipher SSH1 SSH2 RSA yes no DSA no yes
  • 16. Functions 16  Secure Command Shell  Port Forwarding  Agent Forwarding  Secure file transfer.
  • 17. Secure Command Shell 17  Allow us to edit files.  View the contents of directories.  Custom based applications.  Create user accounts.  Change permissions.  Anything can be done from command prompt can be done remotely and securely.
  • 18. Port Forwarding 18  Powerful Tool.  provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in- house applications.  allows data from normally unsecured TCP/IP applications to be secured.
  • 19. Agent Forwarding 19  Let, anyone want to login to the computer at work from home computer or from hotel while travelling. The computer at work is behind the firewall so you cannot connect to it directly.  We are allowed to connect to a bastion host, but are not allowed to store private keys on it.  What can you do?
  • 20. SECURE FILE TRANSFER & PROTOCOL 20  Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol.  Separate protocol layered over the Secure Shell protocol to handle file transfers.  Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
  • 21. SECURITY BENEFITS 21  User Authentication  Host Authentication  Data Encryption  Data Integrity
  • 22. USER AUTHENTICATION 22  User Identity  System verifies that access is only given to intended users and denied to anyone else.
  • 23. HOST AUTHENTICATION 23  A host key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
  • 24. HOST AUTHENTICATION 24  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 25. DATA ENCRYPTION 25  Encryption, sometimes referred to as privacy, means that our data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.  When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
  • 26. DATA INTEGRITY 26  Data integrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
  • 27. PASSWORD AUTHENTICATION 27  Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be.  If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
  • 28. PUBLIC KEY AUTHENTICATION 28  Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length.  Most secure Method to authenticate using Secure Shell.  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 29. PROTECT AGAINST 29  IPS Spoofing  DNS Spoofing  IP Source Routing
  • 30. IPS Spoofing 30  IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
  • 31. DNS Spoofing 31  DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
  • 32. IPS SOURCE ROUTING 32  Where a host can pretend that an IP packet comes from another, trusted host.
  • 33. OpenSSH Alternatives for windows 33  PuTTY  TTSSH  Cygwin  MSSH  WinSCP  FileZilla
  • 34. ADVANTAGES 34  Strong Encryption.  Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).  Improved privacy. All communications are automatically and transparently encrypted.  Both free and commercial version available.  Proven technology.  Multi-platform.  Many authentication methods supported.  Can use it instead of VPN.
  • 35. Disadvantages 35  Port ranges & dynamic ports can’t be forwarded.  A client on the Internet that uses SSH to access the Intranet, can expose the Intranet by port forwarding.
  • 36. REFERENCES 36  https://www.ssh.com/  http://www.employees.org/  openssh.com  https://en.wikipedia.org/wiki/Secure_Shell  http://yakko.cs.wmich.edu/presentations/20021107-ssh/slides/img7.html  http://www.vandyke.com/solutions/ssh_overview/ssh_overview_function alit  http://michaelsteel.tripod.com/cgi-bin/
  • 37. 37