SSH¶
links: SPA TOC - Secure Shell - Index
History¶
- Created in 1995 (SSH version 1)
- Quickly became a popular replacement for the insecure telnet, witch does not offer server authentication and an encrypted channel.
- After 5 years the number of users grown to 2 million
- Version 2 of the protocol split it into transport, connection and authentication layers
Protocol Stack¶
Sequence Diagram¶
Transport Layer¶
- Defined in RFC 4253
- The transport layer provides algorithm negotiation, key exchange and server authentication and sets up a secured connection that provides integrity, confidentiality and optional compression
- For key exchange Diffie-Hellman is used (ensures forward secrecy)
- The server authentication is based on RSA or DSS signatures
X509v3 To SSH Public Key¶
#Extracting public key
openssl x509 -pubkey -in fsb2.pem -noout > fsb2.pub
#Convert public key to OpenSSH public key
ssh-keygen -i -m pkcs8 -f fsb2.pub > SSH-pub-key.pub
Initial Server Key Discovery¶
- When a client connects to the server for the first time it asks to verify the server key:
ssh -I /usr/local/lib/libykcs11.dylib
user@client01.n025.nslab.ch
The authenticity of host ’client01.n025.nslab.ch (147.87.84.14)’ cannot be established.
ED25519 key fingerprint is SHA256:xXsXRnH95YzncFcUgm4JuSS5epHz+1R+auOgBOLYkbU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
- This is done to prevent impersonation attack or man-in-the-middle attack
Authentication Layer¶
- Defined in RFC 4252
- Provides mechanisms for user authentication:
- Password based authentication
- Public key based authentication
- Keyboard interactive
- Generic Security Services API (GSSAPI)
Connection Layer¶
- Defined in RFC 4254
- It provides:
- interactive login session
- remote execution commands
- Files transfer via scp and sftp
- Tunneling and forwarding TCP connections
- Forward X11 connections
- These channels are multiplexed into a single encrypted channel
SSH Forward/Reverse¶
#Forward
ssh -L8080:10.0.0.1:80 user@147.87.242.199
#Reverse
ssh -R8080:localhost:80 user@147.87.242.199
links: SPA TOC - Secure Shell - Index