THE
SECURE
SHELL - AN OVERVIEW
(c) VISOLVE
Table
of Contents
- Introduction
- A Bit of History
- SSH Architecture
- SSH 1
- SSH 2
- Quick Configuration
- Difference between SSH1 and SSH2
- Summary
- Appendix
Table of Figures
- A secure shell session
- Secure shell Architecture
- Layers of secure shell
- SSH 1
- SSH 2
- Ip spoofing
- Tcp Port forwarding
Introduction
SSH,
a protocol that allows a client computer to connect securely with a
server to log in or copy files. It provides authentication and a secure
transport layer that allow a user to establish a secure connection even
over an insecure network. SSH provides an encrypted terminal session
strongly
secured with symmetric encryption algorithms. The main functions of the
Secure Shell program are
- Host identification
- Encryption
- Authentication
Some useful SSH
features
and
capabilities include:
- Tunnel arbitrary TCP connections through the secure SSH
session
- A variety of user authentication methods
- Port forwarding
- Support for external authentication methods, including
Kerberos, SecurID, Smart Card
- Secure file transfers using SCP mechanisms.
These capabilities permit the user
to protect against attacks such as:
- IP spoofing
- IP source routing
- DNS spoofing
- Interception of clear text passwords
- Listening in on X-Windows authentication data and spoofed
connections.
A normal SecureShell suite includes
- ssh(secure shell)
- scp(secure copy)
- sftp(secure File Transfer protocol)
- slogin(secure Login).
A Bit of History
SSHv1 and the SSH-1 protocol were
developed in 1995 by Tatu Ylonen, a researcher at the Helsinki
University of Technology, Finland. Later that year, he released the
SSH-1 (SSHv1) protocol to the general public as freeware and submitted
an IETF Internet Draft.
SSHv1 protocol had number of problems and limitations,which lead
to the introduction of a new protocol, SSH-2 (SSHv2), in
1996 incorporated new algorithms and features.SSHv2 is more
secure and powerful than it's counterpart.
When SSH Communications (formed by founder) released later
versions of Secure Shell based on the SSH-1 protocol and then the new
versions of Secure Shell based on the SSH-2 protocol in 1998, it
tightened the license restrictions and required commercial entities to
pay a licensing fee. As a result, many companies declined to move to
the more secure version and they remained on SSHv1.In late 2000,
SCS broadened free license for SSHv2 for individual contractors
working for qualifying noncommercial entities.
Meanwhile OpenSSH gained prominence as an SSH implementation, developed
under the auspices of the OpenBSD project and freely available under
the OpenBSD license. It supports both SSH-1 and SSH-2 in a single set
of programs, whereas SSH1 and SSH2 have separate executables, and the
SSH-1 compatibility features in SSH2 require both products to be
installed. , it has been ported successfully to Linux, HP-UX, and other
operating systems, in tight synchronization with the main releases.
The OpenSSH team included support for both the SSH-1 and SSH-2
protocols (SSHv1.3, SSHv1.5, and SSHv2), added many security
enhancements, and increased portability. Because of the licensing
freedom, good support, and continuing development, OpenSSH remains the
most popular Secure Shell distribution today.
SSH
Architecture
- The user initiates an SSH connection. SSH attempts to connect to
port 22 on the remote host.
- If successful, SSHD on the machine Remote forks off a child SSHD
process. This process will handle the SSH connection between the two
machines.
- The child SSHD now forks off the command received from the
original SSH client.
- The SSHD child process now encrypts every messages that has to be
send to the ssh client.
- The SSH client decrypts the information and sends it to the user
application.
Components
of Secure Shell
SSHD
Server
A program that allows incoming SSH
connections to a machine, handling authentication, authorization.
Clients
A program that connects to SSH
servers and makes requests for service
Session
An ongoing connection between a
client and a server. It begins after the client successfully
authenticates to a server and ends when the connection terminates.
Sessions may be interactive or batch.
Key
A relatively small amount of data,
generally from tens to one or two thousand bits, used as a parameter to
cryptographic algorithms such as encryption or message authentication.
The use of the key binds the algorithm operation in some way to the key
holder: in encryption, it ensures that only someone else holding that
key (or a related one) can decrypt the message; in authentication, it
allows you to later verify that the key holder actually signed the
message.
There are two kinds of keys:
- Symmetric or secret-key
- Asymmetric or public-key
Agent
A program that caches user keys in
memory, so users needn't keep retyping their pass phrases.
How
Secure Shell Works
When SSHD is started , it starts listening
on port22 for a socket. When a socket get connected the secure shell
daemon spawns a child process.Which in turn generates an host key
eg.RSA.After key is generated the secure shell daemon is ready for the
local client to connect to another secure shell daemon or waits for a
connection from remote host.
Connection
Establishment
When a client or remote machine needs
a connection,the socket is bound to particular port, but this is done
only after receiving IP address of client.when connections are
made the servers exchange the public host keys.after the keys are
validated,the servers exchange the supported cipher information . when
cipher is chosen,the local server acknowledges and authorizes the
connection child process is forked to manage the established
connection. The client now transfers data in encrypted and well secured
form.
Layers
of SSH
The SSH protocol allows any client
and server programs built to the protocol's specifications to
communicate securely and to be used interchangeably.
Transport layer
The primary role of the transport layer is to facilitate safe and
secure communication between the two hosts at the time of and after
authentication. The transport layer accomplishes this by handling the
encryption and decryption of data and providing integrity protection of
data packets as they are sent and received. In addition, the transport
layer provides compression, speeding the transfer of information.
Once an SSH client contacts a
server,
key information is exchanged so that the two systems can correctly
construct the transport layer.
Authentication
Once the transport layer has
constructed a secure tunnel to pass information between the two
systems, the server tells the client the different authentication
methods supported, such as using a private key-encoded signature or
typing a password. The client will then try to authenticate itself to
the server using any of the supported methods. Servers can be
configured to allow different types of authentication, which gives each
side the optimal amount of control. The server can decide which
encryption methods it will support based on its security model, and the
client can choose the order of authentication methods to attempt from
among the available options.
Connection
After a successful authentication
over the SSH transport layer, multiple channels are opened by the
single connection between the two systems. Each of these channels
handles communication for different terminal sessions, forwarded X11
sessions, or other services seeking to use the SSH connection. Both
clients and servers can create a new channel. Each channel is then
assigned a different number for each end of the connection. When the
client attempts to open a new channel, the clients sends the channel
number along with the request. This information is stored by the server
and is used to direct communication to that channel. This is done so
that different types of sessions will not affect one another and so
that when a given session ends, its channel can be closed without
disrupting the primary SSH connection. The client and server negotiate
the characteristics of each channel automatically, depending on the
type of service the client requests and the way the user is connected
to the network. This allows great flexibility in handling different
types of remote connections without having to change the basic
infrastructure of the protocol.
SSH
1
One of the key concepts for
SSH1 is that each host in the network has a unique RSA cryptographic
key, for identification purposes. The length of the host key is by
default 1024 bits. Additionally, whenever the SSH1 server is activated,
the second RSA key is automatically generated. This is called own
server RSA key, and by default
is 768-bit long. In order to enhance security, this key is regenerated
after a specific timeout (1hour by default), if in the meantime the
server had used the key. This key is never saved in any server file.
Whenever a client connects to the server, in response, the server sends
a set of both public and host keys. The client compares the host public
key with a master key. This procedure is to verify if the connected
host is the same as the host in the first query. Due to this fact, the
host RSA key is considered immutable. It is worth noticing that the
server key cannot be used to authenticate the host, as this key is
frequently modified. After host authentication is successively
performed, a 256-bit
session key is
randomly generated by the client and encrypted with the server key and
the server host key together. This type of prepared information is then
sent to the server which has a set of private keys and can decrypt the
value sent by the client. This cipher is now used as a key for symmetric, cryptographic algorithms
to encrypt the session.
For this purpose, Blowfish or 3DES(Default) encryption algorithms
are used. The client selects the encryption algorithm to use from those
offered by the server. After the negotiation phase has been
successfully completed between server and client, the rest of the
traffic in the SSH1 session is encrypted with the existing algorithm
using the session key. Afterwards the user can be securely
authenticated on the server.
SSH
2
SSH1 and SSH2 are different versions
of the same program. Each host has its own unique RSA or DSA
authentication key, not just an RSA key as in SSH1. The first
difference found is during the SSH server start-up – there is no
server key. The session key produced by Diffie-Hellman is used to
encrypt the real session key. Once the session key has been
established, the traffic is encrypted using symmetric
algorithms.Additionally, session integrity is provided through sha1 or md5 hash
algorithms. This list of
algorithms obviously has a certain preference and nothing stands in the
way of using other symmetric algorithms, provided that both the server
and the client support them.Both SSH1 and SSH2 use some authentication
methods. By default, the client attempts to authenticate itself using
the set of following methods:
- Rhosts authentication
- pubkey authentication
- keyboard-interactive authentication
- password authentication
Public key authentication is similar
to SSH1 authentication except that the RSA or DSA algorithm is used . In contrast to SSH1, when
the client wishes to authenticate using public/private
keypairs, it signs in with the client’s private key where the session
identifier derived from a shared Diffie-Hellman value and then the
server check, whether the matching public key is listed in the
authorized_keys. If public key authentication fails, then another
authentication method is attempted to prove the user’s identity. The
order of authentication methods is established with
PreferredAuthentications in the configuration file. By default, the
configured order is as follows:
- host-based
- public-key
- keyboard-interactive
- password.
SSH2 also uses the authentication
methods Like
- Kerberos
- X.509 certificates
- electronic credit cards.
Quick
Configuration
SSH
includes many configuration options.
See the INSTALL file for custom
configurations.
- ./configure [Default
configuration]
- make
- make install
- Check the server configuration
in: /etc/sshd_config
- Check the client configuration
in: /etc/ssh_config
Difference
between SSH1 and SSH2
The difference between SSH1 and SSH2 is they are two entirely
different protocols. SSH1 and SSH2 encrypt at different parts of the
packets, and SSH1 uses server and host keys to authenticate systems
where SSH2 only uses host keys. SSH2 is a complete rewrite of the
protocol, and it does not use the same networking implementation that
SSH1 does. Also, SSH2 is more secure.
Because of the different protocol implementation, they are not compatible.
The SSH v1 implementation is based on
the V1.5 protocol and 1.3.7 F-Secure code base, and the SSH2
implementation is based on the V2 protocol and the F-Secure 3.1.0 code
base.Both protocols are offered by the SSH for OpenVMS server, and
although they are incompatible, they may exist simultaneously on an SSH
for OpenVMS system. The server front-end identifies what protocol a
client desires to use, and will create an appropriate server for that
client.
SSH2 is the current version of the
Secure Shell protocol, with a draft under consideration by a working
group of the Internet Engineering Task Force (IETF) - the first step in
the IETF standards process. The SSH2 protocol was a complete
reconception of the protocol and is intended to remove limitations in
SSH1, such as the absence of message authentication codes (MACs). The
SSH1 draft documentation is not part of the IETF process, and does not
match the current SSH1 server implementations. SSH1 has a significant
installed base, particularly among early adopters of Secure Shell, and
has a more open server licensing for some organizations. However, the
maturity and improved security of SSH2 makes preferred protocol.
SSH2 version is fully backwards
compatible with SSH1.
SSH uses the following ciphers for
encryption:
Cipher |
SSH1 |
SSH2 |
DES |
yes |
no |
3DES |
yes |
yes |
IDEA |
yes |
yes |
Blowfish |
yes |
yes |
Twofish |
no |
yes |
Arcfour |
no |
yes |
Cast128-cbc |
no |
yes |
SSH uses the following ciphers for authentication:
Cipher |
SSH1 |
SSH2 |
RSA |
yes |
yes
|
DSA |
no |
yes |
Summary
With SSH it is possible to create a
secure communication channel between the server and the client. This
channel can be used for different purposes, not necessarily for
launching a remote terminal session but also for sending any data using
the
forwarding feature. SSH supports a variety of authentication methods,
and new options may be added if required. Data in transit can be
protected with multiple symmetric algorithms that use the key
negotiated at the beginning of an SSH session. Both the client and the
server can authenticate each other to enhance security against
different kinds of attacks.
APPENDIX
IP spoofing
A remote machine acts as a node on
your local network, finds vulnerabilities with your servers, and
installs a backdoor program or trojan to gain control over your network
resources.
DNS
Spoofing
DNS spoofing occurs when an intruder
cracks a DNS server, pointing client systems to a maliciously
duplicated host.DNS spoofing leads a DNS server to accept and use
incorrect information from a host that has no authority giving that
information. DNS spoofing is in fact malicious cache poisoning where
forged data is placed in the cache of the name servers. Spoofing
attacks can cause serious security problems for DNS servers vulnerable
to attacks.
Port Forwarding
Port forwarding works by mapping a
local port on the client to a remote port on the server. SSH can map
any port from the server to any port on the client, and the port
numbers do not need to match for this technique to work.
IP
Source Routing
An IP packet can include an option
that specifies (in the packet headers) the route the packet should take
to its destination. If a
router pays attention to IP source routing at all (firewall routers
should probably configured NOT to pay attention to such information),
this information can be used to over-ride what the router would
normally do with the packet and thus possibly subvert security.
Many
UNIX kernels will forward a source-routed packet EVEN IF "IP
Forwarding" has supposedly been disabled on that kernel.
*** End of
The Document. ***