SlideShare une entreprise Scribd logo
1  sur  35
Télécharger pour lire hors ligne
PREPARED BY : PINA CHHATRALA 1
Secure Shell (SSH)
Secure Shell (SSH)
Secure Shell (SSH) is a protocol for secure network communication
designed to be relatively simple and inexpensive to implement.
The initial version, SSH1 was focused on providing a secure remote
logon facility to replace TELNET and other remote logon schemes that
provided no security.
SSH also provides a more general client / server capability and can be
used for such network functions as file transfer and e – mail.
A new version, SSH2, fixes a number of security flaws in the original
scheme.
SSH2 is documented as a proposed standard in IETF RFCs 4250 through
4256.
PREPARED BY : PINA CHHATRALA 2
Secure Shell (SSH)
SSH client and server applications are widely available for most
operating systems.
It has become the method of choice for remote login and X
tunnelling and is rapidly becoming one of the most pervasive
applications for encryption technology outside of embedded
systems.
SSH is organized as three protocols that typically run on top of TCP
(figure on next slide).
PREPARED BY : PINA CHHATRALA 3
PREPARED BY : PINA CHHATRALA 4
Secure Shell (SSH)
Transport Layer Protocol
• Host Keys :
- Server authentication occurs at the transport layer, based on the
server possessing a public/private key pair.
- A server may have multiple host keys using multiple different
asymmetric encryption algorithms.
- Multiple hosts may share the same host key.
- In any case, the server host key is used during key exchange to
authenticate the identity of the host.
- For this to be possible, the client must have a priori knowledge of
the server’s public host key.
PREPARED BY : PINA CHHATRALA 5
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- Once the connection established between the client and
server they can exchange data, referred to as packets, in the
data field of a TCP segment.
- Each packet is in the following format.
 Packet length : Length of the packet in bytes not including
the packet length and MAC fields.
 Padding length : Length of the random padding fields.
PREPARED BY : PINA CHHATRALA 6
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- Each packet is in the following format.
 Payload : Useful content of the packet.
 Random Padding : Once an encryption algorithm has been
negotiated, this field is added. It contains random bytes of
padding so that total length of the packet is a multiple of
the cipher block size, or 8 bytes for a stream cipher.
 MAC : If message authentication has been negotiated, this
field contains the MAC value.
PREPARED BY : PINA CHHATRALA 7
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- The SSH Transport Layer packet exchange consists of a
sequence of steps (figure on previous slide).
 The first step, the identification string exchange, begins
with the client sending a packet with the identification
string to the form : SSH – protoversion – softwareversion SP
comments CR LF, Where, SP = Space character, CR =
Carriage return, LF = Line Feed.
 The server responds with its own identification string.
PREPARED BY : PINA CHHATRALA 8
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- The SSH Transport Layer packet exchange consists of a
sequence of steps (figure on previous slide).
 Next comes algorithm negotiation.
 Each side sends an SSH_MSG_KEXINIT containing list of
supported algorithms in the order of preference to the
sender.
 The algorithm includes key exchange, encryption, MAC
algorithm and compression algorithm.
PREPARED BY : PINA CHHATRALA 9
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- The SSH Transport Layer packet exchange consists of a
sequence of steps (figure on previous slide).
 The next step is key exchange.
 The specification allows for alternative methods of key
exchange, but at present only two versions of Deffiee –
Hellman key exchange are specified.
PREPARED BY : PINA CHHATRALA 10
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- The SSH Transport Layer packet exchange consists of a
sequence of steps (figure on previous slide).
 The the end of key exchange is signalled by the exchange of
SSH_MSG_NEWKEYS packets.
 At this point, both sides may start using the keys generated
from K.
PREPARED BY : PINA CHHATRALA 11
Secure Shell (SSH)
Transport Layer Protocol
• Packet Exchange
- The SSH Transport Layer packet exchange consists of a
sequence of steps (figure on previous slide).
 The final step is service request.
 The client sends SSH_MSG_SERVICE_REQUEST packet to
request either the user authentication or the connection
protocol.
PREPARED BY : PINA CHHATRALA 12
Secure Shell (SSH)
Transport Layer Protocol
• Key Generation
- The key is used for encryption and MAC are generated from
the shared secret key K, the hash value from the key
exchange H, and the session identifier, which is equal to H
unless there has been a subsequent key exchange after the
initial key exchange.
- The values are computed as follows :
 Initial IV client to server : HASH(K||H||”A”||session_id)
PREPARED BY : PINA CHHATRALA 13
Secure Shell (SSH)
Transport Layer Protocol
• Key Generation
- The values are computed as follows :
 Initial IV server to client : HASH(K||H||”B”||session_id)
 Encry. key client to server : HASH(K||H||”C”||session_id)
 Encry. Key server to client : HASH(K||H||”D”||session_id)
 Integrity key client to server: HASH(K||H||”E”||session_id)
 Integrity key server to client: HASH(K||H||”F”||session_id)
PREPARED BY : PINA CHHATRALA 14
Secure Shell (SSH)
User Authentication Protocol
The user authentication protocol provides the means by which the
client is authenticated to the server
• Message Types and Formats
- Three types of messages are always used in the user
authentication protocol.
- Authentication requests from the client have the format :
 byte SSH_MSG_USERAUTH_REQUEST
 string username
PREPARED BY : PINA CHHATRALA 15
Secure Shell (SSH)
User Authentication Protocol
• Message Types and Formats
- Authentication requests from the client have the format :
 string service name
 string method name
 … method specified field
- If the server either (1) rejects the authentication request or (2)
accepts the request but requires one or more additional
authentication methods, the server sends a message with the
format :
 byte SSH_MSG_USERAUTH_FAILURE (51)
PREPARED BY : PINA CHHATRALA 16
Secure Shell (SSH)
User Authentication Protocol
• Message Types and Formats
 Name-list authentications that can continue
 Boolean partial success
- If the server accepts authentication, it sends a single byte
message : SSH_MSG_USERAUTH_SUCCESS (52).
PREPARED BY : PINA CHHATRALA 17
Secure Shell (SSH)
User Authentication Protocol
• Message Exchange
- The message exchange involves the following steps :
 The client sends a SSH_MSG_USERAUTH_REQUEST with a
requested method of none.
 The server checks to determine if the username is valid. If
not, the server returns SSH_MSG_USERAUTH_FAILURE with
the partial success value of false. If the user name is valid,
the server proceeds to step 3.
PREPARED BY : PINA CHHATRALA 18
Secure Shell (SSH)
User Authentication Protocol
• Message Exchange
- The message exchange involves the following steps :
 The server returns SSH_MSG_USERAUTH_FAILURE with a
list of one or more authentication methods to be used.
 The client selects one of the acceptable authentication
methods and sends a SSH_MSG_USERAUTH_REQUEST with
that method name and the required method – specific
field. At this point, there may be a sequence of exchanges
to perform the method.
PREPARED BY : PINA CHHATRALA 19
Secure Shell (SSH)
User Authentication Protocol
• Message Exchange
- The message exchange involves the following steps :
 If the authentication succeeds and more authentication
methods are required, the server proceeds to step 3, using
a partial success value of true. If the authentication fails,
the server proceeds to step3, using a partial value of false.
 When all required authentication methods succeed, the
server sends a SSH_MSG_USERAUTH_SUCCESS message,
and the authentication protocol is over.
PREPARED BY : PINA CHHATRALA 20
Secure Shell (SSH)
User Authentication Protocol
• Authentication Methods
- The server may require one or more of the following
authentication methods :
 publickey : The details of this method depend on the public –
key algorithm chosen. In essence, the client sends a message to
the server that contains the client’s public key, with the message
signed by the client’s private key. When the server receives the
message, it check s whether the supplied key is acceptable for
authentication and, if so, it checks whether the signature is
correct.
PREPARED BY : PINA CHHATRALA 21
Secure Shell (SSH)
User Authentication Protocol
• Authentication Methods
- The server may require one or more of the following
authentication methods :
 password : The client sends a message containing a plaintext
password, which is protected by encryption by the transport
layer protocol.
 hostbased : Authentication is performed on the client’s host
rather than the client’s itself. Thus, a host then supports
multiple clients would provide authentication for all of its client.
PREPARED BY : PINA CHHATRALA 22
Secure Shell (SSH)
Connection Protocol
The SSH Connection protocol runs on the top of the SSH transport
layer protocol and assumes that a secure authentication
connection is in use.
That secure authentication connection, referred to as tunnel, is
used by the connection protocol to multiplex a number of logical
channels.
PREPARED BY : PINA CHHATRALA 23
Secure Shell (SSH)
Connection Protocol
• Channel Mechanism
- All types of communication using SSH, such as a terminal
session, are supported using separate channels. Either side
may open channel.
- For each channel, each side associates a unique channel
number, which need not to be the same on both sides.
- Channels are flow controlled using a window mechanism.
- No data may be sent to the channel until a message is
received to indicate that window space is available.
PREPARED BY : PINA CHHATRALA 24
Secure Shell (SSH)
Connection Protocol
• Channel Mechanism
- The life of channel progress through three stages : opening a
channel, data transfer and closing a channel.
- When either side wishes to open a channel, it allocates a
local number of channel and sends a message of the form :
 byte SSH_MSG_CHANNEL_OPEN
 string channel type
 unit32 sender channel
PREPARED BY : PINA CHHATRALA 25
Secure Shell (SSH)
Connection Protocol
• Channel Mechanism
 unit32 initial window
 unit32 maximum packet size
 … channel type specific data follows
- If the remote side is able to open channel, it returns a
SSH_MSG_CHANNEL_CONFIRMATION message, which includes
the sender channel number, and window and packet size values
for incoming traffic.
- Otherwise, the remote channel returns a
SSH_MSG_CHANNEL_FAILURE message with a reason code
indicating the reason of failure.
PREPARED BY : PINA CHHATRALA 26
Secure Shell (SSH)
Connection Protocol
• Channel Mechanism
- Once channel is open, data transfer is performed using a
SSH_MSG_CHANNEL_DATA message, which includes the
recipient channel number and a block of data.
- These messages in both directions, may continue as long as
the channel is open.
- When either side wishes to close a channel, it sends a
SSH_MSG_CHANNEL_CLOSE message, which includes the
recipient channel number.
PREPARED BY : PINA CHHATRALA 27
Secure Shell (SSH)
Connection Protocol
• Channel Types
- Four channel types are recognized in the SSH connection
protocol specification.
 session : The remote execution of a program. The program
may be a shell, an application such as file transfer or e –
mail, a system command, or some built – in subsystem.
Once a session channel is opened, subsequent requests are
used to start the remote program.
PREPARED BY : PINA CHHATRALA 28
Secure Shell (SSH)
Connection Protocol
• Channel Types
- Four channel types are recognized in the SSH connection
protocol specification.
 x11 : This refers to the X window system, a computer
software system and network protocol that provides a GUI
for networked computers. X allows applications to run on a
network server but to be displayed on a desktop machine.
PREPARED BY : PINA CHHATRALA 29
Secure Shell (SSH)
Connection Protocol
• Channel Types
- Four channel types are recognized in the SSH connection
protocol specification.
 forwarded – tcpip : This is remote port forwarding.
 direct – tcpip : this is local port forwarding.
PREPARED BY : PINA CHHATRALA 30
Secure Shell (SSH)
Connection Protocol
• Port Forwarding
- One of the most useful features of SSH is port forwarding.
- In essence, port forwarding provides the ability to convert
any insecure TCP connection into a secure SSH connection.
- This is also referred to as SSH tunnelling.
- A port is an identifier of a user of TCP.
- So, any application that runs on top of TCP has a port
number.
PREPARED BY : PINA CHHATRALA 31
Secure Shell (SSH)
Connection Protocol
• Port Forwarding
- Incoming TCP traffic is delivered to the appropriate
application on the basis of the port number.
- An application may employ multiple port numbers.
- SSH supports two types of port forwarding : local forwarding
and remote forwarding.
- Local forwarding allows the client to set up a “hijacker”
process.
PREPARED BY : PINA CHHATRALA 32
Secure Shell (SSH)
Connection Protocol
• Port Forwarding
- This will intercept selected application – level traffic and
redirect it from an unsecured TCP connection to a secure SSH
tunnel.
- SSH is configured to listen on selected ports.
- SSH grabs all traffic using a selected port and sends it through
an SSH tunnel.
- On the other hand, the SSH server sends the incoming traffic
to the destination port dedicated by the client application.
PREPARED BY : PINA CHHATRALA 33
Secure Shell (SSH)
Connection Protocol
• Port Forwarding
- With remote forwarding, the user’s SSH client acts on the
server’s behalf.
- The client receives traffic with a given destination port
number, places the traffic on the correct port and sends it to
the destination the user chooses.
PREPARED BY : PINA CHHATRALA 34
PREPARED BY : PINA CHHATRALA 35
Thank

You

Contenu connexe

Tendances (20)

Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
IP Security
IP SecurityIP Security
IP Security
 
SSL intro
SSL introSSL intro
SSL intro
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
IP Security
IP SecurityIP Security
IP Security
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Ad, dns, dhcp, file server
Ad, dns, dhcp, file serverAd, dns, dhcp, file server
Ad, dns, dhcp, file server
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Kerberos
KerberosKerberos
Kerberos
 
Public private key
Public private keyPublic private key
Public private key
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 

En vedette

Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments Chris Swan
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure  V1.0Defeating The Network Security Infrastructure  V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Sed & awk the dynamic duo
Sed & awk   the dynamic duoSed & awk   the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

En vedette (20)

SSH
SSHSSH
SSH
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure  V1.0Defeating The Network Security Infrastructure  V1.0
Defeating The Network Security Infrastructure V1.0
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Sed & awk the dynamic duo
Sed & awk   the dynamic duoSed & awk   the dynamic duo
Sed & awk the dynamic duo
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Similaire à Secure Shell(ssh)

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Ssh
SshSsh
Sshgh02
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)Vishal Kumar
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Vishal Kumar
 
Cryptography by Afroz haider mir
Cryptography by Afroz haider mirCryptography by Afroz haider mir
Cryptography by Afroz haider mirAFROZ MIR
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Praveen Joshi
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 

Similaire à Secure Shell(ssh) (20)

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Ssh
SshSsh
Ssh
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Cryptography by Afroz haider mir
Cryptography by Afroz haider mirCryptography by Afroz haider mir
Cryptography by Afroz haider mir
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Transportsec
TransportsecTransportsec
Transportsec
 
ssl
sslssl
ssl
 

Dernier

Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustSavipriya Raghavendra
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17Celine George
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxraviapr7
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTDR. SNEHA NAIR
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
KARNAADA.pptx made by - saransh dwivedi ( SD ) - SHALAKYA TANTRA - ENT - 4...
KARNAADA.pptx  made by -  saransh dwivedi ( SD ) -  SHALAKYA TANTRA - ENT - 4...KARNAADA.pptx  made by -  saransh dwivedi ( SD ) -  SHALAKYA TANTRA - ENT - 4...
KARNAADA.pptx made by - saransh dwivedi ( SD ) - SHALAKYA TANTRA - ENT - 4...M56BOOKSTORE PRODUCT/SERVICE
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Dr. Asif Anas
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17Celine George
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceApostolos Syropoulos
 

Dernier (20)

Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational TrustVani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
Vani Magazine - Quarterly Magazine of Seshadripuram Educational Trust
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
Prescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptxPrescribed medication order and communication skills.pptx
Prescribed medication order and communication skills.pptx
 
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINTARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
ARTICULAR DISC OF TEMPOROMANDIBULAR JOINT
 
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic SupportMarch 2024 Directors Meeting, Division of Student Affairs and Academic Support
March 2024 Directors Meeting, Division of Student Affairs and Academic Support
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
KARNAADA.pptx made by - saransh dwivedi ( SD ) - SHALAKYA TANTRA - ENT - 4...
KARNAADA.pptx  made by -  saransh dwivedi ( SD ) -  SHALAKYA TANTRA - ENT - 4...KARNAADA.pptx  made by -  saransh dwivedi ( SD ) -  SHALAKYA TANTRA - ENT - 4...
KARNAADA.pptx made by - saransh dwivedi ( SD ) - SHALAKYA TANTRA - ENT - 4...
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....Riddhi Kevadiya. WILLIAM SHAKESPEARE....
Riddhi Kevadiya. WILLIAM SHAKESPEARE....
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
Unveiling the Intricacies of Leishmania donovani: Structure, Life Cycle, Path...
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
How to Solve Singleton Error in the Odoo 17
How to Solve Singleton Error in the  Odoo 17How to Solve Singleton Error in the  Odoo 17
How to Solve Singleton Error in the Odoo 17
 
A gentle introduction to Artificial Intelligence
A gentle introduction to Artificial IntelligenceA gentle introduction to Artificial Intelligence
A gentle introduction to Artificial Intelligence
 

Secure Shell(ssh)

  • 1. PREPARED BY : PINA CHHATRALA 1 Secure Shell (SSH)
  • 2. Secure Shell (SSH) Secure Shell (SSH) is a protocol for secure network communication designed to be relatively simple and inexpensive to implement. The initial version, SSH1 was focused on providing a secure remote logon facility to replace TELNET and other remote logon schemes that provided no security. SSH also provides a more general client / server capability and can be used for such network functions as file transfer and e – mail. A new version, SSH2, fixes a number of security flaws in the original scheme. SSH2 is documented as a proposed standard in IETF RFCs 4250 through 4256. PREPARED BY : PINA CHHATRALA 2
  • 3. Secure Shell (SSH) SSH client and server applications are widely available for most operating systems. It has become the method of choice for remote login and X tunnelling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems. SSH is organized as three protocols that typically run on top of TCP (figure on next slide). PREPARED BY : PINA CHHATRALA 3
  • 4. PREPARED BY : PINA CHHATRALA 4
  • 5. Secure Shell (SSH) Transport Layer Protocol • Host Keys : - Server authentication occurs at the transport layer, based on the server possessing a public/private key pair. - A server may have multiple host keys using multiple different asymmetric encryption algorithms. - Multiple hosts may share the same host key. - In any case, the server host key is used during key exchange to authenticate the identity of the host. - For this to be possible, the client must have a priori knowledge of the server’s public host key. PREPARED BY : PINA CHHATRALA 5
  • 6. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Once the connection established between the client and server they can exchange data, referred to as packets, in the data field of a TCP segment. - Each packet is in the following format.  Packet length : Length of the packet in bytes not including the packet length and MAC fields.  Padding length : Length of the random padding fields. PREPARED BY : PINA CHHATRALA 6
  • 7. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - Each packet is in the following format.  Payload : Useful content of the packet.  Random Padding : Once an encryption algorithm has been negotiated, this field is added. It contains random bytes of padding so that total length of the packet is a multiple of the cipher block size, or 8 bytes for a stream cipher.  MAC : If message authentication has been negotiated, this field contains the MAC value. PREPARED BY : PINA CHHATRALA 7
  • 8. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The first step, the identification string exchange, begins with the client sending a packet with the identification string to the form : SSH – protoversion – softwareversion SP comments CR LF, Where, SP = Space character, CR = Carriage return, LF = Line Feed.  The server responds with its own identification string. PREPARED BY : PINA CHHATRALA 8
  • 9. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  Next comes algorithm negotiation.  Each side sends an SSH_MSG_KEXINIT containing list of supported algorithms in the order of preference to the sender.  The algorithm includes key exchange, encryption, MAC algorithm and compression algorithm. PREPARED BY : PINA CHHATRALA 9
  • 10. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The next step is key exchange.  The specification allows for alternative methods of key exchange, but at present only two versions of Deffiee – Hellman key exchange are specified. PREPARED BY : PINA CHHATRALA 10
  • 11. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The the end of key exchange is signalled by the exchange of SSH_MSG_NEWKEYS packets.  At this point, both sides may start using the keys generated from K. PREPARED BY : PINA CHHATRALA 11
  • 12. Secure Shell (SSH) Transport Layer Protocol • Packet Exchange - The SSH Transport Layer packet exchange consists of a sequence of steps (figure on previous slide).  The final step is service request.  The client sends SSH_MSG_SERVICE_REQUEST packet to request either the user authentication or the connection protocol. PREPARED BY : PINA CHHATRALA 12
  • 13. Secure Shell (SSH) Transport Layer Protocol • Key Generation - The key is used for encryption and MAC are generated from the shared secret key K, the hash value from the key exchange H, and the session identifier, which is equal to H unless there has been a subsequent key exchange after the initial key exchange. - The values are computed as follows :  Initial IV client to server : HASH(K||H||”A”||session_id) PREPARED BY : PINA CHHATRALA 13
  • 14. Secure Shell (SSH) Transport Layer Protocol • Key Generation - The values are computed as follows :  Initial IV server to client : HASH(K||H||”B”||session_id)  Encry. key client to server : HASH(K||H||”C”||session_id)  Encry. Key server to client : HASH(K||H||”D”||session_id)  Integrity key client to server: HASH(K||H||”E”||session_id)  Integrity key server to client: HASH(K||H||”F”||session_id) PREPARED BY : PINA CHHATRALA 14
  • 15. Secure Shell (SSH) User Authentication Protocol The user authentication protocol provides the means by which the client is authenticated to the server • Message Types and Formats - Three types of messages are always used in the user authentication protocol. - Authentication requests from the client have the format :  byte SSH_MSG_USERAUTH_REQUEST  string username PREPARED BY : PINA CHHATRALA 15
  • 16. Secure Shell (SSH) User Authentication Protocol • Message Types and Formats - Authentication requests from the client have the format :  string service name  string method name  … method specified field - If the server either (1) rejects the authentication request or (2) accepts the request but requires one or more additional authentication methods, the server sends a message with the format :  byte SSH_MSG_USERAUTH_FAILURE (51) PREPARED BY : PINA CHHATRALA 16
  • 17. Secure Shell (SSH) User Authentication Protocol • Message Types and Formats  Name-list authentications that can continue  Boolean partial success - If the server accepts authentication, it sends a single byte message : SSH_MSG_USERAUTH_SUCCESS (52). PREPARED BY : PINA CHHATRALA 17
  • 18. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The client sends a SSH_MSG_USERAUTH_REQUEST with a requested method of none.  The server checks to determine if the username is valid. If not, the server returns SSH_MSG_USERAUTH_FAILURE with the partial success value of false. If the user name is valid, the server proceeds to step 3. PREPARED BY : PINA CHHATRALA 18
  • 19. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  The server returns SSH_MSG_USERAUTH_FAILURE with a list of one or more authentication methods to be used.  The client selects one of the acceptable authentication methods and sends a SSH_MSG_USERAUTH_REQUEST with that method name and the required method – specific field. At this point, there may be a sequence of exchanges to perform the method. PREPARED BY : PINA CHHATRALA 19
  • 20. Secure Shell (SSH) User Authentication Protocol • Message Exchange - The message exchange involves the following steps :  If the authentication succeeds and more authentication methods are required, the server proceeds to step 3, using a partial success value of true. If the authentication fails, the server proceeds to step3, using a partial value of false.  When all required authentication methods succeed, the server sends a SSH_MSG_USERAUTH_SUCCESS message, and the authentication protocol is over. PREPARED BY : PINA CHHATRALA 20
  • 21. Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  publickey : The details of this method depend on the public – key algorithm chosen. In essence, the client sends a message to the server that contains the client’s public key, with the message signed by the client’s private key. When the server receives the message, it check s whether the supplied key is acceptable for authentication and, if so, it checks whether the signature is correct. PREPARED BY : PINA CHHATRALA 21
  • 22. Secure Shell (SSH) User Authentication Protocol • Authentication Methods - The server may require one or more of the following authentication methods :  password : The client sends a message containing a plaintext password, which is protected by encryption by the transport layer protocol.  hostbased : Authentication is performed on the client’s host rather than the client’s itself. Thus, a host then supports multiple clients would provide authentication for all of its client. PREPARED BY : PINA CHHATRALA 22
  • 23. Secure Shell (SSH) Connection Protocol The SSH Connection protocol runs on the top of the SSH transport layer protocol and assumes that a secure authentication connection is in use. That secure authentication connection, referred to as tunnel, is used by the connection protocol to multiplex a number of logical channels. PREPARED BY : PINA CHHATRALA 23
  • 24. Secure Shell (SSH) Connection Protocol • Channel Mechanism - All types of communication using SSH, such as a terminal session, are supported using separate channels. Either side may open channel. - For each channel, each side associates a unique channel number, which need not to be the same on both sides. - Channels are flow controlled using a window mechanism. - No data may be sent to the channel until a message is received to indicate that window space is available. PREPARED BY : PINA CHHATRALA 24
  • 25. Secure Shell (SSH) Connection Protocol • Channel Mechanism - The life of channel progress through three stages : opening a channel, data transfer and closing a channel. - When either side wishes to open a channel, it allocates a local number of channel and sends a message of the form :  byte SSH_MSG_CHANNEL_OPEN  string channel type  unit32 sender channel PREPARED BY : PINA CHHATRALA 25
  • 26. Secure Shell (SSH) Connection Protocol • Channel Mechanism  unit32 initial window  unit32 maximum packet size  … channel type specific data follows - If the remote side is able to open channel, it returns a SSH_MSG_CHANNEL_CONFIRMATION message, which includes the sender channel number, and window and packet size values for incoming traffic. - Otherwise, the remote channel returns a SSH_MSG_CHANNEL_FAILURE message with a reason code indicating the reason of failure. PREPARED BY : PINA CHHATRALA 26
  • 27. Secure Shell (SSH) Connection Protocol • Channel Mechanism - Once channel is open, data transfer is performed using a SSH_MSG_CHANNEL_DATA message, which includes the recipient channel number and a block of data. - These messages in both directions, may continue as long as the channel is open. - When either side wishes to close a channel, it sends a SSH_MSG_CHANNEL_CLOSE message, which includes the recipient channel number. PREPARED BY : PINA CHHATRALA 27
  • 28. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  session : The remote execution of a program. The program may be a shell, an application such as file transfer or e – mail, a system command, or some built – in subsystem. Once a session channel is opened, subsequent requests are used to start the remote program. PREPARED BY : PINA CHHATRALA 28
  • 29. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  x11 : This refers to the X window system, a computer software system and network protocol that provides a GUI for networked computers. X allows applications to run on a network server but to be displayed on a desktop machine. PREPARED BY : PINA CHHATRALA 29
  • 30. Secure Shell (SSH) Connection Protocol • Channel Types - Four channel types are recognized in the SSH connection protocol specification.  forwarded – tcpip : This is remote port forwarding.  direct – tcpip : this is local port forwarding. PREPARED BY : PINA CHHATRALA 30
  • 31. Secure Shell (SSH) Connection Protocol • Port Forwarding - One of the most useful features of SSH is port forwarding. - In essence, port forwarding provides the ability to convert any insecure TCP connection into a secure SSH connection. - This is also referred to as SSH tunnelling. - A port is an identifier of a user of TCP. - So, any application that runs on top of TCP has a port number. PREPARED BY : PINA CHHATRALA 31
  • 32. Secure Shell (SSH) Connection Protocol • Port Forwarding - Incoming TCP traffic is delivered to the appropriate application on the basis of the port number. - An application may employ multiple port numbers. - SSH supports two types of port forwarding : local forwarding and remote forwarding. - Local forwarding allows the client to set up a “hijacker” process. PREPARED BY : PINA CHHATRALA 32
  • 33. Secure Shell (SSH) Connection Protocol • Port Forwarding - This will intercept selected application – level traffic and redirect it from an unsecured TCP connection to a secure SSH tunnel. - SSH is configured to listen on selected ports. - SSH grabs all traffic using a selected port and sends it through an SSH tunnel. - On the other hand, the SSH server sends the incoming traffic to the destination port dedicated by the client application. PREPARED BY : PINA CHHATRALA 33
  • 34. Secure Shell (SSH) Connection Protocol • Port Forwarding - With remote forwarding, the user’s SSH client acts on the server’s behalf. - The client receives traffic with a given destination port number, places the traffic on the correct port and sends it to the destination the user chooses. PREPARED BY : PINA CHHATRALA 34
  • 35. PREPARED BY : PINA CHHATRALA 35 Thank  You