SlideShare une entreprise Scribd logo

Secure shell ppt

Télécharger en tant que PPT, PDF
sravya raju
sravya raju

SSH is a protocol for secure remote access to a machine over untrusted networks. SSH is a replacement for telnet, rsh, rlogin and can replace ftp. Uses Encryption. SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)

Technologie
1  sur  38
Technical Seminar on SECURE SHELLSECURE SHELL Under the Guidance of P.V.R.K.MURTHY, M.Tech Assistant Professor Presented By
CONTENTS • What is SSH ? • History • Functions of Secure Shell ? • Elements of Secure Shell? • Architecture • How Secure Shell works
CONTENTS • Security Benefits ? • Why should we use SSH ? • Conclusion • References
WHAT IS SSH? • SSH is a protocol for secure remote access to a machine over untrusted networks. • SSH is a replacement for telnet, rsh, rlogin and can replace ftp. • Uses Encryption. • SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
FEATURES • Transmission is secure. • Transmission can be compressed. • No login password required
WHAT’S WRONG WITH TELNET? • Sends all data in clear text. • Host between sender and receiver can see what the traffic is.
WHY SHOULD WE ENCRYPT DATA ? • Use the same password in more than one place. • Do you want someone else to read your mail?
HISTORY OF SSH? • Created by Tatu Ylönen in July 1995, a student of Helsinki University of Technology • Free SSH1 version • Founded SSH Communications Security, Ltd • SSH 2 version • Open SSH
FUNCTIONS • Secure Command Shell • Port Forwarding • Secure file transfer.
SECURE COMMAND SHELL • Allow you to edit files. • View the contents of directories. • Custom based applications. • Create user accounts. • Change permissions. • Anything can be done from command prompt can be done remotely and securely.
PORT FORWARDING • Powerful Tool. • provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in-house applications. • allows data from normally unsecured TCP/IP applications to be secured.
PORT FORWARDING
SECURE FILE TRANSFER • Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol. • Separate protocol layered over the Secure Shell protocol to handle file transfers.
SFTP • SFTP encrypts both the username/password and the data being transferred. • Uses the same port as the Secure Shell server, eliminating the need to open another port on the firewall or router. • Using SFTP also avoids the network address translation (NAT) issues that can often be a problem with regular FTP.
SFTP • An ideal use of SFTP is to fortify a server or servers outside the firewall or router accessible by remote users and/or partners (sometimes referred to as a secure extranet or DMZ).
SSH ARCHITECTURESSH ARCHITECTURE
Secure File Transfer Protocol • Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
COMPONENTS OF SECURE SHELL • SSHD Server: A program that allows incoming SSH connections to a machine, handling authentication, authorization. • Clients: A program that connects to SSH servers and makes requests for service • Session: An ongoing connection between a client and a server. It begins after the client successfully authenticates to a server and ends when the connection terminates.
HOW SECURE SHELL WORKS ? • When SSHD is started , it starts listening on port22 for a socket. When a socket get connected the secure shell daemon spawns a child process. Which in turn generates an host key e g. RSA. After key is generated the secure shell daemon is ready for the local client to connect to another secure shell daemon or waits for a connection from remote host.
SECURITY BENEFITS • User Authentication • Host Authentication • Data Encryption • Data Integrity
USER AUTHENTICATION • User Identity • System verifies that access is only given to intended users and denied to anyone else.
PASSWORD AUTHENTICATION • Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be. • If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
PUBLIC KEY AUTHENTICATION • Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length • Most secure Method to authenticate using Secure Shell
PUBLIC KEY AUTHENTICATION • To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
HOST AUTHENTICATION • A host key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs discussed above in the Public key section. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
HOST AUTHENTICATION… • To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
DATA ENCRYPTION • Encryption, sometimes referred to as privacy, means that your data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.
DATA ENCRYPTION… • When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
DATA INTEGRITY • Data integrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
PROTECT AGAINST • IPS Spoofing • DNS Spoofing • IP Source Routing
IPS SPOOFING • IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
IP SOURCE ROUTING • where a host can pretend that an IP packet comes from another, trusted host.
DNS SPOOFING • DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers
REASONS TO USE SSH? • Designed to be a secure replacement for rsh, rlogin, rcp, rdist, and telnet. • Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing). • Improved privacy. All communications are automatically and transparently encrypted.
REASONS TO USE SSH • Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions • The software can be installed and used (with restricted functionality) even without root privileges. • Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections.
CONCLUSION • SSH it is possible to create a secure communication channel between the server and the client. • This channel can be used for different purposes, not necessarily for launching a remote terminal session but also for sending any data using the forwarding feature. • SSH supports a variety of authentication methods, and new options may be added if required. • Both the client and the server can authenticate each other to enhance security against different kinds of attacks.
REFERENCES • http://yakko.cs.wmich.edu/presentations/20021107- ssh/slides/img7.html • http://www.vandyke.com/solutions/ssh_overview/ssh_overvie w_functionalit • http://michaelsteel.tripod.com/cgi-bin/

Recommandé

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 

Recommandé

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP Ramesh Giri
 
Ssh
SshSsh
SshRaghu nath
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments Chris Swan
 

Contenu connexe

Tendances

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 

Tendances (20)

Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
IP Security
IP SecurityIP Security
IP Security
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Hash Function
Hash FunctionHash Function
Hash Function
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
HTTPS
HTTPSHTTPS
HTTPS
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP
 
Ssh
SshSsh
Ssh
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
802.1x
802.1x802.1x
802.1x
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 

En vedette

Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments Chris Swan
 
Joomla CMS SEMINAR PPT
Joomla CMS SEMINAR PPTJoomla CMS SEMINAR PPT
Joomla CMS SEMINAR PPTPinky Mondal
 
Brain chips ppt
Brain chips pptBrain chips ppt
Brain chips ppt9440999171
 
Night vision technology ppt
Night vision technology pptNight vision technology ppt
Night vision technology pptEkta Singh
 
Seminar on night vision technology ppt
Seminar on night vision technology pptSeminar on night vision technology ppt
Seminar on night vision technology pptdeepakmarndi
 

En vedette (10)

Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Security protocols in constrained environments
Security protocols in constrained environments Security protocols in constrained environments
Security protocols in constrained environments
 
Night Vision Technology
Night Vision TechnologyNight Vision Technology
Night Vision Technology
 
3D-Doctor
3D-Doctor3D-Doctor
3D-Doctor
 
CMS and Joomla
CMS and JoomlaCMS and Joomla
CMS and Joomla
 
Joomla CMS SEMINAR PPT
Joomla CMS SEMINAR PPTJoomla CMS SEMINAR PPT
Joomla CMS SEMINAR PPT
 
Brain chips ppt
Brain chips pptBrain chips ppt
Brain chips ppt
 
SSH
SSHSSH
SSH
 
Night vision technology ppt
Night vision technology pptNight vision technology ppt
Night vision technology ppt
 
Seminar on night vision technology ppt
Seminar on night vision technology pptSeminar on night vision technology ppt
Seminar on night vision technology ppt
 

Similaire à Secure shell ppt

Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
port forwarding.pptx
port forwarding.pptxport forwarding.pptx
port forwarding.pptxVignesh kumar
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure ShellWILLA REYES
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkHASHIR RAZA
 

Similaire à Secure shell ppt (20)

Secure shell
Secure shellSecure shell
Secure shell
 
Unit08
Unit08Unit08
Unit08
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
port forwarding.pptx
port forwarding.pptxport forwarding.pptx
port forwarding.pptx
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Encryption
EncryptionEncryption
Encryption
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Telnet & Secure Shell
Telnet & Secure ShellTelnet & Secure Shell
Telnet & Secure Shell
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 

Plus de sravya raju

BIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPTBIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPTsravya raju
 
Hawk Eye Technology ppt
Hawk Eye Technology pptHawk Eye Technology ppt
Hawk Eye Technology pptsravya raju
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt sravya raju
 
Fog computing document
Fog computing documentFog computing document
Fog computing documentsravya raju
 
HADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptHADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptsravya raju
 
HADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptHADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptsravya raju
 
PERSON DE-IDENTIFICATION IN VIDEOS ppt
PERSON DE-IDENTIFICATION IN VIDEOS pptPERSON DE-IDENTIFICATION IN VIDEOS ppt
PERSON DE-IDENTIFICATION IN VIDEOS pptsravya raju
 

Plus de sravya raju (7)

BIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPTBIOMETRIC IDENTIFICATION IN ATM’S PPT
BIOMETRIC IDENTIFICATION IN ATM’S PPT
 
Hawk Eye Technology ppt
Hawk Eye Technology pptHawk Eye Technology ppt
Hawk Eye Technology ppt
 
fog computing ppt
fog computing ppt fog computing ppt
fog computing ppt
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
 
HADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptHADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY ppt
 
HADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY pptHADOOP TECHNOLOGY ppt
HADOOP TECHNOLOGY ppt
 
PERSON DE-IDENTIFICATION IN VIDEOS ppt
PERSON DE-IDENTIFICATION IN VIDEOS pptPERSON DE-IDENTIFICATION IN VIDEOS ppt
PERSON DE-IDENTIFICATION IN VIDEOS ppt
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Secure shell ppt

  • 1. Technical Seminar on SECURE SHELLSECURE SHELL Under the Guidance of P.V.R.K.MURTHY, M.Tech Assistant Professor Presented By
  • 2. CONTENTS • What is SSH ? • History • Functions of Secure Shell ? • Elements of Secure Shell? • Architecture • How Secure Shell works
  • 3. CONTENTS • Security Benefits ? • Why should we use SSH ? • Conclusion • References
  • 4. WHAT IS SSH? • SSH is a protocol for secure remote access to a machine over untrusted networks. • SSH is a replacement for telnet, rsh, rlogin and can replace ftp. • Uses Encryption. • SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
  • 5. FEATURES • Transmission is secure. • Transmission can be compressed. • No login password required
  • 6. WHAT’S WRONG WITH TELNET? • Sends all data in clear text. • Host between sender and receiver can see what the traffic is.
  • 7. WHY SHOULD WE ENCRYPT DATA ? • Use the same password in more than one place. • Do you want someone else to read your mail?
  • 8. HISTORY OF SSH? • Created by Tatu Ylönen in July 1995, a student of Helsinki University of Technology • Free SSH1 version • Founded SSH Communications Security, Ltd • SSH 2 version • Open SSH
  • 9. FUNCTIONS • Secure Command Shell • Port Forwarding • Secure file transfer.
  • 10. SECURE COMMAND SHELL • Allow you to edit files. • View the contents of directories. • Custom based applications. • Create user accounts. • Change permissions. • Anything can be done from command prompt can be done remotely and securely.
  • 11. PORT FORWARDING • Powerful Tool. • provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in-house applications. • allows data from normally unsecured TCP/IP applications to be secured.
  • 13. SECURE FILE TRANSFER • Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol. • Separate protocol layered over the Secure Shell protocol to handle file transfers.
  • 14. SFTP • SFTP encrypts both the username/password and the data being transferred. • Uses the same port as the Secure Shell server, eliminating the need to open another port on the firewall or router. • Using SFTP also avoids the network address translation (NAT) issues that can often be a problem with regular FTP.
  • 15. SFTP • An ideal use of SFTP is to fortify a server or servers outside the firewall or router accessible by remote users and/or partners (sometimes referred to as a secure extranet or DMZ).
  • 17. Secure File Transfer Protocol • Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
  • 18. COMPONENTS OF SECURE SHELL • SSHD Server: A program that allows incoming SSH connections to a machine, handling authentication, authorization. • Clients: A program that connects to SSH servers and makes requests for service • Session: An ongoing connection between a client and a server. It begins after the client successfully authenticates to a server and ends when the connection terminates.
  • 19. HOW SECURE SHELL WORKS ? • When SSHD is started , it starts listening on port22 for a socket. When a socket get connected the secure shell daemon spawns a child process. Which in turn generates an host key e g. RSA. After key is generated the secure shell daemon is ready for the local client to connect to another secure shell daemon or waits for a connection from remote host.
  • 20. SECURITY BENEFITS • User Authentication • Host Authentication • Data Encryption • Data Integrity
  • 21. USER AUTHENTICATION • User Identity • System verifies that access is only given to intended users and denied to anyone else.
  • 22. PASSWORD AUTHENTICATION • Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be. • If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
  • 23. PUBLIC KEY AUTHENTICATION • Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length • Most secure Method to authenticate using Secure Shell
  • 24. PUBLIC KEY AUTHENTICATION • To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 25. HOST AUTHENTICATION • A host key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs discussed above in the Public key section. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
  • 26. HOST AUTHENTICATION… • To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 27.
  • 28. DATA ENCRYPTION • Encryption, sometimes referred to as privacy, means that your data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.
  • 29. DATA ENCRYPTION… • When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
  • 30. DATA INTEGRITY • Data integrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
  • 31. PROTECT AGAINST • IPS Spoofing • DNS Spoofing • IP Source Routing
  • 32. IPS SPOOFING • IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
  • 33. IP SOURCE ROUTING • where a host can pretend that an IP packet comes from another, trusted host.
  • 34. DNS SPOOFING • DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers
  • 35. REASONS TO USE SSH? • Designed to be a secure replacement for rsh, rlogin, rcp, rdist, and telnet. • Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing). • Improved privacy. All communications are automatically and transparently encrypted.
  • 36. REASONS TO USE SSH • Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions • The software can be installed and used (with restricted functionality) even without root privileges. • Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections.
  • 37. CONCLUSION • SSH it is possible to create a secure communication channel between the server and the client. • This channel can be used for different purposes, not necessarily for launching a remote terminal session but also for sending any data using the forwarding feature. • SSH supports a variety of authentication methods, and new options may be added if required. • Both the client and the server can authenticate each other to enhance security against different kinds of attacks.