Secure Shell (SSH)

Secure SHell (SSH)

An application and a secure communication protocol over TCP/IP Allows the establishment of secure remote sessions Replacing insecure telnet/rlogin sessions Allows the multiplexing of many data flows over a secure session Secure tunneling Security mechanisms Confidentiality and integrity control Including data flow hiding Key distribution Session key Mutual authentication Server host (or server) Client user

Secure remote logins Instead of telnet/rlogin Secure remote command execution Instead of rsh/rcmd/rexec Secure file transfer and backup Secure FTP / Secure copy Port forwarding and tunneling For adding security to multiple data flows through a single SSH session

Created by Tatu Ylönen First version released in 1995 Second version released in 1998 Not compatible with the previous one Björn Grönvall developed OSSH in 1999 From the last open source release of SSH OpenBSD launched the OpenSSH project (www.openssh.org ) Extending OSSH

Client-server architecture Server usually on port 22 Services include login, ftp, file copy and TCP tunneling

Transport Layer Protocol (RFC 4253) Key distribution Session key computing with ephemeral DH values Server authentication With pre-distributed, non-certified public key Signature of DH values and resulting key Exchange of secure messages Compression Encryption Integrity control Individual messages Message sequence Authentication Protocol (RFC 4252) User authentication Shared key (password), asymmetric keys Connection Protocol (RFC 4254) Multiplexing of TCP flows over a single secure session Port forwarding

Image from [1] Each server has an asymmetric key pair Public key not certified On each session setup the servers sends its public key Clients key a database with known keys IP indexed Keys are imported when not present Or when different from the current ones Import operations are critical Man-in-the-middle attacks can poison clients’ databases with wrong public keys

Image from [1] Runs over a secure channel Enables users to exchange passwords with servers for authentication The server publishes the available authentication methods The user choses the prefered one Authentication methods are defined for users and services User + service methods Methods Shared key (password) The server knows the password (or a transformation of it) Asymetric key pair The server knows the public key of the user

Mapping between an SSH client port and a remote host port Ex. host1:port1 host3:port3 host 0 host 1 host 2 host 3

SSH SSH client client daemon server

port mapping

The session between host1 and host2 may support TCP connections over a single outgoing tunnel Many outgoing tunnels may be defined Data flows of all TCP connections over all outgoing tunnels are indistinguishable

Mapping between an SSH daemon port and a remote host port Ex. host2:port2 host0:port0

host 0 host 1 host 2 host 3

SSH SSH server client daemon client

port mapping

The session between host1 and host2 may support TCP connections over a single ingoing tunnel Many ingoing tunnels may be defined Very useful for remote X11 applications Running on host3 and using the remote display of host0

Dynamic mapping between an SSH client port and SOCKS- provided server ports

host 0 host 1 host 2 host 3

SSH SSH client client daemon server

dynamic SOCKS port

The server end-point address is provided to the SSH client by means of SOCKS Only works with SOCKS-enable client applications e.g. browsers

acceptance of clients other than the SSH client and server

tunnel listenning port

tunnel destination port

local (static, outgoing) remote (static, ingoing) dynamic (local, outgoing)

host 0 host 1 host 2 host 3

SSH SSH client client daemon server

Lport1 port3 port mapping

host 0 host 1 host 2 host 3

SSH SSH server client daemon client

port0 Rport2 port mapping

host 0 host 1 host 2 host 3

SSH SSH client client daemon server

Dport1 dynamic port

Agents are applications that provide SSH clients a password-free usage of private keys

unlock SSH SSH unlock SSH SSH key client daemon key client daemon

private agent private keys keys

[1] Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes, “ SSH, The Secure Shell: The Definitive Guide”, Second Edition, Mai 2005, ISBN 978-0-596-00895-6

RFC 4250, The Secure Shell (SSH) Protocol Assigned Numbers RFC 4251, The Secure Shell (SSH) Protocol Architecture RFC 4252, The Secure Shell (SSH) Authentication Protocol RFC 4253, The Secure Shell (SSH) Transport Layer Protocol RFC 4254, The Secure Shell (SSH) Connection Protocol RFC 4255, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints RFC 4256, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) RFC 4335, The Secure Shell (SSH) Session Channel Break Extension RFC 4344, The Secure Shell (SSH) Transport Layer Encryption Modes RFC 4345, Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol RFC 4419, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol (March 2006) RFC 4432, RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol (March 2006) RFC 4462, Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol (May 2006) RFC 4716, The Secure Shell (SSH) Public Key File Format (November 2006) RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer (December 2009)