Fundamentals of Linux Platform Security
Security Training Course
Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security
Module 9 Application Security Roadmap
• ssh • SSL • IPsec & VPNs
10/12 cja 2012 3 ssh What is ssh?
• “Secure shell” . Secure interactive connections to remote hosts over an insecure network . Secure data transfers
10/12 cja 2012 5 Security Requirements
1. Authentication (who are you?) 2. Authorization (what are you allowed to do?) 3. Confidentiality (nobody else can see the data without 1 & 2) 4. Integrity (nobody else can change it) 5. Availability (you can see the data whenever you want to)
10/12 cja 2012 6 Security Requirements
• rtools et alia are naîve nowadays . rsh, rcp, rexec, rlogin, rsync – weak client authentication, no server authentication, no confidentiality or integrity . telnet, ftp – cleartext client authentication, no server authentication, no confidentiality or integrity
10/12 cja 2012 7 ssh features
• Remote access like telnet and rlogin • Remote transfers like rcp (scp) and ftp (sftp) • Transparent connection tunnelling: . POP, IMAP, SMTP . X connections (-X), VNC, Remote Desktop . LDAP clients . CVS (CVS_RSH), rsync (RSYNC_RSH) . … • SSHFS: securely mount remote directory
10/12 cja 2012 8 But, passwords
• You (have to) type them all the time . Single sign-on remains elusive • Conflict between usability & security . Too many passwords . Varying strength rules . Varying length and character class limits . Varying aging policies
10/12 cja 2012 9 Public-key authentication
• Public-key quick tour . Instead of one key (think password) there are two: Public key: published widely Private key: kept secure . Something encrypted by one key can only be decrypted by the other . To encrypt a message: encrypt with receiver’s public key, receiver decrypts with their private key . To sign a message: encrypt with your private key, receiver decrypts with your public key
10/12 cja 2012 10 Public-key and ssh
• Generate your key-pair once. • Install public key on remote host once. • Server authenticates client: . Server picks a number n, encrypts with my public key, sends it . My client decrypts n with my private key . My client re-encrypts n+1 with my private key , sends it . Server decrypts with my public key . You’re authenticated if server recovers n+1
• No passwords required!
10/12 cja 2012 11 lab: public-key ssh
ssh-keygen -t rsa -b 2048 . never use RSA-1 (uses SSH1, which we said was broken) . You will be asked for a passphrase, which is used to encrypt your private key for secure storage on your computer. Think of this passphrase as a PIN securing your private key. . Don’t leave passphrase blank unless you want anyone to be able to read it cd ~/.ssh/ cat id_rsa.pub ls -ltra
10/12 cja 2012 12 lab: public-key ssh
Copy your public key to your .ssh directory on the remote host ssh user@remotehost mkdir .ssh scp id_rsa.pub user@remotehost:.ssh/ . You’ll be prompted for your password
Connect to the remote machine ssh user@remotehost . You’ll be prompted for your private key passphrase 10/12 cja 2012 13 But, passphrases
• But I’m still typing my passphrase! . Yes, but your password isn’t going to the server So a malicious server can’t steal it . But I’m still typing my passphrase! • Enter the ssh-agent . Handles your private key(s) Which can be on a smartcard: ssh -I . Unlocks private key once, keep in memory So trading some security for convenience . Supplies your private key through intervening machines So trading more security for convenience
10/12 cja 2012 14 lab: ssh-agent and ssh-add
ssh-agent $SHELL . alternatively: eval `ssh-agent` this second form is easy to add to login scripts! ps ax | gre