Fundamentals of Linux Platform Security

Security Training Course

Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security

Module 9 Application Security Roadmap

• ssh • SSL • IPsec & VPNs

10/12 cja 2012 3 ssh What is ssh?

• “Secure shell” . Secure interactive connections to remote hosts over an insecure network . Secure data transfers

10/12 cja 2012 5 Security Requirements

1. Authentication (who are you?) 2. Authorization (what are you allowed to do?) 3. Confidentiality (nobody else can see the data without 1 & 2) 4. Integrity (nobody else can change it) 5. Availability (you can see the data whenever you want to)

10/12 cja 2012 6 Security Requirements

• rtools et alia are naîve nowadays . rsh, rcp, rexec, rlogin, rsync – weak client authentication, no server authentication, no confidentiality or integrity . telnet, ftp – cleartext client authentication, no server authentication, no confidentiality or integrity

10/12 cja 2012 7 ssh features

• Remote access like telnet and rlogin • Remote transfers like rcp (scp) and ftp (sftp) • Transparent connection tunnelling: . POP, IMAP, SMTP . X connections (-X), VNC, Remote Desktop . LDAP clients . CVS (CVS_RSH), rsync (RSYNC_RSH) . … • SSHFS: securely mount remote directory

10/12 cja 2012 8 But, passwords

• You (have to) type them all the time . Single sign-on remains elusive • Conflict between usability & security . Too many passwords . Varying strength rules . Varying length and character class limits . Varying aging policies

10/12 cja 2012 9 Public-key authentication

• Public-key quick tour . Instead of one key (think password) there are two:  Public key: published widely  Private key: kept secure . Something encrypted by one key can only be decrypted by the other . To encrypt a message: encrypt with receiver’s public key, receiver decrypts with their private key . To sign a message: encrypt with your private key, receiver decrypts with your public key

10/12 cja 2012 10 Public-key and ssh

• Generate your key-pair once. • Install public key on remote host once. • Server authenticates client: . Server picks a number n, encrypts with my public key, sends it . My client decrypts n with my private key . My client re-encrypts n+1 with my private key , sends it . Server decrypts with my public key . You’re authenticated if server recovers n+1

• No passwords required!

10/12 cja 2012 11 lab: public-key ssh

ssh-keygen -t rsa -b 2048 . never use RSA-1 (uses SSH1, which we said was broken) . You will be asked for a passphrase, which is used to encrypt your private key for secure storage on your computer. Think of this passphrase as a PIN securing your private key. . Don’t leave passphrase blank unless you want anyone to be able to read it cd ~/.ssh/ cat id_rsa.pub ls -ltra

10/12 cja 2012 12 lab: public-key ssh

Copy your public key to your .ssh directory on the remote host ssh user@remotehost mkdir .ssh scp id_rsa.pub user@remotehost:.ssh/ . You’ll be prompted for your password

Connect to the remote machine ssh user@remotehost . You’ll be prompted for your private key passphrase 10/12 cja 2012 13 But, passphrases

• But I’m still typing my passphrase! . Yes, but your password isn’t going to the server  So a malicious server can’t steal it . But I’m still typing my passphrase! • Enter the ssh-agent . Handles your private key(s)  Which can be on a smartcard: ssh -I . Unlocks private key once, keep in memory  So trading some security for convenience . Supplies your private key through intervening machines  So trading more security for convenience

10/12 cja 2012 14 lab: ssh-agent and ssh-add

ssh-agent $SHELL . alternatively: eval `ssh-agent`  this second form is easy to add to login scripts!  ps ax | gre