Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc. “Syngress: The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. Unique Passcode 75285725 PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 Next Generation SSH2 Implementation: Securing Data in Motion Copyright © 2009 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13: 978-1-59749-283-6 Publisher: Laura Colantoni Page Layout and Art: SPI Acquisitions Editor: Andrew Williams Copy Editor: Jill Batistick, Judith H. Eby and Michelle Huegel Developmental Editor: Matthew Cater Indexer: SPI Technical Editors: Dale Liu, Cover Designer: Michael Kavish Max Caceres, Justin Peltier Project Manager: Andre Cuello For information on rights, translations, and bulk sales, contact Matt Pedersen, Senior Sales Manager, Corporate Sales, at Syngress Publishing; email [email protected]. Library of Congress Cataloging-in-Publication Data Liu, Dale. Next generation SSH2 implementation: securing data in motion / Dale Liu. p. cm. Includes index. ISBN 978-1-59749-283-6 1. UNIX Shells. 2. Computer security. 3. Data encryption (Computer science) 4. Computer networks--Security measures. I. Title. QA76.9.A25L59 2008 005.8--dc22 2008040375 Lead Author and Technical Editor Dale Liu, (MCSE Security, CISSP, MCT, IAM/IEM, CCNA) has been working in the computer and networking field for over 20 years. Dale’s experience ranges from programming to networking to information security and project management. He currently teaches networking, routing and security classes, while working in the field performing security audits and infrastructure design for medium to large companies. He currently resides in Houston TX with two cats. He enjoys cooking and beer brewing with his girlfriend and live-in editor Amy. Dale wrote chapter 1, “Introduction,” chapter 4, “SSH Features,” chapter 6, “SSH Client Basics,” and chapter 11, “SSH Command Line and Advanced Client Use.” Dale also technically edited Chapters 1, 2, 3, 5, 6, 7, 8, 9, 12 and 13. v Contributing Authors Max Caceres is director of research and development for Matasano Security, an independent security firm specializing in providing software and services to help organizations and vendors improve their security postures. Max has over 14 years of product development and security research experience, and is one of the security industry’s leading experts on penetration testing. Before joining Matasano, Max led the team responsible for creating the first automated penetration testing product CORE IMPACT and co-invented several now patented technologies including system call proxying and exploit automation. Max lives in New York City and enjoys spending time with his wife Gabriela and jumping out of airplanes. Max wrote chapter 10, “Mac SSH,” and technically edited chapter 11, “SSH Command Line and Advanced Client Use.” Dario V. Forte, CISM, CFE, is Adj. Faculty at the University of Milano at Crema, and Founder of the IRItaly Project at DFlabs. Dario, a former police detective and founder of DFLabs, has worked in information security since 1992. He has been involved in numerous international conferences on information warfare, including the RSA Conference, Digital Forensic Research Workshops, the Computer Security Institute, the U.S. Department of Defense Cybercrime Conference, and the U.S. Department of Homeland Security (New York Electronic Crimes Task Force). He was also the keynote speaker at the Black Hat conference in Las Vegas. Dario also provides security consulting. Dario graduated in Organizational Sciences at the University of Torino, with a PGd in Computer Security from Strayer University and an MBA from the University of Liverpool. Cristiano Maruti, Thomas Orlandi, and Michele Zambelli, are security consultants at DFlabs, Italy, and are in the development team of the PTK, the advanced opensource forensic interface. Graduated in Computer vi Science at the University of Milano, Cristiano, Thomas and Michele have written several publications and have contributed to many research projects worldwide. Their research interests are (but not limited to) Digital Forensics, Information Security, Log Analysis, and Information Security Risk Management. Dario wrote Chapter 7, “The SSH Server Basics,” along with Cristiano Maruti, Thomas Orlandi, and Michele Zambelli, of The IRItaly Project at DFlabs Devin L. Ganger is a Messaging Architect for 3Sharp, Microsoft Exchange MVP, Battlestar Galactica fan, Call of Duty 4 addict, writer, speaker, blogger, husband, father, and geek. He is a lover, not a fighter, despite venturing into karate for health and fitness. His current plan of record is to retire from IT “real soon now”, become a dilettante and science fiction novelist and settle down to the challenging second career of ruling a small country with an iron fist. Devin wrote Chapter 08, “SSH on Windows.” Wipul Jayawickrama is the Managing Director of Infoshield, a company bringing together the skills, knowledge and expertise in information security to serve clients across Australia, Fiji, Sri Lanka, and Papua New Guinea. Wipul is a Certified Information Systems Security Professional (CISSP) with over 16 years of experience in the IT industry. During this period, he has held diverse roles in both technical and management capacities. As a consultant he has worked with government, financial and corporate clients from a wide range of industry sub sectors. His specializations include SCADA systems vulnerability assessment and audits and risk management. His recent engagements include the establishment of the Sri Lankan National Computer Emergency Response Team and several Lead Security consultant roles in Critical Infrastructure Computer Network Vulnerability Assessments. Wipul is currently reading a Master’s Degree in Information Security and Intelligence, and holds several Industry certifications in information security. He has presented at many national and international conferences and information security interest group conventions. vii He is also a SANS GIAC Certified Systems and Network auditor (GSNA) and was recently accredited as an International Information Systems Security Professional Certification Scheme Practitioner (ISSPCS) status. He has been published in the Lecture Notes in Computer Science Series and is also the coauthor of a forthcoming book to be published by British Standards Institute on Integrated Management Systems for Information Security and IT Service Management. Wipul wrote Chapter 3, “An Introduction to Cryptography.” Jan Kanclirz Jr., (CCIE #12136-Security, CCSP, CCNP, CCIP, CCNA, CCDA, INFOSEC Professional, Cisco WLAN Support/Design Specialist) is currently a Senior Network Information Security Architect at MSN Communications. Jan specializes in multi vendor designs and post-sale implementations for several technologies such as VPNs, IPS/IDS, LAN/ WAN, firewalls, content networking, wireless and VoIP. Beyond network designs and engineering, Jan’s background includes extensive experience with open source applications and Linux. Jan has contributed to several Syngress book titles on topics such as: Wireless, VoIP, Security, Operating Systems and other technologies. When Jan isn’t working or writing books he enjoys working on his security portal and exploring outside adventures in Colorado. Jan wrote Chapter 13, “SSH Port Forwarding.” Justin A. Peltier is a Senior Security Consultant with extensive experience in firewall and security technologies. Mr. Peltier currently holds ten certi- fications in an array of technology and security products and is the author or co-author of several security books, including “Information Security Fundamentals” and “How To Manage a Network Vulnerability Assessment” and is currently working on “Security Testing: Practices, Guidelines and Examinations”. Mr. Peltier