From 665abb763db51c167e8ae66e02fce97d9bd1c981 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Mon, 17 Apr 2023 11:06:55 +1200 Subject: [PATCH] vault backup: 2023-04-17 11:06:55 --- content/notes/13-ssh.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/content/notes/13-ssh.md b/content/notes/13-ssh.md index da92dfece..0bebcf82e 100644 --- a/content/notes/13-ssh.md +++ b/content/notes/13-ssh.md @@ -71,6 +71,45 @@ Keys - Server Key - A temporary, asymmetric key used in the SSH-1 protocol. - It is regenerated by the server at regular intervals (by default every hour) and protects the session key + - not relevant anymore - Session Key - A randomly generated, symmetric key for encrypting the communication between an SSH client and server. +> [!INFO] keys +> should be either very long or very complex +> a long key can have simple operation +> a short key needs to have a more complex algorithm + +Data Encryption/Integrity +- Encryption + - Use ciphers to encrypt and decrypt data being send over the wire + - Block cipher such as DES, 3DES, use a shared key (session key) + - Agree which cipher use during connection setup + - Session keys are randomly generated by both the client and server, after host authentication and before user authentication +- Integrity + - Simple 32-bit CRC in SSH1 + - Message Authentication Code (MAC) in SSH2 + +Threats Addressed by SSH +- Eavesdropping or Password Sniffing + - All transmitted data is encrypted +- Man-in-the-middle attack (MITM) + - Host authentication + - Can not happen unless the host itself has been compromised +- Insertion and Replay attack + - Attacker is not only monitoring the SSH session, but is also observing the keystrokes + - By comparing what is typed with the traffic in the SSH stream, the attacker can deduce the packet containing a particular command, and replay the command at a particularly inappropriate time during the session. + - Message authentication code prevents such attacks. + +Threats Not Addressed by SSH +- Password Cracking + - recovering passwords from data that has been stored or transmitted +- IP and TCP attacks + - Syn Flood + - IP Fragment Attacks + - ... +- Traffic Analysis + - deduce information from patterns in communication + - can be performed even when the messages are encrypted + + \ No newline at end of file