--- title: "13-ssh" tags: - lecture - cosc301 --- What is a terminal? - An electronic device used for entering data into, and displaying data from a computer - Dumb terminal (thin client): no local processing ability - Smart terminal (fat client): has local processing ability ![300](https://i.imgur.com/HSo19Rt.png) > [!INFO] from programmer POV, terminal is the interface associated with a device/program - Hard-copy terminals - TeleTYpewriter (TTY) - DEC VT-100 terminal - Terminal emulator - a program that does what a dumb terminal used to do - Terminal window ![100](https://i.imgur.com/k6YQ2aG.png) > [!INFO] there are two entities → terminal master/client and terminal client/slave/server. > similar to client server > a process can access the pseudo terminal > [!INFO] terminal modes > raw mode sends every keystroke > canonical mode sends processed input. with tab completion etc TTY Remote History - Berkeley ‘r’-commands - rsh remote shell commands - rlogin remote terminal - rcp remote copy - Bad security - Weak host-based authentication Privileged ports - .rhosts - no password - Telnet - Remote terminal, similar to rlogin - User-based authentication Past Problems & Solutions - Everything sent in clear-text, no encryption - **solution** encrypt all traffic - Weak Host-based authentication - Exploitable trust relationships - Privileged ports offer little protection - **solution** Port forwarding - Server is not authenticated - Potential Man-in-the-middle (MITM) attack Encrypt all traffic - **solution** Authenticate both user and server > [!INFO] port forwarding > in old days when you has an open for for mail/internet, anyone could connect > now only allow certain points to be accessed Keys - User Key - A persistent, asymmetric key used by clients as proof of a user's identity. - A single user may have multiple keys - Host Key - A persistent, asymmetric key used by a server as proof of its identity - Used by a client when proving its host's identity as part of trustedhost authentication - Server Key - A temporary, asymmetric key used in the SSH-1 protocol. - It is regenerated by the server at regular intervals (by default every hour) and protects the session key - not relevant anymore - Session Key - A randomly generated, symmetric key for encrypting the communication between an SSH client and server. > [!INFO] keys > should be either very long or very complex > a long key can have simple operation > a short key needs to have a more complex algorithm Data Encryption/Integrity - Encryption - Use ciphers to encrypt and decrypt data being send over the wire - Block cipher such as DES, 3DES, use a shared key (session key) - Agree which cipher use during connection setup - Session keys are randomly generated by both the client and server, after host authentication and before user authentication - Integrity - Simple 32-bit CRC in SSH1 - Message Authentication Code (MAC) in SSH2 Threats Addressed by SSH - Eavesdropping or Password Sniffing - All transmitted data is encrypted - Man-in-the-middle attack (MITM) - Host authentication - Can not happen unless the host itself has been compromised - Insertion and Replay attack - Attacker is not only monitoring the SSH session, but is also observing the keystrokes - By comparing what is typed with the traffic in the SSH stream, the attacker can deduce the packet containing a particular command, and replay the command at a particularly inappropriate time during the session. - Message authentication code prevents such attacks. Threats Not Addressed by SSH - Password Cracking - recovering passwords from data that has been stored or transmitted - IP and TCP attacks - Syn Flood - IP Fragment Attacks - ... - Traffic Analysis - deduce information from patterns in communication - can be performed even when the messages are encrypted