3.9 KiB
| title | tags | ||
|---|---|---|---|
| 13-ssh |
|
What is a terminal?
- An electronic device used for entering data into, and displaying data from a computer
- Dumb terminal (thin client): no local processing ability
- Smart terminal (fat client): has local processing ability
[!INFO] from programmer POV, terminal is the interface associated with a device/program
-
Hard-copy terminals
- TeleTYpewriter (TTY)
- DEC VT-100 terminal
-
Terminal emulator
- a program that does what a dumb terminal used to do
- Terminal window
[!INFO] there are two entities → terminal master/client and terminal client/slave/server. similar to client server a process can access the pseudo terminal
[!INFO] terminal modes raw mode sends every keystroke canonical mode sends processed input. with tab completion etc
TTY Remote History
- Berkeley ‘r’-commands
- rsh remote shell commands
- rlogin remote terminal
- rcp remote copy
- Bad security
- Weak host-based authentication Privileged ports
- .rhosts
- no password
- Telnet
- Remote terminal, similar to rlogin
- User-based authentication
Past Problems & Solutions - Everything sent in clear-text, no encryption - solution encrypt all traffic
- Weak Host-based authentication
- Exploitable trust relationships
- Privileged ports offer little protection
- solution Port forwarding
- Server is not authenticated
- Potential Man-in-the-middle (MITM) attack Encrypt all traffic
- solution Authenticate both user and server
[!INFO] port forwarding in old days when you has an open for for mail/internet, anyone could connect now only allow certain points to be accessed
Keys
- User Key
- A persistent, asymmetric key used by clients as proof of a user's identity.
- A single user may have multiple keys
- Host Key
- A persistent, asymmetric key used by a server as proof of its identity
- Used by a client when proving its host's identity as part of trustedhost authentication
- Server Key
- A temporary, asymmetric key used in the SSH-1 protocol.
- It is regenerated by the server at regular intervals (by default every hour) and protects the session key
- not relevant anymore
- Session Key
- A randomly generated, symmetric key for encrypting the communication between an SSH client and server.
[!INFO] keys should be either very long or very complex a long key can have simple operation a short key needs to have a more complex algorithm
Data Encryption/Integrity
- Encryption
- Use ciphers to encrypt and decrypt data being send over the wire
- Block cipher such as DES, 3DES, use a shared key (session key)
- Agree which cipher use during connection setup
- Session keys are randomly generated by both the client and server, after host authentication and before user authentication
- Integrity
- Simple 32-bit CRC in SSH1
- Message Authentication Code (MAC) in SSH2
Threats Addressed by SSH
- Eavesdropping or Password Sniffing
- All transmitted data is encrypted
- Man-in-the-middle attack (MITM)
- Host authentication
- Can not happen unless the host itself has been compromised
- Insertion and Replay attack
- Attacker is not only monitoring the SSH session, but is also observing the keystrokes
- By comparing what is typed with the traffic in the SSH stream, the attacker can deduce the packet containing a particular command, and replay the command at a particularly inappropriate time during the session.
- Message authentication code prevents such attacks.
Threats Not Addressed by SSH
- Password Cracking
- recovering passwords from data that has been stored or transmitted
- IP and TCP attacks
- Syn Flood
- IP Fragment Attacks
- ...
- Traffic Analysis
- deduce information from patterns in communication
- can be performed even when the messages are encrypted