quartz/content/notes/13-ssh.md

---
title: "13-ssh"
tags: 
- lecture
- cosc301
---

What is a terminal?
- An electronic device used for entering data into, and displaying data from a computer 
	- Dumb terminal (thin client): no local processing ability 
	- Smart terminal (fat client): has local processing ability
![300](https://i.imgur.com/HSo19Rt.png)

> [!INFO] from programmer POV, terminal is the interface associated with a device/program

- Hard-copy terminals 
	- TeleTYpewriter (TTY) 
	- DEC VT-100 terminal

- Terminal emulator 
	- a program that does what a dumb terminal used to do 
	- Terminal window

![100](https://i.imgur.com/k6YQ2aG.png)

> [!INFO] there are two entities → terminal master/client and terminal client/slave/server. 
> similar to client server
> a process can access the pseudo terminal


> [!INFO] terminal modes
> raw mode sends every keystroke
> canonical mode sends processed input. with tab completion etc

TTY Remote History 
- Berkeley ‘r’-commands 
	- rsh remote shell commands 
	- rlogin remote terminal 
	- rcp remote copy 
	- Bad security
		- Weak host-based authentication Privileged ports
		- .rhosts
		- no password
- Telnet 
	- Remote terminal, similar to rlogin 
	- User-based authentication

Past Problems & Solutions 
	- Everything sent in clear-text, no encryption 
	- **solution** encrypt all traffic
- Weak Host-based authentication 
	- Exploitable trust relationships 
	- Privileged ports offer little protection 
	- **solution** Port forwarding
- Server is not authenticated 
	- Potential Man-in-the-middle (MITM) attack Encrypt all traffic 
	- **solution** Authenticate both user and server

> [!INFO] port forwarding
> in old days when you has an open for for mail/internet, anyone could connect
> now only allow certain points to be accessed


Keys
- User Key 
	- A persistent, asymmetric key used by clients as proof of a user's identity. 
	- A single user may have multiple keys 
- Host Key 
	- A persistent, asymmetric key used by a server as proof of its identity 
	- Used by a client when proving its host's identity as part of trustedhost authentication 
- Server Key 
	- A temporary, asymmetric key used in the SSH-1 protocol. 
	- It is regenerated by the server at regular intervals (by default every hour) and protects the session key 
	- not relevant anymore
- Session Key 
	- A randomly generated, symmetric key for encrypting the communication between an SSH client and server.

> [!INFO] keys
> should be either very long or very complex
>  a long key can have simple operation
>  a short key needs to have a more complex algorithm

Data Encryption/Integrity 
- Encryption 
	- Use ciphers to encrypt and decrypt data being send over the wire 
	- Block cipher such as DES, 3DES, use a shared key (session key) 
	- Agree which cipher use during connection setup 
	- Session keys are randomly generated by both the client and server, after host authentication and before user authentication 
- Integrity 
	- Simple 32-bit CRC in SSH1 
	- Message Authentication Code (MAC) in SSH2

Threats Addressed by SSH 
- Eavesdropping or Password Sniffing 
	- All transmitted data is encrypted 
- Man-in-the-middle attack (MITM) 
	- Host authentication 
	- Can not happen unless the host itself has been compromised 
- Insertion and Replay attack 
	- Attacker is not only monitoring the SSH session, but is also observing the keystrokes 
	- By comparing what is typed with the traffic in the SSH stream, the attacker can deduce the packet containing a particular command, and replay the command at a particularly inappropriate time during the session. 
	- Message authentication code prevents such attacks.

Threats Not Addressed by SSH 
- Password Cracking 
	- recovering passwords from data that has been stored or transmitted 
- IP and TCP attacks 
	- Syn Flood 
	- IP Fragment Attacks 
	- ... 
- Traffic Analysis 
	- deduce information from patterns in communication 
	- can be performed even when the messages are encrypted