GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2026-03-24 23:15:46 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity
d494246c5a
quartz/content/notes/13-ssh.md
Jet Hughes d494246c5a vault backup: 2023-04-17 10:43:55
2023-04-17 10:43:55 +12:00

77 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "13-ssh"
tags:
- lecture
- cosc301
---
What is a terminal?
- An electronic device used for entering data into, and displaying data from a computer
- Dumb terminal (thin client): no local processing ability
- Smart terminal (fat client): has local processing ability
![300](https://i.imgur.com/HSo19Rt.png)
> [!INFO] from programmer POV, terminal is the interface associated with a device/program
- Hard-copy terminals
- TeleTYpewriter (TTY)
- DEC VT-100 terminal
- Terminal emulator
- a program that does what a dumb terminal used to do
- Terminal window
![100](https://i.imgur.com/k6YQ2aG.png)
> [!INFO] there are two entities → terminal master/client and terminal client/slave/server.
> similar to client server
> a process can access the pseudo terminal
> [!INFO] terminal modes
> raw mode sends every keystroke
> canonical mode sends processed input. with tab completion etc
TTY Remote History
- Berkeley r-commands
- rsh remote shell commands
- rlogin remote terminal
- rcp remote copy
- Bad security
- Weak host-based authentication Privileged ports
- .rhosts
- no password
- Telnet
- Remote terminal, similar to rlogin
- User-based authentication
Past Problems & Solutions
- Everything sent in clear-text, no encryption
- **solution** encrypt all traffic
- Weak Host-based authentication
- Exploitable trust relationships
- Privileged ports offer little protection
- **solution** Port forwarding
- Server is not authenticated
- Potential Man-in-the-middle (MITM) attack Encrypt all traffic
- **solution** Authenticate both user and server
> [!INFO] port forwarding
> in old days when you has an open for for mail/internet, anyone could connect
> now only allow certain points to be accessed
Keys
- User Key
- A persistent, asymmetric key used by clients as proof of a user's identity.
- A single user may have multiple keys
- Host Key
- A persistent, asymmetric key used by a server as proof of its identity
- Used by a client when proving its host's identity as part of trustedhost authentication
- Server Key
- A temporary, asymmetric key used in the SSH-1 protocol.
- It is regenerated by the server at regular intervals (by default every hour) and protects the session key
- Session Key
- A randomly generated, symmetric key for encrypting the communication between an SSH client and server.
Reference in New Issue View Git Blame Copy Permalink