260 likes | 430 Views
SSH Secure Login Connections over the Internet. Tatu Yloenen SSH Communications Security. MOTIVATION. Connecting through the Internet Cheap and convenient Risky Internet does not protect transmitted data. Threats from the Internet. Network monitoring
E N D
SSHSecure Login Connectionsover the Internet Tatu Yloenen SSH Communications Security
MOTIVATION • Connecting through the Internet • Cheap and convenient • Risky • Internet does not protect transmitted data
Threats from the Internet • Network monitoring • Connection hijacking:connections can be hijacked without either party noticing • Routing spoofing • DNS (domain name server) spoofing • Denial of service attacks
How to protect ourselves • An acceptable solution must guarantee • Authentication of both ends of the connection • Secrecy of transmitted information • Integrity of transmitted data • Secrecy of transmitted information is crucial
SSH • Allows • Secure login connections • Secure file transfer over the Internet or other untrusted networks
SSH • Uses cryptographic algorithms to • Authenticate both ends of the connection • Encrypt all transmitted data • Protect data integrity • Validate values returned by services such as DNS or network protocols (such as TCP)
Transport-level encryption • Every transmitted packet starts with random padding, followed by (optionally compressed) header and data • The entire packet is encrypted using a suitable algorithm • Packet type and data fields can be compressed with gzip before encryption • 1/3 of original size
Integrity protection • Originally provided by including CRC32 of the packet under encryption • Found to be insufficient • Was replaced by HMAC-SHA
What is HMAC-SHA? (I) • HMAC: • Hash-based Message Authentication Code • Uses a cryptographic hash function • Any change to the hashed data will (with very high probability) change the hash value
What is HMAC-SHA? (II) • SHA: • Secure Hash Algorithm • Four different algorithms:SHA-0, SHA-1, SHA-2, and SHA-3 • SHA-1 • Most widely used • Fixes a flaw in SHA-0 • Produces a 160-bit "digest"
SSH login protocol • Works on top of the packet-level protocol • Step 1:The client opens a connection to the server
SSH login protocol • Step 2:Server sends • Its public RSA host key • Another public RSA key (``server key'') that changes every hour
SSH login protocol The client compares the received host key against its own database of known host keys, Can decide to • Reject keys coming from unknown hosts • Accept them and store them in its database
SSH login protocol • Step 3:The client • Generates a 256 bit random number using a cryptographically strong RNG (session key) • Picks an encryption algorithm among those supported by the server • Encrypts the session key with RSA using both the host key and the server key • Sends the encrypted key to the server
The server key • Changed every hour • Used to make decrypting recorded historic traffic impossible after the server key has been changed when the host key becomes compromised • Normally a 768 bit RSA key • Host key is 1024 bits
SSH login protocol • Step 4:Server • Recovers the session key • Sends an encrypted confirmation to the client • Shows client that it holds the proper private keys Client and server can start using transport-level encryption and integrity protection
SSH login protocol • Step 5:User starts authentication procedure • First request includes the user login name • Server replies with either • successno further authentication is needed • failurefurther authentication is required
Authentication methods • Traditional password authentication • Combination of .rhosts or hosts.equiv authentication and RSA-based host authentication • Pure RSA authentication: • Server maintains a list of users' public keys. • User requests authentication for a given key • Server responds with a challenge
X11 and TCP/IP Forwarding • SSH can automatically forward the connection to the user's X server over the secure channel • SSH also automatically stores Xauthority data on the server • TCP/IP forwarding works similarly (Not covered in detail)
Authentication Agent • SSH supports using an authentication agent • Program that runs in the user's local machine (or on a smartcard connected to it) • Agent holds the user's private RSA keys • In the Unix environment, the agent • Starts as a parent of the user's shell • Communicates with SSH using a file descriptor it shares with its children
1996 Changes • New transport layer protocol: • Better integrity checks • HMAC-MD5 and HMAC-SHA • More complete encryption of packet contents • New authentication protocol (Not covered)
CONCLUSION • Strong cryptography • Solves Internet security issues • At negligible cost
OPEN DISCUSSION • How does SSH compares with Kerberos?
Performance • Startup time: • a few seconds • Data encryption rate: • Quite good on 1995 Pentium computers