Secure Shell

1. Secure Shell • Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking codes • Data encryption and compression • Terminal access to remote computers • File transfer • Command execution on remote computers • Support for port forwarding

2. Secure Shell The Protocol • There are currently two versions of the SSH protocol. Version 1 is considered insecure and should not be used unless there is no choice. • The version to use can be configured on both the client and server systems. • The protocol implements • Remote terminal • Remote file transfer (scp and sftp) • Remote command execution

3. Secure Shell The Protocol • scp is the secure copy operation. It is based on the Unix cp (file copy) program but does so securely across a network. • sftp is a file transfer loosely based on the standard ftp file transfer program. It is like ftp only in the client interface. It requires the server to specifically support this option.

4. Secure Shell The Program • There are several implementations of secure shell available both commercial and free. • A list of available versions can be located at • http://freessh.org/ • The most common version for use on Windows is PuTTy • Georgia Tech has a license for the commercial SecureCRT program. • The most common version for use on Linux is OpenSSH

5. Secure Shell Program - PuTTy • PuTTy is a Windows implementation of the ssh program. • http://www.chiark.greenend.org.uk/~sgtatham/putty/ • It consists of several programs • putty.exe – the terminal access program • pscp.exe – the file copy program • psftp.exe – the ftp-like file transfer program • plink.exe – the remote command execution program • pageant.exe – program to handle keys • puttygen.exe – program to generate keys

6. Secure Shell Program - PuTTy • When installing PuTTy place all executables in a directory such as c:\putty or c:\bin • Place this directory in your path (use System control panel)

7. Secure Shell The Program • There is a free Windows GUI implementation for file transfer, WinSCP, at • http://winscp.net/ • It implements both scp and sftp • A multi-purpose program that implements the ssh/sftp protocol is FileZilla • http://filezilla.sourceforge.net/ • It also does ftp

8. Secure Shell The Program • The OpenSSH program is found at, • http://www.openssh.org/ • This package implements the client, server, and key generation software • Intended for BSD, Linux, and Linux systems • A Windows installation based on Cygwin can be found at • http://sshwindows.sourceforge.net/ • A Mac OS graphical file transfer version (sftp) is at, • http://rsug.itd.umich.edu/software/fugu/

9. Secure Shell PuTTy Configuration

10. Secure Shell PuTTy Configuration

11. Secure Shell PuTTy Configuration

12. Secure Shell PuTTy Configuration

13. Secure Shell PuTTy Configuration Upon first connection the dialog above will appear. A similar dialog will appear if the server’s key has changed. If you accept the server’s identity then press “Yes”.

14. Secure Shell PuTTy Remote Terminal A Linux login screen.

15. Secure Shell PuTTy Remote Terminal After login.

16. Secure Shell File Transfer – PuTTy scp • pscp source destination • Source/destination: user@host:path • Do not use user@host for a local file • For path use target systems file conventions • Spaces in path require quoted names • pscp c:\data\data1.dat gburdell@newton.asdl.ae.gatech.edu:/project/data/ • pscp gburdell@newton:presentation1.ppt presentation1.ppt

17. Secure Shell File Transfer – PuTTy sftp • psftp server • Server: user@host:path • psftp gburdell@newton • cd /project/data • put c:\data\data1.dat • exit

18. Secure Shell File Transfer – WinSCP

19. Secure Shell Remote Command Execution – PuTTy • plink –ssh gburdell@newton ls • plink –ssh gburdell@newton “cat file”

20. Secure Shell Public Keys for SSH Authentication • An alternative to entering your password is to setup ssh’s public key authentication • Generate a public/private key pair • Distribute the public key to servers • Enable public key authentication in client

21. Secure Shell Public Keys for SSH Authentication - PuTTy • Use the puttygen.exe program to generate key pair

22. Secure Shell Public Keys for SSH Authentication - PuTTy • Save your key files on local disk, use a pass phrase • Transfer the public key to the server • Usually the server is OpenSSH based • Get a copy of .ssh/authorized_keys from server (scp) • Open in WordPad • Paste the key from puttygen into the file • Place back on server

23. Secure Shell Public Keys for SSH Authentication - PuTTy • When public key authentication is used by the client the software will read the private key. To do so it requests the pass-phrase. The PuTTy pageant.exe program, when run at startup, will request the pass-phrase and supply it later when needed.

24. Secure Shell Port Forwarding • Makes it possible to make a connection where it is otherwise impossible, for example, through a firewall. • Requires connecting to an SSH server that has access to the ultimate target system. • Sets up a proxy-pair on the client and the ssh server to transmit data to the target. • Only works with TCP ports. • Creates an encrypted and authenticated tunnel.

25. Secure Shell Port Forwarding • The –L option controls port forwarding • -L local-loopback-addr:local-port:remote-addr:remote-port

26. Secure Shell Port Forwarding – Remote Desktop • Connect to your WinXP computer from a remote WinXP computer. • Requires an SSH port forwarding to penetrate firewall. • SSH command to port forward • plink –ssh –L 9000:172.16.4.13:3389 gburdell@asdl.ae.gatech.edu cat - • Be very careful not to connect to your own system. • plink –ssh –L 3389:172.16.4.13:3389 gburdell@asdl.ae.gatech.edu cat - NO! • Tutorial on using remote desktop • http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx • For ASDL the external SSH gateway is asdl.ae.gatech.edu