1 / 14

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003. Outline. Introduction Brief History What is Secure Shell ? Features of Secure Shell Security Mechanism of Secure Shell SSH1 vs. SSH2 Conclusion . Introduction.

fuller
Download Presentation

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSH : The Secure Shell ByRachana MaheswariCS265 Spring 2003

  2. Outline • Introduction • Brief History • What is Secure Shell ? • Features of Secure Shell • Security Mechanism of Secure Shell • SSH1 vs. SSH2 • Conclusion

  3. Introduction • Widely used utilities to login through a network in Unix environment are telnet and rlogin • Problem - user's login name and password transmitted as clear text • Data transmission after login - also in clear text ! “SSH, the Secure Shell is a powerful, software-based approach to network security that provides a secure channel for data transmission through a network”

  4. History • Developed by Tatu Ylonen , Helsinki University of Technology, Finland in 1995 to prevent network attack against University network • Published the protocol SSH-1 as an IETF (Internet Engineering Task Force) draft • Founded SSH communications security Ltd., in late 1995 (http://www.ssh.com) • Later released SSH-2

  5. What is Secure Shell ? • Powerful, convenient approach to protecting communications on a computer network • Provides a secure channel for data transmission • Not a command interpreter • Provides a secure pipe to open up a command interpreter

  6. What is Secure Shell ? (Contd..) • Supports secure remote logins, secure remote command execution, secure file transfers • Has a client server architecture – SSH server program and client program

  7. Features • Privacy : via strong end-to-end encryption- DES, IDEA, Blowfish • Integrity : via 32 bit Cyclic Redundancy Check (CRC-32) • Authentication : server via server’s host key, client usually via password or public key • Authorization : controlled at a server wide level or per account basis • Forwarding : encapsulating another TCP based service such as Telnet within an SSH session

  8. Security Mechanism Establishing the Secure Connection • The client initiates the connection by sending a request to the TCP port of the SSH server • Server reveals it's SSH protocol version to the client • If the client and server decide their versions are compatible, the connection proceeds

  9. Establishing the Secure Connection(Contd..) • SSH server sends the following to the client - host key, the server key, a list of supported encryption, compression and authentication methods, and a sequence of eight random bytes • Client checks identity of server by using the host key against known hosts database • Client generates a session key and double encrypts it using the host key & server key • Client sends encrypted session key along with check bytes and acceptable algorithm

  10. Authentication • Server then decrypts the encrypted session key it received • Server sends a confirmation encrypted with this session key • Client receives confirmation, confirms server authentication • Client Authentication usually either by Password Authentication or Public key Authentication

  11. Authentication (Contd..) • Server confirms client authorization • Generates a 256 bit random challenge, encrypts it with clients public key, and sends to client • Client decrypts challenge, generates a hash value with a session identifier (commonly generated random string at beginning of session), and sends to server • Server generates hash, if both match, session is authenticated

  12. SSH2 vs. SSH1 • SSH2 has separate transport, authentication, and connection protocols.SSH1 has one monolithic protocol • SSH2 has strong cryptographic integrity check using MAC, SSH1 has weak checking using CRC-32 • SSH2 supports any number of session channels per connection (including none),SSH1 exactly one • Servers running SSH-2 can also run SSH-1 to take care of clients running SSH-1 • SSH2 allows more than one form of authentication per session, SSH1 allows only one.

  13. Conclusion • SSH provides a secure channel for data transmission • Provides a secure pipe to open up a command interpreter • Latest version of SSH –SSH3

  14. Thank You

More Related