(mis)trusting and (ab)using ssh - extended version
DESCRIPTION
Video: http://videos.sapo.pt/IZ3zf32ME0GEZib3dl6y This talk is about SSH (Secure SHell), which is used by millions everyday. It can do a lot more than simple remote shell access, allowing for things like multiple authentication mechanisms, port forwardings, VPN, proxying, and so much more! But there's a catch... some of these features can (and are) mishandled, and new security problems arise. In this talk we'll be presenting the various features SSH provide along with the risks and mitigations from the perspective of Pentesters and Sysadmins.TRANSCRIPT
INTEGRITY
(mis)Trusting and (ab)Using SSHTips and Tricks for Pentesters and Sysadmins
Herman Duarte <[email protected]>Bruno Morisson <[email protected]>
INTEGRITY
About usBruno Morisson<[email protected]>
Consultant and Partner @ INTEGRITY Leading Consulting and Penetration Testing engagementsBreaking things, and finding how to fix themCISSP-ISSMP, CISA, ISO27001LACurrently doing the MSc in Information Security @ Royal Holloway, University of London.
Herman Duarte<[email protected]>
Consultant @ INTEGRITYPenetration testing engagementsBSc in Information Systems and Computer EngineeringCISSP Associate / ISO27001LA / CCNA
@morissonhttp://www.linkedin.com/in/morisson
@hdontwithttp://www.linkedin.com/in/hcoduarte
INTEGRITY
Security Competition Winner
INTEGRITY
Show common pitfalls when using SSH
Understand how you can use SSH more securely
Understand what you cannot assure when using SSH
Objectives
INTEGRITY
Key agreement (DH)
Encrypted communications (C&I from CIA)
Multiple authentication options (password, public keys, kerberos, etc...)
Channel Multiplexing
Port Forwarding
VPN
...and so much more!
SSH* features
* for this talk SSH==SSHv2INTEGRITY
INTEGRITY
SSH 101- The Basics
Key Agreement (DH), Host auth, Integrity, Encryption, Re-Keying
User Authentication (password, Pubkey, etc)
Session Multiplexing, TCP forwarding, socket forwarding, sftp subsystem, etcConnection
User Auth
Transport
TCP
IP
SSH
INTEGRITY
SSH 101- The Basics
Client Server
Encrypted Channel Setup
User Authentication
Connection
INTEGRITY
SSH 101- The BasicsUser authentication methods:
GSSAPI
Host-Based
Public Key
Challenge-Response
Password
INTEGRITY
Password Authentication
Encrypted Channel Setup
username, use password
OK
Password
Auth Ok / NOk
Client
ssh
Server
sshd passwd file
INTEGRITY
If the server is compromised...
sshd binary is changed with one that logs passwords
keylogger is installed on the server
..the password is compromised!
INTEGRITY
PublicKey Authentication
Encrypted Channel Setup
username, use publickey
OK
Signature
Auth Ok / NOk
Client
id_dsa ssh
Server
sshd authorized_keys
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
What if I have a lot of servers, or login a lot ??
INTEGRITY
Control Master
Connection multiplexing allows for multiple sessions on one connection
It’s fast
No need for extra authentication
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
SSH AgentEncrypted Channel Setup
username, use publickey
OK
Signature
Auth Ok / NOk
Server
sshd
authorized_keys
Client
Agent
id_dsa
ssh
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
INTEGRITY
What if I manage a lot of servers ?
INTEGRITY
Typical setup
SSH
SSH
SSH
Options:Use passwords ?Copy private key to host ?
INTEGRITY
Multiplexing / Forwarding
Client Server
Transport
Connection
Interactive Shell
Interactive Shell #2
127.0.0.1:1234 www.google.com:80
TCP Port Forward
www.google.com:80 127.0.0.1:80ssh -L 1234:www.google.com:80
ssh -R 80:www.google.com:80
INTEGRITY
SSH Agent Forwarding
No need to copy private key to other servers
Key is kept on the original source host
Agent is forwarded, using a tunnel
Passwordless!
INTEGRITY
Client
Agent
id_dsa
Server #1
sshd
authorized_keys
Server #2
sshd
authorized_keys
SSH Agent ForwardingTransport
Connection
Interactive Shell
Agent Forwarding
Transport
Connection
Interactive Shell
ssh ssh
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
Caveat Emptor(s)
You must trust the server(s)
What if the server was compromised ?
Can SSH Agent be abused ?
Can Control Master be abused ?
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
INTEGRITY
Help us Obi Wan
You’re our only hope!
INTEGRITY
Freak on a Leash
When adding keys to ssh-agent use ssh-add with:
-t <secs> to set a maximum lifetime on the identities being added to the agent
-c to indicate that identities being added should be subject to confirmation before being used for auth
INTEGRITY
ssh-agent queries /usr/libexec/ssh-askpass for confirmation
“ssh-add -c -t 3600 < /dev/null” makes ssh-add use env var SSH_ASKPASS to query for passphrase
Freak on a Leash
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
But we still need passwords!
If you su / sudo, you still type your password...
What if we could use the SSH Agent for sudo ?
Yes we can! :)
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
INTEGRITY
Paranoia is reality on a finer scale
INTEGRITY
What if...
we could SSH without using SSH ?
INTEGRITY
Using SSH Gangnam Style
INTEGRITY
Using SSH w/o using SSH(but still using SSH)
ssh -W trusted:22 untrusted
Open socket to trusted Server...
...through an untrusted Server
INTEGRITY
ssh -o “ProxyCommand ssh -a -W trusted:22 untrusted” trusted
Open Socket to trusted via untrusted
Disable Agent Forwarding
Connect to the socket created
Just for user and key validation
Using SSH w/o using SSH(but still using SSH)
INTEGRITY
Untrusted
sshd
authorized_keys
Owned
sshd
authorized_keys
Trusted
sshd
authorized_keys
Client
Agent
id_dsa
Transport
Connection
-W (Open Socket to Server #2)Transport
ssh
Connection
Interactive Shell
Using SSH w/o using SSH(but still using SSH)
INTEGRITY
DEMO
INTEGRITY
INTEGRITY
Control your SSH
.ssh/config
Host trusted1 trusted2 trusted3ForwardAgent yesProxyCommand ssh -a -W %h:22 untrusted.server.com
Host *ControlMaster noForwardAgent noPasswordAuthentication no
INTEGRITY
Wrapping up
Don’t use passwords.When using publickey auth, control your private key.Be careful with multiplexing options (tunnels, CM, etc).Read the Fu^Hine Manual, before using exotic features.Create ~/.ssh/config file with a secure default configuration, and configure exceptions when needed.Don’t use passwords.
INTEGRITY
Live long and prosper
INTEGRITY
ReferencesRTFM :)
RFCs 4251-4256,4335,4344,4345,4419,4432,4462,4716,5656
http://www.linuxjournal.com/article/9566
http://pamsshagentauth.sourceforge.net/
http://www.jedi.be/blog/2010/08/27/ssh-tricks-the-usual-and-beyond/
http://www.openbsd.org/papers/auug2002-ssh.pdf
http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet
http://www.hsc.fr/ressources/breves/passe-partout.html.en