introduction to ssh & pgp
TRANSCRIPT
![Page 1: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/1.jpg)
A. SARANG
INTRODUCTION TO
SSH & PGP
![Page 2: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/2.jpg)
Agenda
Dial Up & broadband connections Introduction to SSH protocol & applications SSH-TRANS Client- Server Authentication SSH configuration Public & Private key pair generation Digital Signatures Use of SSH in Port Forwarding
![Page 3: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/3.jpg)
SSH in subversion control Introduction to PGP protocol & applications Email compatibility of PGP
![Page 4: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/4.jpg)
A few years back ..
DIAL-UP connection
![Page 5: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/5.jpg)
Dial up connection
Passwords were sent over phoneline or LAN.
Was it secure ?
![Page 6: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/6.jpg)
The present day..
Broadband connection
![Page 7: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/7.jpg)
Broad band connection
Passwords go through ISPs/ untrusted networks.
How can there be a secure way of sending passwords across the internet ?
![Page 8: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/8.jpg)
The need for encryption
This can be solved by encrption of the data sent over the untrusted networks .
This improves the strength of the authentication mechanism people use to login.
We call this mechanism as …
![Page 9: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/9.jpg)
SSHSecure SHell
protocol & applications
![Page 10: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/10.jpg)
![Page 11: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/11.jpg)
SSH
Replaces less secure telnet & rlogin* programs.
Uses public key cryptography to authenticate remote PCs.
*rlogin is a software utility for Unix-like computer operating systems that allows users to log in on another host via a network, communicating viaTCP port 513.
![Page 12: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/12.jpg)
SSH can
Execute commands & transfer files (like unix rsh & rcp commands).
Provides strong client/server authentications
Message integrity.
![Page 13: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/13.jpg)
![Page 14: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/14.jpg)
SSH can protect against ..
Manipulation of data at intermediate elements in the network.
IP address spoofing where attack hosts pretends to be trusted host by sending packets with source address of trusted hosts
DNS spoofing.
![Page 15: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/15.jpg)
SSH will not protect against ..
A compromised root account .
Insecure home directories Eg : if an attacker tries to modify
files in the home directory.
![Page 16: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/16.jpg)
SSH version 2 protocols
SSH-TRANS , a transport layer protocol
SSH-AUTH , an authentication protocol.
SSH-CONN , a connection protocol. SSH-AUTH & SSH-TRANS are used for remote
login.
![Page 17: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/17.jpg)
SSH - TRANS
Provides encrypted channel between client & server machines.
Runs on top of TCP connection.
![Page 18: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/18.jpg)
SSH-TRANS mechanism
Client authenticates server using RSA algorithm.
After authentication , it establishes a session key to encrypt data sent over the channel.
Message integrity check is done for all data exchanged over the channel.
![Page 19: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/19.jpg)
Public key is owned by the server . How come client possesses the
server’s public key?
![Page 20: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/20.jpg)
Step-1 : Client authenticates the server
The server tells the client its public key at the connection time.
During first time , SSH application warns the client that it has never connected to the server before .
![Page 21: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/21.jpg)
The client remembers the server’s public key.
From the second time, the client compares the key with the stored public key.
![Page 22: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/22.jpg)
Step 2 : Client authenticates itself to the server
This can be done in 3 ways :- User sends his password to user
directly in the secure channel. This is safe as the password is
encrypted.
![Page 23: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/23.jpg)
Public key is placed on the server prior to connection .
HOST BASED AUTHENTICATION The server has a set of trusted
hosts. Client claims to be a “trusted
host” .
![Page 24: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/24.jpg)
Installing SSH on YOUR PC
You can download the source code from
http://www.openssh.com/
![Page 25: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/25.jpg)
Configuration files
SSH has 2 different sets of configuration files :-
System wide configuration files User specific config files
![Page 26: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/26.jpg)
System Wide Configuration Filles
Stored in /etc/ssh directory Ssh_config : client config file. Sshd_config : sshd server config
files. Sshd.pid : Server’s pid in stored
here.
![Page 27: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/27.jpg)
User specific configuration files ..
Stored in ~UserName/.ssh directory.
Known_hosts : This file contains host keys of SSH server s accessed by the user.
![Page 28: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/28.jpg)
Authorized_keys2 : holds a list of authorized public keys for users.
When a client connects to a server , server authenticates client by checking the public key stored here.
![Page 29: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/29.jpg)
Why config files are important :
Specify authentication methods. Specify SSH protocols supported . Behavior of server can be
controlled by :- Compling time configuration Config file Command line options
![Page 30: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/30.jpg)
Key management in SSH
SSH authenticates users using keypairs :-
Private key Public key
![Page 31: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/31.jpg)
Keypairs
![Page 32: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/32.jpg)
![Page 33: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/33.jpg)
![Page 34: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/34.jpg)
![Page 35: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/35.jpg)
Key management commands
Ssh-keygen : create key pairs Ssh-agent : holds private key in
memory Ssh-add : adds key to key agent
![Page 36: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/36.jpg)
![Page 37: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/37.jpg)
![Page 38: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/38.jpg)
Applications of SSH : Port Forwarding
![Page 39: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/39.jpg)
More practical application :
Subversion control :- Github Gitorious svn
![Page 40: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/40.jpg)
![Page 41: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/41.jpg)
PGP
Pretty Good Privacy
![Page 42: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/42.jpg)
PGP is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.
PGP combines the best available cryptographic algorithms to achieve secure e-mail communication.
![Page 43: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/43.jpg)
PGP encryption is a serial combination of :- Hashing Data Compression Symmetric Key Cryptography Public Key Cryptography
![Page 44: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/44.jpg)
Supports
Message Authentication Integrity Checking(checking if message was altered
since completion ).
![Page 45: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/45.jpg)
Using PGP to create Digital Signatures
*plaintext : information a sender wishes to transmit to a receiver
Hash function from plaintext* + Sender’s private keys
![Page 46: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/46.jpg)
![Page 47: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/47.jpg)
Using PGP in emails
Authentication Confidentiality Compression Email compatibility using Radix 64
conversion
![Page 48: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/48.jpg)
Alice sends Bob an email , again !
Ad/Ae = private/public keypair m = digitally signed message SHA-1 = hashing function
![Page 49: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/49.jpg)
Authentication- Sending
Alice hashes the message using SHA-1 to obtain SHA(m).
Alice encrypts the hash using her private key Ad to obtain ciphertext c given by
c=pk.encryptAd(SHA(m)) Alice sends Bob the pair (m,c).
![Page 50: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/50.jpg)
Authentication - Receiving
Bob receives (m,c) . Bob decrypts c using Alice's public
key Ae to obtain signature s s=pk.decryptAe(c)
![Page 51: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/51.jpg)
Bob computes hash of m to get signature s
If s==m , Authenticated !!
![Page 52: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/52.jpg)
Confidentiality – Added Security
Process is repeated with session key sk
m=sk.decryptk(c)
NOTE : encryption is done for session key+public key (same time)
![Page 53: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/53.jpg)
E-Mail compatibility
Modern email system can transmit only blocks of ASCII text.
Encrypted ciphertext blocks may not correspond to ASCII characters .
This problem is overcome by …
![Page 54: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/54.jpg)
Radix-64 conversion/base 64 encoding
The binary input is split into blocks of 24 bits (3 bytes).
Each 24 block is then split into four sets each of 6-bits.
Each 6-bit set will then have a value between 0 and 26-1 (=63).
This value is encoded into a printable character.
![Page 55: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/55.jpg)
![Page 56: Introduction to SSH & PGP](https://reader031.vdocuments.net/reader031/viewer/2022020110/554a347ab4c90542548b58c7/html5/thumbnails/56.jpg)
That’s all folks
THANK YOU !!