The Keys To Using SSH: David Tomaschik
The Keys To Using SSH: David Tomaschik
David Tomaschik
RHCE, LPIC-1
System Administrator, Kennesaw State University
MSCS Student, SPSU
[email protected]
http://systemoverlord.com
● ssh [email protected]
Basic Use
● ssh [email protected]
Verifying Who You're Connecting
To
● The highlighted lines show you which host you
are connecting to along with the key fingerprint.
● The key fingerprint is cryptographic proof that
your connection is not being tampered with.
● Depending on your level of paranoia:
● Get the fingerprint from the system
administrator
● Make your first connection from a 'trusted'
network
● Just ignore it and hope its ok
What You Can Do Now
● After connecting
● /etc/motd, unless ~/.hushlogin
● Check /etc/nologin
● Drop privileges (switch to user)
● /etc/ssh/sshrc, ~/.ssh/rc
● Run shell or command
● SSH_CONNECTION
● <client ip> <client port> <server ip> <server port>
IPv6
● Headless/Remote Server?
● Application that “must” be GUI?
● No Problem!
● ssh -X [email protected]
● Then run command
● ssh -X [email protected] command
Remote GUI (X Forwarding)
Getting Files From Here to There
(Or from There to Here)
● scp (Secure Copy)
● Basic form similar to cp
● scp [path1] [path2]
● Path can be a local path or remote path:
● user@host:/path/to/file
● Relative paths from your home directory
● scp Documents/Presentation.pdf
david@work:Documents/
Another Way to Move Files
● SFTP
● More like FTP, but encrypted via SSH
● GUIs Available
● gftp on Linux
● WinSCP on Windows
● FireFTP (In Firefox)
SSH Tunneling (Port Forwarding)
● Reverse Tunnel
● Tunnels connections from server to client
● -R <remoteport>:<host>:<hostport>
● Allow others to use tunnels
● -g option
● Use with caution!
● Only do port forwarding
● -N (No Command)
A Word About Security
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
Popular Brute Force Passwords
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
Where are they coming from?
● /etc/ssh/sshd_config
● PasswordAuthentication
● PubkeyAuthentication
● HostBased, ChallengeResponse,
KeyboardInteractive, etc.
● AllowGroups, AllowUsers (intersection)
● DenyGroups, DenyUsers (union)
● UsePAM (default no, but most distros ship yes)
– Only account and session for key-based auth
SSHD Permissions
● AllowTCPForwarding
● PermitOpen
● AllowAgentForwarding
● X11Forwarding
● PermitTunnel (tun forwarding)
● PermitUserEnvironment
Shortcuts
Host dev
User johndoe
Hostname devserver.somecompany.com
Port 2200
ForwardX11 yes
LocalForward 8000 10.10.10.10:80
Speeding Up SSH
● TCPKeepAlive [yes|no]
● TCP-level Keep Alive packets
● ServerAliveInterval [sec.]
● Encrypted packets requesting response from
server.
Let's Bust Out of Here!
● SSH is encrypted!
● But the first step of the handshake is not
● SSH-2.0-OpenSSH_5.5p1 Debian-6
Really!
So what's left to do?
● Tunnel-in-tunnel
● openssl s_client → stunnel
● Bad for latency
● Virtually indistinguishable from HTTPS or other
SSL traffic (it IS SSL traffic)
● Obfuscated SSH
● Requires patched client & server
● https://github.com/inf0/obfuscated-openssh
Fun Things
(For Some Definition of “Fun”)
● Questions?
● Comments?