14-07-2020

Secure Shell

Secure Shell
• The Secure Shell (SSH) protocol is a protocol for secure remote login
and other secure network services over an insecure network
• It is a secure alternative to the non-protected login protocols (such
as telnet
• Developed by Tatu Ylonen (Helsinki University of Finland), later on
commercialized by SSH Communications Security Corp., Finland
 14-07-2020

The Secure Shell (SSH) Architecture

There are there components of SSH
• SSH Transport Layer Protocol - provides server authentication,
confidentiality, and integrity with perfect forward secrecy
• SSH User Authentication Protocol - authenticates the client to the
server
• SSH Connection Protocol - multiplexes the encrypted tunnel into
several logical channels (enables secure shell session, TCP port
forwarding/ tunneling, etc.)

The Secure Shell (SSH) Architecture

 14-07-2020

SSH Transport Layer Protocol

• SSH TLP typically runs on top of TCP/IP
• When used over TCP the server normally listens for connections on port 22
• It Provides
 encryption of user data
 server authentication (based on asymmetric host key/s)
 integrity protection (origin and data)
 compression of data prior to encryption (optionally)
• Key exchange method, public key algorithm, symmetric encryption
algorithm, message authentication algorithm, and hash algorithm are all
negotiated (source: RFC 4253).

SSH Transport Layer Protocol

 14-07-2020

SSH TLP Packet Formation

SSH User Authentication Protocol

• After the key exchange, the client
requests a service by sending
SSH_MSG_SERVICE_REQUEST packet
to request either the User
Authentication or the Connection
Protocol
 14-07-2020

SSH User Authentication Protocol

• The SSH Authentication Protocol runs over the SSH Transport Layer
Protocol; it assumes that the underlying protocol provides integrity
and confidentiality protection. The protocol has access to the
session_id (source: RFC 4252).
• Supports three user authentication methods:
 Public key (required)
 Password (optional)
 Host-based (optional)
• The server controls which authentication methods can be used.

SSH User Authentication Protocol

Public key
• The client sends to the server a signed message comprising the session id, the
user name, the user's public key, and some other info. The signature is generated
using the user's private key.
• Upon message reception, the server checks whether the supplied public key is
acceptable for authentication, and if so, check whether the signature is correct.
Password
• The client essentially sends the user name and the password in clear; they are
however protected by the SSH Transport Security Protocol.
Host-based
• Authentication is based on the host that the user is coming from and the user
name on the remote host.
 14-07-2020

SSH Connection Protocol

• Provides:
 interactive login sessions
 remote execution of commands
 forwarded TCP/IP connections
(port forwarding)
 forwarded X11 connections
• These apps implemented as channels
multiplexed into an encrypted
tunnel; the tunnel is provided by the
SSH Transport Layer Protocol.

SSH Connection Protocol: Port Forwarding

• Port forwarding or SSH tunneling
is one of the most useful features
of SSH.
• Using port forwarding one can
convert any insecure TCP
connection into a secure SSH
connection
 14-07-2020

SSH Connection Protocol: Port Forwarding

• -L is used in local port forwarding
• -R is used in remote port forwarding
ssh -L sourcePort:DEST-HOST:destPort SSH-HOST
ssh -R sourcePort:DEST-HOST:destPort SSH-HOST

ssh -L 8080:localhost:80 fesb.hr

ssh -R 80:localhost:80 fesb.hr

Protection from attacks

• Eavesdropping or Password Sniffing
• Man-in-the-Middle Attack (MITM)
• Insertion and Replay Attacks