Mehedi Farazi, profile picture
Uploaded byMehedi Farazi
PPTX, PDF2,482 views

Ssh (The Secure Shell)

SSH (Secure Shell) is a cryptographic network protocol that enables secure operations over unsecured networks, serving as a more secure alternative to traditional login protocols and file transfer methods. It operates in a client-server model, uses encryption for data privacy, authenticates users through various methods, and offers functionalities like secure command shell, port forwarding, and secure file transfer. SSH has evolved through different versions, with SSH-2 being the current standard that includes improved security features compared to its predecessor, SSH-1.

Technology
In this document
Powered by AI

Overview of SSH as a secure shell protocol for Linux and Unix platforms.

List of group members involved in the presentation.

SSH is a secure protocol for network services, replacing insecure methods like telnet and FTP.

Clarification of what SSH is not, including its limitations as a complete security solution.

SSH encrypts data to protect against eavesdropping, unlike telnet and similar protocols.

Timeline of SSH invention and its versions, including SSH-1 and SSH-2.

Explanation of common SSH terms, including generic terms, commands, and versions.

Differences between SSH1 and SSH2 regarding security, performance, and compatibility.

Structural layers of SSH, detailing application and transport layers.

Guide on downloading and installing OpenSSH on systems.

Overview of the client-server model used in SSH and its authentication processes.

Ciphers used for encryption in SSH1 and SSH2, listing specific algorithms.

Functions of SSH including command shell, port forwarding, and agent forwarding.

SFTP as a secure file transfer method utilizing SSH protocols.

Key security benefits of SSH including user and host authentication.

Encryption and integrity mechanisms within SSH to protect data transmission.

Password and public key authentication methods for SSH access.

Different types of spoofing attacks including IP and DNS spoofing and SSH's protection.

List of alternative software options for using SSH on Windows.

Pros and cons of using SSH, detailing its security benefits and limitations.

Sources and references used to compile information on SSH.

Conclusion slide indicating the end of the presentation.

Downloaded 86 times
SSH The Secure Shell 1 Platform: Linux and Unix
2 Group Members: Arnob Roy (201314025) Md. Jahidul Islam (201414020) Asif Kamal Chowdhury (201414040) Asif Sanjary (201414043) Mehedi Afzal Farazi (201414045) Md. Shafiul Islam (201414049)
SSH  Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.  It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
What is SSH?  It is a protocol not a product.  Software based approach to network security.  Encrypts data sent between the computers.  SSH is replacement for telnet, rsh, rlogin and can also replace ftp.  Client/ Server Architecture.  Comes with all Linux distribution, Mac OS X, AIX, Sun Solaris, OpenBSD and other Unix variants.  Ported to other operating systems, such as Windows, Palm OS, Amiga etc.
What is not SSH?  It is not a true shell like csh, ksh, sh etc.  It is not a command interpreter.  It creates secure channel for running commands on remote computer.  It is not a complete security solution.  It will not protect against Trojans, viruses etc.
Why SSH is a replacement for telnet, rsh, rlogin and ftp? 6  Telnet and others sends all data in clear text. But SSH sends data as cipher text.  In SSH host between sender and receiver cannot see what the traffic is.
HISTORY 7  In 1995, Tatu Yionene, a researcher at Helsinki University designed the first version of the protocol (now known as SSH-1).  In July 1995, he released SSH1 as free software i.e. it was open source.  In December of 1995, he formed SSH Communication Security (SCS) to market and develop SSH.  In 1996 SSH-2 was developed, but it was incompatible with SSH-1.  SCS released SSH-2 in 1998 and had more restrictive license.  OpenSSH, free implementation of SSH-2 protocol was released from OpenBSD project.  In 2006 SECSH group (group for standardizing protocol) released SSH-2 as internet standard.
Some Necessary Terminology 8  SSH- Generic term used for SSH protocols.  ssh- Client Command for running remote command.  sshd- Server program.  SSH-1- Version 1 of the protocol.  SSH-2- Version 2 of the protocol  OpenSSH- Product from open BSD project.
SSH1 vs SSH2 9 SSH1 SSH2 Uses server and host keys to authenticate system. Uses only host keys. Different protocols are used. So, they are not compatible with each other. Different protocols are used. SSH1 is not currently developed by developers. SSH2 is currently monitored and developed by developers. Less security, performance and portability. More security, performance and portability.
SSH LAYERS 10 Application Layer ssh-connection Session multiplexing, X11 and port forwarding, remote command execution etc. ssh-userauth User authentication using public key, password, host based etc. ssh-transport Initial key exchange and server authentication, setup encryption Transport Layer TCP Internet Layer IP Network Access Layer Ethernet
SSH BASIC ARCHITECTURE 11
INSTALING SSH 12  Downloading Source Code We can download the source code from- http://www.openssh.com  Building and installing OpenSSH $ gtar –xyf openssh-4.5p1.tar.gz $ cd openssh-4.5p1 $ ./configure $ make $ make install
HOW SSH PROTOCOL WORK? 13  Works in the client-server model.  SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server.  After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
SSH ENCRYPTION ALGORITHMS 14 Secure Shell uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes
SSH ENCRYPTION ALGORITHMS 15 Secure Shell uses the following ciphers for authentication: Cipher SSH1 SSH2 RSA yes no DSA no yes
Functions 16  Secure Command Shell  Port Forwarding  Agent Forwarding  Secure file transfer.
Secure Command Shell 17  Allow us to edit files.  View the contents of directories.  Custom based applications.  Create user accounts.  Change permissions.  Anything can be done from command prompt can be done remotely and securely.
Port Forwarding 18  Powerful Tool.  provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in- house applications.  allows data from normally unsecured TCP/IP applications to be secured.
Agent Forwarding 19  Let, anyone want to login to the computer at work from home computer or from hotel while travelling. The computer at work is behind the firewall so you cannot connect to it directly.  We are allowed to connect to a bastion host, but are not allowed to store private keys on it.  What can you do?
SECURE FILE TRANSFER & PROTOCOL 20  Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol.  Separate protocol layered over the Secure Shell protocol to handle file transfers.  Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
SECURITY BENEFITS 21  User Authentication  Host Authentication  Data Encryption  Data Integrity
USER AUTHENTICATION 22  User Identity  System verifies that access is only given to intended users and denied to anyone else.
HOST AUTHENTICATION 23  A host key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
HOST AUTHENTICATION 24  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
DATA ENCRYPTION 25  Encryption, sometimes referred to as privacy, means that our data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.  When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
DATA INTEGRITY 26  Data integrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
PASSWORD AUTHENTICATION 27  Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be.  If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
PUBLIC KEY AUTHENTICATION 28  Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length.  Most secure Method to authenticate using Secure Shell.  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
PROTECT AGAINST 29  IPS Spoofing  DNS Spoofing  IP Source Routing
IPS Spoofing 30  IP spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
DNS Spoofing 31  DNS spoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
IPS SOURCE ROUTING 32  Where a host can pretend that an IP packet comes from another, trusted host.
OpenSSH Alternatives for windows 33  PuTTY  TTSSH  Cygwin  MSSH  WinSCP  FileZilla
ADVANTAGES 34  Strong Encryption.  Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).  Improved privacy. All communications are automatically and transparently encrypted.  Both free and commercial version available.  Proven technology.  Multi-platform.  Many authentication methods supported.  Can use it instead of VPN.
Disadvantages 35  Port ranges & dynamic ports can’t be forwarded.  A client on the Internet that uses SSH to access the Intranet, can expose the Intranet by port forwarding.
REFERENCES 36  https://www.ssh.com/  http://www.employees.org/  openssh.com  https://en.wikipedia.org/wiki/Secure_Shell  http://yakko.cs.wmich.edu/presentations/20021107-ssh/slides/img7.html  http://www.vandyke.com/solutions/ssh_overview/ssh_overview_function alit  http://michaelsteel.tripod.com/cgi-bin/
37

More Related Content

PPT
Introduction to SSH
byHemant Shah
 
DOCX
Type of DDoS attacks with hping3 example
byHimani Singh
 
PPTX
Secure Shell(ssh)
byPina Parmar
 
PDF
SSH - Secure Shell
byPeter R. Egli
 
PPT
Secure shell protocol
byBaspally Sai Anirudh
 
PPT
Secure shell ppt
bysravya raju
 
PPTX
Telnet presentation
bytravel_affair
 
PPTX
Telnet & SSH Configuration
byVinod Gour
 
Introduction to SSH
byHemant Shah
 
Type of DDoS attacks with hping3 example
byHimani Singh
 
Secure Shell(ssh)
byPina Parmar
 
SSH - Secure Shell
byPeter R. Egli
 
Secure shell protocol
byBaspally Sai Anirudh
 
Secure shell ppt
bysravya raju
 
Telnet presentation
bytravel_affair
 
Telnet & SSH Configuration
byVinod Gour
 

What's hot

PDF
An introduction to SSH
bynussbauml
 
PPTX
Ssh
byRaghu nath
 
PDF
SSH
byZach Dennis
 
PPTX
Secure SHell
byÇağrı Çakır
 
PPTX
Secure shell
byArjun Aj
 
PPT
ssh.ppt
byjoekr1
 
PPT
SSH.ppt
byjoekr1
 
PPTX
SSL And TLS
byGhanshyam Patel
 
PPTX
SSL TLS Protocol
byDevang Badrakiya
 
PPTX
Key Management and Distribution
bySyed Bahadur Shah
 
PPTX
Kerberos
bySutanu Paul
 
PPT
Public Key Cryptography
byanusachu .
 
ODP
Https presentation
bypatel jatin
 
PDF
AAA & RADIUS Protocols
byPeter R. Egli
 
PDF
SSL/TLS Handshake
byArpit Agarwal
 
PPT
Cipher techniques
byMohd Arif
 
PPTX
Transport Layer Security
byHuda Seyam
 
PPTX
Secure Socket Layer (SSL)
bySamip jain
 
PDF
Vpn ppt
byNikhila Pothukuchi
 
PDF
VPN (virtual private network)
byNetwax Lab
 
An introduction to SSH
bynussbauml
 
Ssh
byRaghu nath
 
SSH
byZach Dennis
 
Secure SHell
byÇağrı Çakır
 
Secure shell
byArjun Aj
 
ssh.ppt
byjoekr1
 
SSH.ppt
byjoekr1
 
SSL And TLS
byGhanshyam Patel
 
SSL TLS Protocol
byDevang Badrakiya
 
Key Management and Distribution
bySyed Bahadur Shah
 
Kerberos
bySutanu Paul
 
Public Key Cryptography
byanusachu .
 
Https presentation
bypatel jatin
 
AAA & RADIUS Protocols
byPeter R. Egli
 
SSL/TLS Handshake
byArpit Agarwal
 
Cipher techniques
byMohd Arif
 
Transport Layer Security
byHuda Seyam
 
Secure Socket Layer (SSL)
bySamip jain
 
Vpn ppt
byNikhila Pothukuchi
 
VPN (virtual private network)
byNetwax Lab
 

Similar to Ssh (The Secure Shell)

PPTX
Technical fsajfndskanfkanfklanlfnklmfkldsndfklnsdkl
bymowas40923
 
PPT
SSH.ppt
byPandiya Rajan
 
PPTX
SSh_part_1.pptx
byShelly119532
 
PDF
Meeting 5.2 : ssh
bySyaiful Ahdan
 
PDF
Windowshadoop
byarunkumar sadhasivam
 
PPT
Ssh
bygh02
 
PPTX
Telnet & Secure Shell
byWILLA REYES
 
PPTX
TELNET and SSH by MUSTAFA SAKHAI
byMUSTAFA SAKHAI
 
PDF
OpenSSH: keep your secrets safe
byGiovanni Bechis
 
PPTX
Remote Accesserver, Introduction(Part1).pptx
bysongsavoeun571
 
PPTX
A presentation on SSH (Secure Shell or Secure Socket Shell)
byPrabhat K.C.
 
PPT
Presentation nix
byfangjiafu
 
PPT
Presentation nix
byfangjiafu
 
PPTX
Team 5 presentation
byrob420
 
PDF
0696-ssh-the-secure-shell.pdf
byAnasElbaz
 
PPT
Gwc3
byDan Kaminsky
 
PPT
Bh usa-01-kaminsky
byDan Kaminsky
 
PPTX
What is telnet, SSH.pptx 123456789106987456
byPraveenMalachpure2
 
PDF
Understanding ssh
byMomita Chowdhury
 
PDF
tutorial-ssh.pdf
byNigussMehari4
 
Technical fsajfndskanfkanfklanlfnklmfkldsndfklnsdkl
bymowas40923
 
SSH.ppt
byPandiya Rajan
 
SSh_part_1.pptx
byShelly119532
 
Meeting 5.2 : ssh
bySyaiful Ahdan
 
Windowshadoop
byarunkumar sadhasivam
 
Ssh
bygh02
 
Telnet & Secure Shell
byWILLA REYES
 
TELNET and SSH by MUSTAFA SAKHAI
byMUSTAFA SAKHAI
 
OpenSSH: keep your secrets safe
byGiovanni Bechis
 
Remote Accesserver, Introduction(Part1).pptx
bysongsavoeun571
 
A presentation on SSH (Secure Shell or Secure Socket Shell)
byPrabhat K.C.
 
Presentation nix
byfangjiafu
 
Presentation nix
byfangjiafu
 
Team 5 presentation
byrob420
 
0696-ssh-the-secure-shell.pdf
byAnasElbaz
 
Gwc3
byDan Kaminsky
 
Bh usa-01-kaminsky
byDan Kaminsky
 
What is telnet, SSH.pptx 123456789106987456
byPraveenMalachpure2
 
Understanding ssh
byMomita Chowdhury
 
tutorial-ssh.pdf
byNigussMehari4
 

More from Mehedi Farazi

PPTX
Impact of Artificial Intelligence (AI)
byMehedi Farazi
 
PDF
Class 6_English paragraph, composition, letter, application (Cadet College Ad...
byMehedi Farazi
 
PDF
অসীম ধারার সূত্রাবলী (Infinite Series Formula)
byMehedi Farazi
 
PDF
Petroleum various parts short details (Chemistry Hydrocarbon)
byMehedi Farazi
 
PDF
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New
byMehedi Farazi
 
PDF
Valency table
byMehedi Farazi
 
PPTX
Google Chromecast Group ix cse 100
byMehedi Farazi
 
Impact of Artificial Intelligence (AI)
byMehedi Farazi
 
Class 6_English paragraph, composition, letter, application (Cadet College Ad...
byMehedi Farazi
 
অসীম ধারার সূত্রাবলী (Infinite Series Formula)
byMehedi Farazi
 
Petroleum various parts short details (Chemistry Hydrocarbon)
byMehedi Farazi
 
(যোজনী সারণী) Valency table with pronunciation (Chemistry) New
byMehedi Farazi
 
Valency table
byMehedi Farazi
 
Google Chromecast Group ix cse 100
byMehedi Farazi
 

Recently uploaded

PDF
Introduction to Web Engineering & Web Engineering Protocols.
bySyed Ahsan Raza Shah
 
PDF
Milvus Community Meetup SF (Oct 21, 2025)
byZilliz
 
PDF
SAP Building Agentic Systems (Milvus Community Meetup)
byZilliz
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PPTX
Strategic Briefing - Supply-Chain and Autonomous AI Convergence - October-18-...
bySergio De Gregorio
 
PDF
Top Features of Effective Executive BI Dashboards for Business Success.pdf
bybullseye enagegement
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PDF
ClipsField AI - Transform Static Images Into Cinematic Videos in Minutes.pdf
bySOFTTECHHUB
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PDF
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
PDF
🚀 Agentic Automation in Action 1/3 – From RPA to Agentic Automation (Arabic S...
byanabulhac
 
PPTX
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
PDF
ChatGPT Ain't Got $%@& On Me! by Andy Pavlo
byScyllaDB
 
PDF
Poster: Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
PDF
RaBitQ, JSON Index, Schema Evolution, What's New in Milvus 2.6
byZilliz
 
PDF
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
PDF
Internet of Things and Big Data as enablers for business digitalization strat...
byRawan Alharbi
 
PDF
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 
PDF
Top-10-Cloud-Service-Companies-in-2025-Market-Leaders-and-Innovators.pdf
byArtjoker Software Development Company
 
PDF
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 
Introduction to Web Engineering & Web Engineering Protocols.
bySyed Ahsan Raza Shah
 
Milvus Community Meetup SF (Oct 21, 2025)
byZilliz
 
SAP Building Agentic Systems (Milvus Community Meetup)
byZilliz
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Strategic Briefing - Supply-Chain and Autonomous AI Convergence - October-18-...
bySergio De Gregorio
 
Top Features of Effective Executive BI Dashboards for Business Success.pdf
bybullseye enagegement
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
ClipsField AI - Transform Static Images Into Cinematic Videos in Minutes.pdf
bySOFTTECHHUB
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
🚀 Agentic Automation in Action 1/3 – From RPA to Agentic Automation (Arabic S...
byanabulhac
 
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
ChatGPT Ain't Got $%@& On Me! by Andy Pavlo
byScyllaDB
 
Poster: Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
RaBitQ, JSON Index, Schema Evolution, What's New in Milvus 2.6
byZilliz
 
Linux Day Prato 2025: NixOS spiegato ammiocuggino - NixOS for Human Beings
byPeter Bittner
 
Internet of Things and Big Data as enablers for business digitalization strat...
byRawan Alharbi
 
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 
Top-10-Cloud-Service-Companies-in-2025-Market-Leaders-and-Innovators.pdf
byArtjoker Software Development Company
 
The State of Adventure Capital - Grant Gregory | Cantos
byRazin Mustafiz
 

Ssh (The Secure Shell)

  • 1.
  • 2.
    2 Group Members: Arnob Roy(201314025) Md. Jahidul Islam (201414020) Asif Kamal Chowdhury (201414040) Asif Sanjary (201414043) Mehedi Afzal Farazi (201414045) Md. Shafiul Islam (201414049)
  • 3.
    SSH  Secure Shell(SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.  It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
  • 4.
    What is SSH? It is a protocol not a product.  Software based approach to network security.  Encrypts data sent between the computers.  SSH is replacement for telnet, rsh, rlogin and can also replace ftp.  Client/ Server Architecture.  Comes with all Linux distribution, Mac OS X, AIX, Sun Solaris, OpenBSD and other Unix variants.  Ported to other operating systems, such as Windows, Palm OS, Amiga etc.
  • 5.
    What is notSSH?  It is not a true shell like csh, ksh, sh etc.  It is not a command interpreter.  It creates secure channel for running commands on remote computer.  It is not a complete security solution.  It will not protect against Trojans, viruses etc.
  • 6.
    Why SSH isa replacement for telnet, rsh, rlogin and ftp? 6  Telnet and others sends all data in clear text. But SSH sends data as cipher text.  In SSH host between sender and receiver cannot see what the traffic is.
  • 7.
    HISTORY 7  In 1995,Tatu Yionene, a researcher at Helsinki University designed the first version of the protocol (now known as SSH-1).  In July 1995, he released SSH1 as free software i.e. it was open source.  In December of 1995, he formed SSH Communication Security (SCS) to market and develop SSH.  In 1996 SSH-2 was developed, but it was incompatible with SSH-1.  SCS released SSH-2 in 1998 and had more restrictive license.  OpenSSH, free implementation of SSH-2 protocol was released from OpenBSD project.  In 2006 SECSH group (group for standardizing protocol) released SSH-2 as internet standard.
  • 8.
    Some Necessary Terminology 8 SSH- Generic term used for SSH protocols.  ssh- Client Command for running remote command.  sshd- Server program.  SSH-1- Version 1 of the protocol.  SSH-2- Version 2 of the protocol  OpenSSH- Product from open BSD project.
  • 9.
    SSH1 vs SSH2 9 SSH1SSH2 Uses server and host keys to authenticate system. Uses only host keys. Different protocols are used. So, they are not compatible with each other. Different protocols are used. SSH1 is not currently developed by developers. SSH2 is currently monitored and developed by developers. Less security, performance and portability. More security, performance and portability.
  • 10.
    SSH LAYERS 10 Application Layer ssh-connection Sessionmultiplexing, X11 and port forwarding, remote command execution etc. ssh-userauth User authentication using public key, password, host based etc. ssh-transport Initial key exchange and server authentication, setup encryption Transport Layer TCP Internet Layer IP Network Access Layer Ethernet
  • 11.
  • 12.
    INSTALING SSH 12  DownloadingSource Code We can download the source code from- http://www.openssh.com  Building and installing OpenSSH $ gtar –xyf openssh-4.5p1.tar.gz $ cd openssh-4.5p1 $ ./configure $ make $ make install
  • 13.
    HOW SSH PROTOCOLWORK? 13  Works in the client-server model.  SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server.  After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
  • 14.
    SSH ENCRYPTION ALGORITHMS 14 SecureShell uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes
  • 15.
    SSH ENCRYPTION ALGORITHMS 15 SecureShell uses the following ciphers for authentication: Cipher SSH1 SSH2 RSA yes no DSA no yes
  • 16.
    Functions 16  Secure CommandShell  Port Forwarding  Agent Forwarding  Secure file transfer.
  • 17.
    Secure Command Shell 17 Allow us to edit files.  View the contents of directories.  Custom based applications.  Create user accounts.  Change permissions.  Anything can be done from command prompt can be done remotely and securely.
  • 18.
    Port Forwarding 18  PowerfulTool.  provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in- house applications.  allows data from normally unsecured TCP/IP applications to be secured.
  • 19.
    Agent Forwarding 19  Let,anyone want to login to the computer at work from home computer or from hotel while travelling. The computer at work is behind the firewall so you cannot connect to it directly.  We are allowed to connect to a bastion host, but are not allowed to store private keys on it.  What can you do?
  • 20.
    SECURE FILE TRANSFER& PROTOCOL 20  Secure File Transfer Protocol (SFTP) is a subsystem of the Secure Shell protocol.  Separate protocol layered over the Secure Shell protocol to handle file transfers.  Secure extranet is one of the safest ways to make specific data available to customers, partners and remote employees without exposing other critical company information to the public network. Using SFTP on your secure extranet machines effectively restricts access to authorized users and encrypts usernames, passwords and files sent to or from them.
  • 21.
    SECURITY BENEFITS 21  UserAuthentication  Host Authentication  Data Encryption  Data Integrity
  • 22.
    USER AUTHENTICATION 22  UserIdentity  System verifies that access is only given to intended users and denied to anyone else.
  • 23.
    HOST AUTHENTICATION 23  Ahost key is used by a server to prove its identity to a client and by a client to verify a "known" host. Host keys are described as persistent (they changed infrequently) and are asymmetric--much like the public/private key pairs. If a machine is running only one SSH server, a single host key serves to identify both the machine and the server. If a machine is running multiple SSH servers, it may either have multiple host keys or use a single key for multiple servers. Host authentication guards against the Man-in-the-Middle attack.
  • 24.
    HOST AUTHENTICATION 24  Toaccess an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 25.
    DATA ENCRYPTION 25  Encryption,sometimes referred to as privacy, means that our data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire.  When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.
  • 26.
    DATA INTEGRITY 26  Dataintegrity guarantees that data sent from one end of a transaction arrives unaltered at the other end. Even with Secure Shell encryption, the data being sent over the network could still be vulnerable to someone inserting unwanted data into the data stream (See Insertion and replay attacks for more details). Secure Shell version 2 (SSH2) uses Message Authentication Code (MAC) algorithms to greatly improve upon the original Secure Shell's (SSH1) simple 32-bit CRC data integrity checking method.
  • 27.
    PASSWORD AUTHENTICATION 27  Passwords,in combination with a username, are a popular way to tell another computer that you are who you claim to be.  If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access.
  • 28.
    PUBLIC KEY AUTHENTICATION 28 Public key authentication uses a pair of computer generated keys - one public and one private. Each key is usually between 1024 and 2048 bits in length.  Most secure Method to authenticate using Secure Shell.  To access an account on a Secure Shell server, a copy of the client's public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted.
  • 29.
    PROTECT AGAINST 29  IPSSpoofing  DNS Spoofing  IP Source Routing
  • 30.
    IPS Spoofing 30  IPspoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
  • 31.
    DNS Spoofing 31  DNSspoofing is a term used when a DNS server accepts and uses incorrect information from a host that has no authority giving that information. DNS spoofing is in fact malicious cache poisoning where forged data is placed in the cache of the name servers. Spoofing attacks can cause serious security problems for DNS servers vulnerable to such attacks, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
  • 32.
    IPS SOURCE ROUTING 32 Where a host can pretend that an IP packet comes from another, trusted host.
  • 33.
    OpenSSH Alternatives forwindows 33  PuTTY  TTSSH  Cygwin  MSSH  WinSCP  FileZilla
  • 34.
    ADVANTAGES 34  Strong Encryption. Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).  Improved privacy. All communications are automatically and transparently encrypted.  Both free and commercial version available.  Proven technology.  Multi-platform.  Many authentication methods supported.  Can use it instead of VPN.
  • 35.
    Disadvantages 35  Port ranges& dynamic ports can’t be forwarded.  A client on the Internet that uses SSH to access the Intranet, can expose the Intranet by port forwarding.
  • 36.
    REFERENCES 36  https://www.ssh.com/  http://www.employees.org/ openssh.com  https://en.wikipedia.org/wiki/Secure_Shell  http://yakko.cs.wmich.edu/presentations/20021107-ssh/slides/img7.html  http://www.vandyke.com/solutions/ssh_overview/ssh_overview_function alit  http://michaelsteel.tripod.com/cgi-bin/
  • 37.