Upload
blake-edwards
View
215
Download
3
Embed Size (px)
Citation preview
Slide 1SSH Tricks
SSH Tricks
Matthew G. Marsh
Slide 2SSH Tricks
Overview SSH
– What is it– How does it work
Discussion of Network Topology– Tricks for multiple hosts– Keys and config files– MultiHop tricks
Q&A
Slide 3SSH Tricks
SSH What is it
– Secure Shell was developed to solve the two most acute problems in the Internet, secure remote terminal logins and secure file transfers.
– Essentially an encrypted Remote Utilities replacement
How does it work– Set up and generation of an encrypted TCP
connection – Authentication can be Password or PubPriv key
• Yes there are others but that is where the cracks are…
– Arbitrary TCP ports - WKP = 22
In this session we will concentrate on SSH1 using key based authentication
Slide 4SSH Tricks
Simple Examples Two hosts
– 1 has a sshd running on WKP– 2 has a client
root@2: ssh 1root@1’s password:
# This allows root to login remotely using a
password - BAD! Better is to define: ‘PermitRootLogin no’ in the
sshd_config file
Slide 5SSH Tricks
Simple Examples Two hosts - preshared key
– 1 has a sshd running on WKP– 2 has a client
tech@2: ssh 1tech@2$
The way to set this up is as follows:tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”tech@2$ scp .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys
tech@1’s password: tech@2$ cat > .ssh/config
Host 1 User tech Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1
^D
Slide 6SSH Tricks
A wee bit less Simple Examples Two hosts - preshared key
– 1 has a sshd running on port 17– 2 has a client
tech@2: ssh 1tech@2$
The way to set this up is as follows:tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”tech@2$ scp -P17 .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys
tech@1’s password: tech@2$ cat > .ssh/config
Host 1 User tech Port 17 Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1
^D
Slide 7SSH Tricks
A wee bit less Simple Examples Three hosts - Assume: preshared keys
– 1 has sshd running on port 17– 2 has sshd running on port 27
tech@3: ssh 2 ‘ssh 1’tech@1$
The way to set this up is as follows:tech@3$ cat > .ssh/config
Host 2 User tech Port 27 Protocol 1 IdentityFile /home/tech/.ssh/key4mac2 Hostname 10.1.2.2
^D
Note you may need ssh -t 2 ‘ssh -t 1’ ...
Slide 8SSH Tricks
AN4SCD Buy a copy of “SSH” by Daniel J. Barrett &
Richard E. Silverman pub. O’Reilly (ISBN: 0-596-00011-1)
Read it I use openssl 0.9.7c with openssh 2.9.9p2-
PS2.4.18 I do not use any other version of SSH I use Protocol 1 on purpose I use TCP Wrappers w/ IPv6 extensions I keep tight controls using TCP Wrappers
Slide 9SSH Tricks
AN4SCD - 2 Static Compile methodsGet the latest openssl
1. Compile it static with the /usr/static directory target
./config --openssldir=/usr/static --prefix=/usr/static no-shared
2. Get openssh-2.9.9p2-PS2.4.18 http://www.paksecured.com
./configure --prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddr-display --with-ipv4-default –with-tcp-wrappers
compile it and install
Edit the sshd config file
Make sure you also change the paths for the keys!!
Slide 10SSH Tricks
AN4SCD – sshd_configPort 17Protocol 1ListenAddress 192.168.1.1HostKey /usr/static//etc/ssh_host_keyKeyRegenerationInterval 3600ServerKeyBits 768SyslogFacility AUTHLogLevel INFOLoginGraceTime 600PermitRootLogin noStrictModes yesRSAAuthentication yesPubkeyAuthentication yesRhostsAuthentication noIgnoreRhosts yesRhostsRSAAuthentication noPasswordAuthentication yesPermitEmptyPasswords noChallengeResponseAuthentication noX11Forwarding noX11DisplayOffset 10PrintMotd yesKeepAlive yes
Slide 11SSH Tricks
Fun Examples - 1 Using commands attached to keys
– On the server define a command in the authorized_keys file associated with a key
– Format is “command=“my/command/string”…key data…
EX:command=“/bin/ls -al
/logs”ABCDEF1234567Then ssh with the appropriate key will only
allow you to execute this command.Note that this is per key so…
Slide 12SSH Tricks
Fun Examples – 1A Each connection performs a different function:command=“/bin/tar –C /var –zc logs/”1024 35
140112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755352093456208519164097137651780560357432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 [email protected]
command=“/bin/tar –C / –zc etc/”1024 35 220112719741995760396399231074454130954438374725973451608977118896776745893938550429062663931320851916409713765178056037233675531699057432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 [email protected]
command=“/bin/tar –C /home –zc mgm/mail/”1024 35 230112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755316990313209800203382369752603085191640971376517805603574323665740145639795378769018934783639072113278131695749474776444237515391657324013921180513478445898911260784215908465231234811128850247612281250015390957 [email protected]
First one is keytar1 Second one is keytar2 Third one is keytar3
Slide 13SSH Tricks
Fun Examples – 1B Assuming we have setup the config file then:
ssh 1 | tar –zxv Will generate a copy including timestamps and
permissions of the logs/ directory
ssh 2 | tar –zxvWill generate a backup copy of our remote etc/
directory (assuming we have permission…)
Slide 14SSH Tricks
Fun Examples - 2 MultiBounce Sessions
– Using the three hosts example from earlier
Consider:ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv
ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv
Note that there are limits…
Slide 15SSH Tricks
Q & A
Slide 16SSH Tricks
This is The