Slide 1SSH Tricks

SSH Tricks

Matthew G. Marsh

Slide 2SSH Tricks

Overview SSH

– What is it– How does it work

Discussion of Network Topology– Tricks for multiple hosts– Keys and config files– MultiHop tricks

Q&A

Slide 3SSH Tricks

SSH What is it

– Secure Shell was developed to solve the two most acute problems in the Internet, secure remote terminal logins and secure file transfers.

– Essentially an encrypted Remote Utilities replacement

How does it work– Set up and generation of an encrypted TCP

connection – Authentication can be Password or PubPriv key

• Yes there are others but that is where the cracks are…

– Arbitrary TCP ports - WKP = 22

In this session we will concentrate on SSH1 using key based authentication

Slide 4SSH Tricks

Simple Examples Two hosts

– 1 has a sshd running on WKP– 2 has a client

root@2: ssh 1root@1’s password:

# This allows root to login remotely using a

password - BAD! Better is to define: ‘PermitRootLogin no’ in the

sshd_config file

Slide 5SSH Tricks

Simple Examples Two hosts - preshared key

– 1 has a sshd running on WKP– 2 has a client

tech@2: ssh 1tech@2$

The way to set this up is as follows:tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”tech@2$ scp .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys

tech@1’s password: tech@2$ cat > .ssh/config

Host 1 User tech Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1

^D

Slide 6SSH Tricks

A wee bit less Simple Examples Two hosts - preshared key

– 1 has a sshd running on port 17– 2 has a client

tech@2: ssh 1tech@2$

The way to set this up is as follows:tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”tech@2$ scp -P17 .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys

tech@1’s password: tech@2$ cat > .ssh/config

Host 1 User tech Port 17 Protocol 1 IdentityFile /home/tech/.ssh/key4mac1 Hostname 10.1.2.1

^D

Slide 7SSH Tricks

A wee bit less Simple Examples Three hosts - Assume: preshared keys

– 1 has sshd running on port 17– 2 has sshd running on port 27

tech@3: ssh 2 ‘ssh 1’tech@1$

The way to set this up is as follows:tech@3$ cat > .ssh/config

Host 2 User tech Port 27 Protocol 1 IdentityFile /home/tech/.ssh/key4mac2 Hostname 10.1.2.2

^D

Note you may need ssh -t 2 ‘ssh -t 1’ ...

Slide 8SSH Tricks

AN4SCD Buy a copy of “SSH” by Daniel J. Barrett &

Richard E. Silverman pub. O’Reilly (ISBN: 0-596-00011-1)

Read it I use openssl 0.9.7c with openssh 2.9.9p2-

PS2.4.18 I do not use any other version of SSH I use Protocol 1 on purpose I use TCP Wrappers w/ IPv6 extensions I keep tight controls using TCP Wrappers

Slide 9SSH Tricks

AN4SCD - 2 Static Compile methodsGet the latest openssl

1. Compile it static with the /usr/static directory target

./config --openssldir=/usr/static --prefix=/usr/static no-shared

2. Get openssh-2.9.9p2-PS2.4.18 http://www.paksecured.com

./configure --prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddr-display --with-ipv4-default –with-tcp-wrappers

compile it and install

Edit the sshd config file

Make sure you also change the paths for the keys!!

Slide 10SSH Tricks

AN4SCD – sshd_configPort 17Protocol 1ListenAddress 192.168.1.1HostKey /usr/static//etc/ssh_host_keyKeyRegenerationInterval 3600ServerKeyBits 768SyslogFacility AUTHLogLevel INFOLoginGraceTime 600PermitRootLogin noStrictModes yesRSAAuthentication yesPubkeyAuthentication yesRhostsAuthentication noIgnoreRhosts yesRhostsRSAAuthentication noPasswordAuthentication yesPermitEmptyPasswords noChallengeResponseAuthentication noX11Forwarding noX11DisplayOffset 10PrintMotd yesKeepAlive yes

Slide 11SSH Tricks

Fun Examples - 1 Using commands attached to keys

– On the server define a command in the authorized_keys file associated with a key

– Format is “command=“my/command/string”…key data…

EX:command=“/bin/ls -al

/logs”ABCDEF1234567Then ssh with the appropriate key will only

allow you to execute this command.Note that this is per key so…

Slide 12SSH Tricks

Fun Examples – 1A Each connection performs a different function:command=“/bin/tar –C /var –zc logs/”1024 35

140112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755352093456208519164097137651780560357432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 mgm@mgmlap.paksecured.org

command=“/bin/tar –C / –zc etc/”1024 35 220112719741995760396399231074454130954438374725973451608977118896776745893938550429062663931320851916409713765178056037233675531699057432366574014563979537876901893478363907211327813169574947477644423751539165732401392118051347844589891126078421590846523123481112885029800203382369752603047612281250015390957 mgm@mgmlap.paksecured.org

command=“/bin/tar –C /home –zc mgm/mail/”1024 35 230112719741995760396399231074454130954438374725973451608977118896776745893938550429062663972336755316990313209800203382369752603085191640971376517805603574323665740145639795378769018934783639072113278131695749474776444237515391657324013921180513478445898911260784215908465231234811128850247612281250015390957 mgm@mgmlap.paksecured.org

First one is keytar1 Second one is keytar2 Third one is keytar3

Slide 13SSH Tricks

Fun Examples – 1B Assuming we have setup the config file then:

ssh 1 | tar –zxv Will generate a copy including timestamps and

permissions of the logs/ directory

ssh 2 | tar –zxvWill generate a backup copy of our remote etc/

directory (assuming we have permission…)

Slide 14SSH Tricks

Fun Examples - 2 MultiBounce Sessions

– Using the three hosts example from earlier

Consider:ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv

ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv

Note that there are limits…

Slide 15SSH Tricks

Q & A

Slide 16SSH Tricks

This is The