Upload
marc-cluet
View
717
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Lynx Consultants training into SSH
Citation preview
Marc Cluet – Lynx Consultants How I learned to stop worrying and love the shell
What we’ll cover?
¡ Understand how SSH works ¡ Get a clear picture of how ssh bastion hosts work ¡ Be able to do more awesome stuff with SSH!
Lynx Consultants © 2013
What is SSH?
¡ Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes two major versions that are referred to as SSH-‐1 and SSH-‐2…. *whew*
Lynx Consultants © 2013
But really, what is SSH?
¡ SSH opens a terminal connection to a remote host ¡ It does so using cryptography to avoid any break or leak in
communication ¡ It is a very powerful tool for remote execution ¡ It is awesome!
Lynx Consultants © 2013
How does SSH create a connection?
¡ You run your SSH command ssh user@host ¡ SSH client connects to host ¡ SSH client negotiates with host crypto and version ¡ SSH host requests authentication (password, certificates) ¡ SSH client replies with the crypto challenge ¡ Communication is open!
Lynx Consultants © 2013
Authentication methods
¡ Password § Typical manual password § Turing keyboard test
¡ Certificates § Public Key certificates (RSA1, RSA, DSA, GSS) § Host-‐based certificates
Lynx Consultants © 2013
Certificates
¡ A certificate ensures your identity by providing a crypto key divided in public and private parts (asymmetric cryptography)
¡ A public crypto key can be shared and is mathematically linked to the private key
¡ A private key shouldn’t be shared and is able to unlock and decipher the ciphertext
Lynx Consultants © 2013
Certificates
¡ A certificate can be generated for each host or group of hosts you want to access
¡ Each certificate can and should be protected by a password for extra security
¡ Certificates are easy to revoke, so in case of any incident a new certificate can be generated
Lynx Consultants © 2013
Certificates
¡ Run the command § ssh-‐keygen –t rsa ~/.ssh/id_foryournetwork
¡ This will create a unique certificate for network hosts ¡ All your other hosts or keys (github, etc) are safely different
Lynx Consultants © 2013
Security risks of running an infrastructure
¡ If we leave password authentication open we’re subject to dictionary attacks § The whole system strength is defined by the weakest password
¡ Each host that has ssh open is another security risk ¡ All this can be resolved by Bastion Hosts!
Lynx Consultants © 2013
What is a Bastion Host?
Lynx Consultants © 2013
What is a Bastion Host?
¡ A Bastion Host sits between two networks, one trusted and one untrusted
¡ It regulates traffic between those networks, highlighting any malicious traffic and refusing it
¡ It is the first line of defence in a system
Lynx Consultants © 2013
SSH Configuration
¡ Here’s an example # Config to access bastion host!Host bastionhost!!User myuser!!IdentityFile ~/.ssh/id_mynetwork!!Hostname 1.2.3.4!
Lynx Consultants © 2013
How to Diagnose connections
¡ Always run ssh –v (-‐v for verbose) ¡ Make sure you test each point of your connection
Lynx Consultants © 2013
How to Diagnose connections
¡ Always run ssh –v (-‐v for verbose) ¡ Make sure you test each point of your connection
§ First bastion host § Then proceed further up
¡ Regular issues § Lack of Certificate § DNS problem § Internets is broken
Lynx Consultants © 2013
Awesome Stuff – Port Redirection
¡ You can redirect a port from your machine to the remote host or the other way around § -‐L myport:destination:destport ▪ Forwards a connection made to localhost 8080 to myhost port 80 (-‐L 8080:myhost:80)
Lynx Consultants © 2013
Awesome Stuff – Port Redirection
¡ You can redirect a port from your machine to the remote host or the other way around § -‐R remoteport:destination:destport ▪ Forwards a connection made to destination port 8080 to localhost port 80 (-‐R 80:myhost:8080)
Lynx Consultants © 2013
Awesome Stuff – Socks Proxy
¡ You can create a SOCKS Proxy transparently with SSH § This will allow you to navigate the remote network as if it was
your own ¡ ssh –D2222 user@myhost ¡ Configure your browser to use a SOCKS proxy at localhost
port 2222 ¡ Navigate to all internal network pages!
Lynx Consultants © 2013
Questions?
Lynx Consultants © 2013