SSH is a abbreviation for Secure Shell is a network protocol that allows data-exchange between devices on the network..This is mainly used in linux OS's to access shell accounts , shell commands etc... SSH was mainly designed as a replacement modification to telnet etc..other insecure remote shells which do not use encryption and send passwords/user-names in simple ascii text...Which makes them vulnerable to many attacks...like : suffering passwords etc etc...
How does SSH work
The client connects to the server via a TCP connection...Like FTP , HTTP etc...
Then they send each other their version information and Protocol information...
Next the server and client discusses what kind of Encryption , keys , hashes they support..
Now the client sends the server a initialization message that includes the message about the key exchange..and a challenge message...
Now all the client does is listens for the server's response about the request which will include the message about the server's key and a challenge value that has been signed by the server's private key...
This is done to provide a validation that the packet could only come from the server that sent it.. (This makes the ssh secure from man in the middle attacks)
The client then checks the list of known hosts by searching '~/.ssh/known_hosts' file . If the public key is listed , it automatically assumes that the data is valid and the server is trusted..But if the public is not listed here then the user is displayed with a prompt that asks them to verify the finger print...
Now both the client and server have enough information needed to create the master key that will encrypt the session and the communication starts....
Thats quite a bit explanation now lets move on to practical example
Example
Installing ssh :-
Code:
sudo apt-get install ssh
Running :-
Code:
ssh (server hostname)
Other usage can be seen as :-
Code:
aneesh@aneesh-laptop:~$ ssh --help
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w local_tun[:remote_tun]] [user@]hostname [command]
Installing ssh-server :-
Code:
aneesh@aneesh-laptop:~$ sudo apt-get install openssh-server
Now that we successfully installed the main server... Lets check whether its working or not...
This can be checked by :-
Example output :-
Code:
aneesh@aneesh-laptop:~$ sudo netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2095/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1051/cupsd
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 796/pptpd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 812/mysqld
tcp6 0 0 :::80 :::* LISTEN 1142/apache2
tcp6 0 0 :::22 :::* LISTEN 2095/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1051/cupsd
udp 0 0 0.0.0.0:51810 0.0.0.0:* 634/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 634/avahi-daemon: r
aneesh@aneesh-laptop:~$
We can see that the sshd server is listening on the port no. 22 on 0.0.0.0 I.e localhost...
Note : The other output is about other servers running on my machine as I am running apache etc etc..
Now lets connect to the local ssh-server
Code:
aneesh@aneesh-laptop:~$ ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 18:ee:8c:7f:4e:bf:0c:3e:7a:e5:78:6f:f7:49:53:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
aneesh@localhost's password:
Yes we got the connection .. Now after entering our password we can get the shell
Code:
aneesh@localhost's password:
Linux aneesh-laptop 2.6.32.26+drm33.12-explict-hax0r #2 SMP Fri Jan 7 15:33:24 IST 2011 i686 GNU/Linux
Ubuntu 10.04.1 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
Last login: Mon Jan 10 16:30:50 2011
aneesh@aneesh-laptop:~$
As we see it just looks like a ordinary shell and provides the same usage...
Now lets test some commands :-
Code:
aneesh@aneesh-laptop:~$ cd /
aneesh@aneesh-laptop:/$ ls
bin dev initrd.img.old mnt sbin tmp vmlinuz.old
boot etc lib opt selinux usr
cdrom home lost+found proc srv var
desktop initrd.img media root sys vmlinuz
aneesh@aneesh-laptop:/$ cd usr
aneesh@aneesh-laptop:/usr$ ls
bin games include lib lib64 local man sbin share src
aneesh@aneesh-laptop:/usr$ cd ../
aneesh@aneesh-laptop:/$ ls
bin dev initrd.img.old mnt sbin tmp vmlinuz.old
boot etc lib opt selinux usr
cdrom home lost+found proc srv var
desktop initrd.img media root sys vmlinuz
aneesh@aneesh-laptop:/$ cd home
aneesh@aneesh-laptop:/home$ ls
aneesh
aneesh@aneesh-laptop:/home$ cd aneesh/
aneesh@aneesh-laptop:~$ cd articles/
aneesh@aneesh-laptop:~/articles$ ls
a.out Bash crackme debugMe hello
ASM C crackme.c debugMe.c helloWorld.c
aneesh@aneesh-laptop:~/articles$ mkdir SSH
aneesh@aneesh-laptop:~/articles$ ls
a.out Bash crackme debugMe hello SSH
ASM C crackme.c debugMe.c helloWorld.c
aneesh@aneesh-laptop:~/articles$ cd SSH
aneesh@aneesh-laptop:~/articles/SSH$ ls
aneesh@aneesh-laptop:~/articles/SSH$ vi HiIamHere
aneesh@aneesh-laptop:~/articles/SSH$ echo "Hello I am using ssh server on my machine ... and its damn exiting..... woooo!!!!!!" > HiIamHere
echo "Hello I am using ssh server on my machine ... and its damn exiting..... woooovi HiIamHerevi HiIamHerevi HiIamHere" > HiIamHere
aneesh@aneesh-laptop:~/articles/SSH$ ls
HiIamHere
aneesh@aneesh-laptop:~/articles/SSH$ cat HiIamHere
Hello I am using ssh server on my machine ... and its damn exiting..... woooovi HiIamHerevi HiIamHerevi HiIamHere
aneesh@aneesh-laptop:~/articles/SSH$
aneesh@aneesh-laptop:~/articles/SSH$ rm HiIamHere
aneesh@aneesh-laptop:~/articles/SSH$ ls
aneesh@aneesh-laptop:~/articles/SSH$
And remember to close your connection simply use 'exit' as in a normal shell :-
Code:
aneesh@aneesh-laptop:~/articles/SSH$ exit
logout
Connection to localhost closed.
Thats all about basic ssh you have to know to use it...
But stay tuned I may be writing some more articles on ssh encryption and some vulnerabilities it met with...
