NEbraskaCERT SSH Tricks

1
NEbraskaCERTSSH Tricks

• Matthew G. Marsh
• 05/21/03

2
Overview

• SSH
• What is it
• How does it work
• Discussion of Network Topology
• Tricks for multiple hosts
• Keys and config files
• MultiHop tricks
• QA

3
SSH

• What is it
• Secure Shell was developed to solve the two most
  acute problems in the Internet, secure remote
  terminal logins and secure file transfers.
• Essentially an encrypted Remote Utilities
  replacement
• How does it work
• Set up and generation of an encrypted TCP
  connection
• Authentication can be Password or PubPriv key
• Arbitrary TCP ports - WKP 22
• In this session we will concentrate on SSH1 using
  key based authentication

4
Simple Examples

• Two hosts
• 1 has a sshd running on WKP
• 2 has a client
• root_at_2 ssh 1
• root_at_1s password
• This allows root to login remotely using a
  password - BAD!
• Better is to define PermitRootLogin no in the
  sshd_config file

5
Simple Examples

• Two hosts - preshared key
• 1 has a sshd running on WKP
• 2 has a client
• tech_at_2 ssh 1
• tech_at_2
• The way to set this up is as follows
• tech_at_2 ssh-keygen -t rsa1 -f /home/tech/.ssh/key4
  mac1 -N
• tech_at_2 scp .ssh/key4mac1.pub tech_at_1/.ssh/author
  ized_keys
• tech_at_1s password
• tech_at_2 cat gt .ssh/config
• Host 1
• User tech
• Protocol 1
• IdentityFile /home/tech/.ssh/key4mac1
• Hostname 10.1.2.1
• D

6
A wee bit less Simple Examples

• Two hosts - preshared key
• 1 has a sshd running on port 17
• 2 has a client
• tech_at_2 ssh 1
• tech_at_2
• The way to set this up is as follows
• tech_at_2 ssh-keygen -t rsa1 -f /home/tech/.ssh/key4
  mac1 -N
• tech_at_2 scp -P17 .ssh/key4mac1.pub
  tech_at_1/.ssh/authorized_keys
• tech_at_1s password
• tech_at_2 cat gt .ssh/config
• Host 1
• User tech
• Port 17
• Protocol 1
• IdentityFile /home/tech/.ssh/key4mac1
• Hostname 10.1.2.1
• D

7
A wee bit less Simple Examples

• Three hosts - Assume preshared keys
• 1 has sshd running on port 17
• 2 has sshd running on port 27
• tech_at_3 ssh 2 ssh 1
• tech_at_1
• The way to set this up is as follows
• tech_at_3 cat gt .ssh/config
• Host 2
• User tech
• Port 27
• Protocol 1
• IdentityFile /home/tech/.ssh/key4mac2
• Hostname 10.1.2.2
• D
• Note you may need ssh -t 2 ssh -t 1 ...

8
AN4SCD

• Buy a copy of SSH by Daniel J. Barrett
  Richard E. Silverman pub. OReilly (ISBN
  0-596-00011-1)
• Read it
• I use openssl 0.9.7b with openssh 2.9.9p2
• I do not use any other version of SSH
• I use Protocol 1 on purpose
• I use TCP Wrappers w/ IPv6 extensions
• I keep tight controls using TCP Wrappers

9
AN4SCD - 2

• Static Compile methods
• Get the latest openssl
• 1. Compile it static with the /usr/static
  directory target
• ./config --openssldir/usr/static
  --prefix/usr/static no-shared
• 2. Get openssh-2.9.9p2
• ./configure --prefix/usr/static
  --with-ssl-dir/usr/static --with-ipaddr-display
  --with-ipv4-default --disable-lastlog
  --disable-utmp --disable-wtmp
• NOTE this one is the emergency backup so do not
  use TCP wrappers!
• compile it and install
• Now copy over the /etc/ssh/ directory into
  /usr/static/etc
• Edit the sshd config file to change the port so
  that it does not interfere with the regular ssh
• Make sure you also change the paths for the
  keys!!

10
Fun Examples

• Using commands attached to keys
• On the server define a command in the
  authorized_keys file associated with a key
• Format is commandmy/command/stringkey data
• EX
• command/bin/ls -al /logsABCDEF1234567
• Then ssh with the appropriate key will only allow
  you to execute this command.

11
Fun Examples - 2

• MultiBounce Sessions
• Using the three hosts example from earlier
• Consider
• ssh 1 ssh 2 /bin/tar -C /home -zc myhomedir/
  tar -zxv
• ssh 1 ssh 2 ssh 3 /bin/tar -C /home -zc
  myhomedir/ tar -zxv
• Note that there are limits

12
Q A
13
This is The