book

SSH, The Secure Shell: The Definitive Guide, 2nd Edition

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

May 2005

Intermediate to advanced

666 pages

21h 5m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

End-User AudiencePrerequisitesSystem-Administrator AudiencePrerequisites

1.3.1 Protocols, Products, Clients, and Confusion
1.4.1 Secure Remote Logins1.4.2 Secure File Transfer1.4.3 Secure Remote Command Execution1.4.4 Keys and Agents1.4.5 Access Control1.4.6 Port Forwarding
1.6.1 rsh Suite (r-Commands)1.6.2 Pretty Good Privacy (PGP) and GNU Privacy Guard (GnuPG)1.6.3 Kerberos1.6.4 IPSEC and Virtual Private Networks1.6.5 Secure Remote Password (SRP)1.6.6 Secure Socket Layer (SSL) Protocol1.6.7 SSL-Enhanced Telnet and FTP1.6.8 stunnel1.6.9 Firewalls
2.2.1 File Transfer with scp
2.3.1 Known Hosts2.3.2 The Escape Character
2.4.1 A Brief Introduction to Keys2.4.2 Generating Key Pairs with ssh-keygen2.4.3 Installing a Public Key on an SSH Server Machine2.4.3.1 Instructions for OpenSSH2.4.3.2 Instructions for Tectia2.4.4 If You Change Your Key
2.5.1 Agents and Automation2.5.2 A More Complex Passphrase Problem2.5.3 Agent Forwarding
2.7.1 sftp2.7.2 slogin
3.1.1 Privacy (Encryption)3.1.2 Integrity3.1.3 Authentication3.1.4 Authorization3.1.5 Forwarding (Tunneling)
3.2.1 How Secure Is Secure?3.2.2 Public-and Secret-Key Cryptography3.2.3 Hash Functions
3.4.1 Protocol Summary3.4.2 SSH Transport Layer Protocol (SSH-TRANS)3.4.2.1 Connection3.4.2.2 Protocol version selection3.4.2.3 Parameter negotiation3.4.2.4 Key exchange and server authentication3.4.2.5 Server authentication and antispoofing: some gory details3.4.2.6 Wonder security powers, activate!3.4.3 SSH Authentication Protocol (SSH-AUTH)3.4.3.1 The authentication request3.4.3.2 The authentication response3.4.3.3 Getting started: the “none” request3.4.3.4 Public-key authentication3.4.3.5 Password authentication3.4.3.6 Hostbased authentication3.4.4 SSH Connection Protocol (SSH-CONN)3.4.4.1 Channels3.4.4.2 Requests3.4.4.3 The finish line
3.6.1 Host Keys3.6.2 Authorization in Hostbased Authentication3.6.2.1 Hostbased access files3.6.2.2 Control file details3.6.2.3 Netgroups as wildcards3.6.2.4 Summary3.6.3 SSH-1 Backward Compatibility3.6.4 Randomness3.6.5 Privilege Separation in OpenSSH
3.7.1 What’s in a Name?3.7.2 scp Details3.7.3 scp2/sftp Details
3.8.1 Public-Key Algorithms3.8.1.1 Rivest-Shamir-Adleman (RSA)3.8.1.2 Digital Signature Algorithm (DSA)3.8.1.3 Diffie-Hellman key agreement3.8.2 Secret-Key Algorithms3.8.2.1 International Data Encryption Algorithm (IDEA)3.8.2.2 Advanced Encryption Standard (AES)3.8.2.3 Data Encryption Standard (DES)3.8.2.4 Triple-DES3.8.2.5 ARCFOUR (RC4)3.8.2.6 Blowfish3.8.2.7 Twofish3.8.2.8 CAST3.8.3 Hash Functions3.8.3.1 CRC-323.8.3.2 MD53.8.3.3 SHA-13.8.3.4 RIPEMD-1603.8.4 Compression Algorithms: zlib
3.9.1 Eavesdropping3.9.2 Name Service and IP Spoofing3.9.3 Connection Hijacking3.9.4 Man-in-the-Middle Attacks
3.10.1 Password Cracking3.10.2 IP and TCP Attacks3.10.3 Traffic Analysis3.10.4 Covert Channels3.10.5 Carelessness
4.1.1 Install the Prerequisites4.1.2 Obtain the Sources4.1.3 Verify the Signature4.1.4 Extract the Source Files4.1.5 Perform Compile-Time Configuration4.1.6 Compile Everything4.1.7 Install the Programs and Configuration Files
4.2.1 Prerequisites4.2.2 Downloading and Extracting the Files4.2.2.1 Verifying with GnuPG4.2.3 Building and Installing4.2.4 Configuration Options4.2.4.1 File locations4.2.4.2 Random number generation4.2.4.3 Networking4.2.4.4 Authentication4.2.4.5 Access control
4.3.1 Prerequisites4.3.2 Obtaining and Extracting the Files4.3.3 Verifying with md5sum4.3.4 Building and Installing4.3.5 Configuration Options4.3.5.1 File locations and permission4.3.5.2 Random number generation4.3.5.3 Networking4.3.5.4 X Window System4.3.5.5 TCP port forwarding4.3.5.6 Encryption4.3.5.7 Authentication4.3.5.8 SOCKS proxies4.3.5.9 Debugging4.3.5.10 SSH-1 protocol compatibility4.3.6 SSH-1 Compatibility Support for Tectia
4.5.1 Concurrent Versions System (CVS)4.5.2 GNU Emacs4.5.3 Pine4.5.4 rsync, rdist
5.1.1 Running sshd as the Superuser5.1.2 Running sshd as an Ordinary User
5.2.1 Server Configuration Files5.2.2 Checking Configuration Files5.2.2.1 Checking OpenSSH configuration files5.2.2.2 Checking Tectia configuration files5.2.3 Command-Line Options5.2.4 Changing the Configuration5.2.5 A Tricky Reconfiguration Example
5.3.1 File Locations5.3.1.1 Host key files5.3.1.2 Random seed file5.3.1.3 Process ID file5.3.1.4 Server configuration file5.3.1.5 User SSH directory5.3.1.6 Per-account authorization files5.3.1.7 utmp file structure5.3.2 File Permissions5.3.2.1 Acceptable permissions for user files5.3.3 TCP/IP Settings5.3.3.1 Port number and network interface5.3.3.2 Invocation by inetd or xinetd5.3.3.3 Restarting the SSH server for each connection5.3.3.4 Keepalive messages5.3.3.5 Idle connections5.3.3.6 Failed logins5.3.3.7 Limiting simultaneous connections5.3.3.8 Reverse IP mappings5.3.3.9 Controlling the Nagle Algorithm5.3.3.10 Discovering other servers5.3.4 Key Regeneration5.3.5 Encryption Algorithms5.3.6 Integrity-Checking (MAC) Algorithms5.3.7 SSH Protocol Settings5.3.7.1 Protocol version string5.3.8 Compression
5.4.1 Authentication Syntax5.4.2 Password Authentication5.4.2.1 Failed password attempts5.4.2.2 Empty passwords5.4.2.3 Expired passwords5.4.3 Public-Key Authentication5.4.4 Hostbased Authentication5.4.5 Keyboard-Interactive Authentication5.4.5.1 OpenSSH keyboard-interactive authentication5.4.5.2 Tectia’s keyboard-interactive authentication5.4.6 PGP Authentication5.4.7 Kerberos Authentication5.4.7.1 Kerberos and OpenSSH5.4.7.2 Kerberos and Tectia5.4.8 PAM Authentication5.4.9 Privilege Separation5.4.10 Selecting a Login Program
5.5.1 Account Access Control5.5.1.1 Restricting all logins5.5.2 Group Access Control5.5.3 Hostname Access Control5.5.4 shosts Access Control5.5.5 Root Access Control5.5.6 External Access Control5.5.7 Restricting Directory Access with chroot5.5.8 Summary of Authentication and Access Control
5.6.1 Welcome Messages for the User5.6.2 Setting Environment Variables5.6.3 Initialization Scripts
5.7.1 Port Forwarding5.7.2 X Forwarding5.7.3 Agent Forwarding
5.9.1 OpenSSH Logging and Debugging5.9.2 Tectia Logging and Debugging5.9.3 Debugging Under inetd or xinetd
5.10.1 Security Issues with Tectia’s SSH-1 Compatibility Mode
6.1.1 OpenSSH Identities6.1.2 Tectia Identities
6.2.1 Generating Keys for OpenSSH6.2.1.1 Creating OpenSSH keys6.2.1.2 Working with OpenSSH keys6.2.2 Generating Keys for Tectia6.2.2.1 Creating Tectia keys6.2.2.2 Working with Tectia keys6.2.3 Selecting a Passphrase6.2.4 Generating New Groups for Diffie-Hellman Key Exchange
6.3.1 Agents Do Not Expose Keys6.3.2 Starting an Agent6.3.2.1 Single-shell method6.3.2.2 Subshell method6.3.2.3 Format of environment variable commands6.3.3 Loading Keys with ssh-add6.3.3.1 Automatic agent loading (single-shell method)6.3.3.2 Automatic agent loading (subshell method)6.3.3.3 Automatic agent loading (X Window System)6.3.4 Agents and Security6.3.4.1 Access control6.3.4.2 Cracking an agent6.3.5 Agent Forwarding6.3.5.1 A firewall example6.3.5.2 How agent forwarding works6.3.5.3 Enabling agent forwarding6.3.6 Agent CPU Usage6.3.7 Debugging the Agent
6.4.1 Switching Identities Manually6.4.2 Switching Identities with an Agent6.4.3 Tailoring Sessions Based on Identity
7.1.1 Command-Line Options7.1.2 Client Configuration Files7.1.2.1 Keywords versus command-line options7.1.2.2 Global and local files7.1.2.3 Configuration-file sections7.1.2.4 Multiple matches7.1.2.5 Making nicknames for hosts7.1.2.6 Comments, indenting, and style7.1.3 Environment Variables
7.4.1 Remote Account Name7.4.1.1 Tricks with remote account names7.4.2 User Identity7.4.2.1 Using identities7.4.3 Host Keys and Known-Hosts Databases7.4.3.1 Strict host-key checking7.4.3.2 Verifying host keys by DNS7.4.3.3 Host key aliasing7.4.3.4 Ignoring host keys for localhost7.4.3.5 Moving the known hosts files7.4.4 SSH Protocol Settings7.4.4.1 Choosing a protocol version7.4.4.2 Connection sharing7.4.4.3 Setting environment variables in the server7.4.5 TCP/IP Settings7.4.5.1 Selecting a remote port7.4.5.2 Connecting via a given network interface7.4.5.3 Forcing a nonprivileged local port7.4.5.4 Keepalive messages7.4.5.5 Controlling TCP_NODELAY7.4.5.6 Requiring IPv4 and IPv67.4.6 Making Connections7.4.6.1 Number of connection attempts7.4.6.2 Password prompting in OpenSSH7.4.6.3 Password prompting in Tectia7.4.6.4 Batch mode: suppressing prompts7.4.6.5 Pseudo-terminal allocation (TTY/PTY/PTTY)7.4.6.6 Backgrounding a remote command7.4.6.7 Backgrounding a remote command, take two7.4.6.8 Escaping7.4.7 Proxies and SOCKS7.4.7.1 SOCKS in OpenSSH: using DynamicForward7.4.7.2 SOCKS in Tectia7.4.8 Forwarding7.4.9 Encryption Algorithms7.4.10 Integrity-Checking (MAC) Algorithms7.4.11 Host Key Types7.4.12 Session Rekeying7.4.13 Authentication7.4.13.1 Requesting an authentication technique7.4.13.2 The server is the boss7.4.13.3 Detecting successful authentication7.4.13.4 Using ssh-keysign for hostbased authentication7.4.14 Data Compression7.4.15 Program Locations7.4.16 Subsystems7.4.17 Logging and Debugging7.4.18 Random Seeds
7.5.1 Full Syntax of scp7.5.2 Handling of Wildcards7.5.3 Recursive Copy of Directories7.5.4 Preserving Permissions7.5.5 Automatic Removal of Original File7.5.6 Safety Features7.5.6.1 Directory confirmation7.5.6.2 No-execute mode7.5.6.3 Overwriting existing files7.5.7 Batch Mode7.5.8 User Identity7.5.9 SSH Protocol Settings7.5.10 TCP/IP Settings7.5.11 Encryption Algorithms7.5.12 Controlling Bandwidth7.5.13 Data Compression7.5.14 File Conversion7.5.15 Optimizations7.5.16 Statistics Display7.5.17 Locating the ssh Executable7.5.18 Getting Help7.5.19 For Internal Use Only7.5.20 Further Configuration
7.6.1 Interactive Commands7.6.2 Command-Line Options
8.1.1 Overriding Serverwide Settings8.1.2 Authentication Issues
8.2.1 OpenSSH Authorization Files8.2.2 Tectia Authorization Files8.2.2.1 Tectia PGP key authentication8.2.3 Forced Commands8.2.3.1 Security issues8.2.3.2 Rejecting connections with a custom message8.2.3.3 Displaying a command menu8.2.3.4 Examining the client’s original command8.2.3.5 Restricting a client’s original command8.2.3.6 Logging a client’s original command8.2.3.7 Forced commands and secure copy (scp)8.2.4 Restricting Access by Host or Domain8.2.4.1 OpenSSH host access control8.2.4.2 Tectia host access control8.2.5 Setting Environment Variables8.2.5.1 Example: CVS and $LOGNAME8.2.6 Setting Idle Timeout8.2.7 Disabling or Limiting Forwarding8.2.8 Disabling TTY Allocation
9.2.1 Local Forwarding9.2.1.1 Local forwarding and GatewayPorts9.2.1.2 Remote forwarding9.2.2 Trouble with Multiple Connections9.2.3 Comparing Local and Remote Port Forwarding9.2.3.1 Common elements9.2.3.2 Local versus remote forwarding: the distinction9.2.4 Forwarding Off-Host9.2.4.1 Privacy9.2.4.2 Access control and the loopback address9.2.4.3 Listening on (“binding”) an interface9.2.5 Bypassing a Firewall9.2.6 Port Forwarding Without a Remote Login9.2.6.1 One-shot forwarding9.2.7 The Listening Port Number9.2.8 Choosing the Target Forwarding Address9.2.9 Termination9.2.9.1 The TIME_WAIT problem9.2.10 Configuring Port Forwarding in the Server9.2.10.1 Compile-time configuration9.2.10.2 Serverwide configuration9.2.10.3 Per-account configuration9.2.11 Protocol-Specific Forwarding: FTP
9.3.1. SOCKS v4, SOCKS v5, and Names9.3.2 Other Uses of Dynamic Forwarding
9.4.1 The X Window System9.4.2 How X Forwarding Works9.4.3 Enabling X Forwarding9.4.4 Configuring X Forwarding9.4.4.1 Compile-time configuration9.4.4.2 Serverwide configuration9.4.4.3 Per-account configuration9.4.5 X Authentication9.4.5.1 How X authentication works9.4.5.2 xauth and the SSH rc files9.4.5.3 Trusted X forwarding9.4.5.4 Problems with X authentication9.4.5.5 SSH and authentication spoofing9.4.5.6 Improving authentication spoofing9.4.5.7 Nonstandard X clients9.4.6 Further Issues9.4.6.1 X server configuration9.4.6.2 Setting your DISPLAY environment variable9.4.6.3 Shared accounts9.4.6.4 Location of the xauth program9.4.6.5 X forwarding and the GatewayPorts feature
9.5.1 TCP-Wrappers Configuration9.5.2 Notes About TCP-Wrappers
10.3.1 Disable Other Means of Access10.3.2 sshd_config for OpenSSH10.3.2.1 Choice of protocol10.3.2.2 Important files10.3.2.3 File and directory permissions10.3.2.4 TCP/IP settings10.3.2.5 Login time10.3.2.6 Authentication10.3.2.7 Access control10.3.2.8 Forwarding10.3.2.9 SFTP10.3.3 sshd2_config for Tectia10.3.3.1 Choice of protocol10.3.3.2 Important files10.3.3.3 File and directory permissions10.3.3.4 TCP/IP settings10.3.3.5 Login time10.3.3.6 Authentication10.3.3.7 Access control10.3.3.8 Forwarding10.3.3.9 Encryption10.3.3.10 SFTP
10.7.1 NFS Security Risks10.7.2 NFS Access Problems10.7.3 AFS Access Problems
11.1.1 Password Authentication11.1.2 Public-Key Authentication11.1.2.1 Storing the passphrase in the filesystem11.1.2.2 Using a plaintext key11.1.2.3 Using an agent11.1.3 Hostbased Authentication11.1.4 Kerberos11.1.5 General Precautions for Batch Jobs11.1.5.1 Least-privilege accounts11.1.5.2 Separate, locked-down automation accounts11.1.5.3 Restricted-use keys11.1.5.4 Useful ssh options11.1.6 Recommendations
11.2.1 FTP-Specific Tools for SSH11.2.1.1 VanDyke’s SecureFX11.2.1.2 Tectia client11.2.2 Static Port Forwarding and FTP: A Study in Pain11.2.3 The FTP Protocol11.2.4 Forwarding the Control Connection11.2.4.1 Choosing the forwarding target11.2.4.2 Using passive mode11.2.4.3 The “PASV port theft” problem11.2.5 FTP, Firewalls, and Passive Mode11.2.6 FTP and Network Address Translation (NAT)11.2.6.1 Server-side NAT issues11.2.7 All About Data Connections11.2.7.1 The usual method of file transfer11.2.7.2 Passive mode in depth11.2.7.3 FTP with the default data ports11.2.8 Forwarding the Data Connection
11.3.1 Securing IMAP Authentication11.3.1.1 Pine and preauthenticated IMAP11.3.1.2 Making Pine use SSH11.3.2 Mail Relaying and News Access11.3.3 Using a Connection Script
11.4.1 Making Transparent SSH Connections11.4.2 Using SCP Through a Gateway11.4.3 Another Approach: SSH-in-SSH (Port Forwarding)11.4.4 SSH-in-SSH with a Proxy Command (OpenSSH)11.4.5 Comparing the Techniques11.4.5.1 Smoothness11.4.5.2 Security
11.5.1 Tectia with X.509 Certificates11.5.1.1 What’s a PKI?11.5.1.2 Using certificates with Tectia host keys11.5.1.3 A simple configuration11.5.1.4 Getting a certificate11.5.1.5 Hostkey verification: configuring the server11.5.1.6 Hostkey verification: configuring the Client11.5.1.7 User authentication: configuring the client11.5.1.8 User authentication: configuring the server11.5.2 OpenSSH and Tectia with Kerberos11.5.2.1 How Kerberos works11.5.2.2 Kerberos support in SSH11.5.2.3 Kerberos interoperability with OpenSSH and Tectia
11.6.1 Metaconfiguration11.6.2 Subconfiguration Files11.6.3 Quoted Values
11.7.1 A Plugin for Changing Expired Passwords11.7.1.1 The ssh-passwd-plugin program11.7.1.2 A Perl package implementing the Tectia plugin protocol11.7.1.3 Creating a customized password-change plugin11.7.2 A Plugin for Keyboard-Interactive Authentication11.7.3 A Plugin for External Authorization
12.1.1 Client Debugging12.1.2 Server DebuggingThe Top 10 SSH Questions
12.2.1 General Problems12.2.2 Authentication Problems12.2.2.1 General authentication problems12.2.2.2 Password authentication12.2.2.3 Hostbased authentication12.2.2.4 Public-key authentication12.2.2.5 PGP key authentication12.2.3 Key and Agent Problems12.2.3.1 ssh-keygen12.2.3.2 ssh-agent and ssh-add12.2.3.3 Per-account authorization files12.2.4 Server Problems12.2.4.1 sshd_config, sshd2_config12.2.5 Client Problems12.2.5.1 General client problems12.2.5.2 Client configuration file12.2.5.3 ssh12.2.5.4 scp12.2.5.5 sftp12.2.5.6 Port forwarding
12.3.1 Web Sites12.3.2 Usenet Newsgroups
13.3.1 BeOS13.3.2 Commodore Amiga13.3.3 GNU Emacs13.3.4 Java13.3.5 Macintosh OS 913.3.6 Macintosh OS X13.3.7 Microsoft Windows13.3.8 Microsoft Windows CE (PocketPC)13.3.9 OS/213.3.10 Palm OS13.3.11 Perl13.3.12 Unix Variants (Linux, OpenBSD, etc.)13.3.13 VMS
14.3.1 Opening Remote Windows on the Desktop
14.4.1 Running an Agent
15.2.1 Enabling the Server15.2.2 Opening the Firewall15.2.3 Control by xinetd15.2.4 Server Configuration Details15.2.5 Kerberos Support
16.7.1 General Settings16.7.2 Servers for Outgoing SSH Connections16.7.3 Filter Rules for Dynamic Port Forwarding16.7.4 Configuration File
16.11.1 Server Operation16.11.2 Server Configuration16.11.3 Commands and Interactive Sessions16.11.4 Authentication16.11.5 Access Control16.11.6 Forwarding16.11.7 SFTP Server16.11.8 Logging and Debugging
17.3.1 Key Generation Wizard17.3.1.1 Automatic installation of keys17.3.1.2 Manual installation of keys17.3.2 Using Multiple Identities17.3.3 The SSH Agent
17.4.1 Mandatory Fields17.4.2 Data Compression17.4.3 Firewall Use
17.5.1 Port Forwarding17.5.2 X Forwarding
17.7.1 The vcp and vsftp Commands17.7.2 Zmodem File Transfer17.7.3 SecureFX
17.8.1 Authentication17.8.2 Forwarding
18.2.1 Plink, a Console Client18.2.2 Running Remote Commands
18.3.1 File Transfer with PSCP18.3.2 File Transfer with PSFTP
18.4.1 Choosing a Key18.4.2 Pageant, an SSH Agent
18.5.1 Saved Sessions18.5.2 Host Keys18.5.3 Choosing a Protocol Version18.5.4 TCP/IP Settings18.5.4.1 Selecting a remote port18.5.4.2 Keepalive messages18.5.4.3 The Nagle Algorithm18.5.5 Pseudo-Terminal Allocation18.5.6 Proxies and SOCKS18.5.7 Encryption Algorithms18.5.8 Authentication18.5.9 Compression18.5.10 Logging and Debugging18.5.11 Batch Jobs
18.6.1 Forwarding with PuTTY18.6.2 Forwarding with Plink
Logging of Access Control ViolationsAddressFamily KeywordPassword and Account Expiration Warnings
KbdInteractiveDevices KeywordMore Control for Connection SharingHashing of HostnamesPort Forwardingsftp Command-Line Features
Hashing Your Known Hosts FileManaging Hosts
Escaped Tokens for Regex Syntax Egrep
Example
Escaped Tokens for Regex Syntax SSHCharacter Sets for Regex Syntax SSHExample
Serverwide ConfigurationClient ConfigurationFiles
Serverwide ConfigurationClient ConfigurationFile TransfersKey ManagementAuthentication Agent

Content preview from SSH, The Secure Shell: The Definitive Guide, 2nd Edition

Algorithms Used by SSH

We now summarize each of the algorithms we have mentioned. Don’t treat these summaries as complete analyses, however. You can’t necessarily extrapolate from characteristics of individual algorithms (positive or negative) to whole systems without considering the other parts. Security is complicated that way.

3.8.1 Public-Key Algorithms

3.8.1.1 Rivest-Shamir-Adleman (RSA)

The Rivest-Shamir-Adleman (RSA) public-key algorithm is the most widely used asymmetric cipher. It derives its security from the difficulty of factoring large integers

Figure 3-4. scp operation

that are the product of two large primes of roughly equal size. Factoring is widely believed to be intractable (i.e., infeasible, admitting no efficient, polynomial-time solution), although this isn’t proven. RSA can be used for both encryption and signatures.

Until September 2000, RSA was claimed to be patented in the U.S. states by Public Key Partners, Inc., a company in which RSA Security, Inc. is a partner. (The algorithm is now in the public domain.) While the patent was in force, PKP claimed that it controlled the use of the RSA algorithm in the U.S., and that the use of unauthorized implementations was illegal. Until the mid-1990s, RSA Security provided a freely available reference implementation, RSAref, with a license allowing educational and broad commercial use (as long as the software itself was ...