\documentclass{beamer} % Copyright (c) 2001,2002,2003,2004,2005 Alexandre Dulaunoy % Permission is granted to copy, distribute and/or modify this document % under the terms of the GNU General Public License, Version 2.0 % or any later version published by the Free Software Foundation; %\usetheme{PaloAlto} \usetheme{Goettingen} \usepackage[english]{babel} \usepackage[latin1]{inputenc} \setbeamertemplate{blocks}[rounded][shadow=true] \setbeamercovered{transparent} % % The following info should normally be given in you main file: % \title{OpenSSH} \subtitle {} \keywords {SSH protocols and OpenSSH implementation} \subject {Overview of SSH and basic introduction regarding OpenSSH} \author{} \institute{ ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg)\\ http://www.csrrt.org/} \begin{document} \frame{\titlepage} \section*{SSH Protocol} \subsection{History} \frame[containsverbatim]{ \nameslide{SSH - History} \frametitle{SSH - History} \begin{itemize} \item 1995 Tatu Ylonen releases ssh-1.0.0 (Forms SSH Communications Security) \item 1997 IETF secsh working group formed - Work on SSH protocol v2 begun \item 1999 OpenSSH project started, based on open-source ssh-1.x code \item 2000 SSH protocol v2 support added to OpenSSH \item 2002 SSH support added to Solaris 9 (OpenSSH derived) \item SSH protocol v2 nears release as IETF RFC \item 2006 RFC released for SSH protocol v2 as secsh \end{itemize} } \subsection{SSH Operation and Protocol} \frame[containsverbatim]{ \nameslide{SSH Operation and Protocol} \frametitle{SSH Operation and Protocol} \begin{itemize} \item Runs on TCP port 22, initiated by client \item Client and server exchange banners at connect time: \begin{itemize} \item SSH-1.5-SoftwareName -- SSH protocol v.1 \item SSH-2.0-SoftwareName -- SSH protocol v.2 \item SSH-1.99-SoftwareName -- both protocols \end{itemize} \item SoftwareName is the implementation name and version \item Usually used for backwards (bug) compatibility \item Server always has a public/private key pair \item Public key is sent during connection setup \item Server's public key is cached by client to detect MITM \end{itemize} } \subsection{SSH Protocol v1} \frame[containsverbatim]{ \nameslide{SSH Protocol v1} \frametitle{SSH Protocol v1} \begin{itemize} \item SSH protocol v.1 is the original version released in the free ssh-1.x code by Tatu Ylonen \item Revised between 1995 and 1997 \item Final version of the protocol is officially "1.5" \item Never standardised \item Some desire to have it published as an informational RFC \item Monolithic protocol \end{itemize} } \subsection{SSH Protocol v2} \frame[containsverbatim]{ \nameslide{SSH Protocol v2} \frametitle{SSH Protocol v2} \begin{itemize} \item Unlike the monolithic v1 protocol SSH v2 is several protocols \item Transport protocol \begin {itemize} \item Underlying protocol \item Handles encryption, compression, integrity \item Provides "services" based on text strings \end {itemize} \item User Authentication protocol \begin {itemize} \item Responsible for authentication of user to server \item Supports various authentication methods \item Password, Public key, Challenge-response, Host based \end {itemize} \item Connection protocol \begin {itemize} \item Interactive logins, Command execution, Port forwarding, X11 forwarding \end {itemize} \end{itemize} } \subsection{SSH Protocol v2 - packet format} \frame[containsverbatim]{ \nameslide{SSH Protocol v2 - packet format} \frametitle{SSH Protocol v2 - packet format} \begin{itemize} \item 4 bytes Packet length \item 1 byte Padding length \item ... Payload \item padding_len Random padding \item ... MAC[seqno, packet (sans MAC)] \end{itemize} } \subsection{SSH Protocol v2 - packet format} \frame[containsverbatim]{ \nameslide{SSH Protocol v2 - packet format} \frametitle{SSH Protocol v2 - packet format} \begin{itemize} \item Multiple MAC algorithms supported \begin{itemize} \item hmac-md5, hmac-sha1, truncated MACs, none \end{itemize} \item Payload may optionally be compressed prior to MAC \item Packets are optionally encrypted with a symmetric cipher \begin{itemize} \item 3-des-cbc (MUST) \item blowfish-cbc (RECOMMENDED) \item twofish-cbc, aes-cbc, serpent-cbc (OPTIONAL) \item arcfour, idea-cbc, cast128-cbc (OPTIONAL) \end{itemize} \end{itemize} } \section*{Q and A} \frame { \nameslide {Q and A} \frametitle {Q and A} \begin{itemize} \item Thanks for listening. \item http://www.csrrt.org.lu/ \item adulau@foo.be \end{itemize} %%\includegraphics[scale=0.50]{Hack2005lu-banner.png} } \end{document}