Transcript Shell Protocols

Shell Protocols
Elly Bornstein
Hiral Patel
Pranav Patel
Priyank Desai
Swar Shah
Agenda

Introduction
 R* Utilities
 Secure Shell Protocol
 Architecture of SSH
 How SSH works
 Features and Advantages
 Limitations
 Security Concerns
 Tools
 Conclusion
Introduction

What is Shell?

What are Shell Protocols?

R* Utilities
R* Utilities
Rlogin - allows users to log in remotely
 Rcp - provides remote file transfer.


Rsh - executes a remote command through the rshd
daemon

Rexec - executes a remote command through the
rexecd daemon

R* Utilities Security Concerns
Secure Shell Protocol (SSH)
•
•
•
What is SSH?
Why SSH?
Different versions of SSH
•
•
SSH-1
SSH-2
Secure Shell Architecture

Where does SSH lie in the protocol
hierarchy?
[Figure: Secure Shell operates at the application layer of the TCP/IP stack,
Source: www.ssh.com]
Secure Shell - Architecture
SSH Architecture
consists of 3 components:

The Transport Layer Protocol [SSH-TRANS]

The User Authentication Protocol
[SSH-USERAUTH]

The Connection Protocol [SSH-CONNECT]
The complete view of SSH Architecture – arch.doc
SSH Layers

SSH-TRANS

Server Authentication
Each Server must have a Host Key
 Client must have prior knowledge of host keys –
local database, trusted certification authority
 Danger – Man in the middle attack





Confidentiality
Integrity
Key-Exchange
Compression [optional]
SSH Layers – [contd.]

SSH-USERAUTH

Authenticates Client-Side User
Authentication Methods:
1. Password-Based Authentication
2. Public-Key Based Authentication
3. Host-Based Authentication
4. GSSAPI Authentication Methods
SSH Layers – [contd.]

SSH-CONN
Multiplexes Encrypted Channel into several
logical channels
 Provides services such as:

 Multiple interactive and non-interactive sessions
 Managing X, Port and Agent forwarding
 Terminal handling
 Remote program execution
How SSH works?
Host Identification
 Encryption
 User Authentication
 Access to desired services

Relate back to arch.doc
Features and Advantages






SSH and SFTP for secure file transfer
SSH and SCP for alternative to RCP
Port forwarding and Tunneling
Support terminal protocols for remote
administration
Secure proxy connection for Internet browsing
Authentication methods: Kerberos, SecureID,
RSA, etc.
Limitations
Port ranges can’t be forwarded
 Poor performance on older computers
 Graphical applications can be started,
but cannot be seen
 Child processes are not killed when the
user logs out

Security Concerns
Man-in-the-middle attack
 Denial of Service
 Message replay attack
 Data integrity

Tools

Multi-platform
PuTTy
 Conch


Windows
SecureCRT
 WinSCP


Unix-like OS
LSH
 OpenSSH

Conclusion
Provides secure data transfer across the
network
 Provides the space for extensibility and
options for using different algorithms
 Most of the limitations and probable
threats can be avoided by using proper
algorithms and policies

Thank You