Curing remote-access security ailments

By Hal Stern, Unix Insider |  Security

In a nutshell, ssh uses a mechanism similar to the
/etc/hosts.equiv and .rhosts access-control files
that manage remote login transparency. Users continue to use these
files, which are augmented by access controls and key-management files
in the user's home directory and maintained by a daemon on the remote
host. When you install ssh, you run some scripts to generate keys for
users and hosts, and to collect keys from known hosts on your network.
Ideally, users can alias rlogin to ssh or
slogin and never notice the encryption mechanism at work.

When creating a login connection, ssh authenticates the client and
server using public key encryption, eliminating spoofing attacks. The
handshaking can use a variety of authentication mechanisms, with or
without additional passwords. Once the two sides have verified their
identities, a channel is created using one of several encryption
methods, including DES, triple DES, IDEA (considered stronger than
DES), and the RC4 streaming cipher. To eliminate attacks stemming from
key transmission over the network, ssh uses something of a
double-secret double-check. Client and server systems compute something
called an encrypted message digest 5 format (MD5) checksum on
a value generated on the server side. The checksum is exchanged, with
the belief that only the correct key combinations could generate the
correct MD5 checksums. While this isn't completely secure, it does
eliminate problems stemming from key exchange over an unencrypted
channel. You can find complete details of the session-key generation
and key exchange in the RFC included in the ssh distribution and also
available from your favorite RFC depot as
draft-ylonen-ssh-protocol-00.txt

While you can visit the general distribution site for ssh (ftp://ftp.cs.hut.fi/pub/ssh),
you may have better results with one of the mirrors,
including one at Ohio State University.
There is a wealth of information available for exploration, starting with
the ssh home page.
A
FAQ document
was recently created, and will be posted to
comp.security.misc
and
comp.security.unix.
The FAQ includes URLs for all of the ftp mirror sites.

Twisty little passages, all the same

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness