Scribd
Upload
18 views14 pages

Presented By: Sailesh Shrestha: 12 December 2024, Thrusday

The document provides an overview of SSH (Secure Shell), detailing its functionalities such as authenticated and encrypted access to remote hosts, and its use as a transport protocol for various applications. It discusses two authentication methods: password authentication, which is simple but vulnerable to attacks, and key-based authentication, which enhances security through the use of public and private keys. The document concludes with contact information for follow-ups.

Uploaded by

chandra.shekhar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views14 pages

Presented By: Sailesh Shrestha: 12 December 2024, Thrusday

The document provides an overview of SSH (Secure Shell), detailing its functionalities such as authenticated and encrypted access to remote hosts, and its use as a transport protocol for various applications. It discusses two authentication methods: password authentication, which is simple but vulnerable to attacks, and key-based authentication, which enhances security through the use of public and private keys. The document concludes with contact information for follow-ups.

Uploaded by

chandra.shekhar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Presented By: Sailesh Shrestha

12 December 2024, Thrusday


What is SSH (Secure Shell) ?
SSH Protocol Stack
Secure Shell
● Provides authenticated and encrypted shell access to
a remote host
● It’s not only a secure shell; it is much more
– Transport protocol (eg. scp, sftp, git, svn, rsync)

– Connection forwarder/SSH tunnels. You can use it to build


custom tunnels.
Things that SSH can be used for …
3 Layers of SSH Protocol
What is SSH typically used for ?
SSH with password authentication
• The user makes an initial TCP connection and sends a username.

• The ssh daemon on the server responds with a prompt for password,
and access to the system has not yet been granted in any way.

• The ssh client prompts the user for a password, which is relayed
through the encrypted connection to the server where it is compared
against the local user base.

• If the user's password matches the local credential, access to the


system is granted and a two-way communications path is established,
usually to a login shell.
Cons password authentication
● Password Authentication is simple to set up - usually the default - and
is easy.

● Allows brute-force password guessing. Prune to attacks.

● Passwords must be remembered and entered separately on every


login.
SSH Key Based Authentication
● User creates a pair of public and private keys.

● The public key - nonsensitive information.

● The private key - is protected on the local machine by a strong


passphrase.

● Installs the public key in his $HOME/.ssh/authorized_keys file on the


target server.

● This key must be installed on the target system - one time.


SSH Key Based Authentication
1. The user makes an initial connection and sends a username along with a
request to use a key.
2. The ssh daemon on the server looks in the user's authorized_keys file,
constructs a challenge based on the public key found there, and sends this
challenge back to the user's ssh client.
3. The ssh client receives the key challenge. It finds the user's private key on the
local system, but it's protected by an encrypting passphrase.
4. The user is prompted for the passphrase to unlock the private key.
5. ssh uses the private key to construct a key response, and sends it to the
waiting sshd on the other end of the connection. It does not send the
private key itself!
6. sshd validates the key response, and if valid, grants access to the system.
Password vs Passphrase
Q&A ?

Contact information for follow-ups


email: saileshrestha@gmail.com
Thank You !!!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy