Upload
kshitij-pawar
View
216
Download
0
Embed Size (px)
Citation preview
8/3/2019 Exp5 Ssh Key Management
1/2
Experiment No:
Aim:
To study Key management in ssh
Theory:
Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or
command execution and other secure network services between two networked computers that it
connects via a secure channel over an insecure network. The protocol specification distinguishes two
major versions that are referred to as SSH-1 and SSH-2.
The best-known application of the protocol is for access to shell accounts on Unix-like operating
systems. It was designed as a replacement for Telnet and other insecure remote shell protocols such as
the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext,
rendering them susceptible to interception and disclosure using packet analysis. The encryption usedby SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as
the Internet.
The manual page of ssh describes it as follows.
ssh (SSH client) is a program for logging into a remote machine and for
executing commands on a remote machine. It is intended to replace rlogin
and rsh, and provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and arbitrary
TCP ports can also be forwarded over the secure channel.
ssh connects and logs into the specified hostname (with optional user
name). The user must prove his/her identity to the remote machine usingone of several methods depending on the protocol version used (see
below).
If command is specified, it is executed on the remote host instead of a
login shell.
Key Management
On Unix-like systems, the list of authorized keys is stored in the home folder of the user that is
allowed to log in remotely, in the file ~/.ssh/authorized_keys. This file is only respected by ssh if it isnot writable by anything apart from the owner. When the public key is present on one side and the
matching private key is present on another side, typing in the password is no longer required (some
software like MPI stack may need this passwordless access to run properly). However for additional
security the private key itself can be locked with a passphrase.
8/3/2019 Exp5 Ssh Key Management
2/2
The private key can also be looked for in standard places but the full path to it can also be specified as
a command line setting (the switch -i for ssh). The ssh-keygen utility produces the public and private
key, always in pairs.
SSH also supports password based authentication that is still encrypted by automatically generated
keys. In this case the attacker could imitate the legitimate side, ask for the password and obtain it
(man-in-the-middle attack). However this is only possible if the two sides have never authenticated
before as SSH remembers the key that the remote side once used. Password authentication can be
disabled.
Output: