TELNET and SSH by MUSTAFA SAKHAI
-
Upload
mustafa-sakhai -
Category
Education
-
view
355 -
download
6
Transcript of TELNET and SSH by MUSTAFA SAKHAI
![Page 1: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/1.jpg)
TELNETSSH
MUSTAFA SAKHAI7 77 .m ks @gmail com
Poznan University of Technology
![Page 2: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/2.jpg)
1 .TELNET (Terminal Network)• TELNET is an abbreviation for TErminaL NETwork.• Is an application layer protocol used on the internet or local
area networks, enables the establishment of a connection to a remote system in such a way that the local terminal appears to be a terminal at the remote system.• It is the standard TCP/IP protocol for virtual terminal service
![Page 3: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/3.jpg)
Topics to be Discussed
• Understand how TELNET works• Understand the role of NVT in a TELNET communication• Understand TELNET option and sub-option negotiation• Know how control characters are used• Know the TELNET modes of operation• Why TELNET unsecure!
![Page 4: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/4.jpg)
TELNET is a general-purpose client-server application program
![Page 5: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/5.jpg)
Network Diagram
![Page 6: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/6.jpg)
Figure 1.1 Local Login
![Page 7: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/7.jpg)
Figure 1.2 Remote Login
![Page 8: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/8.jpg)
Network Virtual Terminal (NVT)• Is a universal interface, The TELNET client translates characters (data
or commands) that come from the local terminal into NVT form and delivers them to the network. The TELNET server translates data and commands from NVT form into the form acceptable by the remote computer. Figure 1.3 concept of NVT
![Page 9: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/9.jpg)
NVT uses two sets of characters, one for data and one for control. Both are 8-bits.
Figure 1.5 format of data and control characters
![Page 10: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/10.jpg)
Table 1.1 some of NVT control characters
![Page 11: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/11.jpg)
Mode of OperationsI. Default ModeII. Character ModeIII. Line Mode
![Page 12: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/12.jpg)
Default Mode
• In this example, we use the default mode to show the concept
and its deficiencies even though it is almost obsolete today.
• The client and the server negotiate the terminal type and
terminal speed and then the server checks the login and
password of the user (see figure 1.6).
![Page 13: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/13.jpg)
Figure 1.6
![Page 14: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/14.jpg)
Character Mode•We show how the client switches to the character mode. This requires that the client request the server to enable the SUPPRESS GO AHEAD and ECHO options (seeFigure 1.7).
![Page 15: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/15.jpg)
Figure 1.7
![Page 16: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/16.jpg)
Line Mode
• It’s proposed to compensate for the deficiencies of default mode and character mode• In this line (echoing) in done by the client, then the
client sends the whole line to the server
![Page 17: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/17.jpg)
Why TELNET Unsecure?!TELNET suffers from security problems. TELNET requires a login
name and password (when exchanging text). A microcomputer connected to a broadcast LAN can easily spy using snooper software to capture a login name and the corresponding password (even if it is encrypted).!!
It’s Big problemLet’s see how to hacking ;)
![Page 18: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/18.jpg)
Use ping to check the connection
Figure 1.8
![Page 19: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/19.jpg)
Using Wireshark to capture data from LAN port
Figure 1.9
![Page 20: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/20.jpg)
Figure 1.10
![Page 21: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/21.jpg)
Surprise!!!
![Page 22: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/22.jpg)
2. SSH• Is a protocol for secure remote login and other secure
network services over an unsecure network.• Secure channel between two computers• Provides data confidentiality and integrity
•Many uses other than remote shell
![Page 23: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/23.jpg)
Topics to be Discussed
• History• SSH components• Why using SSH?• SSH security features• SSH Authentication Methods• Port forwarding
![Page 24: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/24.jpg)
History• SSH-1 designed in 1995 by Tatu Ylönen• In response to a password-sniffing attack• Replacement for rlogin, telnet, and rsh• Released as freeware in July 1995
• SSH-2 designed in 1996• Incompatible with SSH-1• Security and feature improvements
• Open source implementations (OSSH and OpenSSH) created in 1999• OSSH is now obsolete• OpenSSH is the most popular SSH implementation as of 2005
![Page 25: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/25.jpg)
SSH Components•Transport Layer Protocol•Provides server authentication, confidentiality, and
integrity•User Authentication Protocol•Authenticates the client-side user to the server
•Connection Protocol•Multiplexes the tunnel into logical channels
![Page 26: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/26.jpg)
SSH Components
Figure 2.1
![Page 27: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/27.jpg)
SSH TLP-Overview
![Page 28: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/28.jpg)
SSH UAP-Overview
![Page 29: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/29.jpg)
Why using SSH?•SSH can handle secure remote logins (SSH)•SSH can handle secure file copy (SCP)•SSH can even drive secure FTP (sFTP)
![Page 30: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/30.jpg)
SSH security features• strong algorithms• uses well established strong algorithms for encryption, integrity, key
exchange, and public key management
• large key size• requires encryption to be used with at least 128 bit keys• supports larger keys too
• algorithm negotiation• encryption, integrity, key exchange, and public key algorithms are negotiated• it is easy to switch to some other algorithm without modifying the base
protocol
![Page 31: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/31.jpg)
SSH Authentication Methods
I. PasswordII. Public/Private Key pairIII. Host-Based Authentication
![Page 32: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/32.jpg)
Prompts for password
![Page 33: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/33.jpg)
Public/Private key pair
![Page 34: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/34.jpg)
Host-Based Authentication
•Doesn’t require (Password or key)•Provide trust based on hostname and user ID•User ID on both system has to be the same
![Page 35: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/35.jpg)
Port Forwarding
![Page 36: TELNET and SSH by MUSTAFA SAKHAI](https://reader036.fdocuments.us/reader036/viewer/2022081420/587ab87a1a28abc0478b4e89/html5/thumbnails/36.jpg)
Sharing your tunnel