SSH Tricks
Matthew G. Marsh
SSH Tricks
Slide 1
Overview
 SSH
– What is it
– How does it work
 Discussion of Network Topology
– Tricks for multiple hosts
– Keys and config files
– MultiHop tricks
 Q&A
SSH Tricks
Slide 2
SSH
 What is it
– Secure Shell was developed to solve the two most
acute problems in the Internet, secure remote terminal
logins and secure file transfers.
– Essentially an encrypted Remote Utilities replacement
 How does it work
– Set up and generation of an encrypted TCP
connection
– Authentication can be Password or PubPriv key
• Yes there are others but that is where the cracks are…
– Arbitrary TCP ports - WKP = 22
 In this session we will concentrate on SSH1 using
key based authentication
SSH Tricks
Slide 3
Simple Examples
 Two hosts
– 1 has a sshd running on WKP
– 2 has a client
root@2: ssh 1
root@1’s password:
#
 This allows root to login remotely using a
password - BAD!
 Better is to define: ‘PermitRootLogin no’ in the
sshd_config file
SSH Tricks
Slide 4
Simple Examples
 Two hosts - preshared key
– 1 has a sshd running on WKP
– 2 has a client
tech@2: ssh 1
tech@2$
 The way to set this up is as follows:
tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”
tech@2$ scp .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys
tech@1’s password:
tech@2$ cat > .ssh/config
Host 1
User tech
Protocol 1
IdentityFile /home/tech/.ssh/key4mac1
Hostname 10.1.2.1
^D
SSH Tricks
Slide 5
A wee bit less Simple Examples
 Two hosts - preshared key
– 1 has a sshd running on port 17
– 2 has a client
tech@2: ssh 1
tech@2$
 The way to set this up is as follows:
tech@2$ ssh-keygen -t rsa1 -f /home/tech/.ssh/key4mac1 -N “”
tech@2$ scp -P17 .ssh/key4mac1.pub tech@1:~/.ssh/authorized_keys
tech@1’s password:
tech@2$ cat > .ssh/config
Host 1
User tech
Port 17
Protocol 1
IdentityFile /home/tech/.ssh/key4mac1
Hostname 10.1.2.1
^D
SSH Tricks
Slide 6
A wee bit less Simple Examples
 Three hosts - Assume: preshared keys
– 1 has sshd running on port 17
– 2 has sshd running on port 27
tech@3: ssh 2 ‘ssh 1’
tech@1$
 The way to set this up is as follows:
tech@3$ cat > .ssh/config
Host 2
User tech
Port 27
Protocol 1
IdentityFile /home/tech/.ssh/key4mac2
Hostname 10.1.2.2
^D
 Note you may need ssh -t 2 ‘ssh -t 1’ ...
SSH Tricks
Slide 7
AN4SCD
 Buy a copy of “SSH” by Daniel J. Barrett &
Richard E. Silverman pub. O’Reilly (ISBN: 0-59600011-1)
 Read it
 I use openssl 0.9.7c with openssh 2.9.9p2-PS2.4.18
 I do not use any other version of SSH
 I use Protocol 1 on purpose
 I use TCP Wrappers w/ IPv6 extensions
 I keep tight controls using TCP Wrappers
SSH Tricks
Slide 8
AN4SCD - 2
 Static Compile methods
Get the latest openssl
1. Compile it static with the /usr/static directory target
./config --openssldir=/usr/static --prefix=/usr/static no-shared
2. Get openssh-2.9.9p2-PS2.4.18 http://www.paksecured.com
./configure --prefix=/usr/static --with-ssl-dir=/usr/static --with-ipaddrdisplay --with-ipv4-default –with-tcp-wrappers
compile it and install
Edit the sshd config file
Make sure you also change the paths for the keys!!
SSH Tricks
Slide 9
AN4SCD – sshd_config
Port 17
Protocol 1
ListenAddress 192.168.1.1
HostKey /usr/static//etc/ssh_host_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
SSH Tricks
Slide 10
Fun Examples - 1
 Using commands attached to keys
– On the server define a command in the
authorized_keys file associated with a key
– Format is “command=“my/command/string”…key
data…
EX:
command=“/bin/ls -al /logs”ABCDEF1234567
Then ssh with the appropriate key will only allow
you to execute this command.
Note that this is per key so…
SSH Tricks
Slide 11
Fun Examples – 1A
 Each connection performs a different function:
command=“/bin/tar –C /var –zc logs/”1024 35
1401127197419957603963992310744541309544383747259734516089771188967767458939385504290
6266397233675535209345620851916409713765178056035743236657401456397953787690189347836
3907211327813169574947477644423751539165732401392118051347844589891126078421590846523
123481112885029800203382369752603047612281250015390957 [email protected]
command=“/bin/tar –C / –zc etc/”1024 35
2201127197419957603963992310744541309544383747259734516089771188967767458939385504290
6266393132085191640971376517805603723367553169905743236657401456397953787690189347836
3907211327813169574947477644423751539165732401392118051347844589891126078421590846523
123481112885029800203382369752603047612281250015390957 [email protected]
command=“/bin/tar –C /home –zc mgm/mail/”1024 35
2301127197419957603963992310744541309544383747259734516089771188967767458939385504290
6266397233675531699031320980020338236975260308519164097137651780560357432366574014563
9795378769018934783639072113278131695749474776444237515391657324013921180513478445898
911260784215908465231234811128850247612281250015390957 [email protected]
 First one is keytar1
 Second one is keytar2
 Third one is keytar3
SSH Tricks
Slide 12
Fun Examples – 1B
 Assuming we have setup the config file then:
ssh 1 | tar –zxv
Will generate a copy including timestamps and
permissions of the logs/ directory
ssh 2 | tar –zxv
Will generate a backup copy of our remote etc/
directory (assuming we have permission…)
SSH Tricks
Slide 13
Fun Examples - 2
 MultiBounce Sessions
– Using the three hosts example from earlier
 Consider:
ssh 1 ‘ssh 2 /bin/tar -C /home -zc myhomedir/’ | tar -zxv
ssh 1 ‘ssh 2 “ssh 3 /bin/tar -C /home -zc myhomedir/”’ | tar -zxv
Note that there are limits…
SSH Tricks
Slide 14
Q&A
SSH Tricks
Slide 15
This is The
SSH Tricks
Slide 16