7COM1012 Report: Secure Shell Protocol, Authentication, and Security
VerifiedAdded on 2022/08/27
|26
|4529
|13
Report
AI Summary
This report provides a comprehensive analysis of the Secure Shell (SSH) protocol, examining its role in network security and remote access. The report begins with an introduction to SSH, followed by a review of its history and literature. It then delves into the core functionalities of SSH, including its working mechanism, authentication methods, and security features such as encryption and data integrity. The report also explores the scope and limitations of SSH, including user authentication, password authentication, and the prevention of IP source routing and DNS spoofing. Furthermore, it details the methods used in SSH, such as its major components and controls over access and port forwarding. An experiment section analyzes the evolution of SSH, including the advantages of SSH key authentication and the generation of SSH keys. The report concludes with a summary of the key findings and the importance of SSH in securing network communications. This document is a student's assignment and is available on Desklib, a platform offering AI-based study tools.
Running head: SECURE SHELL
Secure Shell
Name of the Student
Name of the University
Author Note
Secure Shell
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SECURE SHELL
Abstract
Secure Shell offers Associate gives the open protocol customer/server arrangements provides
command shell, document move along with administration of data burrowing for the applications
of TCP/IP. Encryption, data integrity and secure authentication is provided by the connections of
SSH for battling with the dangers related with elective security and watchword stealing in an
amazing manner. This particular discipline of engineering along with the assistance of the
respective layers of it which are inbuilt. In addition to this, those layers which are inbuilt within
it are independent of each other. Integrity, confidentiality and client authentication is provided by
it. It provides with end-to-end delivery which is connection – oriented and encoded burrow are
multiplexed into several coherent channels. The datagram gets delivered over multiple systems
by it which might provide compression alternatively.
Abstract
Secure Shell offers Associate gives the open protocol customer/server arrangements provides
command shell, document move along with administration of data burrowing for the applications
of TCP/IP. Encryption, data integrity and secure authentication is provided by the connections of
SSH for battling with the dangers related with elective security and watchword stealing in an
amazing manner. This particular discipline of engineering along with the assistance of the
respective layers of it which are inbuilt. In addition to this, those layers which are inbuilt within
it are independent of each other. Integrity, confidentiality and client authentication is provided by
it. It provides with end-to-end delivery which is connection – oriented and encoded burrow are
multiplexed into several coherent channels. The datagram gets delivered over multiple systems
by it which might provide compression alternatively.
SECURE SHELL
Table of Contents
1. INTRODUCTION...................................................................................................................5
2. HISTORY AND LITERATURE REVIEW............................................................................6
2.1. Working of SSH................................................................................................................7
2.2. Scope and limitations........................................................................................................8
2.2.1. User-Authentication...................................................................................................8
2.2.3. Prevents IP source routing.........................................................................................9
2.2.4. Keeps the users safe from DNS Spoofing.................................................................9
2.2.5. Data manipulation through the network at networks could not be done...................9
2.2.6. Spoofing of IP address...............................................................................................9
2.2.7. Easy management of a dedicated server remotely...................................................10
3. METHODS............................................................................................................................10
3.2 Need for SSH.......................................................................................................................11
3.3 Major components of SSH...................................................................................................11
3.5.4. Controls over Access...................................................................................................14
3.5.5. Forwarding in ports......................................................................................................15
3.5.6. Secure and remote execution of commands................................................................15
4. EXPERIMENT: ANALYSIS AND EVOLUTION..............................................................16
5. Development of SSH.............................................................................................................23
5.2. Advantages of SSH Key Authentication............................................................................24
Table of Contents
1. INTRODUCTION...................................................................................................................5
2. HISTORY AND LITERATURE REVIEW............................................................................6
2.1. Working of SSH................................................................................................................7
2.2. Scope and limitations........................................................................................................8
2.2.1. User-Authentication...................................................................................................8
2.2.3. Prevents IP source routing.........................................................................................9
2.2.4. Keeps the users safe from DNS Spoofing.................................................................9
2.2.5. Data manipulation through the network at networks could not be done...................9
2.2.6. Spoofing of IP address...............................................................................................9
2.2.7. Easy management of a dedicated server remotely...................................................10
3. METHODS............................................................................................................................10
3.2 Need for SSH.......................................................................................................................11
3.3 Major components of SSH...................................................................................................11
3.5.4. Controls over Access...................................................................................................14
3.5.5. Forwarding in ports......................................................................................................15
3.5.6. Secure and remote execution of commands................................................................15
4. EXPERIMENT: ANALYSIS AND EVOLUTION..............................................................16
5. Development of SSH.............................................................................................................23
5.2. Advantages of SSH Key Authentication............................................................................24
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
SECURE SHELL
5.3. Generation of SSH keys......................................................................................................25
5.4. SSH Key Access.................................................................................................................25
6. CONCLUSION..........................................................................................................................25
5.3. Generation of SSH keys......................................................................................................25
5.4. SSH Key Access.................................................................................................................25
6. CONCLUSION..........................................................................................................................25
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SECURE SHELL
1. INTRODUCTION
As internet access turns out to be increasingly available and economical, it has additionally
turned out to be a feasible replacement for fax, telephone and traditional couriers along with the
accessibility of the remote dial-ups to the internal electronics assets of the company. Probably,
the greatest challenge in utilization of the internet for replacing the traditional communications in
a progressive manner is a security. Previously, various kinds of companies have tried to maintain
their respective modern bank accessibility of dial-up to the assets of the company. They have
tried to maintain it with the aim of not transmitting of the critical data with the utilization of
public network (Barrett et al. 2001). On the other hand, modern banks are expensive to maintain
and also do not scale up. The charges of long-distances for the warrior alone are enough for
making up of this expensive arrangement in the large companies. Secure Shell is basically a
protocol which is accountable for providing data integrity, encryption and authentication for
securing the connections of network.
Several kinds of accompanying categories like that of a secure record transfer, a secure
command shell along with remote access of various application of TCP/IP through a secured
passage is offered by the implementation of the Secure Shell. Both the customers of the Secure
Shell along with the applications of the server are widely present for most of the popular
frameworks which are utilized for operation.
There are numerous procedures for utilizing SSH. One of the procedure comprises of utilization
of the pairs of private-public key which gets generated in an automatic manner. This is utilized
for the encryption of the connection of the network along with the utilization of password
1. INTRODUCTION
As internet access turns out to be increasingly available and economical, it has additionally
turned out to be a feasible replacement for fax, telephone and traditional couriers along with the
accessibility of the remote dial-ups to the internal electronics assets of the company. Probably,
the greatest challenge in utilization of the internet for replacing the traditional communications in
a progressive manner is a security. Previously, various kinds of companies have tried to maintain
their respective modern bank accessibility of dial-up to the assets of the company. They have
tried to maintain it with the aim of not transmitting of the critical data with the utilization of
public network (Barrett et al. 2001). On the other hand, modern banks are expensive to maintain
and also do not scale up. The charges of long-distances for the warrior alone are enough for
making up of this expensive arrangement in the large companies. Secure Shell is basically a
protocol which is accountable for providing data integrity, encryption and authentication for
securing the connections of network.
Several kinds of accompanying categories like that of a secure record transfer, a secure
command shell along with remote access of various application of TCP/IP through a secured
passage is offered by the implementation of the Secure Shell. Both the customers of the Secure
Shell along with the applications of the server are widely present for most of the popular
frameworks which are utilized for operation.
There are numerous procedures for utilizing SSH. One of the procedure comprises of utilization
of the pairs of private-public key which gets generated in an automatic manner. This is utilized
for the encryption of the connection of the network along with the utilization of password
SECURE SHELL
authentication for signing on. The other procedure of the utilization of SSH involves the
utilization of the pairs of the public-private key which gets generated manually. This is utilized
for playing out of the authentication by allowing the clients for signing in without the occurrence
of the determination of the passwords. In this context, a matching pair of several keys could be
created by anyone. The pairs of keys which would be created could be both private and public as
well. The public key gets placed on all the personal computers which allow the accessibility of
the proprietor for matching of the private key during the proprietor remains discrete.
The real authentication occurs on the basis of the private key as the key itself never gets
transferred via the network at the time of authentication. It is confirmed by SSH that whether or
not the private key is owned by the same individual possessing the public key. It is important to
have the confirmation that all the public keys along with the several associated public keys are
obscure with the private key personalities. It should be confirmed before the acceptance of them
that they are valid or not. The reason behind this is that an unauthorized attacker could get
authorized in the form of a valid client if the validation of the public key does not get validated.
2. HISTORY AND LITERATURE REVIEW
A steady improvement as well as increment in the adoption has been witnessed by Secure Shell
since 1995. The initial variant of the Secure Shell which is SSH1 was planned for replacing of
UNIX “r-command” like that of rsh, rcp and rlogin etc. which is not very secure naturally. The
second version of Secure Shell was submitted in the form of IETF draft in the year 1997. This
authentication for signing on. The other procedure of the utilization of SSH involves the
utilization of the pairs of the public-private key which gets generated manually. This is utilized
for playing out of the authentication by allowing the clients for signing in without the occurrence
of the determination of the passwords. In this context, a matching pair of several keys could be
created by anyone. The pairs of keys which would be created could be both private and public as
well. The public key gets placed on all the personal computers which allow the accessibility of
the proprietor for matching of the private key during the proprietor remains discrete.
The real authentication occurs on the basis of the private key as the key itself never gets
transferred via the network at the time of authentication. It is confirmed by SSH that whether or
not the private key is owned by the same individual possessing the public key. It is important to
have the confirmation that all the public keys along with the several associated public keys are
obscure with the private key personalities. It should be confirmed before the acceptance of them
that they are valid or not. The reason behind this is that an unauthorized attacker could get
authorized in the form of a valid client if the validation of the public key does not get validated.
2. HISTORY AND LITERATURE REVIEW
A steady improvement as well as increment in the adoption has been witnessed by Secure Shell
since 1995. The initial variant of the Secure Shell which is SSH1 was planned for replacing of
UNIX “r-command” like that of rsh, rcp and rlogin etc. which is not very secure naturally. The
second version of Secure Shell was submitted in the form of IETF draft in the year 1997. This
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
SECURE SHELL
help in addressing of the part of certain severe vulnerabilities within SSH1. This also helps in
providing the arrangement of record transfer in an improved manner. This particular
improvement in the popularity has already been enlivened by the wider availability of the
applications of server and clients which are supported and were created on a commercial basis.
The applications of server and client were created for UNIX, Windows and several other
platforms. This also included the endeavours of the tasks of the open SSH for building up of the
implementation of the open-source.
2.1. Working of SSH
It gets executed by the verification and exchange of the information by the utilization of both
private and public keys for differentiating between users and hosts. It provides the encryption of
the resulting communication by the utilization of the cryptography of private/public key. Client
gets suggested to any PC or any workstation which the client has already signed in. For example,
this comprises of the respective workstation of the users or gathering of the workstation which
provides the management of the XDM sessions to several other X terminals. The term “severs”
indicates towards a secondary workstation which is remote and are wished by the clients for
singing in for doing some kind of work (Garimella and Kumar 2015). Various examples of this
comprises of a server of login session. The client forms the place where the “rcp document
server: “new file” or “rlogin server” is typed in. On the other hand, server forms the place where
the other session of login is received by the users. The duplicating records or the brief of the
shell is also received by the users in this particular place. A personality could be generated by
the users in the client systems by the procedure of running of the program of ssh-keygen. A
subdirectory known as $HOME/.ssh is created by this type of programs. This is responsible for
help in addressing of the part of certain severe vulnerabilities within SSH1. This also helps in
providing the arrangement of record transfer in an improved manner. This particular
improvement in the popularity has already been enlivened by the wider availability of the
applications of server and clients which are supported and were created on a commercial basis.
The applications of server and client were created for UNIX, Windows and several other
platforms. This also included the endeavours of the tasks of the open SSH for building up of the
implementation of the open-source.
2.1. Working of SSH
It gets executed by the verification and exchange of the information by the utilization of both
private and public keys for differentiating between users and hosts. It provides the encryption of
the resulting communication by the utilization of the cryptography of private/public key. Client
gets suggested to any PC or any workstation which the client has already signed in. For example,
this comprises of the respective workstation of the users or gathering of the workstation which
provides the management of the XDM sessions to several other X terminals. The term “severs”
indicates towards a secondary workstation which is remote and are wished by the clients for
singing in for doing some kind of work (Garimella and Kumar 2015). Various examples of this
comprises of a server of login session. The client forms the place where the “rcp document
server: “new file” or “rlogin server” is typed in. On the other hand, server forms the place where
the other session of login is received by the users. The duplicating records or the brief of the
shell is also received by the users in this particular place. A personality could be generated by
the users in the client systems by the procedure of running of the program of ssh-keygen. A
subdirectory known as $HOME/.ssh is created by this type of programs. This is responsible for
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SECURE SHELL
embedding in two records which are named by the character along with identity.pub which
comprises of the private and public of the users for the account of the users on the client system.
The record of the latter then gets appended into a document named as $HOME/.ssh/authorized
keys which remains present on all of the servers where the SSH connections would be made. A
private and a public key is generated by the system administrator for the system. With the
utilization of the contained information within the system, the possibility of spoofing of the
character of the system by the process of faking of IP addresses or robbing up of the DNS
records by which the domain names and IP address gets associated gets expelled.
2.2. Scope and limitations
2.2.1. User-Authentication
Authentication is the medium by which any system could confirm that accessibility is just
provided to the authorized users and are denied to the unauthorized users. The secure
implementation of Secure Shell involves the incorporation of several authentication strategies
of public key and password. The advanced strategies of authentication are allowed by the
adaptability of the protocol of Secure Shell to be absorbed within the system according to
their availability.
2.2.2 Password Authentication
Passwords and usernames are a particular method for the authentication a user. Protocols like
telnet showcases both username and passwords in a clear manner because the content of ASCII
are making them insecure. Be that as it may, it is made sure by the Secure Shell protocol that all
the usernames along with the passwords are encrypted before they get passed onto the network.
embedding in two records which are named by the character along with identity.pub which
comprises of the private and public of the users for the account of the users on the client system.
The record of the latter then gets appended into a document named as $HOME/.ssh/authorized
keys which remains present on all of the servers where the SSH connections would be made. A
private and a public key is generated by the system administrator for the system. With the
utilization of the contained information within the system, the possibility of spoofing of the
character of the system by the process of faking of IP addresses or robbing up of the DNS
records by which the domain names and IP address gets associated gets expelled.
2.2. Scope and limitations
2.2.1. User-Authentication
Authentication is the medium by which any system could confirm that accessibility is just
provided to the authorized users and are denied to the unauthorized users. The secure
implementation of Secure Shell involves the incorporation of several authentication strategies
of public key and password. The advanced strategies of authentication are allowed by the
adaptability of the protocol of Secure Shell to be absorbed within the system according to
their availability.
2.2.2 Password Authentication
Passwords and usernames are a particular method for the authentication a user. Protocols like
telnet showcases both username and passwords in a clear manner because the content of ASCII
are making them insecure. Be that as it may, it is made sure by the Secure Shell protocol that all
the usernames along with the passwords are encrypted before they get passed onto the network.
SECURE SHELL
The mechanism of the authentication of the username and password expect eavesdropping by the
attackers by whom the important data could be trapped.
2.2.3. Prevents IP source routing
Source routing is basically utilized for several good purposes like alteration of the network signal
path in the event that it gets failed originally, it could also be utilized by the malicious users for
making the machine think that it is communicating with the alternate one. The malicious
utilization of the routing of the IP source could be avoided by the utilization of secure shell.
2.2.4. Keeps the users safe from DNS Spoofing
In this type of hacking attack, data gets embedded within the Domain Name System name in the
cache database of the server. This enables the name server in restoring an incorrect IP address
such that it could redirect the traffic to the other way. This takes place form the PC of the
attacker and from that place important information could be obtained. The possibilities of IP
address redirection becomes less with the utilization of encryption of the secure shell.
2.2.5. Data manipulation through the network at networks could not be
done
Data could be changed or obtained by the attacker through the course of the network at the
intermediaries. This is frequently performed at the routers where data enters a checkpoint or
gateway during its transit to its respective destination. Data appears in the form of random
characters as it is encrypted. For this purpose, data tracking by the gate crashers would become
troublesome.
The mechanism of the authentication of the username and password expect eavesdropping by the
attackers by whom the important data could be trapped.
2.2.3. Prevents IP source routing
Source routing is basically utilized for several good purposes like alteration of the network signal
path in the event that it gets failed originally, it could also be utilized by the malicious users for
making the machine think that it is communicating with the alternate one. The malicious
utilization of the routing of the IP source could be avoided by the utilization of secure shell.
2.2.4. Keeps the users safe from DNS Spoofing
In this type of hacking attack, data gets embedded within the Domain Name System name in the
cache database of the server. This enables the name server in restoring an incorrect IP address
such that it could redirect the traffic to the other way. This takes place form the PC of the
attacker and from that place important information could be obtained. The possibilities of IP
address redirection becomes less with the utilization of encryption of the secure shell.
2.2.5. Data manipulation through the network at networks could not be
done
Data could be changed or obtained by the attacker through the course of the network at the
intermediaries. This is frequently performed at the routers where data enters a checkpoint or
gateway during its transit to its respective destination. Data appears in the form of random
characters as it is encrypted. For this purpose, data tracking by the gate crashers would become
troublesome.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
SECURE SHELL
2.2.6. Spoofing of IP address
IP spoofing is that where packets are created with a produced IP address of the source by the
malicious users. So, the location and personality of the PC remains a mystery and this appears to
be the other PC which in turn is trusted by the recipients. The data packets are kept by the public
key from being forwarded to a destination which is off- base despite the fashionable packets.
2.2.7. Easy management of a dedicated server remotely
The users could manage the monitoring of logs, remote dedicated server, manipulate databases,
stop and start the benefits and install several applications with the utilization of SSH. Normal
UNIX commands are perceived by SSH which could be utilized for login in the form of root for
the full administration of the system as it is the most secured and reliable method for managing
the server.
2.2.8 Limitations
2. No forwarding of dynamic ports and port ranges.
3. The forwarding of the ports could not be limited for every user. The RSA character of the
client is not checked against the known hosts of SSH when the users obtains authentication
by the password.
4. Lower level of performance on the old machines.
5. The defaults of the conveyances of standard SSH1 incorporates a clear alternative of the
book or those patented algorithms.
6. Prohibition of the licensing of the original source.
2.2.6. Spoofing of IP address
IP spoofing is that where packets are created with a produced IP address of the source by the
malicious users. So, the location and personality of the PC remains a mystery and this appears to
be the other PC which in turn is trusted by the recipients. The data packets are kept by the public
key from being forwarded to a destination which is off- base despite the fashionable packets.
2.2.7. Easy management of a dedicated server remotely
The users could manage the monitoring of logs, remote dedicated server, manipulate databases,
stop and start the benefits and install several applications with the utilization of SSH. Normal
UNIX commands are perceived by SSH which could be utilized for login in the form of root for
the full administration of the system as it is the most secured and reliable method for managing
the server.
2.2.8 Limitations
2. No forwarding of dynamic ports and port ranges.
3. The forwarding of the ports could not be limited for every user. The RSA character of the
client is not checked against the known hosts of SSH when the users obtains authentication
by the password.
4. Lower level of performance on the old machines.
5. The defaults of the conveyances of standard SSH1 incorporates a clear alternative of the
book or those patented algorithms.
6. Prohibition of the licensing of the original source.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SECURE SHELL
3. METHODS
3.1 Overview
SSH Secure Shell is a command interface which is based on UNIX. It is a protocol of
cryptographic network which is utilized for ensuring data in transmission among the gadgets.
This gadget provides with solid authentication and a secure channel gets established over a
network which is insecure.
3.2 Need for SSH
The development of internet led to increment in the number of threats which comprises of
connection hijacking, DNS spoofing, network monitoring and denial of the attacks of
administration. The transfer of the documents along with remote execution of the command and
remote logins became conceivable with the support of the several protocols like telnet, tcp and
ftp as well. It becomes easy for the gate crasher in reading and blocking the data.
3.3 Major components of SSH
Data integrity, data confidentiality, server authentication is provided by transport layer protocol
which might optionally provide compression. The user authentication protocol helps the user in
authenticating the users to the respective server. The connection protocol helps in multiplexing
of numerous communication channels which are logical over the hidden connection of the
connection of SSH.
3.3.1. Transport Layer Protocol
3. METHODS
3.1 Overview
SSH Secure Shell is a command interface which is based on UNIX. It is a protocol of
cryptographic network which is utilized for ensuring data in transmission among the gadgets.
This gadget provides with solid authentication and a secure channel gets established over a
network which is insecure.
3.2 Need for SSH
The development of internet led to increment in the number of threats which comprises of
connection hijacking, DNS spoofing, network monitoring and denial of the attacks of
administration. The transfer of the documents along with remote execution of the command and
remote logins became conceivable with the support of the several protocols like telnet, tcp and
ftp as well. It becomes easy for the gate crasher in reading and blocking the data.
3.3 Major components of SSH
Data integrity, data confidentiality, server authentication is provided by transport layer protocol
which might optionally provide compression. The user authentication protocol helps the user in
authenticating the users to the respective server. The connection protocol helps in multiplexing
of numerous communication channels which are logical over the hidden connection of the
connection of SSH.
3.3.1. Transport Layer Protocol
SECURE SHELL
Authentication of a server takes place at this particular layer on the basis of the server containing
the pair of private-public key. The server contains the key which is utilized at the time of the
exchange of the key for the authentication of the host character.
3.3.2. User Authentication protocol
This particular protocol provides with a medium with which the client gets authenticated with the
server. Three types of messages are utilized by this protocol. The format of authentication
comprises of
Byte SSH_MSG_USERAUTH_REQUEST (50)
String Username
String Service name
String Method name
… Method specific fields
Byte SSH_MSG_USERAUTH_FAILURE(52)
Name-list Authentications that can continue
Boolean Partial Success
3.3.3. Connection Protocol
The connection protocol of SSH operates on the top of the Transport Layer Protocol of SSH.
The utilization of secure connection of authentication is assumed by this connection protocol.
The secure connection of authentication is utilized by this protocol for multiplexing a huge
Authentication of a server takes place at this particular layer on the basis of the server containing
the pair of private-public key. The server contains the key which is utilized at the time of the
exchange of the key for the authentication of the host character.
3.3.2. User Authentication protocol
This particular protocol provides with a medium with which the client gets authenticated with the
server. Three types of messages are utilized by this protocol. The format of authentication
comprises of
Byte SSH_MSG_USERAUTH_REQUEST (50)
String Username
String Service name
String Method name
… Method specific fields
Byte SSH_MSG_USERAUTH_FAILURE(52)
Name-list Authentications that can continue
Boolean Partial Success
3.3.3. Connection Protocol
The connection protocol of SSH operates on the top of the Transport Layer Protocol of SSH.
The utilization of secure connection of authentication is assumed by this connection protocol.
The secure connection of authentication is utilized by this protocol for multiplexing a huge
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 26
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.