Table of Contents for
SSH, The Secure Shell: The Definitive Guide, 2nd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition SSH, The Secure Shell: The Definitive Guide, 2nd Edition by Robert G. Byrnes Published by O'Reilly Media, Inc., 2005
  1. Cover
  2. SSH, the Secure Shell, 2nd Edition
  3. Preface
  4. Protect Your Network with SSH
  5. Intended Audience
  6. Reading This Book
  7. Our Approach
  8. Which Chapters Are for You?
  9. Supported Platforms
  10. Disclaimers
  11. Conventions Used in This Book
  12. Comments and Questions
  13. Safari Enabled
  14. Acknowledgments
  15. 1. Introduction to SSH
  16. What Is SSH?
  17. What SSH Is Not
  18. The SSH Protocol
  19. Overview of SSH Features
  20. History of SSH
  21. Related Technologies
  22. Summary
  23. 2. Basic Client Use
  24. A Running Example
  25. Remote Terminal Sessions with ssh
  26. Adding Complexity to the Example
  27. Authentication by Cryptographic Key
  28. The SSH Agent
  29. Connecting Without a Password or Passphrase
  30. Miscellaneous Clients
  31. Summary
  32. 3. Inside SSH
  33. Overview of Features
  34. A Cryptography Primer
  35. The Architecture of an SSH System
  36. Inside SSH-2
  37. Inside SSH-1
  38. Implementation Issues
  39. SSH and File Transfers (scp and sftp)
  40. Algorithms Used by SSH
  41. Threats SSH Can Counter
  42. Threats SSH Doesn’t Prevent
  43. Threats Caused by SSH
  44. Summary
  45. 4. Installation and Compile-Time Configuration
  46. Overview
  47. Installing OpenSSH
  48. Installing Tectia
  49. Software Inventory
  50. Replacing r-Commands with SSH
  51. Summary
  52. 5. Serverwide Configuration
  53. Running the Server
  54. Server Configuration: An Overview
  55. Getting Ready: Initial Setup
  56. Authentication: Verifying Identities
  57. Access Control: Letting People In
  58. User Logins and Accounts
  59. Forwarding
  60. Subsystems
  61. Logging and Debugging
  62. Compatibility Between SSH-1 and SSH-2 Servers
  63. Summary
  64. 6. Key Management and Agents
  65. What Is an Identity?
  66. Creating an Identity
  67. SSH Agents
  68. Multiple Identities
  69. PGP Authentication in Tectia
  70. Tectia External Keys
  71. Summary
  72. 7. Advanced Client Use
  73. How to Configure Clients
  74. Precedence
  75. Introduction to Verbose Mode
  76. Client Configuration in Depth
  77. Secure Copy with scp
  78. Secure, Interactive Copy with sftp
  79. Summary
  80. 8. Per-Account Server Configuration
  81. Limits of This Technique
  82. Public-Key-Based Configuration
  83. Hostbased Access Control
  84. The User rc File
  85. Summary
  86. 9. Port Forwarding and X Forwarding
  87. What Is Forwarding?
  88. Port Forwarding
  89. Dynamic Port Forwarding
  90. X Forwarding
  91. Forwarding Security: TCP-Wrappers and libwrap
  92. Summary
  93. 10. A Recommended Setup
  94. The Basics
  95. Compile-Time Configuration
  96. Serverwide Configuration
  97. Per-Account Configuration
  98. Key Management
  99. Client Configuration
  100. Remote Home Directories (NFS, AFS)
  101. Summary
  102. 11. Case Studies
  103. Unattended SSH: Batch or cron Jobs
  104. FTP and SSH
  105. Pine, IMAP, and SSH
  106. Connecting Through a Gateway Host
  107. Scalable Authentication for SSH
  108. Tectia Extensions to Server Configuration Files
  109. Tectia Plugins
  110. 12. Troubleshooting and FAQ
  111. Debug Messages: Your First Line of Defense
  112. Problems and Solutions
  113. Other SSH Resources
  114. 13. Overview of Other Implementations
  115. Common Features
  116. Covered Products
  117. Other SSH Products
  118. 14. OpenSSH for Windows
  119. Installation
  120. Using the SSH Clients
  121. Setting Up the SSH Server
  122. Public-Key Authentication
  123. Troubleshooting
  124. Summary
  125. 15. OpenSSH for Macintosh
  126. Using the SSH Clients
  127. Using the OpenSSH Server
  128. 16. Tectia for Windows
  129. Obtaining and Installing
  130. Basic Client Use
  131. Key Management
  132. Accession Lite
  133. Advanced Client Use
  134. Port Forwarding
  135. Connector
  136. File Transfers
  137. Command-Line Programs
  138. Troubleshooting
  139. Server
  140. 17. SecureCRT and SecureFX for Windows
  141. Obtaining and Installing
  142. Basic Client Use
  143. Key Management
  144. Advanced Client Use
  145. Forwarding
  146. Command-Line Client Programs
  147. File Transfer
  148. Troubleshooting
  149. VShell
  150. Summary
  151. 18. PuTTY for Windows
  152. Obtaining and Installing
  153. Basic Client Use
  154. File Transfer
  155. Key Management
  156. Advanced Client Use
  157. Forwarding
  158. Summary
  159. A. OpenSSH 4.0 New Features
  160. Server Features: sshd
  161. Client Features: ssh, scp, and sftp
  162. ssh-keygen
  163. B. Tectia Manpage for sshregex
  164. Regex Syntax: Egrep Patterns
  165. Regex Syntax: ZSH_FILEGLOB (or Traditional) Patterns
  166. Character Sets for Egrep and ZSH_FILEGLOB
  167. Regex Syntax: SSH Patterns
  168. Authors
  169. See Also
  170. C. Tectia Module Names for Debugging
  172. D. SSH-1 Features of OpenSSH and Tectia
  173. OpenSSH Features
  174. Tectia Features
  175. E. SSH Quick Reference
  176. Legend
  177. sshd Options
  178. sshd Keywords
  179. ssh Options
  180. scp Options
  181. ssh and scp Keywords
  182. ssh-keygen Options
  183. ssh-agent Options
  184. ssh-add Options
  185. Identity and Authorization Files, OpenSSH
  186. Identity and Authorization Files, Tectia
  187. Environment Variables
  188. Index
  189. Index
  190. Index
  191. Index
  192. Index
  193. Index
  194. Index
  195. Index
  196. Index
  197. Index
  198. Index
  199. Index
  200. Index
  201. Index
  202. Index
  203. Index
  204. Index
  205. Index
  206. Index
  207. Index
  208. Index
  209. Index
  210. Index
  211. Index
  212. Index
  213. Index
  214. About the Authors
  215. Colophon
  216. Copyright

Creating an Identity

Most SSH implementations include a program for creating key pairs. We cover ssh-keygen from OpenSSH and Tectia.

6.2.1 Generating Keys for OpenSSH

OpenSSH uses the program ssh-keygen to create key pairs. [2.4.2] Let’s go into more detail about this program for creating new keys or modifying existing keys.

6.2.1.1 Creating OpenSSH keys

When creating a new key, you must indicate the key type (DSA or RSA) using the -t flag:

    $ ssh-keygen -t dsa

You may also specify these options for creating keys:

  • The number of bits in the key, using -b; the default is 1024 bits:

        $ ssh-keygen -t dsa -b 2048

  • The name of the private-key file to be generated, using -f. The name is relative to your current directory. Recall that the public-key file is named after the private one with .pub appended.

        $ ssh-keygen -t dsa -f mykey         Creates mykey and mykey.pub

    If you omit the -f option, you are prompted for the information:

        $ ssh-keygen -t dsa
    ...
    Enter file in which to save the key (/home/barrett/.ssh/id_dsa): mykey

    The default filename for DSA keys is ~/.ssh/id_dsa, and for RSA keys it’s ~/.ssh/id_rsa.

  • The passphrase to decode the key, using -N:

        $ ssh-keygen -t dsa -N secretword

    If you omit this option, you’ll be prompted for the information:

        $ ssh-keygen -t dsa
    ...
    Enter passphrase: [nothing is echoed]
    Enter the same passphrase again: [nothing is echoed]

  • A textual comment associated with the key, using -C. If you omit this option, the comment is username@host, where username is your username and host is the local hostname:

        $ ssh-keygen ... -C "my favorite key"

Warning

Before using any option that places your passphrase on the shell command line, such as the -N or -P options of ssh-keygen, carefully consider the security implications. Because the passphrase appears on your screen, it may be visible to onlookers, and while running, it may be visible to other users viewing the machine’s process list via the ps command. In addition, if your shell creates history files of the commands you type, the passphrase is inserted into a history file where it can be read by a third party.

Also, if you think you have a good reason just to type Return and give your key no passphrase, think again. That is essentially equivalent to putting your password in a file in your home directory named MY-PASSWORD.PLEASE-STEAL-ME. If you don’t want to have to type a passphrase, the right thing to do is to use ssh-agent, hostbased authentication, or Kerberos. There are very limited circumstances having to do with unattended usage (e.g., cron jobs) where a plaintext, passphrase-less client key might be acceptable. [11.1]

If you use both -f (specify output file) and -N (specify passphrase), ssh-keygen issues no prompts. Therefore, you can automate key generation using these options (and perhaps redirecting output to /dev/null):

    $ ssh-keygen -f mykey -N secretword

You might use this technique to automate generation of a large number of keys for some purpose. Use it carefully, though, and always on a secure machine. The password on the command line is probably visible to other users on the same machine via ps or similar programs; and if you’re scripting with this technique, obviously the passphrases shouldn’t be kept in files for long.

6.2.1.2 Working with OpenSSH keys

In addition to creating keys, ssh-keygen can manipulate existing keys in the following ways:

  • Changing the passphrase of an existing key, using - p. You can specify the filename with -f and the old and new passphrases with -P and -N, respectively:

        $ ssh-keygen -t dsa -p -f mykey -P secretword -N newword
    Your identification has been saved with the new passphrase.

    But if you omit them, you are prompted:

        $ ssh-keygen -t dsa -p
    Enter file in which the key is (/home/barrett/.ssh/id_rsa): mykey
    Enter old passphrase: [nothing is echoed]
    Key has comment 'my favorite key'
    Enter new passphrase (empty for no passphrase): [nothing is echoed]
    Enter the same passphrase again:
    Your identification has been saved with the new passphrase.

    Note that this changes the passphrase but doesn’t change the key, it just re-encrypts the key with the new passphrase. So, the corresponding public-key file on remote machines doesn’t change or need to be replaced.

  • Printing the fingerprint of a given key file, with -l. See the sidebar "Key Fingerprints" for more information. The fingerprint can be calculated from the public key:

        $ ssh-keygen -l -f stevekey.pub
    1024 5c:f6:e2:15:39:14:1a:8b:4c:93:44:57:6b:c6:f4:17 steve@snailbook.com
    $ ssh-keygen -B -f stevekey.pub
    1024 xitot-larit-gumet-fyfim-sozev-vyned-cigeb-sariv-tekuk-badus-bexax
    Steve@snailbook.com

  • Printing a DNS resource record with -r, and using DNS resource record format with -g. These options produce key fingerprints in a format suitable for a BIND nameserver, for the purposes of verifying SSH host keys via the DNS. [7.4.3.2]

  • Converting between SECSH (Tectia) and OpenSSH key-storage formats, with -e, -i, and -y.

    Option

    Extract/convert from...

    To...

    -e

    OpenSSH private-key file (“export”)

    SECSH public key (Tectia format)

    -i

    SECSH public-key file (“import”)

    OpenSSH public key

    -y

    OpenSSH private-key file

    OpenSSH public key

    An OpenSSH “private” key file actually contains both the public and private keys of a pair, so the -e and -y options simply extract the public key and print it out in the desired format. Use -e to convert an OpenSSH public key for your ~/.ssh2/authorization file on a Tectia server host, and -i to do the opposite. The -y option is useful if you accidentally delete your OpenSSH public-key file and need to restore it. Tectia keys are in a format called SECSH Public Key File Format or SSH2 format, also used by other SSH implementations whose keys you may import and export.

    A function that’s missing is converting the private keys as well. This is useful if you have an OpenSSH server host on which you also want to run Tectia, and you want the two SSH servers to share a host key.

When you make changes to a key, such as its passphrase or comment, the changes are applied to the key file only. If you have keys loaded in an SSH agent, the copies in the agent don’t get changed. For instance, if you list the keys in the agent with ssh-add -l (lowercase L) after changing the comment, you still see the old comment in the agent. To make the changes take effect in the agent, unload and reload the affected keys.

6.2.2 Generating Keys for Tectia

Tectia also uses a program named ssh-keygen to create key pairs and manipulate existing keys.

Key Fingerprints

Fingerprints are a common cryptographic feature for checking that two keys in different places are the same, when comparing them literally—bit by bit—is infeasible. OpenSSH and Tectia can compute fingerprints.

Suppose Steve wants SSH access to Judy’s account. He sends his public key to Judy by email, and she installs it in her SSH authorization file. While this key exchange seems straightforward, it is insecure: a hostile third party could intercept Steve’s key and substitute his own, gaining access to Judy’s account.

To prevent this risk, Judy needs some way to verify that the key she receives is Steve’s. She can call Steve on the telephone and check, but reading a 500-byte encrypted public key over the phone is annoying and error-prone. This is why fingerprints exist.

A fingerprint is a short value computed from a key. It’s analogous to a checksum, verifying that a string of data is unaltered—in our case, a key. To check the validity of a key using fingerprints, Steve and Judy could do the following:

  1. Judy receives a public key that is supposed to be Steve’s, storing it in the file stevekey.pub.

  2. Separately, Judy and Steve view the fingerprint of the key:

        # OpenSSH
    $ ssh-keygen -l -f stevekey.pub
    1024 5c:f6:e2:15:39:14:1a:8b:4c:93:44:57:6b:c6:f4:17 Steve@snailbook.com
    $ ssh-keygen -B -f stevekey.pub
    1024 xitot-larit-gumet-fyfim-sozev-vyned-cigeb-sariv-tekuk-badus-bexax
    Steve@snailbook.com

    # Tectia
    $ ssh-keygen -F stevekey.pub
    Fingerprint for key:
    xitot-larit-gumet-fyfim-sozev-vyned-cigeb-sariv-tekuk-badus-bexax

  3. Judy calls Steve on the telephone and asks him to read the fingerprint over the phone. Judy verifies that it matches the fingerprint of the key she received. Fingerprints are not unique, but for any two keys, the probability that their fingerprints are identical is extremely small. Therefore, fingerprints are a quick and convenient method for checking that a key is unaltered.

As you can see, OpenSSH and Tectia use different output formats for fingerprints. OpenSSH supports both a numeric format which is more traditional and should be familiar to users of PGP, and a textual format called “Bubble Babble” which is claimed to be easier to read and remember. Tectia supports only Bubble Babble fingerprints.

Fingerprints also surface when you connect to an SSH server whose host key has changed. In this case, OpenSSH prints a warning message and the fingerprint of the new key, which may be conveniently compared with the fingerprint of the real host key, should you have it.

6.2.2.1 Creating Tectia keys

When creating a new key, you may choose the name of the private-key file to be generated, by specifying the name at the end of the command line:

    $ ssh-keygen mykey         creates mykey and mykey.pub

The name is relative to your current directory, and as usual, the public key file is named after the private one with .pub appended. The key is saved in the directory ~/.ssh2 in a file whose name indicates the key type and number of bits. An example is id_dsa_2048_a, which was generated by the DSA algorithm with 2048 bits.

You also may indicate the following with command-line options:

  • The number of bits in the key, using -b; the default is 2048 bits:

        $ ssh-keygen -b 4096

  • The key type, such as DSA or RSA, using -t:

        $ ssh-keygen -t dsa

  • A textual comment associated with the key, using -c:

        $ ssh-keygen -c "my favorite Tectia key"

    If you omit this option, the generated comment describes how and by whom the key was generated. For example:

        "2048-bit dsa, barrett@server.example.com, Tue Feb 22 2000 02:03:36"

  • The passphrase to decode the key, using -p. If you omit this option, you are prompted after generation.

        $ ssh-keygen -p secretword

    You can also designate an empty password using -P. This shouldn’t be done in general but is appropriate in some special cases: [11.1.2.2]

        $ ssh-keygen -P

  • Whether or not to overwrite the key file, if it already exists, with --overwrite and the value yes (the default) or no:

        $ ssh-keygen --overwrite no mykeyfile

6.2.2.2 Working with Tectia keys

In addition to creating keys, ssh-keygen can operate on keys in the following ways:

  • By changing the passphrase and comment of an existing key, using -e. This option causes ssh-keygen to become interactive, prompting for the new information. This interactive mode is primitive and annoying, requiring nearly 10 user responses to change the passphrase and comment, but it does the job:

        $ ssh-keygen -e mykey
    Passphrase needed for key "my favorite Tectia key"
    Passphrase : [nothing is echoed]
    Do you want to edit key "my favorite Tectia key" (yes or no)? yes
    Your key comment is "my favorite Tectia key".
     Do you want to edit it (yes or no)? yes
    New key comment: this is tedious
    Do you want to edit passphrase (yes or no)? yes
    New passphrase : [nothing is echoed]
    Again          : [nothing is echoed]
    Do you want to continue editing key "this is tedious" (yes or no)? god no
    (yes or no)? no
    Do you want to save key "this is tedious" to file mykey (yes or no)? yes

    Changes are applied to the key files but not propagated to any copies currently loaded in an agent. (So, if you run ssh-add -l to list the keys in your agent, for example, you still see the old comment.)

  • By converting between various key-storage formats, with the following options:

Option

Extract/convert from...

To...

a Handy if you ever lose your public-key file.

  

-1

SSH1 key

SECSH key

--import-public-key

OpenSSH public key

SECSH public key

--import-private-key

OpenSSH private key, unencrypted only

SECSH private key

--import-ssh1-authorized-keys

An OpenSSH or SSH1 authorized_keys file

Tectia authorization file, plus an individual file for each referenced public key

-D

SECSH private key

SECSH public key a

-x

X.509 private key

SECSH private key

-k

PKCS 12 file

SECSH certificate and private key

-7

PKCS 7 file

Certificates from that file

ssh-keygen also gives you some control over input, output, and diagnostics:

  • By printing the fingerprint of a given key file, with -F. See the sidebar "Key Fingerprints" for more information. [6.2] The fingerprint is calculated from the public key:

        $ ssh-keygen -F stevekey.pub
    Fingerprint for key:
    xitot-larit-gumet-fyfim-sozev-vyned-cigeb-sariv-tekuk-badus-bexax

  • By printing cryptographic information about a key, with -i:

        $ ssh-keygen -i stevekey.pub
    DSA Public Key
    [Strength estimation as of July, 2000 considering NFS and Pollard rho: Attack
    requires O(2^80) steps, which is roughly equivalent to 6.7 * 10^7 years of effort
    with 1GHz machine.]
      p = [Large prime, characteristic of the finite field]
    18257155510680634708091813901445079313554557329637337413272033369505053693222548
    32994959179095338002184212706407725165597654255005411958024968996544803955496850.
    ...

    You can display this information in different bases with -B; the default is base 10:

        $ ssh-keygen -i -B 16 stevekey.pub      Base 16, hexadecimal
    ...
    0x909fe130f9fa7192dc2a28591a53c0687...

  • By printing the program version number, with -V:

        $ ssh-keygen -V
    ssh-keygen: SSH Tectia Server 4.2.1 on i686-pc-linux-gnu
    Build: 1
    Crypto library version: SSH Cryptographic Library, version 1.2.4

  • By printing a help message, with -h or -?; most Unix shells require you to escape the question mark to prevent the shell from interpreting it as a wildcard:

        $ ssh-keygen -h
    $ ssh-keygen -\?      escaping the question mark

  • By printing debug information, with -d, as for Tectia’s sshd. [5.9]

  • By suppressing the progress indicator, using -q. The progress indicator is a sequence of O’s and periods that displays while ssh-keygen runs, like this: .oOo.oOo.oOo.oOo:

        $ ssh-keygen
    Generating 2048-bit dsa key pair
    .oOo.oOo.oOo.oOo
    Key generated.

    $ ssh-keygen -q
    Generating 2048-bit dsa key pair
    Key generated.

Finally, ssh-keygen has one guru-level advanced option, -r, for affecting the random numbers used for key generation. It causes ssh-keygen to modify ~/.ssh2/random_seed using data you enter on standard input. [3.6.4] The Tectia manpages call this “stirring data into the random pool.” Note that the program doesn’t prompt you to enter data, it just sits there looking like it’s hung. When this occurs, type as much data as you like and press the EOF character (Control-D in most shells):

    $ ssh-keygen -r
    I am stirring the random pool.
    blah blah blah
    ^D
    Stirred in 46 bytes.

See Table 6-1 for a description of ssh-keygen options.

Table 6-1. ssh-keygen options

ssh-keygen feature

OpenSSH

Tectia

a Any illegal argument, such as -h, causes a help message to print.

b You might need to escape the question mark in your shell, e.g., -\?.

c The key file format used by SSH Tectia and several other implementations, but not OpenSSH.

Set number of bits

-b bits

-b bits

Set output file

-f file

final argument of the command

Overwrite output file if present

 

--overwrite [ yes|no ]

Set comment string

-C comment

-c comment

Change comment string

-c

-e file

Set (new) passphrase

-N phrase

-p phrase

Set empty passphrase

-N `'

-P

Specify current passphrase

-P

 

Change passphrase

-p

-e file

Set encryption algorithm

-t algorithm

-t algorithm

Change encryption algorithm

-u

 

Derive public key from private

 

-D file

Quieter output

-q

-q

Describe key

 

-i file

Set numeric base for printing key information

 

-B base

Print version number

-V

-V

Print help message

-h a

-h, -? b

Print debugging information

 

-d debug_spec

Use data from stdin for randomness

 

-r

Print a key’s fingerprint

- l or -B

-F file

Convert from SSH-1 to SSH-2 format

 

-1 file

   

Convert OpenSSH private to Tectia public

-e

 

Convert OpenSSH private to Tectia private

 

--import-private-key

Convert Tectia public to OpenSSH public

-i

--import-public-key

Extract OpenSSH private to public

-y

 

Convert authorized_keys to authorization file

 

--import-ssh1-authorized-keys

Convert X.509 key to SECSH format c

 

-x file

Convert PKCS 12 file to SECSH format

 

-k file

Convert PKCS 7 file to SECSH format

 

-7 file

6.2.3 Selecting a Passphrase

Choose your passphrases carefully. Make them at least 10 characters long, containing a mix of uppercase and lowercase letters, digits, and nonalphanumeric symbols. At the same time, you want the passphrase to be easy to remember, but hard for others to guess. Don’t use your name, username, phone number, or other easily guessed information in the passphrase. Coming up with an effective passphrase can be a chore, but the added security is worth it.

If you forget a passphrase, you are out of luck: the corresponding SSH private key becomes unusable because you can’t decrypt it. The same encryption that makes SSH so secure also makes passphrases impossible to recover. You have to abandon your SSH key, generate a new one, and choose a new passphrase for it. You must also install the new public key on every machine that holds the original one.

Smartcard Support in OpenSSH

OpenSSH includes experimental support for hardware devices (smartcards) that can hold private user keys. This includes:

ssh-keygen

The -D (download) and -U (upload) options

ssh-add

The -s (add key) and -e (remove key) options

ssh

The -I option and the SmartCardDevice configuration keyword, to choose a smartcard device

At press time, smartcard support in OpenSSH is still experimental, so we don’t cover it. We mention it only for completeness.

6.2.4 Generating New Groups for Diffie-Hellman Key Exchange

As we saw in Chapter 3, the SSH Transport Protocol uses the Diffie-Hellman key-agreement algorithm to generate cryptographic session keys for the SSH connection. [3.8.1.3] One parameter to this algorithm is a mathematical structure from algebra known as a “group”; specifically, a finite integer group with respect to multiplication modulo a prime. In the initial SSH protocol, a single fixed group was used for the key exchange. Due to concern over possible future attacks against this fixed parameter, an extension was created to allow the group to be negotiated, and this extension is now widely implemented.

The OpenSSH server selects the groups to be offered the client from the file /etc/moduli. OpenSSH comes with a moduli file defining a set of suitable groups, and for most people this is sufficient; there is no pressing need to regenerate them. On particularly slow systems, you might edit this file to select groups with a smaller prime modulus, to speed up the key exchange.

If you like, you can generate your own set of key-exchange groups using ssh-keygen -G. This usage is quite technical and infrequently used, so we won’t delve further into it here; refer to the ssh-keygen manpage, in the section “MODULI GENERATION,” for details. You can also see an example in OpenBSD’s usr/src/etc/Makefile for OpenSSH, e.g.:

http://www.openbsd.org/cgi-bin/cvsweb/src/etc/Makefile?rev=1.215&content-type=text/x-cvsweb-markup