Gateway Cryptography - PowerPoint PPT Presentation

About This Presentation

Title:

Gateway Cryptography

Description:

any requests? Gateway Cryptography Hacking Impossible Tunnels Through Improbable Networks with OpenSSH et al. Originally By Dan Kaminsky, ... – PowerPoint PPT presentation

Number of Views:42

Avg rating:3.0/5.0

Slides: 24

Provided by: Cis107

Learn more at: http://alumni.cs.ucr.edu

Category:

more less

Transcript and Presenter's Notes

Title: Gateway Cryptography

1
Gateway Cryptography

Hacking Impossible Tunnels Through Improbable
Networks with OpenSSH et al.
Originally By Dan Kaminsky, CISSP
http//www.doxpara.com
Shamelessly mangled, retargeted, and reissued by
Titus Winters

2
Summary

This is not how to crack SSH. This is SSH on
crack.
1) How to get there from here
2) What to do once you get there
3) Making getting there easier

3
The Basics

Bringing people up to speed
This is not another talk about the wonders of a
simple local port forward
What OpenSSH does
Forwards a shell (w/ transparent X support)
Forwards a single command (with full stdio)
Forwards a single TCP port

4
SSH under Windows

1) Install Cygwin from www.cygwin.com
2) Create a shortcut to rxvt
C\cygwin\bin\rxvt.exe -rv -sl 20000 -fn
Courier-12" -e /usr/bin/bash
bash doesnt work under whistler yet, so use zsh
if you want to retain your tab-completion sanity
3) Finally enjoy a usable Unix environment under
Win32
Everything in this talk is cross platform, as
long as youve made Windows cross to another
platform
(Still some other things you can do, more on this
later.)

5
Forwarding Shells

ssh user_at_host
Encryption 3DES/Blowfish/AES
Authentication Password, RSA/DSA
Key Generation
ssh2 ssh-keygen t dsa
Key Authorization
ssh2 cat /.ssh/id_dsa.pub ssh user_at_host
umask 0600 mkdir .ssh cat gtgt authorized_keys2
SSH 1 / 2 Separate auth so remember ssh -1 and
ssh -2

6
Forwarding Commands

ssh user_at_host lsssh t user_at_host top
Fully 8 bit clean for most commands, supports
(unclean) TTYs for anything that wants to redraw
screen (like top) using t
Full STDIO(stdin/stdout/stderr) support
Allows pipelines across multiple systems

7
Command ForwardingCD Burning Over SSH

mkisofs reads in files and spits out a burnable
image
cdrecord burns the image.
Normal CD Burningmkisofs JR files cdrecord
dev,, speed -
Remote CD Burningmkisofs JR files ssh
user_at_host cdrecord dev,, speed -
Remote CD Burning From Windows mkisofs.exe JR
files ssh.exe user_at_host cdrecord dev,,
speed -

8
Command ForwardingFile Transfer w/o SCP

GETalicehost ssh alice_at_bobhost cat file gt
file PUTfalicehost cat file gt ssh
alice_at_bobhost cat gt file LISTalicehost ssh
alice_at_bobhost ls MGETalicehost ssh
alice_at_bobhost tar -cf - /etc tar -xf
RESUME GETalicehost ssh alice_at_bobhost tail c
231244 file gtgt file

9
Forwarding Ports

ssh user_at_host -L8000127.0.0.180ssh user_at_host
-R80127.0.0.18000
Separates into listener vs. location
If local listens, the destination is relative to
the remote location
If remote listens, the destination is relative to
the local location

10
Limitations on Port Forwards

By default, only the systems directly hosting the
listener can connect to it
Local forwards can be made public using the g
option, but remote gateway ports must be
enabled using GatewayPorts Yes
Destination locations are unrestricted

11
Accessing a Port Forward

Application Layer
Connect Directly to 127.0.0.1 or localhost
Operating System Layer (systemspace)
Pre-empt DNS lookup in hosts file
Unix /etc/hosts
Win95 \windows\hosts
WinNT \WINNT\system32\drivers\etc\hosts
All forwards must be preannounced, and share the
same IP (127.0.0.1)

12
ProblemStatic Forwards Are Inflexible

Work decently only when
Each port is only used once
Passes
Mail(smtp, pop3, imap)
Simple Web(HTTP)
Fails
Web Surfing Multiple Sites (HTTP)
P2P File Transfer(Napster, Gnutella),
Ports are predictable in advance
Fails miserably
FTP, both Active and Passive

13
SolutionDynamic Forwarding w/ SOCKS

ssh user_at_host -D1080
SOCKS4/5 An in-band protocol header, nothing
more, that allows the client to very quickly tell
a proxy server where its actual destination was
SOCKS4 is extraordinarily simple
9 bytes from Client, 8 byte response, and the
client has informed the proxy where it actually
wants to go!
Library Preloads are excessive
The idea Run a trivial SOCKS daemon in the ssh
client use it to redirect the destination of
each channel.

14
Dynamic ForwardingApplication Support

Most major Windows applications support SOCKS
proxies directly
Internet Explorer, CuteFTP, IM Clients, P2P
Clients(Napster, Gnutella)
Dialpad (Voice over IP to a telephone for free
over SSH!)
SocksCap32 can be used to Socksify remaining
apps on Windows
Outlook Express, LeechFTP, Media Player, etc.
Unix applications can be reasonably socksified too

15
ProxyCommandBlind Proxying w/ SSH

ssh -o 'ProxyCommand arbitrary_tool proxy u h
p' user_at_10.1.0.1
A ProxyCommand is an arbitrary tool that, after
it finishes executing, leads to an 8 bit clean
path to an SSH daemon
OpenSSH's excuse for SOCKS support -)
Allows end-to-end crypto through any 8bit clean
link
Like SSL over HTTP Connect

16
No Internet Accessible Bastion Proxy Now What?

proxy ssh user_at_client -R2022127.0.0.122client
ssh user_at_127.0.0.1 -o "HostKeyAlias proxy"
-L8000www-internal80
Turns inability to trust into irrelevancy of
trust
Negative You cant trust the addresses of x,
y, or z!
Positive It doesnt matter if you think youre
talking to the addresses of x, y, or z.
MUST CHECK HOSTKEY itll work even if you dont

17
Cross-Connecting Mutually Firewalled Hosts

server ssh proxyuser_at_proxy -R10022127.0.0
.122client ssh -o 'ProxyCommand ssh
proxyuser2_at_proxy nc 127.0.0.1 10022'
user_at_server or in my syntaxclient ssh
proxyuser2_at_proxy/10022 user_at_server
Again, as long as IP addresses cannot be trusted,
it doesnt matter that youre talking to the
proxy and connecting through one of its ports.

18
Expanding Escape Syntax

noname ?Supported escape sequences. -
terminate connectionR - Request rekey (SSH
protocol 2 only)Z - suspend ssh - list
forwarded connections - background ssh (when
waiting for connections to terminate)? - this
message - send the escape character by typing
it twice(Note that escapes are only recognized
immediately after newline.)
Eventual goal Port both ssh_config syntax and
ssh command line syntax to the escape character
mode
Allow on-demand things like activation of X
forwarding

19
((Secure SUThe Battle Against Direct Root

Most security gurus will decry direct root
login
Holdover from the battle against admins doing
everything as root
SU is a painless enough context switch
If it hurts to switch, people will just do it all
as root
Advantages to being forced to switch accounts
Inertia
Emotion significance of the action is
emphasized
Accounting logs show who used root
Even though it essentially reduces the security
of the root account to the security of the Alice
account, even OpenBSD (2.7, at least) still
exhorts users not to ssh directly to root, and
instead to use SU.

20
Secure SUThe Near-Perfect Compromise

alicehost ssh alice_at_bobhost -t su l
rootSSHD creates a secure execution environment
when commands are explicitly specified
Shell configuration files not loaded
su, as a setuid app, cant generally be traced by
ordinary users
User logs in as normal, is safely prompted for
the root password, gets a root shell without
having to slum in through insecure space

21
Secure SUDeveloping Individuated Root

Individual Public Keys For Root Access
Nobody learns root password
authorized_keys contains list of identities
allowed to connect as root to the system
SSHD modified to log who connected to root
Scales to multiple security-critical accounts
Root can modify its own authorized_keys, but
other accounts could have root owned, root
readable authorized_keys files.
Individual Root Accounts
Multiple accounts all set to same UID, but with
different passwords
Alice_Root, Bob_Root, etc.
Really only works for root

22
Stranded?