In June 2002 HP released their supported version of the Secure Shell (ssh). This release (3.10) is based on OpenSSH3.1p1
and supports both the SSH-1 and SSH-2 protocols. SSH-1 should no longer be used as it contains several known protocol level design flaws that can be exploited. There are also advisories regarding the use of versions prior to OpenSSH 3.4. The HP-UX Secure Shell (HP-SSH) includes support for Kerberos (4 and 5), IPv6, TCP Wrapper, and PAM. HP-SSH should be used in place of services such as telnet, FTP, and the Berkley "r" commands. All of which pass text in the clear. This series of articles will cover the various aspects of running HP-SSH. This first article deals with the installation of the product.
Check to make sure you have installed the recommended patches (or their replacements) and their dependencies. Always check the HP site for the latest recommendations.
These should already be installed if a recent support plus patch bundle is installed.
Download the Secure Shell depot from: http://software.hp.com (Internet & Security Solutions, hp-ux secure shell) or use the September 2002 or later applications CDs.
swinstall -s /wherever/T1471AA_whatever-version.depot
15,732 Kbytes will be installed and a reboot is not required.
HP-SSH has been added as a startup/shutdown routine via the /etc/rc.config.d/sshd configuration file and is automatically started after install. Make sure it is running:
ctg701#: ps -ef | grep ssh root 3807 1 0 08:51:01 ? 0:00 /opt/ssh/sbin/sshd
The root user will now have a .ssh directory:
drwx------ 2 root sys 96 Aug 8 08:49 .ssh
and the following file will be under it:
-rw------- 1 root sys 1024 Aug 8 08:51 prng_seed
The following entry is added to the syslog.log file:
Aug 8 08:51:01 ctg701 sshd: Server listening on 0.0.0.0 port 22.
HP SSH can be started and stopped using the following commands:
# /sbin/init.d/secsh stop HPUX Secure Shell stopped # /sbin/init.d/secsh start HPUX Secure Shell started
Please note that these are named secsh and not sshd. (Don't you hate it when the configuration file is given a different name?).
The following files are placed in the /opt/ssh/etc directory:
moduli ssh_host_key ssh_prng_cmds ssh_config ssh_host_key.pub sshd_config ssh_host_dsa_key ssh_host_rsa_key ssh_host_dsa_key.pub ssh_host_rsa_key.pub
Let's take a few minutes and talk about terms.
Symmetric: One key that is used for both encrypting and decrypting. Think of this as the key to the front door of your house. You use your key to lock the door and when you come home you use the same key to unlock the door. You have just one key. In this scenario you are limited to who can unlock your front door, which is a good thing when you are talking about your front door. But what about in a dynamic environment? Take the example of a building superintendent who must manage issues regarding the distribution of keys, lost keys, tracking who has keys, and ensuring the return of keys from those who should no longer have them.
Asymmetric: A pair of keys, where each key "undoes" the other key. Together these keys are referred to as a pair; one is known as the private key, the other as the public. The private key must be kept private and well secured. The public key can be openly distributed -- even posted on a web site. What is encrypted with the private key can only be decrypted by the public key; not even the same private key can decrypt it. Likewise, what is encrypted with the public key can only be decrypted by the private key. Since the public key can be openly shared without concern for the integrity of the key-pair, the key management problems described with symmetric keys is (mostly) addressed.
Hashed: A hash is an "encrypted" value that cannot be decrypted. The best example of this is a UNIX user password. The ASCII password is combined with a salt and both these are passed through crypt to produce the "encrypted" password. However, this password is not encrypted, it is hashed. Programs such as Crack do not decrypt the password, they simply search for a match. (Due to the salt, each unique password can be hashed 4096 different ways.)
The value of a good hash routine (in database systems or cryptography) is that a large amount of data can be reduced to a fairly short, extremely unique, and randomly distributed "signature" of the hashed information. With a good hash algorithm, even one changed bit should yield a very different hash value.
Persistent: A key that does not change. This key will exist for a long period of time. Typically changing a persistent key will cause additional administrative tasks on multiple servers and/or clients.
Generated or non-persistent: A key that is not persistent. This key is generated based on either an event or at a specific interval. Generated keys are temporary. These are sometimes called session keys.
Algorithm: A procedure for solving a mathematical problem (as of finding the greatest common divisor) in a finite number of steps that frequently involves repetition of an operation. (Source: Merriam-Webster Dictionary).
SSH uses a combination of hash functions and key algorithms. What is used is determined by configuration settings and by elimination of methods that are not common between the server and client. Understanding the in-depth workings of these algorithms isn't necessary. Learn one, and you'll forget it by the time you are learning the third one.
Common Asymmetric (Public) Key algorithms used with SSH: RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman.
Common Symmetric (Secret) Key algorithms used with SSH: DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), Triple-DES (3DES), Blowfish, and AES (Advanced Encryption Standard). AES is available in 3 flavors: 128, 192, and 256 bits. Those supported with HP-SSH: 3DES, Blowfish, CAST (Carlisle Adams and Stafford Tavares)-128, ARCFOUR, AES-128,192, and 256.
Common Hash algorithms used with SSH: MD5 (Message Digest), CRC (Cyclic Redundancy Check)-32, and SHA-1 (Secure Hash Algorithm).
Asymmetric and symmetric algorithms have different strengths and are used to address different problems. Asymmetric algorithms are slower but are required for dynamic communication. They are designed to address the problems that are associated with the management of key distribution. Symmetric algorithms are fast. In SSH they are used to authenticate and negotiate a non-persistent symmetric key.
Next week's tip will discuss keys and algorithms in detail.
Chris Wong is a technical consultant and trainer for Cerius Technology Group, Inc. in Bellevue, WA. She is the author of the HP Press book HP-UX 11i Security. http://newfdawg.com