Operating Systems 2017F Lecture 21: Difference between revisions
|  Created page with "==Video==  [http://homeostasis.scs.carleton.ca/~soma/os-2017f/lectures/comp3000-2017f-lec21-30Nov2017.mp4 Lecture 21 video]  ==Notes==  ===In Class===  [http://homeostasis.scs..." | 
| (No difference) | 
Revision as of 21:48, 30 November 2017
Video
Notes
In Class
Lecture 21
----------
ssh part of a long tradition in remote access to UNIX-like systems
(and other systems with command lines)
* hard link via a serial line to a terminal
* modem-mediated serial connection to a terminal
* telnet - connect in a serial-like fashion over the internet
  - have a program listening for remote access on a fixed port
  - when there's a connection, connect remote program to login
  - login takes username, password
  - if correct, starts command shell for the user
  * Problems with telnet
    - annoying to type in username and password every time
    - username and password (and everything else) goes in the clear, so
      subject to eavesdropping, modification
* rsh - remote shell
  - idea: allow login without passwords and running of one-off commands
  - how? check IP address/hostname of source
  - but...IP addresses are not a secure authenticator
  - also...trusting configuration of remote system
  - and...all communication again in the clear
* ssh was designed as a drop-in replacement for rsh
  - but with better security
  - and also with better features, specifically X11 forwarding
X11 is a system for displaying graphics and handing input
  - windows, keyboard, mice
  - developed in late 1980's, early 1990's
  - designed to allow remote connections
    - primarily a network protocol
  - X11 connections went in the clear
    - and were a pain to set up
public and private keys
 - asymmetric cryptography
 - used for key establishment and signatures (authentication)
symmetric crypto
 - encrypt with a key, decrypt with the same key
 - modern form: block ciphers (e.g., AES)
 - fast and very secure
asymmetric crypto is based on "one way" functions
 - easy one way
 - hard to invert (unless you know extra info)
To send someone a secret message
 - get their public key
 - encrypt message with their public key
   - really, encrypt random symmetric key (session key) with public key and
     encrypt message with symmetric key
To receive a secret message
 - decrypt session key with your private key
 - use session key to decrypt message
NEVER IMPLEMENT CRYPTO ON YOUR OWN
PLAN TO FIX CRYPTO CODE/PROTOCOLS OFTEN