Operating Systems 2017F Lecture 21

From Soma-notes
Revision as of 21:48, 30 November 2017 by Soma (talk | contribs) (Created page with "==Video== [http://homeostasis.scs.carleton.ca/~soma/os-2017f/lectures/comp3000-2017f-lec21-30Nov2017.mp4 Lecture 21 video] ==Notes== ===In Class=== [http://homeostasis.scs...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Video

Lecture 21 video

Notes

In Class

Assignment 3 solutions 

Lecture 21
----------

ssh part of a long tradition in remote access to UNIX-like systems
(and other systems with command lines)

* hard link via a serial line to a terminal
* modem-mediated serial connection to a terminal
* telnet - connect in a serial-like fashion over the internet
  - have a program listening for remote access on a fixed port
  - when there's a connection, connect remote program to login
  - login takes username, password
  - if correct, starts command shell for the user
  * Problems with telnet
    - annoying to type in username and password every time
    - username and password (and everything else) goes in the clear, so
      subject to eavesdropping, modification
* rsh - remote shell
  - idea: allow login without passwords and running of one-off commands
  - how? check IP address/hostname of source
  - but...IP addresses are not a secure authenticator
  - also...trusting configuration of remote system
  - and...all communication again in the clear

* ssh was designed as a drop-in replacement for rsh
  - but with better security
  - and also with better features, specifically X11 forwarding

X11 is a system for displaying graphics and handing input
  - windows, keyboard, mice
  - developed in late 1980's, early 1990's
  - designed to allow remote connections
    - primarily a network protocol
  - X11 connections went in the clear
    - and were a pain to set up


public and private keys
 - asymmetric cryptography
 - used for key establishment and signatures (authentication)

symmetric crypto
 - encrypt with a key, decrypt with the same key
 - modern form: block ciphers (e.g., AES)
 - fast and very secure

asymmetric crypto is based on "one way" functions
 - easy one way
 - hard to invert (unless you know extra info)

To send someone a secret message
 - get their public key
 - encrypt message with their public key
   - really, encrypt random symmetric key (session key) with public key and
     encrypt message with symmetric key

To receive a secret message
 - decrypt session key with your private key
 - use session key to decrypt message

NEVER IMPLEMENT CRYPTO ON YOUR OWN
PLAN TO FIX CRYPTO CODE/PROTOCOLS OFTEN
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Operating_Systems_2017F_Lecture_21&oldid=21335"