Operating Systems 2017F Lecture 21
Jump to navigation
Jump to search
Video
Notes
In Class
Lecture 21 ---------- ssh part of a long tradition in remote access to UNIX-like systems (and other systems with command lines) * hard link via a serial line to a terminal * modem-mediated serial connection to a terminal * telnet - connect in a serial-like fashion over the internet - have a program listening for remote access on a fixed port - when there's a connection, connect remote program to login - login takes username, password - if correct, starts command shell for the user * Problems with telnet - annoying to type in username and password every time - username and password (and everything else) goes in the clear, so subject to eavesdropping, modification * rsh - remote shell - idea: allow login without passwords and running of one-off commands - how? check IP address/hostname of source - but...IP addresses are not a secure authenticator - also...trusting configuration of remote system - and...all communication again in the clear * ssh was designed as a drop-in replacement for rsh - but with better security - and also with better features, specifically X11 forwarding X11 is a system for displaying graphics and handing input - windows, keyboard, mice - developed in late 1980's, early 1990's - designed to allow remote connections - primarily a network protocol - X11 connections went in the clear - and were a pain to set up public and private keys - asymmetric cryptography - used for key establishment and signatures (authentication) symmetric crypto - encrypt with a key, decrypt with the same key - modern form: block ciphers (e.g., AES) - fast and very secure asymmetric crypto is based on "one way" functions - easy one way - hard to invert (unless you know extra info) To send someone a secret message - get their public key - encrypt message with their public key - really, encrypt random symmetric key (session key) with public key and encrypt message with symmetric key To receive a secret message - decrypt session key with your private key - use session key to decrypt message NEVER IMPLEMENT CRYPTO ON YOUR OWN PLAN TO FIX CRYPTO CODE/PROTOCOLS OFTEN