Continuing with Proxies, SOCKS5 and SSH, Darren and Shannon cover SSH Public Key Fingerprints, then build a free Windows SSH Server and configure Key Pairs for a Linux client.
SSH Public Key Fingerprints and known_hosts
Typical SSH Servers user 128-bit MD5 hashes as Public Key Fingerprints. These are used to verify the authenticity of a server. These key fingerprints are short sequences of bytes used to authenticate a much longer public key. Like we discussed last week regarding key pairs for user authentication, SSH servers have key pairs for server authentication.
On a Linux OpenSSH server for example these key pairs will be found in /etc/ssh/*key*. The public keys will be world readable while the private keys can only be read by a superuser.
On a Linux client for example the key fingerprints of remembered servers are stored in ~/.ssh/known_hosts. Since SSH version 4 the username and hostnames associated with these servers are hashed.
To remotely verify the key fingerprint of an SSH server
ssh-keyscan -t rsa,dsa REMOTEHOSTNAME > /tmp/ssh_host_rsa_dsa_key.pub ssh-keygen -l -f /tmp/ssh_host_rsa_dsa_key.pub
Alternatively, on the remote server the key fingerprints can be found by:
cd /etc/ssh ls *key* cat ssh_host_key # this is the private key # permission will be denied if not superuser cat ssh_host_key.pub # this is the public key ssh-keygen -lf ssh_host_rsa_key.pub # field 1 = bit length of key # field 2 = fingerprint of key # field 3 = name of key
Setting up a Windows SSH Server with Bitvise (+ A few other software recommendations)
Setting up the SSH Server Windows Using BitVise WinSSHd
SSH Servers for Windows
FreeSSHd - http://www.freesshd.com/
Bitvise WinSSHD - http://www.bitvise.com/winsshd
OpenSSH for Windows - SSHWindows.sf.net
Copssh - https://www.itefix.no/i2/copssh
KpyM SSH Server - http://www.kpym.com/2/kpym/index.htm
Setting up Key Pair Authentication in Linux with OpenSSH
On the remote host:
mkdir .ssh chmod 700 .ssh cd .ssh
On the local host:
ssh-keygen -t rsa scp ~/.ssh/id_rsa.pub user@host:.ssh/authorized_keys2
Back on the remote host:
ls -la authorized_keys2 chmod 600 authorized_keys2 exit
On the local host:
Bonus: Transfer SSH public keys from one machine to another
Now that we've done it the long way, let's take a moment to appreciate a convenient shortcut -- ssh-copy-id.
ssh-keygen; ssh-copy-id user@host; ssh user@host
If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!
Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more
And let's not forget to mention that you can follow us on Twitter and Facebook. Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at firstname.lastname@example.org.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!