Professional Documents
Culture Documents
Fosdem 2011
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Who am I ?
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
SSL
TLS
Actually, TLS 1.0 = SSL
3.1
SSH-1
SSH-2
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
SSL/TLS
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
SSH
Secure SHell.
Initially developped by Tatu Yl
onen, but then lots of
development by OpenSSH team.
Defined in RFCs (RFC4250-4256).
Many features :
Secure transport
Authentication
Shell/terminal handling
File transfer/remote file system (SFTP)
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
Availability
No shutdown of
connection possible
Confidentiality
Nobody can eavesdrop
communication
You are sure of the
identity of the remote side
Availability
Transport protocols run
over TCP
No protection against a
forged RST packet
Confidentiality
Strong ciphers
Strong key exchange
Authentication of key
exchange
SSH libraries : What they can do for you
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
Avoid MiM
Client must ensure authenticity of the server
Trust
Key exchange
Key types
Verification
Authority
Authority
TLS
X.509 certs
Diffie-Hellman, RSA
RSA, DSA
Trust chain
PKI (home CA)
3rd party CA
SSH
Server key hashes
DH, ECDH, ECMQV
RSA, DSA, ECDSA
Known host file
Local authority
in-DNS hashes + DNSSEC
-
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
TLS
X.509 Self-signed
PKCS #11
w/ X.509 CA, self-signed
Application
Application
Application
Application
SSH
Client public key
PKCS #11
w/ X.509 CA, public key
Password
Keyboard-interactive
Partial authentication
gss-api, Kerberos
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
Little comparison
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
SSL/TLS
SSH
What about security ?
Little comparison
Which one to choose ?
SSL/TLS is a Transport
protocol
Symmetric client/server
How do you authenticate
your servers ?
Is it acceptable that
China can forge valid
certificates ?
SSH is an Application
protocol
Asymmetrical
Very simple host
authentication model
Guarantee to find OpenSSH
everywhere
Ideal for multi-channels
communication, system
protocols
What about IMAP over
SSH ?
SSH libraries : What they can do for you
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Name
libssh
libssh2
Granados
Net::SSH
SSH.NET
JSch
sshj
ne7ssh
paramiko
Language
C
C
C#
Ruby
C#
Java
Java
C++
Python
OS
Unix, Windows
Unix, Windows
.NET
Ruby
.NET
JVM
JVM
Linux
Python VM
License
LGPL
BSD
Apache
MIT
BSD based ?
BSD
Apache
QPL
LGPL
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Some history
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Features
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Documentation
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Documentation
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Development model
Own infrastructure
git, redmine, mailing list, website, test center
Around 10 total contributors, 3 or 4 regular commiters
Testcase based development, with nightly builds
Look by yourself ! http://test.libssh.org/
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Test dashboard
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Test dashboard
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Test dashboard
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
Development model
Some samples
Future
Future of libssh
Introduction
Cryptographic transport protocols
libssh
libssh - technical
End
End
Any question ?