Archive

Posts Tagged ‘SSH’

Decrypt HTTPS Traffic Using Wireshark And Key File

November 16th, 2010 No comments

wireshark-logoWireshark is a useful tool in troubleshooting. Wireshark can decrypt SSL traffic as long as you have the server private key. This can be extremely useful, if you have to debug HTTPS traffic and cannot use HTTP instead.

First we will capture a HTTPS traffic for our testing. Here our HTTPS server’s ip address is 192.168.x.x and the port is default 443. I prefer to use tcpdump for packet capture but you can do it using the Wireshark.

The below command will capture all the encrypted traffic to and from from our server.

$ sudo tcpdump -w /tmp/ssl.pcap  -ni eth0 -s0  host 192.168.x.x port 443

The captured data will go to the ssl.pcap file. Once you have the captured packets in the file open it in the Wireshark. Use the “Follow TCP Stream” options and you can see the encrypted data.

Screenshot-Follow TCP Stream
Next thing we need is the server’s private key. Once you have the key file to decrypt the traffic, just goto “Edit -> Preferences”. Now on the left side menu choose “Protocols -> SSL”. Fill “RSA Key list” field in the format <host>, <port>, <protocol>, <key_file>. ie We will specify the server’s IP address, the port on which the server listens and the path to the server’s private key. The file format needed for the server’s private key is PEM. In our example it is 192.168.x.x, 443, https, /path/to/keyfile.pem.

wireshark
Now Apply the setting and return to main window.

Now if you click on each row you can see a “Decrypted SSL Data (size) “ tab on the bottom of “Packet Bytes” frame. This tab will be shown if there is any decrypted data available.

Screenshot-ssl.pcap - Wireshark-1

You can now use the “Follow SSL Stream” option to view the decrypted data stream.

Screenshot-ssl.pcap - Wireshark

Happy decrypting ;-)

Categories: HOW-TOS Tags: , , , ,

Paramiko: SSH and SFTP With Python

March 17th, 2010 2 comments

pythonParamiko is a module for python 2.2 (or higher) that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines.

Emphasis is on using SSH2 as an alternative to SSL for making secure connections between python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too.

Installing paramiko

First, we need to install paramiko, if you don’t have it already.

On Ubuntu/Debian:

$ sudo apt-get install python-paramiko

On Gentoo Linux:

$ emerge paramiko

Or install from source:

$ wget http://www.lag.net/paramiko/download/paramiko-1.7.6.tar.gz
$ tar xzf paramiko-1.7.6.tar.gz
$ cd paramiko-1.7.6
$ python setup.py build
$ su -c "python setup.py install"

Working with paramiko

SSHClient is the main class provided by the paramkio module. It provides the basic interface you are going to want to use to instantiate server connections. The above code creates a new SSHClient object, and then calls ”connect()” to connect us to the local SSH server.

Here’s a simple example:

import paramiko
ssh = paramiko.SSHClient()
ssh.connect('192.168.1.2', username='vinod', password='screct')

Another way is to use an SSH key:

import paramiko
import os
privatekeyfile = os.path.expanduser('~/.ssh/id_rsa')
mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
ssh.connect('192.168.1.2', username = 'vinod', pkey = mykey)

Running Simple Commands

Lets run some simple commands on a remote machine.

import paramiko
 
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('beastie', username='vinod', password='secret')
stdin, stdout, stderr = ssh.exec_command('df -h')
print stdout.readlines()
ssh.close()

“paramiko.AutoAddPolicy()” which will auto-accept unknown keys.

Using sudo in running commands:

import paramiko
 
cmd    = "sudo /etc/rc.d/apache2 restart"
 
ssh    = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('beastie', username='vinod', password='secret')
stdin, stdout, stderr = ssh.exec_command(cmd)
stdin.write('secret\n')
stdin.flush()
print stdout.readlines()
ssh.close()

Secure File Transfer Using SFTPClient

SFTPClient is used to open an sftp session across an open ssh Transport and do remote file operations.

An SSH Transport attaches to a stream (usually a socket), negotiates an encrypted session, authenticates, and then creates stream tunnels, called Channels, across the session. Multiple channels can be multiplexed across a single session (and often are, in the case of port forwardings).

First we will create a Transport

import paramiko
import os
privatekeyfile = os.path.expanduser('~/.ssh/id_rsa')
mykey = paramiko.RSAKey.from_private_key_file(privatekeyfile)
username = 'vinod'
transport.connect(username = username, pkey = mykey)

Now we can start the SFTP client:

sftp = paramiko.SFTPClient.from_transport(transport)

Now lets pull a file across from the remote to the local system:

remotepath='/var/log/system.log'
localpath='/tmp/system.log'
sftp.get(remotepath, localpath)

Now lets push a file to remote system:

remotepath='/var/www/images/file.png'
localpath='/tmp/file.png'
sftp.put(remotepath, localpath)

Finally, close the SFTP connection and the transport:

sftp.close()
transport.close()

Happy SSHing :-)

Categories: PYTHON Tags: ,

5 SSH Tricks You Must Know

February 20th, 2010 3 comments

openssh1. X11 Forwarding

The use of ssh enables a secure connection from a local X server to a remote application server. Set X11Forwarding and AllowTcpForwarding entries to yes in /etc/ssh/sshd_config of the remote host. Start the X server on the local host. Run ssh to establish a connection with the remote site.

localname@localhost:~$ ssh -q -X -l loginname remotehost.domain

Password:

**********

Run X application commands on the remote site.

loginname@remotehost:~$ gimp &

This method allows the display of the remote X client output as if it were locally connected through a local UNIX domain socket.

2. SSH Login Without Password

For this you required to generate your own personal set of private/public pair. ssh-keygen is used to generate that key pair for you.

On the user’s home directory, on the localhost, type

[local-host]$ ssh-keygen -t dsa

This will ask you a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Once entered the passphrase you will be prompted to enter the same passphrase again for confirmation.

The private key was saved in .ssh/id_dsa and the public key .ssh/id_dsa.pub.

Now, copy the public key to the remote machine

[local-host]$ ssh-copy-id -i ~/.ssh/id_dsa.pub user@remotehost

or if you don’t have ssh-copy-id script installed use

[local-host]$ cat ~/.ssh/id_dsa.pub | ssh user@remotehost "cat - >> ~/.ssh/authorized_keys"

Now on the localhost machine, on GNOME select System > Preferences > Sessions.

Select Startup Programs and add a new entry with this command.

 eval `ssh-agent`

ssh-agent is a program that used together with OpenSSH or similar ssh programs provides a secure way of storing the passphrase of the private key.

Open terminal and run ssh-add without any arguments, it will ask your passphrase once.

ssh-add adds identities to the authentication agent, ssh-agent.

[local-host]$ ssh-add

Enter passphrase for /home/vinod/.ssh/id_dsa: <Enter your passphrase here>

Identity added: /home/vinod/.ssh/id_dsa (/home/vinod/.ssh/id_dsa)

That’s it, now login to remote server it will not ask any password or passphrase.

NB: No one else must see the content of .ssh/id_dsa, as it is used to decrypt all correspondence encrypted with the public key.

3. Run Command On A Remote Machine

You can use SSH for opening sessions between server or you can use it run a command on a remote system, non-interactively.

Usage:

$ ssh user@hostname command

A simple example of which might be getting file system usage:

$ ssh user@192.168.3.4 "df -h"

That will prompt you for password. Also, don’t forget to escape variables if you want to pick them up from the destination host.

For example:

user@host ]$ ssh root@host2 "echo \$HOME"

prints out /root

while

user@host ]$ ssh root@host2 "echo $HOME"

prints out /home/user

Another example:

user@host ]$ ssh user2@host2 "echo hello world | awk '{print \$1}'"

prints out “hello” correctly.

4. Remote Backup Using SSH

PUSH:

$ tar cvf - . | gzip -c -1 | ssh user@host cat ">" remotefile.gz
$ dd if=localfile | ssh target_address dd of=remotefile

PULL:

$ ssh target_address cat remotefile > localfile

$ ssh target_address dd if=remotefile | dd of=localfile

5. SSH Port Forwarding

Local Port Forwarding:

If the remote server is running ssh server, it may be possible to “tunnel” certain services via ssh. This may be desirable, for example, to encrypt POP or SMTP connections, even though the software does not directly support encrypted communications. Tunnelling uses port forwarding to create a connection between the client and server. The client software must be able to specify a non-standard port to connect to for this to work.

So, to connect using example.com as the gateway to a pop3 server with IP 192.168.0.12 inside of the Intranet of Example Inc, you would write:

$ ssh example.com -L 1100:192.168.0.12:110

Enter your password (if you need to) and then you can connect to the local port 1100 to check your mail. We used an unprivileged port (> 1024). You can have OpenSSH listen on a privileged port if You’re the root user on the local machine.

You can forward more ports:

$ ssh example.com -L 1100:192.168.0.12:110 -L 1101:192.168.0.12:25

Remote Port Forwarding:

A Remote Forward is just the opposite – a tunnel initiated on the server side that goes back through the client machine. For example, to give access to a service (SSH port tcp/22) on your home machine (192.168.0.2) to user at example.com

$ ssh user@example.com -R 8080:192.168.0.2:80

5 SSH Tricks You Must Know

1. X11 Forwarding

The use of ssh enables a secure connection from a local X server to a remote application server. Set X11Forwarding and AllowTcpForwarding entries to yes in /etc/ssh/sshd_config of the remote host. Start the X server on the local host. Run ssh to establish a connection with the remote site.

localname@localhost:~$ ssh -q -X -l loginname remotehost.domain

Password:

**********

Run X application commands on the remote site.

loginname@remotehost:~$ gimp &amp;

This method allows the display of the remote X client output as if it were locally connected through a local UNIX domain socket.

2. SSH Login Without Password

For this you required to generate your own personal set of private/public pair. ssh-keygen is used to generate that key pair for you.

On the user’s home directory, on the localhost, type

[local-host]$ ssh-keygen -t dsa

This will ask you a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Once entered the passphrase you will be prompted to enter the same passphrase again for confirmation.

The private key was saved in .ssh/id_dsa and the public key .ssh/id_dsa.pub.

Now, copy the public key to the remote machine

[local-host]$ scp .ssh/id_dsa.pub user@remote:~/.ssh/id_dsa.pub

Now, login into the remote machine and go to the .ssh directory on the server side

[local-host]$ ssh user@remote

[remote-host]$ cd .ssh

Now, add the client’s public key to the known public keys on the remote machine.

[remote-host]$ cat id_dsa.pub >> authorized_keys2

[remote-host]$ chmod 640 authorized_keys2

[remote-host]$ rm id_dsa.pub

[remote-host]$ exit

Now on the localhost machine, on GNOME select System > Preferences > Sessions.

Select Startup Programs and add a new entry with this command.

eval `ssh-agent`

ssh-agent is a program that used together with OpenSSH or similar ssh programs provides a secure way of storing the passphrase of the private key.

Open terminal and run ssh-add without any arguments, it will ask your passphrase once.

ssh-add adds identities to the authentication agent, ssh-agent.

[local-host]$ ssh-add

Enter passphrase for /home/vinod/.ssh/id_dsa: <Enter your passphrase here>

Identity added: /home/vinod/.ssh/id_dsa (/home/vinod/.ssh/id_dsa)

That’s it, now login to remote server it will not ask any password or passphrase.

NB: No one else must see the content of .ssh/id_dsa, as it is used to decrypt all correspondence encrypted with the public key.

3. Remote Backup Using SSH

PUSH:

$ tar cvf – . | gzip -c -1 | ssh user@host cat “>” remotefile.gz

$ dd if=localfile | ssh target_address dd of=remotefile

PULL:

$ ssh target_address cat remotefile > localfile

$ ssh target_address dd if=remotefile | dd of=localfile

4. Run Command On A Remote Machine

You can use SSH for opening sessions between server or you can use it run a command on a remote system, non-interactively.

Usage:
$ ssh user@hostname command

A simple example of which might be getting file system usage:

$ ssh user@192.168.3.4 "df -h"

That will prompt you for password. Also, don’t forget to escape variables if you want to pick them up from the destination host. This has caught me out in the past.

For example:

user@host> ssh root@host2 "echo \$HOME"

prints out /root

while

user@host> ssh root@host2 "echo $HOME"

prints out /home/user

Another example:

user@host> ssh user2@host2 "echo hello world | awk '{print \$1}'"

prints out “hello” correctly.

5. SSH Port Forwarding

Local Port Forwarding:

If the remote server is running ssh server), it may be possible to “tunnel” certain services via ssh. This may be desirable, for example, to encrypt POP or SMTP connections, even though the software does not directly support encrypted communications. Tunnelling uses port forwarding to create a connection between the client and server. The client software must be able to specify a non-standard port to connect to for this to work.

So, to connect using example.com as the gateway to a pop3 server with IP 192.168.0.12 inside of the Intranet of Example Inc, you would write:

$ ssh example.com -L 1100:192.168.0.12:110

Enter your password (if you need to) and then you can connect to the local port 1100 to check your mail. We used an unprivileged port (> 1024). You can have OpenSSH listen on a privileged port if You’re the root user on the local machine.

You can forward more ports:

$ ssh example.com -L 1100:192.168.0.12:110 -L 1101:192.168.0.12:25

Remote Port Forwarding:

A Remote Forward is just the opposite – a tunnel initiated on the server side that goes back through the client machine. For example, to give access to a service (SSH port tcp/22) on your home machine (192.168.0.2) to user at example.com

$ ssh user@example.com -R 8080:192.168.0.2:80
Categories: LINUX Tags: ,