CS 231: Computer Security

SSH Experiments

1. SSH from the user's perspective

• In a Kali terminal, try "ssh yourusername@mirage.mathcs.carleton.edu". Write down the steps of what happens.
• Logout ("exit") and try it again. Any change in what you observe?
• Logout. Then edit your ~/.ssh/known_hosts file. Delete the line containing mirage. Then do the ssh login one more time. Any change?

2. SSH in the specification

• Take a look at the table of contents for RFC4253 The Secure Shell (SSH) Transport Layer Protocol
• Can you find a description of the messages that are expected between the client and the server? (Try sections 4, 7, and 10, for example.)
• RFC4252 The Secure Shell (SSH) Authentication Protocol also has some useful information.

3. Watching SSH with wireshark

• Launch wireshark watching "tcp port 22" or "tcp port ssh"
• Do an SSH session, then stop wireshark's data collection. Save the file.
• Delete mirage from your known_hosts file, and try another SSH session. Save the wireshark recording.
• At this point, you should have two wireshark .pcap files--one with mirage in your known_hosts, one without.

4. Putting it all together

Try to create a log of all the steps. There are steps you observe as user, steps seen by the client and server, and steps expected by the RFC. Write your observations down, and don't throw it away--we'll be back here on Wednesday.