Image source: Sweet Design

Background

This lab ties together what you've learned over the past several weeks about operating systems, computer networks, and information security. We will review the basics of interacting with an OS and connecting to remote machines. Then we will explore how encryption works and optionally create your own public/private key pair.

NOTE: There is no lab worksheet today. Instead, you are to write two paragraphs that summarize what you have learned. You may answer some of the italicized questions below and/or discuss what was interesting or challenging about the lab. Your file must be named summary.txt and include your name at the top.

Objectives

• Connect the concern of cybersecurity with the Internet and systems built on it.

• Collaborate with others to gain insight, interpret data, and solve problems using computation.

Part 1: Hello, Telnet!

Telnet is an application for sending/receiving plain text over the Internet (see Wikipedia article). Many protocols including HTTP are built on top of plain text communication.

1. Enter the command telnet www.jmu.edu 80 from the terminal. What do the arguments for telnet mean?

2. Now type the HTTP command GET / HTTP/1.0 and press the enter key twice (i.e., HTTP requires a blank line at the end of the request.) What are the two arguments for a GET request?

3. Note the HTML response. If you were a web browser, what would you do next? Perform the same request in Google Chrome, and use the developer tools (Network tab) to describe the subsequent requests.

4. What happens if you telnet www.jmu.edu 22 instead of port 80? What type of server is running on port 22?

Now just for fun, try telnet towel.blinkenlights.nl and wait to see what happens. (Telnet assumes port 23 if you don't give it another number.) To exit telnet, press Ctrl-] and then type quit.

For even more fun, check out Places to Telnet.

Part 2: AES Encryption

Advanced Encryption Standard is a symmetric-key encryption scheme used by governments worldwide. The mathematics of this algorithm are beyond the scope of this class, but let's take a look at how AES works.

5. In order to encrypt a plain text message, you need to convert it into a numeric format. Fortunately there is a nifty website that will convert ASCII to Hex automatically. Use that website to generate the hexadecimal values for a message of your choice.

6. Cryptomathic provides a number of tools on their website to explore security-related algorithms. Open their AES calculator and paste your hexadecimal message into the "Input Data" box.

7. You will also need to specify a "key" in hexadecimal format. The key must be 16, 24, or 32 bytes long (recall that one byte is two hex digits). You can use the example key on their website or just make up your own. Once you have a key, press the Encrypt button.

8. With a partner, see if you can exchange messages encrypted using AES. Feel free to send your encrypted hex values by email, chat, text, messenger, etc.

9. I have a secret message for you as well. The key is 101101FAFA101101FAFA101101FAFAFA and the message is:

   69FD0BBB680F36E7E3FA3F144ADDC970909E5A5D49FC827927CCB3F0584EF490574493F4
   17DD375A3244E9CC1F4AF5FA34D9139414D88C722A57332C0578A7AEF4FBF89717F1F70A
   35F42605F82D14016B3344BC929E3204F9A12B377639F394A000BC00ED5D3DF1C7D57B4D
   3F40EE3B762937F386DD44778F3AB0534A4BA762C32F063D32F4403C761258A71E946B0E
   64C7DEF2522FB463BB4A62F6674ACAFC

Don't forget to complete your summary.txt file while the lab is still fresh in your mind!

Part 3: SSH Using Keys

The first time you ran ssh (see Lab04 steps 11--14), you likely encountered the following security warning:

The authenticity of host 'l24802.cs.jmu.edu (134.126.20.102)' can't be established.
ECDSA key fingerprint is e5:7f:6d:62:90:f8:11:e6:5a:04:80:af:d9:65:c6:3a.
Are you sure you want to continue connecting (yes/no)?

10. If you typed the word yes, the ssh program created (or appended) the file ~/.ssh/known_hosts. Note this file is in a hidden .ssh directory under your home directory. Why is ssh asking you this question? What is the security concern in this example?

11. Use the following command to "secure copy" the file /cs/shr/cs101/known_hosts on the student server into your ~/.ssh directory. This file contains the IP addresses and public keys of all lab machines in the CS department (ISAT/CS rooms 143, 248, and 250). How many Linux desktops are in each lab?

    scp student.cs.jmu.edu:/cs/shr/cs101/known_hosts ~/.ssh

12. By default when you ssh to another machine, you must log in with your JMU username and password. Alternatively, you can authenticate using a public and private key pair. Run the command ssh-keygen to create your own keys. Make sure to select a good passphrase! What new files were just created in your .ssh directory? What does the passphrase do?

13. In order to use your private key to log into a server, you need to place a copy of your public key on that server. Fortunately our lab machines all use the same network file system, so you can simply copy the key to the student server. Create (or open) a file named authorized_keys in your .ssh directory. Copy the contents of id_rsa.pub into that file. Then run this command:

    rsync -av ~/.ssh student.cs.jmu.edu:

14. You should now be able to ssh to any lab machine (upstairs or downstairs) without receiving a security warning, and without having to type your password every time. Try connecting to two or three machines at the same time. Who else is logged on those machines?

Video Explanation (optional)

Some of you have asked how to connect to the Linux lab from home and work remotely. This (slightly old) video shows how to use ssh on Mac and PuTTY on Windows. To transfer files to/from campus, you can use a graphical program like FileZilla or WinSCP.

Submission Instructions

• Submit your completed summary.txt via canvas.jmu.edu by 11:59 PM today.