protocol
Operating environment:
Client IP: 192.168.150.10
Server IP: 192.168.150.1
frame:
Transmission phase
establish connection:
The client initiates a tcp connection request, and the three-way handshake establishes the connection
Version negotiation:
The client sends its version number to the server, and the server replies with its version number to the client and sends a list of public key algorithms/encryption algorithms supported by the client, and negotiates the versions supported by both sides. Currently, it is mainly sshv2
Key agreement:
The client replies to the list of public key algorithms, encryption algorithms, message authentication code algorithms (MAC), and compression algorithms supported by the client.
Both ends negotiate the session key and session ID through the DH algorithm, which are used for encryption and decryption of subsequent communication data
The server host key is used during key exchange to verify that the client is really talking to the correct server.
For this to be possible, the client must have a priori knowledge of the server's public host key.
The host_key of the server is used during key exchange to check whether the client is accessing the correct server
Certification phase
Password authentication
The client encrypts the username and password and sends it to the server for verification
Public key authentication
The client generates a pair of public and private keys, and stores the public key on the server to achieve password-free login. This method can be used by github to download the code directly without a user password.
Session phase
Communication based on encrypted data
DROPBEAR
A lightweight ssh program suitable for embedded, official website: https://matt.ucc.asn.au/dropbear/dropbear.html
transplant:
Depend on zlib library
Execute ./configure to generate the corresponding Makefile, you can execute ./confiure --help to view the options for generating Makefile
As a server
The dropbearkey program generates a public key
dropbear start loading ssh service
As a client
The dbclient client program is used to connect to the ssh server
OPENSSH
Porting openssh requires three packages: openssh, openssl and zlib, the addresses are as follows:
• zlib official download: http://www.zlib.net/
• Openssl official download: http://www.openssl.org/source
• Download from openssh official website: http://www.openssh.com/portable.html
Execute ./configure to generate Makefile, execute ./configure to specify cross-compilation tool chain, openssl library, zlib library path, and path to install bin file, you can execute ./configure --help
application
Environment: windows10
- Open ssh service
Settings>Applications>Applications and Features>Optional Features
Add and install OPENSSH server
Enter net start ssh in CMD to start the SSH service, and net stop sshd to stop the ssh service
- Configure password-free login
Modify the C:\ProgramData\ssh\sshd_config file to use public key authentication without password authentication, as follows:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
Make sure that the following 2
items are commented out #Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Paste the contents of the client's public key into the C:\Users\usrname\.ssh\authorized_keys file.