(transfer) SSH Key principle

Others 2022-04-28 10:52:46 views: 0

 

1. Public key and private key

Public  -key cryptography, or  asymmetric key cryptography, is a widely used class of encryption algorithms. Such algorithms use a pair of keys, a public  key and a private key. The public key can be distributed at will and is only used for encryption  , while the private key is held by only one person and is only used for decryption . After any information is encrypted with the public key, the original information can be obtained by decrypting it with the private key, and vice versa.

 

The key point of public key encryption is that, on the one hand, public key encryption is reversible, but the private key cannot be deduced from the public key. Obviously mathematically, knowing a public key can calculate the corresponding private key, but as long as a good enough encryption algorithm is designed (and a sufficiently complex key pair is used), it cannot be deciphered in an acceptable time.

 

RSA is a common public key encryption algorithm. How RSA works depends on the fact that deciphering an RSA private key requires factoring some very large integers, and a fast algorithm for factoring very large integers has not yet been found. In other words, if someone found such an algorithm, RSA encryption all over the world would fail.

 

RSA was first proposed in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman. The trio were awarded the 2002 Turing Award for this work . Zhou, Rivest was also one of the authors of Introduction to Algorithms . The book briefly explained the principle of RSA system in chapter 31. The Euler-Fermat theorem in number theory was used in the system implementation .

COMMENT : However, factorization of very large integers is still possible. RSA_Laboratories has held a number of bounties to decipher RSA. For more information, see  RSA_Secret-Key_Challenge .

Although the security of RSA has been threatened more and more with the development of cryptography, the possibility of deciphering RSA in polynomial time is still very small in the future. That is to say, in addition to high-risk targets such as the military and finance, RSA is still applicable.

 

2. SSH key authentication process

 

Briefly summarize:

The first step is that both the client and the service have a pair of private keys, and the client's public key is placed on the server.

In the second step, the client generates the sessionKey, which is encrypted by the public key of the server, and decrypted by the server through its own private key, but how to determine that the session keys of two people are the same? So there is the third step.

In the third step, the server sends a test message to the client through the client's public key , the client decrypts it through its own private key, and encrypts it with the session key. The server receives the message and compares it with the encrypted test message through the session key. It can verify whether the client is consistent with its own session key.

The fourth step is of course that the server and the client encrypt the communication through the session key!

 

The so-called public key authentication actually uses a pair of encrypted strings, one is called the public key, and anyone can see its content and is used for encryption; the other is called the private key , Only the owner can see it for decryption. Ciphertext encrypted with the public key can be easily decrypted using the key, but it is very difficult to guess the key based on the public key.

ssh's public key authentication uses this feature. Both the server and the client each have their own public and secret keys. For convenience of explanation, these symbols will be used below.

Ac client public key
Bc client secret
As Server public key
Bs server key

Before authentication, the client needs to log the public key Ac to the server in some way.

The authentication process is divided into two steps.

  1. Session key generation
    1. The client requests to connect to the server, and the server sends the As to the client.
    2. The server generates a session ID (session id), set it to p, and sends it to the client.
    3. The client generates a session key , sets it as q, and computes r = p xor q.
    4. The client encrypts r with As and sends the result to the server.
    5. The server decrypts with Bs and obtains r.
    6. The server performs the operation of r xor p to obtain q.
    7. At this point, both the server and the client know the session key q, and subsequent transmissions will be encrypted by q.
  2. Certification
    1. The server generates a random number x and encrypts it with Ac to generate the result S(x) and sends it to the client
    2. The client decrypts S(x) with Bc to get x
    3. The client calculates the md5 value n(q+x) of q + x, where q is the session key obtained in the previous step
    4. The server computes the md5 value m(q+x) of q + x
    5. The client sends n(q+x) to the server
    6. The server compares m(q+x) and n(q+x), if they are the same, the authentication is successful

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326277094&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com