Article Directory
No secret SSH login
1. What is SSH
SSH stands for Secure Shell, telnet and R replace the conventional series of commands (rlogin, rsh, rexec, etc.), and remote login tools remotely execute commands.
SSH is a cryptographic protocol not only encrypts the password in the login process transfer, and data on the implementation of the order after landing also be encrypted, even if others listen on your network and intercept data packets, and could not see Content.
SSH services are provided by the software to OpenSSH. The vast majority of Linux installation package has been built.
OpenSSH is already the most Linux operating system, standard components, installation does not require secondary
2. Works
2.1 security authentication mechanisms - Login
-
Log (Account password landing approach)
-
Log in (public-private key asymmetric landing approach)
2.2 password
2.2.1 Defining
When the client sends an authorization request, the server requires a password for authentication authorization
2.2.2 Works
-
SSH client makes a request to the server, the server's own public key back to the client.
-
The client encrypt your password with the public key of the server, and then sent to the server information.
-
Service to the client receives the traditional password, with its private key to decode. If the result is correct, agreed to login, a connection is established, or refuse.
2.2.3 Run Process
2.2.4 demo
A client is centos example 172.168.0.3, B is a server centos example 172.168.0.4
A link from the client initiates service B, the receiving end server B returns the value of the public key encryption
password to authenticate
- Potential problems: flawed, posing as an intermediary server can cheat the client's password.
2.3 keys Login
2.3.1 definitions
When the client sends an authorization request, the server based on pre-configured key to authenticate and authorize
2.3.2 Works
A Client-Server open public transfer
-
The client generates a secret key pair includes a public key, private key
-
The private key locally arranged to send to the server public key
-
The server the client's public key is added to the authorization list
B Client login server
-
When a client requests a login server, the server's public key to verify the client exists with public key encryption and generates random strings RS REs, sent to the client, to authenticate.
-
The client generates a result with the private key to decrypt RD RE, returns the result to the server.
-
The RD RS server randomly generated before the matching ratio of authorization, or refuse
2.2.3 Run Process
A client is centos example 172.168.0.3; B is a server centos instance 172.168.0.4.
-
First open client-server - transmitting a public key
1. The client generates a public-private key pair
生成秘钥对 :ssh-keygen -t rsa(一直回车)
查看是否生成: ll ~/ .ssh/
展示结果:
id_rsa 私钥
id_rsa.pub 公钥
2.将公钥以安全的方式传递到服务器端
1.登录服务器端: ssh 用户名@IP
2.传送公钥到服务器端
方法一:
1.将客户端生成的公钥先保存到本地:
sz ~/ .ssh/id_rsa.pub
2.将保存到本地的公钥上传到服务端
rz -bye ~/ .ssh/id_rsa.pub
方法二:
scp -p 22 ~/ .ssh/id_rsa.pub 用户名@IP
(客户端的Ip)
3. At the end of the service the client's public key is added to the authorization list
cat id_rsa.pub >> ~/ .ssh/authorized_keys
-CLient Log Server
a) telnet client makes a request: ssh username @ server host name or IP
b) the server to see if there is a public key of the client, if the server generates a random string, and a public key encryption (a public key is a random string as a certain operation), sent to the client.
c) locally using the client private key to decrypt the string (inverse).
d) the string result of the decrypted client transmits to the server.
e) the server the decrypted string with the original string matching, if equal verified and authorized clients can visit.
4. scp Detailed
scp is secure copy, for remote file to the local copy, or copy files from the local to the remote command in Linux.
Copy files from local to remote
[Format]: scp -P remote ssh service port local file path to
a remote host account @ remote host IP address or domain name: To copy the path to a remote host
[Example]: scp -P 22 ~ / input.txt [email protected]: ~ /
Copy files from the remote to the local
[Format]: scp -P remote ssh remote host port service account @ remote host IP address or domain name: path to copy the remote host file local file path
[Example]: scp -P 22 [email protected]: ~ / input.txt ~ /
