SSH protocol principle

SSH

• SSH is a secure protocol at the application layer basis. SSH is more reliable, designed to provide security protocol for remote login session, and other network services
• 22 monitor port

Establish an SSH connection

• The first stage: protocol version negotiation
  • Cleartext
• Phase II: algorithm negotiation
  • List of public key algorithms, the encryption algorithm list, a message authentication code algorithm list, and compression algorithm list
• The third stage: Stage Certification
  • The first time you connect to the server via SSH server sends the public key to the client
    • Saved ~/.ssh/known_hostsin
  • Method One: password
    • The client uses the server's public key encryption to send to the server, the server uses the private key to decrypt
  • Method two: public key authentication landing
    • Copy the client's public key to the server ~/.ssh/authorized_keysfile
    • principle
      • Server encrypted with the public key client of a 256-bit random string
      • After receiving the client uses its private key to decrypt the string and then merged session-id, a result of applying the MD5 hash function and the hash value is returned to the server
      • Server for processing the same MD5 hash function, if the client and the value can be matched, then the authentication is successful, allow landing

Middle attack

• If the attacker is inserted between the user and the remote host (such as wifi in public areas), with a forged public key, obtaining the user's login password. Then this password to log the remote host, then the SSH security mechanism on the hollow. This risk is the man in the middle attacks
• Although the man in the middle attacks against SSH can not in principle, but the first SSH connection will download the public key of the server, and prompts the server's public key fingerprint, the user can check whether the server's public key fingerprint with the fingerprint generated consistent
• The next time you visit the same whether the client will be sent to check the server's public key and saved locally, except on the issue warnings refuse to connect middle attack
• Conclusion: If the first connected no middleman, no need to worry about after the connection broker

OpenSSH

• Service Name: sshd
• Server main program: / usr / sbin / sshd
• Client main program: / usr / bin / ssh
• Server configuration file: / etc / ssh / sshd_config
• Client configuration file: / etc / ssh / ssh_config
• Each user profile: ~ / .ssh

SFTP

• SFTP SSH encryption by means of temporary FTP
  • FTP is the File Transfer Protocol (File Transfer Protocol) is the English abbreviation
• There is no separate daemon, ssh service can be seen as a file transfer program. And ssh, the use of port 22
• HTTP can, with small file sftp scp, large files