Automatic Linux management: remote Logon (1)

The Telnet and SSH protocols are the standard and main methods for the Internet remote login service. They provide users with the ability to work on local machines. The user uses Telnet or SSH software to connect to the remote server. The commands entered in Telnet or SSH software will run on the server. The Telnet protocol is inherently insecure because it uses plain text to transmit data, user accounts, and passwords, and is vulnerable to man-in-the-middle attacks; the SSH protocol is a reliable protocol that provides security for remote logon sessions and other network services. SSH can be used to encrypt all transmitted data and prevent DNS Spoofing and IP spoofing. This article focuses on the SSH protocol. The SSH software used is OpenSSH, which is a free alternative to open-source SSH software package.

You can use Telnet or SSH to log on to different operating systems and get different returned information. You can write a program to determine and process the program based on the return information of the flight logs, so as to achieve automatic logon of the remote server system. This article will first introduce the technologies used to achieve remote automated login, and then details how to achieve remote login Automation between Unix/Linux systems.

Introduction to automatic remote system Logon

Automatic Remote logon means that you can log on to the remote system without manual password input without user intervention. Currently, the remote logon tool has two security authentication methods.

User Password-based security authentication

When you log on with an account, enter the password as prompted, and then use the Secure Password Authentication Protocol to send the encryption to the SSHD server. After successful authentication, you can log on to the SSHD server.

For this security authentication method, the program can automatically enter the user name and password to achieve automatic login. Currently, objective CT, C, or Perl can be used. If C is used, you need to be familiar with the TCP/IP protocol, which is complicated to implement. If CT is used, because CT is based on Tcl, you need to be familiar with the Tcl syntax. If perl is used for implementation, the objective CT of perl is required. pm package. However, you need to enter a password. Therefore, this authentication method poses a security risk.

Secure Authentication Based on SSH key exchange

You need to create a pair of keys: private key and public key on the SSH client, and then transmit the public key to the SSHD server you want to log on. When you use an SSH client to log on to the SSHD server, the SSH client sends a security verification request to the SSHD server using the key of the Logon account. The SSHD server receives the request, first, search for the corresponding public key in the main directory of the Logon account and compare it with the public key sent by the client. If the two keys are consistent, the SSHD server uses the public key to encrypt "Question" challenge ), send it to the SSH client. After receiving the question, the SSH client decrypts it with the client's private key and sends it to the SSHD server. This completes the entire process of security authentication.

The SSH key exchange-based authentication method allows you to copy the Public key generated on the SSH client to a remote SSHD server. When you log on to the SSHD server through an SSH client, you can automatically log on to the remote SSHD server without entering the password. This method is not only simple, but also avoids the leakage of user names and passwords, which is safer than the first method.