Complete solution for AS5 SSH support key authentication

SSH is an abbreviation for secure Shell that provides security for Telnet sessions and other network services. The SSH protocol can effectively prevent the information leakage problem in the process of remote management. The ability to encrypt all transmitted data through SSH can also prevent DNS spoofing and IP spoofing. Another advantage is that the data transmitted for it is compressed, so it can speed up the transmission.

In the client's view, SSH provides two levels of security authentication.

The first level (password-based security authentication), knowing the account password, allows you to log on to the remote host and all transmitted data will be encrypted. However, there may be other servers posing as real servers that cannot avoid being "man-in-the-middle" attacks.

The second level (security validation based on the key) relies on the key, which means you have to create a pair of keys for yourself and put public keys on the server you need to access. The client software sends a request to the server requesting security verification with your key. After the server receives the request, first look for your public key in the user root directory of the server and compare it to the public key you sent over. If two keys are identical, the server encrypts the "Challenge" (challenge) with the public key and sends it to the client software. Thus avoiding being "man-in-the-middle" attacks.

On the server side, SSH also provides two kinds of security authentication.

In the first scenario, the host distributes its public key to the relevant client, the client uses the host's public key to encrypt the data when it accesses the host, and the host uses its own private key to decrypt the data, thereby realizing the master secret key authentication and determining the reliable identity of the client.

The second scheme, there is a key authentication center, all service providers will be their own public key to the certification center, and any host as a client as long as the maintenance of a certification center public key can be. In this mode, the client must access the authentication center before accessing the server host.

Experimental environment:

Solution:

SSH security authentication can be provided via the client or server side

1. The client provides SSH security authentication, which refers to the second level mentioned above

(1). Client

Use the client Linux system to provide SSH security authentication, such as the client is an XP system, you can choose to use SECURECRT to automatically generate SSH2 public and private key.

Because the local system is Windows 7, this generates SSH authentication using SECURECRT.

SECURECRT---options---Global options----SSH2