Detailed SSH Logon Process

The detailed SSH logon process involves the following concepts: Plaintext:Messages to be secretly transmitted. Ciphertext:Messages in plaintext after password change. Encryption:The conversion from plaintext to ciphertext. Decryption:The process of recovering the plaintext from the ciphertext. Cracking:The process in which the invalid receiver attempts to analyze the plaintext from the ciphertext. Encryption Algorithm:A set of rules used to encrypt plaintext. Decryption algorithm:A set of rules used to decrypt the ciphertext. Key:A set of password information used for encryption and decryption. Symmetric encryption:It is a single-key encryption method that uses the same key to encrypt and decrypt information. Asymmetric encryption:Two keys are required: the public key and the private key, which appear in pairs. The data encrypted by the Public Key can only be decrypted by the private key. The data encrypted by the private key can only be decrypted by the public key, compared with symmetric encryption, asymmetric encryption uses different keys for encryption and decryption. Therefore, it is called asymmetric encryption. What is the difference between symmetric encryption and asymmetric encryption:Whether the same key is used for encryption and decryption. Encryption, identity authentication, and digital signature authentication: Encryption:Data Encryption makes it impossible for illegal users to obtain the correct data even if they obtain the encrypted data. Therefore, data encryption ensures data protection against monitoring attacks. The focus is on data security. Identity Authentication:Determine the authenticity of an identity. After the identity is confirmed, the system can grant different permissions according to different identities. The focus is on the authenticity of users. Digital signature authentication:First, "Digital Signature" refers to some data attached to the data unit, or the password change made to the data unit. This type of data or transformation allows the receiver to determine the source and integrity of the data to prevent forgery or tampering. Digital signature authentication focuses on ensuring data integrity and preventing counterfeiting and tampering. Authentication principle: There are two authentication methods: the logon process based on account and password authentication and SSH Authentication Based on public and private keys is divided into five phases: 1. Version Number negotiation phase 2. Key and algorithm negotiation phase 3. Authentication phase 4. Session Request Phase 5, session interaction Phase 1, version number negotiation phase, Server opens port 22, wait for the customer to connect. The client initiates a TCP connection to the server. After the connection is established, the server sends the first packet to the client, including the version flag string, in the format of "Protocol version number" and "Protocol version number ". After the client receives the message, it parses the Protocol version number. If the Protocol version number of the server is lower than its own, and the client can support the earlier version of the server, it uses the Protocol Number of the server, otherwise, use your protocol version. The client replies to a message from the server, which contains the Protocol version number determined by the client. The server compares the version number sent by the client to determine whether it can interact with the client. If the negotiation is successful, the key-algorithm negotiation phase is entered. Otherwise, the server disconnects the TCP connection. 2. In the key and algorithm negotiation phase, the server and client send algorithm negotiation packets to each other respectively, the message contains a list of supported public key algorithms, encryption algorithms, message verification code algorithms, and compression algorithms. The server and client obtain the final algorithm based on the algorithms supported by the other party and themselves. The server and client generate the session key and session ID using the DH exchange algorithm and host key-to-Peer parameters. C public client Public Key C secret client key s public server Public Key s secret server key after version number negotiation: the server sends s public key to the client. The session ID generated by the server, which is set to ID and sent to the client. The client generates a session key, sets it to key, and calculates the res = ID difference or key. The client encrypts res with s public and sends the result to the server. The server uses the S password for decryption to obtain the res. The server calculates the res variance or ID to obtain the key. Now the server and client know the session key and session ID, and later data transmission uses the session key for encryption and decryption. 3. account and password-based authentication method in the authentication phase: the client uses the session key encrypted account, authentication method, and password generated in the key and algorithm negotiation phase to send the result to the server. The server decrypts the message using the obtained session key to obtain the account and password. The server determines the account and password. If the password fails, the server sends an authentication failure message to the client, which contains a list of methods for re-authentication. The client selects a method from the authentication method list for re-authentication. This process is repeated until the authentication succeeds or the maximum number of authentications has been reached. The server closes the TCP connection. Authentication Method Based on the public key and private key: Use the ssh-keygen program to generate the Public Key id_dsa.pub and the private key id_dsa, which are generally generated on the client, and then send id_dsa.pub to the server in some way. The server is placed under the. Ssh directory of the account to be remotely logged on. The client uses the session key encrypted account, authentication method, and id_dsa.pub generated during key and algorithm negotiation to send the result to the server. The server uses the session key to decrypt the message and obtain the account and id_dsa.pub. The server is in the directory of this account. find the corresponding public key in the SSH directory. If no public key is found, send the failed message to the client. If yes, compare the public key sent by the client with the public key found. If the content is the same, the server generates a random string, referred to as "Question", encrypts the question with the found public key, and then encrypts the question again with the session key. The server sends the double encrypted data to the client. The client uses the session key to decrypt the message, and then uses id_dsa to decrypt the data again to obtain a question. The client uses the session key to encrypt the question and send it to the server. The server uses the session key to decrypt the message, obtain the question, and determine whether the question is generated by itself. If the question is different, the server sends the failed message to the client. If the question is the same, the server passes the authentication. Refer to: detailed introduction to SSH login process analysis and OpenSSH compilation and usage for public key and private key usage.
------------- End -------------
From: GS
-------------------------------