How to verify the SSH protocol

The SSH protocol supports secure network transmission. In some protocols, the SSH protocol adds protection measures so that some non-security protocols can work effectively and provide a network security environment. So today we will briefly introduce what SSH is. Traditional network service programs, such as ftp, pop, and telnet, are inherently insecure because they transmit passwords and data in plain text on the network, people with ulterior motives can easily intercept these passwords and data. Moreover, the security authentication methods of these service programs also have their weaknesses, it is very vulnerable to man-in-the-middle attacks, that is, the man-in-the-middle impersonates a Real Server to receive data from you to the server, then pretend that you pass the data to the Real Server. After the data transfer between the server and you is transferred by the intermediary, it will be very serious ｡

The full name of SSH is Secure.

SHell. By using SSH, You can encrypt all transmitted data, so that the "man-in-the-middle" attack method is impossible, it can also prevent DNS and IP spoofing. Another advantage is that the data transmitted is compressed, so it can speed up transmission. SSH has many functions, it can replace telnet and provide a secure "channel" for ftp, pop, and even ppp "｡

SSH was initially developed by a Finnish company. However, due to copyright and encryption algorithm restrictions, many people are now switching to OpenSSH. OpenSSH is an alternative to the SSH protocol, and it is free of charge. It is expected that more and more people will use it instead of SSH in the future ｡

SSH is composed of client and server software. Two incompatible versions are: 1. x and 2. x. Use SSH 2. x client programs cannot connect to SSH 1. x. OpenSSH 2. x supports both SSH 1. x and 2. x ｡

How does SSH protocol security authentication work?

From the client perspective, SSH provides two levels of security authentication ｡

The first level (password-based security verification) allows you to log on to the remote host as long as you know your account and password. All transmitted data is encrypted, however, it cannot be guaranteed that the server you are connecting to is the server you want to connect to. Other servers may pretend to be real servers, that is, being attacked by man-in-the-middle ｡

The second level (key-based security verification) depends on the key, that is, you must create a pair of keys for yourself, and place the public key on the server to be accessed. If you want to connect to the SSH server, the client software will send a request to the server, the request uses your key for security verification. After receiving the request, the server first searches for your public key in the home directory of the server, then compare it with the public key you sent. If the two keys are the same, the server uses the public key to encrypt "Question" (challenge) and send it to the client software. After receiving the question, the client software can use your private key to decrypt it and then send it to the server ｡

In this way, you must know the password of your key. However, the second level does not need to transmit the password over the network compared with the first level ｡

The second level of SSH protocol not only encrypts all transmitted data, but also the "man-in-the-middle" attack method is impossible (because he does not have your private key) however, the entire logon process may take 10 seconds ｡