Open SSH principle

OpenSSH (Implementation of free SSH) is similar totelnetOrrsh，sshThe client program can also be used to log on to the remote machine. All that is required is that the remote machine is running sshd, i.e. sshServer process. However, with telnet   is different, ssh   protocol is very secure. Encrypt the data flow, ensure the integrity of the data flow, and even secure and reliable authentication it uses a specialized algorithm.

< Span class= "Apple-converted-space" >< Span class= "Apple-converted-space" >< Span class= "Apple-converted-space" >&NBSP;

SSH principle

1. The server establishes the public key
Each time the SSHD service is started, the service proactively goes to find/etc/ssh/ssh_host* files. When the system has just been installed, SSHD will take the initiative to calculate the required public key without these public keys, and also calculate the private key that the server needs.

[Root@rhce7~]#Cd/etc/ssh[Root@rhce7ssh#ls-lTotal268-RW-------.1Root root242153Mar -   themoduli-rw-r--r--.1Root root2123Mar -   theSsh_config-RW-------.1Root root4442Mar -   theSshd_config-rw-r-----.1Root Ssh_keys227June -  to:Panax NotoginsengSsh_host_ecdsa_key-rw-r--r--.1Root root162June -  to:Panax NotoginsengSsh_host_ecdsa_key.Pub-rw-r-----.1Root Ssh_keys1675June -  to:Panax NotoginsengSsh_host_rsa_key-rw-r--r--.1Root root382June -  to:Panax NotoginsengSsh_host_rsa_key.pub

2, the client active online request
If the client wants to go online to an SSH server, it needs to be online using the appropriate client program, such as SSH, Putty and other client program connections

3. The server transmits the public key to the client
After receiving the client's request, the server transmits the public key acquired by the first step to the client (this should be a plain pass, anyway the public key is intended to be used by everyone)

4, the client records and compared to the server's public key data and randomly calculate their own public key
If the client connects to this server for the first time, the server's public key is logged to the ~/.ssh/known_hosts in the client's user home directory.
If the public key of the server has been recorded, then the client will be compared to the previous record that was received. If this public key is accepted, the client's own public private key is calculated

5, return the client's public key to the server side
The user transmits his or her public key to the server at this time:
Server: The private key with the server and the client's public key
Client: Has the public key of the server and the client's own private key

6. Start two-way encryption and decryption
(1) Server to client: When the server transmits data, the user's public key is encrypted and sent out. After the client receives it, decrypts it with its own private key
(2) client-to-server: When the client transmits data, the server's public key is encrypted and sent out. After the server is received, the private key of the server is decrypted so that communication security can be ensured.

Reference:

Http://www.open-open.com/lib/view/open1422417444048.html

Open SSH principle