RSA encryption algorithm and SSH remote connection server

Source: Internet
Author: User
Tags ssh account
Server side and client's key system is not the same, called Asymmetric Key system RSA algorithm is based on modulo operation x mod n, in fact: [(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n)-(b mod n)] MoD n = (a) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n so there (a mod n) ^d mod n = a^d mod n message/message (message) is actually just a bit mode (bit PA Ttern), each bit pattern can be represented as a unique integer, and encrypting a message is equivalent to encrypting a number in order to encrypt m, we can encrypt the corresponding number and get a new number (i.e. ciphertext)the process by which RAS generates public and private key pairs:
    1. Select a large prime number of 2 1024bits p and Q
    2. Calculate n = pq,z = (p-1) (q-1)
    3. Select E (satisfies e<n) so that there is no common factor between E and Z, i.e. E, z coprime
    4. Select D to make ed-1 exactly divisible by Z (ie: ed mod z = 1)
    5. Get the Public key: (n,e); private key: (N,d)
When encrypting message M (m<n), calculate c = m^e mod n to decrypt C, calculate m = c^d mod nhave m = (m^e mod n) ^d mod n = m^ed mod n = (m^d mod n) ^e mod nBy using public key encryption, private key decryption can be used to encrypt the RSA, and the security of PKI can be based on the problem of "large number decomposition and primality detection". The multiplication of two large primes is easy to be achieved on the computation, and the calculation of the multiplicative integral solution is quite large. The known public key solves the private key, which is equivalent to finding the factor of n without knowing the two factors p and q, it is very difficult but its computation speed is very slow, so it often uses public key encryption to establish a secure connection, then , used for encrypting data Remote connection server There are three main: text interface plaintext: Telnet,rsh, such as the main text interface password: SSH (Secure SHELL protocol) Main graphics interface: XDMCP,VNCRDP SSH has two encryption algorithms, The default RSA encryption algorithm opens the SSHD service:
[Email protected] ~]#RM/etc/SSH/ssh_host*[[Email protected]~]# service sshd restartredirecting to/bin/systemctl restart Sshd.service[[email protected]~]#DateTue Jul One  +: $: toEDT .[[Email protected]~]# ll/etc/SSH/ssh_host*-rw-r-----.1Root Ssh_keys227Jul One  +: $/etc/SSH/Ssh_host_ecdsa_key-rw-r--r--.1Root root162Jul One  +: $/etc/SSH/ssh_host_ecdsa_key.pub-rw-r-----.1Root Ssh_keys387Jul One  +: $/etc/SSH/Ssh_host_ed25519_key-rw-r--r--.1Root root theJul One  +: $/etc/SSH/ssh_host_ed25519_key.pub-rw-r-----.1Root Ssh_keys1675Jul One  +: $/etc/SSH/Ssh_host_rsa_key-rw-r--r--.1Root root382Jul One  +: $/etc/SSH/Ssh_host_rsa_key.pub[[email protected]~]# NETSTAT-TLNP |grep SSHProto Recv-Q send-q Local address Foreign address State Pid/Program name TCP0              0         0.0.0.0: A              0.0.0.0:* LISTEN16016/sshd TCP60              0::: A:::* LISTEN16016/sshd
SSH account @ Host IP does not write account will default to the local side account login Remote Ssh-f[email protected]Find/&> ~/find1.log-f does not log on to the remote host only sends a command past the server public key record file ~/.ssh/known_hosts if the received public key has not been recorded, then asks the user whether to record if the received public key has been recorded, then contrast, Different will warn SCP Xxx.tar [email protected]:/root/(target) SCP[email protected]:/etc/bashrc/tmp-r Copying folders recursively
[[Email protected] ~]# sftp [email protected]sftp> lls/etc/hosts/etc/hostssftp> put/etc/hostsuploading/etc/hosts to/home/student/hostssftp>ls-a ..... . bash_history. Bash_logout.bash_profile. bashrc. Mozilla HOSTSSFTT> LCD/tmpsftp>lpwdlocal working directory:/tmpsftp>get. Bashrcfetching/home/student/. BASHRC to. BASHRC/home/student/.bashrc -%124 0.1kb/sxx:xxsftp> Lls-A. Font-unix KEYRING-RND7QX. x11-Unix: . Gdm_socket Lost+found Scim-panel-socket:0-ROOT.BASHRC. ICE-unix Mapping-root. x0-locksftp> Exit
Create an SSH user who can log in immediately without a password
Ssh-keygen -t rsa/DSA             generatingpublic/fileinwhich to Save the key (/root/.  SSH/ for no passphrase): Enter same passphrase again:
Generated two files ~/.ssh/id_rsa (-RW-------) and ~/.ssh/id_rsa.pub Place the public key content on the server side of ~/.ssh/authorized_keys (-rw-r--r--) Ssh-copy-id- I ~/.ssh/id_rsa.pub Remote-host can write key directly to the remote machine's authorized_keys and then login to the remote machine via SSH no longer requires a password
[[Email Protected]_6_187_centos ~]# LDD $ (whichgrep  libwrap    libwrap.so. 0 =/lib64/libwrap.so. 0 (0x00007f0430674000~]# ldd $ (whichgrep libwrap
SSH has support for TCP wrappers provided by libwrap.so This library file, you can use/etc/host. {Allow,deny} is a firewall-like resistance, and HTTP does not control remote access settings:
[Email protected] ~]# vim/etc/127.0. 0.1 192.168. 1.0/255.255. 255.0     192.168. 100.0/255.255. 255.0  ~]# vim/etc/Hosts.denysshd:ALL
The two files are in the same format <service (program_name) >: <ip, Domain, hostname>: <action> Hosts.allow action defaults to Allow,hosts.deny action default deny

RSA encryption algorithm and SSH remote connection server

Large-Scale Price Reduction
  • 59% Max. and 23% Avg.
  • Price Reduction for Core Products
  • Price Reduction in Multiple Regions
undefined. /
Connect with us on Discord
  • Secure, anonymous group chat without disturbance
  • Stay updated on campaigns, new products, and more
  • Support for all your questions
undefined. /
Free Tier
  • Start free from ECS to Big Data
  • Get Started in 3 Simple Steps
  • Try ECS t5 1C1G
undefined. /

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.