The so-called key Authentication actually uses a pair of encryption strings. One is called a public key, which can be seen by anyone for encryption. The other is called a private key ), only the owner can see it for decryption. Ciphertext encrypted by the public key can be easily decrypted using the key, but it is very difficult to guess the key based on the public key.
Ssh key authentication uses this feature. Both the server and client have their own public keys and keys. These symbols are used for convenience.
Ac client Public Key
Bc client key
As server Public Key
Bs server key
Before authentication, the client needs to log on to the server with the public key Ac in some way.
The authentication process is divided into two steps.
1. session key Generation
1. The client requests to connect to the server, and the server sends the As to the client.
2. The session ID (session id) generated by the server is set to p and sent to the client.
3. The client generates a session key, sets it to q, and calculates r = p xor q.
4. The client encrypts r with the As and sends the result to the server.
5. The server uses Bs for decryption to obtain r.
6. The server performs r xor p operations to obtain q.
7. Now both the server and client know the session key q, and all future transmissions will be encrypted by q.
2. Authentication
1. The server generates random number x and uses Ac encryption to generate the result S (x), which is sent to the client.
2. The client uses Bc to decrypt S (x) to obtain x
3. The client calculates the md5 value of q + x n (q + x), and q is the session key obtained in the previous step.
4. The server calculates the md5 value of q + x m (q + x)
5. The client sends n (q + x) to the server.
6. The server compares m (q + x) and n (q + x). If the two are the same, the authentication is successful.
Configure SSH password-less logon in CentOS
Implement SSH password-less authentication login in Linux
How to configure SSH for Ubuntu and CentOS to enable password-less Login