Firstly, the communication principle of Telnet and SSH is introduced, and the working flow of the communication is analyzed.
Telnet
No matter what type of terminal the Telnet protocol is connected to, it is converted to NVT (Net Virtual Terminal) format for communication. Network Virtual Terminal NVT is the foundation of Telnet heterogeneous cross-platform.
This is how the Telnet process works.
A connection is established locally to a remote host, which is essentially a TCP connection, and the user must know the IP address or domain name of the remote host
The user name and password entered on the local terminal and any commands or characters entered later are transferred to the remote host in NVT format. The process is actually sending an IP datagram from the local host to the remote host
Converts data from the NVT format of the remote host output to a locally accepted format, including input command echo and command execution results
Finally, the local terminal revokes the TCP connection to the remote host
Here, the Telnet protocol's client and server-side data interactions are made in plaintext. This data is easily accessible through the Grab kit tool, which attacks network devices.
Common methods of Telnet attack
Password stealing: Stealing user accounts and passwords by grabbing packets, etc.
Man-in-the-middle attack: an "intermediary" impersonating a real server to receive data from a client to a server, and then impersonating you to pass the data to a real server
Pseudo-server: An attacker impersonating a server to interact with a client to defraud the client of account information
Ssh,secure Shell
One, what is SSH?
Simply put, SSH is a network protocol that is used to encrypt logins between computers.
If a user logs on to another remote computer using the SSH protocol from the local computer, we can assume that the login is secure, and that the password will not be compromised even if intercepted in the middle.
The earliest time, the Internet communication is clear communication, once intercepted, the content is undoubtedly exposed. In 1995, Finnish scholar Tatu Ylonen designed the SSH protocol to encrypt all login information and become a basic solution for Internet security, which has become a standard configuration for Linux systems.
It should be noted that SSH is only a protocol, there are many implementations, both commercial and open source implementation. The implementation of this article is OpenSSH, it is free software, the application is very extensive.
Encrypting all transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS and IP spoofing, which is SSH.
Second, man-in-the-middle attack
SSH guarantees security because it uses public-key cryptography.
The whole process is this: (1) The remote host receives the user's login request, and sends its own public key to the user. (2) The user uses this public key to encrypt the login password and send it back. (3) The remote host with its own private key, decrypt the login password, if the password is correct, consent to user login.
The process itself is secure, but when implemented, there is a risk: if someone intercepts a login request and then pretends to be a remote host, the fake public key is sent to the user, making it difficult for the user to discern the authenticity. Because unlike the HTTPS protocol, the public key of the SSH protocol is not notarized by the Certificate Authority (CA), that is, it is issued by itself.
It can be assumed that if an attacker is plugged in between a user and a remote host (for example, in a public WiFi zone), a forged public key is used to obtain the user's login password. Then use this password to log on to the remote host, then SSH security mechanism is gone. This risk is known as the "man-in-the-middle attack" (Man-in-the-middle attack).
It has its own public key login and password login to respond.
SSH Login Process:
Version number negotiation. The server opens port 22, waits for the client to connect, and after the connection, the server negotiates the protocol version with the client.
The key and algorithm negotiation phase. The server and the client respectively send the algorithm negotiation message to each other, and the message contains a list of algorithms that support the various protocols. The algorithm used is selected based on the negotiated server side and client. The service side and client use the DH exchange algorithm, the host key peer parameter, to generate the session key and conversation ID.
Certification phase. The client encrypts the account, authentication method, password, and sends the result to the server using the session key generated during the negotiation phase of the key and algorithm. The server uses the obtained session key to decrypt the message, obtains the account number and the password, carries on the authentication. SSH provides two authentication methods (version 2.0 also supports Password-publickey and any certifications):
Password Authentication. The client encrypts the user name and password, sends it to the server, and authenticates the server after decryption.
Digital signature authentication. On the device, the RSA or DSA public key algorithm is used to digitally sign the data, generate the common and key, and then upload it to the server. When signing in, the server sends a random string to the client, and the user encrypts it with his private key and sends it back. The server uses the stored public key for decryption authentication.
Familiar with the Linux friends often use to an SSH Secure Shell cilent tool, this article is based on the principle of cryptography learning, in the SSH encryption principle, the use of RSA Asymmetric encryption algorithm, this article also do learning and understanding.
Asymmetric Encryption Algorithm
In the daily work of production, we often need to communicate data, developers often need to decrypt the data to ensure that the data security. Data encryption algorithm is not symmetric encryption and asymmetric encryption two, commonly used des, Sanchong des, AES, etc. are symmetric encryption, that is, through a key can be data encryption and decryption, once the key leaks, the transmission of data is not secure.
The core of asymmetric encryption algorithm originates from mathematics problem, it exists the concept of public key and private key, and it takes two keys to complete encryption and decryption operation. We often say that "public key encryption, private key Encryption" or "private key encryption, public key decryption" is the category of asymmetric encryption, the RSA algorithm described later is also a typical asymmetric encryption algorithm. The public key encrypted data must be decrypted using the private key, and the data encrypted by the private key can only be decrypted by the public key.
Compared with symmetric encryption, the security of asymmetric encryption has been improved, but there are obvious shortcomings, the efficiency of asymmetric plus decryption is much less than symmetric plus decryption. Therefore, asymmetric encryption is often used in some applications or areas where security requirements are high.
Typical RSA Asymmetric encryption
RSA encryption algorithm is a typical asymmetric encryption algorithm, it is based on large number of factorization math problem, it is also the most widely used asymmetric encryption algorithm, in 1978 by the United States Massachusetts Institute of Technology (MIT) three-bit learning: Ron Rivest, Adi Shamir and Leonard Adleman co-proposed.
The principle is simple, we assume that there is message sender A and message receiver B, through the following steps, we can complete the encryption of the message delivery:
Message sender A locally constructs the key pair, the public key, and the private key;
Message sender A sends the resulting public key to the message receiver B;
When B sends the data to a, it is encrypted by the public key , and a is decrypted by the private key after receiving the data, and a communication is completed;
Conversely, when a sends data to B, the data is encrypted with the private key , and B is decrypted by the public key after receiving the data.
Because the public key is the message sender A is exposed to the message receiver B, there is a security risk in this way, if the public key is leaking during the data transfer, a data encrypted by a private key may be decrypted.
If a more secure cryptographic messaging model is to be established, the message sender and the message receiver are required to build a set of key pairs and expose their respective public keys to each other, and when the message is delivered, A through B's public key encrypts the data, B receives the message through B's private key Decryption, whereas B is encrypted by the public key of a, and a is decrypted by the private key of a after it receives the message.
Of course, this approach may have the potential for data transmission to be simulated, we can use digital signature technology to further enhance security. Due to the existence of multiple asymmetric encryption and decryption, the efficiency of this method is more serious.
SSH encryption principle
In the principle of SSH security protocol, is a combination of asymmetric encryption and symmetric encryption algorithm, look first:
Here is a description:
First, the server will generate a public key and private key through asymmetric encryption;
When the client initiates the request, the server exposes the public key to the client, and the public key can be exposed arbitrarily;
After the client obtains the public key , it first produces a session key consisting of 256 random digits, which is called a password;
The client encrypts the password through the public key and sends it to the server side;
The server side is decrypted by the private key to obtain the communication password;
After that, the client and the service side of the information passing, all through this password for symmetric encryption.
Personal feeling, such a design to a certain extent improve the efficiency of encryption and decryption, however, and the client service side to build a set of key pairs of encryption and decryption method compared to the security may be reduced. In the above-described through the password encryption process, the data can also be tapped, but because the key is 256 random numbers, there are 10 of the 256-way combination, so it is very difficult to crack. Relative or relatively safe. The server side and the client both know the key in advance, ssh this way, and the server is getting the key through decryption.
DH key exchange algorithm
The principle of SSH is based on RSA Asymmetric encryption, RSA is based on large number of factorization math problem, the following mentioned DH key exchange algorithm is based on the discrete logarithm problem on the finite domain.
DH algorithm is a key negotiation algorithm, only for the allocation of keys, not for the addition and decryption of messages. It provides a secure way to exchange keys for data encryption and decryption by exchanging the keys. Like the SSH principle, the password is exchanged, but the DH algorithm is more secure.
Let us give an example to illustrate the hypothesis that there are two sides, a, B, a as the sender, and B as the receiver. The following steps allow you to build a key password that belongs to both parties, as follows:
First, A, b both sides, in the communication before the construction of their own key pair, the assumption is public key A, private key A, public key B, private key B;
A exposes its own public key a to b,b through a certain operation of private key B and public key A to generate a local key B;
Similarly, B exposes its own public key B to a,a through a certain operation of the private key a and public key B to generate the local key A;
Finally, the interesting point of this algorithm is that the key a and key b are consistent, so that both A and B have a "secret" password that belongs to both parties;
The result of DH algorithm is that symmetric encryption is excessive to asymmetric encryption, which lays a foundation for the generation and development of the subsequent asymmetric encryption.
SSH principle and public key private key