Huawei Hcie Theory and practical Notes "4-SSH management"

Noun Explanation:

SSH, the abbreviation for secure Shell, is a protocol similar to Telnet, and the difference is that SSH encrypts the data during the transmission of the information.

"Key" key is a way of encrypting data, divided into symmetric key and asymmetric key, the symmetric key of its encryption process and decryption process using the same cipher text, asymmetric key is divided into public key (encryption) and private key (decryption) two cipher text.

"Symmetric key" the most common symmetric key is commonly used in television "book Encryption", that A and B hold a book, a will be passed by the number of pages, number of lines, number of columns and other numbers, B obtained these numbers, the use of the same book will be able to reverse this information deduced. Computer encryption is also referred to this way, the user when attempting to connect the device to the user to send a "conversion dictionary", the user's client will be based on the conversion dictionary to encrypt the user instructions generated ciphertext, and then passed through the network to the device, the device obtained ciphertext and then according to the conversion dictionary to decrypt cipher text into instructions, The same process is true for device-to-client messaging. The problem with symmetric keys is that if there is enough time, the conversion dictionary is still likely to be cracked.

" asymmetric key" asymmetric key is relative to the symmetric key, the basic principle is similar to the symmetric key, different asymmetric keys exist two books, respectively, the public and private keys. Figuratively speaking, A and b hold two books A and b,a will be passed the word book A to encrypt, b if you use book B can be the correct decryption of information, b if using book a instead of decrypting the information. In a scenario, when a user tries to connect to a device, the device sends a public key to the user's client and saves a private key within the device. Before the user sends the data, the client encrypts the information with the public key before it is passed to the device, and the device decrypts it with the private key. When a device sends a message to a user, it encrypts the information with the private key, and the client decrypts it using the public key. Information that is encrypted in this way can theoretically be cracked, but the cost of time and the computational resources needed are astronomical, in fact, largely non-operable.

"RSA" RSA is an algorithm for asymmetric keys, proposed by Ronald Leevist (Ron rivest), Adi Samor (Adi Shamir), and Lennard Adman (Leonard Adleman), which takes the first letter of the three names.

The meaning of an SSH

When a user interacts with a device using Telnet, there are two problems, one is that the data is transmitted in clear text on the network, and anyone who is connected to the network can use the capture software to intercept the information. Second, the authenticity of the device can not be checked, the person with the ulterior motives may disguise a target device on the network to intercept the user's instructions. SSH is used to solve these two problems, data is encrypted using SSH, and if necessary, an encrypted password can be placed on the target device to identify the authenticity of the device.

How two SSH encrypts when transmitting data

SSH application environment generally has two roles, one is the user's client, and the other is the target device. When a user attempts to connect to a target device using a client, the SSH server on the device generates a public key and a private key, the device first sends the public key to the client to save, and the user encrypts the information by using the public key when sending the message to the device. After the device obtains the encrypted information, it uses the private key to decrypt the ciphertext to get the real information sent by the user. The whole process of information transmission in the network is encrypted, so that other people in the network can not recognize the true meaning even if they intercept the information.

How three SSH ensures that the target device is real

Before the user establishes a connection with the device, the utility generates a public key A and a private key A on his own computer, the user first saves the public key A to the device and binds to a user name, and the private key A is saved to the client. When the connection is established, the device sends a public key B to the client, the user enters the user name and the user name is encrypted with public key B and sent to the device, the device decrypts the user name with private key B, and queries if the user name is bound to public key A, and if it is bound, the public key A is sent to the client. The client uses private key A to decrypt the public key A, and if decryption indicates that the device the user is currently connected to is a specified device, the validation passes. Note that public key A is also encrypted and decrypted using the secret key generated by the device during delivery. The essence of this process is that the user saves a specific password in advance on the device, verifies the password when the connection is established, and allows the user to log in directly to the device without requiring a password.

Four SSH configuration for user name plus password Authentication

1. Create a test user

2. Configure user test to username and password Authentication (default)

[ar]ssh User test Authentication-type password

3. SSH function of enable device

[Ar]stelnet Server enable//enable SSH function [Ar]rsalocal-key-pair create//Generate a new key pair

Five SSH configured for RSA authentication

1. Use software Puttygen to generate a key pair public.pub and PRIVATE.PPK

2. Import the private key to the user's client software

3. Use Sshkey to parse the public.pub into a public key that the device can recognize (a string of characters)

4. Import the public key to the device

[Ar]rsa peer-public-key Test1-key//Create a public key Test1-key [Ar-rsa-public-key]public-key-code Begin//Start-character paste [Ar-rsa  -key-code]//Paste the preceding public key (a string of characters) [Ar-rsa-key-code]public-key-code end//end character of the sticker [Ar-rsa-public-key]peer-public-key End//exit public key creation

5. Create a test1 user

6. Configure User Test1

[Ar]ssh user test1 authentication-type RSA//TEST1 users configured for RSA authentication [AR]SSH user test1 Assign Rsa-key test1-key//Specify its public key as The Test1-key created earlier

7. SSH function of enable device

[Ar]stelnet Server enable//enable SSH function