Introduction to SSH and rsync

SSH

1. Function

SSH is the acronym for Secure Shell, secure shell protocol. SSH is a security protocol based on the application layer and the transport layer. SSH is currently a more reliable protocol for providing security for Telnet sessions and other network services.

The SSH protocol can effectively prevent the information leakage problem in the process of remote management. Traditional network service programs, such as FTP, pop, and telnet are inherently unsafe because they transmit passwords and data in clear text on the network, and it is easy for people with ulterior motives to intercept passwords and data. Furthermore, the security authentication methods of these services have their own weaknesses, and are vulnerable to the "middleman" (Man-in-the-middle) attack in this manner. The so-called "middleman" mode of attack, is the "middleman" impersonating a real server to receive the data you pass to the server, and then impersonate you to the data to the real server. The data transfer between the server and you has been tampered with by a "middleman", and there will be serious problems. By using SSH, you can encrypt all transmitted data so that the man-in-the-middle attack is not possible and can prevent DNS spoofing and IP spoofing. An additional benefit of using SSH is that the data being transferred is compressed, so the speed of transmission can be speeded up. SSH has many functions, which can replace Telnet, and can provide a secure "channel" for FTP, PoP, and even PPP.

2. Verification:

From a client perspective, SSH provides two levels of security authentication.

　　First level (password-based security authentication)

As long as you know your account number and password, you can log on to the remote host. All transmitted data will be encrypted, but it is not guaranteed that the server you are connecting to is the server you want to connect to. There may be other servers impersonating a real server, which is an attack by the "middleman" approach.

　　Second level (security authentication based on key)

You need to rely on the key, which means you have to create a pair of keys for yourself and put the public key on the server you need to access. If you are connecting to an SSH server, the client software sends a request to the server requesting security verification with your key. After the server receives the request, first locate your public key on the server in your home directory and compare it to the private key you sent over. If two keys are identical, the server encrypts the "Challenge" (challenge) with the public key and sends it to the client software. After the client software receives a "challenge", you can decrypt it and send it to the server with your private key.

In this way, you must know your secret key password. However, the second level does not require a password to be routed over the network, as compared to the first level.

The second level not only encrypts all the transmitted data, but also the "middleman" attack is impossible (because he doesn't have your private key). However, the entire login process may take 10 seconds.

rsync:

Remote synchronize, as implies to know it is a remote synchronization function of the software, it synchronized files at the same time, you can keep the original file permissions, time, soft and hard links and other additional information. Rsync provides a quick way to file synchronization between a client and a remote file server using the rsync algorithm, and can transmit files via SSH, which is also very good.

Rsync includes some of the following features:

Ability to update entire directories and trees and file systems;
Has the selective keeping symbol chain, the hard link, the document belongs, the authority, the equipment and the time and so on;
For installation, there is no special permission requirements;
For multiple files, the internal pipeline reduces the delay of file waiting;
Can be used rsh, SSH or direct port as the transmission into the port;
Support anonymous rsync synchronization files, is the ideal mirror tool;