Traditional FTP in the transmission mechanism and implementation of the principle is not considered security mechanism, because they are in the network with clear text transmission data, user account and user password, the person with ulterior motives can easily intercept the data, user account and user password. Moreover, these network service programs are vulnerable to the "middleman" (Man-in-the-middle) attack in this way. The so-called "middleman" mode of attack, that is, "middleman" impersonating a real server to receive your data to the server, and then impersonate you to the data to the real server. The data transfer between the server and you has been tampered with by the middleman, and there are serious problems.
SSH is the abbreviation for Secure Shell. By using SSH, all transmitted data can be encrypted, and DNS spoofing and IP spoofing can be prevented. With SSH, you can also compress the transferred data, so you can speed up the transfer. SSH can provide a secure "channel" for FTP.
SSH protocol is a security protocol based on application layer and transport layer, which is mainly composed of the following three parts to realize the security secrecy mechanism of SSH.
• Transport layer protocol, which provides security measures such as authentication, trust, and integrity testing, and it can optionally provide data compression capabilities. Typically, these transport-layer protocols are built on the TCP data stream that is connected to the connection.
L User authentication protocol layer, used to realize the identity authentication between server and client, it runs on the Transport Layer protocol.
L Connection protocol layer, allocating multiple encrypted channels to some logical channel, which runs on the user authentication layer protocol.
When a secure Transport layer connection is established, the client sends a service request. A second service request is sent when the user authentication layer connection is established. This allows newly defined protocols to coexist with previous protocols. The Connection Agreement provides a standard way to provide multiple destination channels, to set up secure interactive shell sessions, and to transmit arbitrary TCP/IP ports and X11 connections.
SSH provides two levels of security authentication: SSH1 and SSH2.
SSH1 (password based security authentication), as long as you know your account number and password, you can log on to the remote host, and all the transmitted data will be encrypted. However, this validation does not guarantee that the server you are connecting to is the server you want to connect to. There may be other servers posing as real servers, which are attacked by "man-in-the-middle" attacks.
SSH2 (security verification based on key), you need to rely on the key, that is, you have to create a pair of keys for yourself, and the public key on the server you need to access. If you are connecting to an SSH server, the client software sends a request to the server requesting security verification with your key. After the server receives the request, first look for your public key in the user root directory of the server and compare it to the public key you sent over. If two keys are identical, the server encrypts the "Challenge" (challenge) with the public key and sends it to the client software. After the client software receives a "challenge", you can decrypt it and send it to the server with your private key.
Compared to SSH1, SSH2 does not need to transmit user passwords over the network. In addition, SSH2 not only encrypts all the transmitted data, but the "middleman" attack is impossible (because he doesn't have your private key). However, the entire login process may be slower.
SSH's most common application is to replace the traditional telnet, FTP and other network applications, through SSH login to the remote machine to perform the work you want to do and command. In an insecure network communication environment, it provides a strong authentication (authentication) mechanism and a very secure communication environment.
The protocol for FTP transmission using the SSH protocol is called SFTP (secure file transfer).
We can use SFTP as a protocol for passing information files. With SFTP, you need to enable the FTP server to support the SFTP protocol and access the server using SFTP on the client.
server-side software that supports SSH
L Vshell SSH Server software under Server,windows platform
There are a lot of SSH server software under the Unix/linux platform.
SSH-enabled client software under Windows platform
L Entunnel
L SECURECRT
L SECUREFX
L F_secrue
SFTP Development
Putty is an SSH client program under Windows platform that supports SFTP. For more information on putty, refer to:
http://www.chiark.greenend.org.uk/~sgtatham/putty/