Java implementation of the SSH protocol client login authentication method

Background

Before we begin, let's have a broad overview of the SSH protocol, which is more conducive to our understanding of this article. The first thing to mention is the computer network protocol, the so-called Computer network protocol, simply defined a set of standards and rules, so that different computers can carry out normal network communication, not to appear on a machine issued on the other machine to become an illegible garbled, SSH is one of many agreements. After the classic seven-layer OSI model (Open System interconnection Reference model) appears, it solves the compatibility problem of network interconnection greatly, it divides the network into three parts of service, interface and protocol, and the Protocol is how to realize the service of this layer. The SSH and Telnet protocols are used primarily in the user layer (as shown in the darker part of Figure 1), i.e. the application layer, the presentation layer, and the session layer.

Figure 1. Seven-layer OSI model

Introduction to SSH

What is SSH

SSH (Secure Shell Protocol) is a protocol to secure remote logins and other secure network services on an unsecured network. This definition is derived from the IETF (Internet Engineering Task Force). In the TCP/IP five-tier model, SSH is a security protocol that is applied to the application layer and the transport layer.

The advantages of SSH

Traditional network transmission, such as: Telnet, FTP, and so on, using the plaintext transmission of data and passwords, so easy to be hackers such intermediaries sniff to the transmission of data, greatly reducing the network's communication security. The SSH protocol uses data encryption to establish a secure network transmission channel, which enhances the security of the data in the network transmission process. The complexity of data encryption can result in more network resources being consumed. SSH will compress the encrypted data in a certain amount, thereby slowing down the network bandwidth usage. To sum up, the advantages of SSH are as follows:

Data encryption for increased security

Data compression, improve the transmission speed of the network.

Architecture for SSH

After a preliminary understanding of SSH, let's look at how the SSH protocol achieves secure data communication. First look at the main architecture of the SSH protocol:

Figure 2. The composition of the SSH protocol

Transport Layer protocol: typically running on top of TCP/IP, is the basis of many secure network services, providing data encryption, compression, server authentication and data integrity. For example, public key algorithm, symmetric encryption algorithm, message authentication algorithm and so on.

User authentication protocol: run on the transmission layer of the SSH protocol to detect the validity of the authentication method of the client.

Connection Agreement: Run on the user authentication layer, provide interactive logon session, remote command execution, forwarding TCP/IP connection functions, provide a secure and reliable encrypted transmission channel for data communication.

Application of SSH

In the actual work, many target machines are often we can not directly operate, these machines may be a company's engine room server, may also be a far side of the ocean customer environment. At this point we have to telnet to the target machine to perform the operations we need, not only reducing operating costs, but also improving execution efficiency. Our common Telnet protocol is SSH, Telnet, and so on. As mentioned above, Telnet is the use of plaintext transmission, so the ulterior motives of the "middleman" has an opportunity, relative to the Telnet protocol, SSH Protocol security is much higher. This feature also makes the SSH protocol quickly promoted, and many large projects are more or less used in this protocol. This article mainly discusses the SSH protocol user authentication protocol layer, and the following unified the remote machine referred to as the servers (server), the local machine called client.