OSX: SSH key usage diary (1)

OSX: SSH key usage diary (1) We all know that using an SSH key pair to log on to a remote computer without a password is a long history story. There are also a lot of classical materials, but those materials are a little too difficult to understand for new scholars. So this article tries to explain it in a more humane language and demonstrate how to implement it between Mac. You have to talk about the term first. To put it bluntly, an SSH key pair is a pair of locks and keys. A key pair is a pair of public and private keys, they were first generated by a random number of prime numbers-the detailed technical details of the specific depth involve mathematics, which is very big. Currently, it is basically impossible to crack 99.99% of thieves in the world, that is, private key content cannot be rolled out through a shared key. Remember: public keys can be made public to anyone, while private keys must be kept by themselves. Therefore, you can use them as a key to unlock them. A tool can be used to create a key (Private Key) and a lock (Public Key). This lock can only be used to open a key. In a computer world that can be freely replicated, keys and locks can be copied. If you keep them safe and do not lose or disclose them, it doesn't matter how many locks are made. This is the key that can be opened, that is, you can install copies of the lock on all the computers you want to control, so you can use this key to control these computers. Sometimes you can add passphrass to the key for security purposes. The key cannot be used because it is incorrect. A computer system is like a well-protected Castle. Its wall root has a main entrance (logon window service), which is a channel for normal access, there is a guard (login verification program) there to show you the certificate (user name and password); sometimes, the guard needs to call the big manager to confirm your identity (network user login ), because the pass/road permit can be stolen/leaked, but there is only one manager in the city wall. It knows all the people allowed to enter. The manager looks at it and OK is the person, the guard will let you in. If the phone fails and you never leave fingerprints, you will not be allowed in. Sometimes, you may find yourself a local acquaintance (Local Account ), when you say hello to the European Union, you will be allowed to enter the door. However, the number of local acquaintances is very prone to problems, and the guard may be bought or cheated by the guard. Why can I use an SSH key to log on to another computer without a password? That's because you or anyone with sufficient rights (the big manager himself or the big manager's proxy) installed a door (authorized_keys) on the computer's side wall (ssh service ), A lock is installed on this door. This lock is your public key. You hold your own key-private key. If this key is set to a secret, so when using the key, you should first look at the dark code-well, you should open the lock and open the door to go in. Another person-if you have sufficient permissions, you can also install one of your own doors and locks. You can also use your own keys to unlock the locks. In general, all the roads that open SSH are area-bent paths. Unlike the main entrance, there are bright lights on both sides of the avenue, reception rooms, halls, hatchways, and people, when you move your mouth, you will be able to walk around and do things for you; and SSH will do everything yourself, tired of doing things, however, as long as mo men started to do some things well ,. Therefore, whether the computer is safe or not cannot simply look at how high the wall is, full of power grids, pulling a barbed wire, it looks quite scary. Stupid To cut wire mesh, carrying a large gun (brute force cracking), clever find the trick, find the door to say. So whether it is safe depends on how many doors are on your wall, and whether each door and door lock are safe enough.