SSH basic principles and password-free Login

SSH is short for Secure Shell, developed by the IETF Network Team Network Working Group. SSH is a security protocol built on the application layer and transport layer. SSH is a reliable protocol designed for remote logon sessions and other network services. The SSH protocol can effectively prevent information leakage during Remote Management. SSH was originally a program on a UNIX system and then quickly extended to other operating platforms. SSH can compensate for Network Vulnerabilities when used correctly. The SSH client is applicable to multiple platforms.

From the client perspective, SSH provides two levels of security verification:

The first level is password-based security verification.

You can log on to the remote host as long as you know your account and password. All transmitted data is encrypted, but it cannot be guaranteed that the server you are connecting to is the server you want to connect. The process is as follows:

1) the remote host receives a user login request and sends its public key to the user.

2) The user uses this public key to encrypt the logon password and send it back.

3) the remote host uses its own private key to decrypt the login password. If the password is correct, the user is allowed to log on. In this way, other servers may impersonate the Real Server, send the public key to the client, and the client will encrypt the password and send it to the impersonating server, the impersonating server can obtain the password with its own private key, that is, being attacked by the man in the middle.

It is worth mentioning that when you connect to the remote host for the first time, you will be prompted for the "Public Key fingerprint" of the current host, asking if you want to continue. If you choose to continue, you can enter the password to log on, when the remote host accepts the accesskey, the public key of the server will be saved ~ /. Ssh/known_hosts file.

The second level is key-based security verification.

You need to rely on the key, that is, you must create a pair of keys for yourself, and put the public key on the server to be accessed. If you want to connect to the SSH server, the client software will send a request to the server, requesting your key for security verification. After receiving the request, the server first looks for your public key under your home directory on the server, and then compares it with the public key you sent. If the two keys are the same, the server uses the public key to encrypt the question and send it to the client software. After the client software receives a question, it can use your private key to decrypt it and then send it to the server. In this way, you must know your key password. However, compared with the first level, the second level does not need to transmit passwords over the network. The second level not only encrypts all transmitted data, but also the "man-in-the-middle" attack method is impossible because it does not have your private key ). However, the entire login process may take 10 seconds, but it is not longer than the password input method.

So how do I generate my own key pair? Open the terminal and run ssh-keygen ~ The/. ssh/directory creates id_rsa and id_rsa.pub files, which are your public key and private key respectively.

Copy the public key to the server ~ /. Ssh/authorized_keys file. There are several copy methods:

Of course there are other methods that I don't know. It is a good method to use.

Test

If you have a remote linux server, you can try it by yourself. If it doesn't matter, you can log on to your computer and execute: ssh localhost. Of course, if you have not set up the server, an error will be prompted. Execute sudo apt-get install openssh-server to install an ssh-server, and then you can log on using ssh.