SSH Learning Notes

1.ssh Brief Introduction

SSH (Secure SHell), a security protocol built on the application and transport tiers, provides security for Telnet sessions and other network services. Can effectively prevent information leakage during remote management, such as (Man-in-the-middle middleman), is an open source protocol , originated from UNIX.

Compare with Ftp,pop,telnet:

Ftp,pop and Telnet use plaintext to transmit passwords and data, while SSH uses encrypted transmissions and can prevent DNS and IP spoofing, and the transfer of SSH data is compressed to improve transmission speed.  SSH also has many other functions, such as: the use of PPP channel to establish a VPN; SSH can be used instead of ftp,pop and Telnet.

2. Two types of client security authentication levels for SSH

(1) Password-based

Encrypt the account and password and log in to the remote host, but there is no guarantee that the server you are connecting to is the one you want to connect to. So the server may be impersonating a man-in-the-middle attack.

(2) Key-based

Both the client and server must have your key, the connection is established by the comparison of the key, do not need to send a password, can prevent the man-in-the-middle attack, but the landing time is long.

3 Components of 3.SSH

(1) Transport layer Protocol [Ssh-trans]

(2) User authentication layer protocol [Ssh-userauth]

(3) Connection Agreement [Ssh-connect]

4.ssh1 and SSH2

SSH is divided into two versions that are incompatible with 1.x and 2.x. However, OPENSS supports these two versions at the same time.

Ssh-server is a daemon, generally the sshd process; Ssh-client includes SSH programs as well as applications such as SCP (remote copy), Slogin (telnet), SFTP (Secure file transfer), etc.

Common commands and options for 5.SSH

How to use: ssh [-l login_name] [hostname | [Email protected]] [Command] SSH [-afgknqtvxcpx246] [-C Blowfish | 3DES] [-E Escape_char] [-I. Identity_file] [-L login_name] [-o option] [-P Port] [-L Port:host:hostport] [-R Port:host:hostport] [hostname | [Email protected]] [Command]

(1) No parameter login ssh, will automatically use the current system login user name to log in, such as loger9567 ssh 192.168. 1.1

(2) Specify User name login ssh -l Roger 192.168. 1.1 or ssh [email protected]192.168. 1.1

(3) Specify Port (default:22) ssh 192.168. 1.2 -P 1234

(4) Compress ssh -c 192.168for all data requests. 1.2 is suitable for slow time, high-speed network is not good, in the SSH1 seems to not work

(5) Specify the encryption algorithm (DEFAULT:3DES) needs to modify the configuration file, in/etc/ssh/ssh_config or ~/.ssh/config to add a row Cipher blowfish #假如使用blowfish算法

(6) Open debug mode, tracking SSH connection situation: ssh -v 192.168. 0.102

(7) The binding source address (because one client may have more than one IP) ssh -b 192.168. 0.200 -L Roger 192.168. 1.1

(8) Display version: ssh -v 192.168. 1.1

(9) Specify the Authentication file: ssh -i identify_file 192.168. 1.1

(8) Other such as SSH x11 forwarding and designated configuration files, etc., used to re-check ...

SSH Learning Notes