Use OpenSSH in Windows

SH and OpenSSH

Traditional network service programs, such as FTP, pop, and telnet, are inherently insecure because they are
Attackers can easily intercept passwords and data by using plain text. In addition, the security authentication methods of these service programs also have their weaknesses, that is, they are vulnerable to "man-in-the-middle"
(Man-in-the-middle) attacks. The so-called "man-in-the-middle" attack means that "man-in-the-middle" impersonates a Real Server to receive data from your server and then
Upload the data to the Real Server. When the data transfer between the server and you is transferred by a man-in-the-middle, a serious problem may occur.

SSH full English
Secure
Shell. By using SSH, You can encrypt all transmitted data so that the "man-in-the-middle" attack method is impossible and can also prevent DNS and IP spoofing. There is another amount
The advantage is that the transmitted data is compressed, so it can speed up transmission. SSH has many functions. It can replace Telnet and provide one for FTP, pop, and even PPP.
Secure channels ".

SSH was initially developed by a Finnish company. However, due to copyright and encryption algorithm restrictions, many people have switched to OpenSSH. OpenSSH is an alternative to SSH and is free of charge. It is expected that more and more people will use it instead of SSH in the future.

SSH is composed of the client and server software. There are two incompatible versions: 1.x and 2.x. The client program using SSH 2.x cannot connect to the service program of SSH 1.x. OpenSSH 2.x supports both SSH 1.x and 2.x.

How does SSH security authentication work?

From the client perspective, SSH provides two levels of security authentication.

Level 1 (password-based security verification) you can log on to the remote host as long as you know your account and password. All transmitted data is encrypted, but it cannot be guaranteed that the server you are connecting to is the server you want to connect. Other servers may pretend to be real servers, that is, being attacked by man-in-the-middle.

The second level (key-based security verification) depends on the key, that is, you must create a pair of keys for yourself and put the public key on the server to be accessed. If you want to connect to the SSH server
The client software sends a request to the server and uses your key for security verification. After receiving the request, the server first finds your public key in the home directory of the server, and then sends it to you.
Compare the public keys. If the two keys are consistent, the server uses the public key to encrypt the challenge and send it to the client software. After the client software receives the question
You can use your private key for decryption and then send it to the server.

In this way, you must know your key password. However, compared with the first level, the second level does not need to transmit passwords over the network.

The second level not only encrypts all transmitted data, but also the "man-in-the-middle" attack method is impossible (because he does not have your private key ). However, the entire logon process may take 10 seconds.

OpenSSH solution in Windows

We can see that SSH has many advantages, so many modern Linux servers no longer open traditional Telnet and FTP services based on security considerations, but adopt more secure SSH

And SFTP. As Linux becomes more and more popular in the server field, this situation is becoming more and more common. From the security perspective, this is certainly a progress, but it also brings new problems. Because it is currently used to provide
OpenSSH for ssh-related services is mainly developed in the Linux environment. In order to allow clients using the Windows platform to communicate with OpenSSH servers on Linux servers, I
We need to find an OpenSSH windows solution. Of course, based on the many security features of SSH, enabling Windows servers to run ssh-related services is also attractive.
Idea. Therefore, finding an SSH solution for Windows has become the goal of many network administrators.

Here, the OpenSSH
Windows version. After all, OpenSSH is almost synonymous with SSH implementation, and has excellent compatibility with various existing SSH servers and clients. I have encountered some other support
The key generated by the SSH client tool cannot be identified by the SSH server. The problem is solved after I replace the OpenSSH key generation tool to regenerate the key. In this article, we will mainly introduce
The use of OpenSSH on Windows. OpenSSH
Windows is actually the OpenSSH installation package in the cygwin installation package. It is the minimum tool required to install OpenSSH without installing the entire cygwin installation package.
Set.

TIPS: What is cygwin?

Cygwin is a Linux Simulation Environment in windows.
Environment. It consists of two parts: the cygwin1.dll file, which is used as a Linux
The API simulator layer provides various Linux system calls for Linux applications. The other part includes a series of commonly used Linux tool kits which use the source code of these tools.
Compiled for the cygwin environment in Chongqing. OpenSSH
Windows is one of these toolkit. It should be noted that cygwin does not allow the native Linux program to run directly in windows. If you want a Linux Application
If the program runs in Windows, you will not be able to re-compile the application from the source code.

However, OpenSSH for Windows is a command line tool and is not compatible with Windows 2003. There are also some OpenSSH alternatives for Windows. Below I will mainly introduce several free products.

Putty is the most famous of these products. It actually contains multiple tools used to complete various SSH functions, including SSH1 and SSH2 client and server implementation. It uses an MIT software license similar to BSD. It is also a command line-based tool.

Winscp is an open-source SFTP client using SSH in windows. SCP protocol is also supported. Its main function is secure replication between local and remote computers.
File. It is very user-friendly and can be used on the Windows Resource Manager interface or "Norton"
Commander interface, and has a Chinese version. Unfortunately, an error is always reported during installation on my Windows XP machine.

Secure ixplorer gplis a graphical front-end of pscp.exe (used to securely copy files) in the putty'tool package.

Filezilla is a powerful FTP client software on the Windows platform. It has rich features and supports SFTP.