数据

SSH Secure Shell for abbreviations, Network of IETF Working Group (the Network Working Group) defined; SSH is established on the basis of the application layer and transport layer security protocol. SSH is a more reliable, especially for remote login sessions and other web services provide security agreement. Using the SSH protocol can effectively prevent the information leakage problem in the process of remote management. Originally U N I S S H X system on a program, and then quickly spread to other platforms. S S H when used correctly can make up for the loopholes in the network. S S H applies to a variety of client platforms. Almost all of U N I X platforms - including H P - U I N U X, X, L A I X, S o L A r I S, Digital UNIX, the I r I, X, and other platforms - can run S S H.
Traditional network service program, such as FTP, Telnet and pop in essence is not safe, because they are sent by cleartext passwords and data on the Internet, people with ulterior motives are very easy to intercept the password and data. Also, the service program of safety verification method also has its weaknesses, is vulnerable to "middlemen" (man - in - the - middle attacks on this way. So-called "middleman" attacks, is the "middleman" pretending to be the real server receives the data to the server, you then pretend to be you pass data to the real server. Data transmission ween server and you are "middlemen" a changed hands do the hands and feet, can appear very serious problem. By using SSH, you can put all the data is encrypted, so "middlemen" of this form of attack is impossible to achieve, but also can prevent DNS deceit and IP spoofing. Using SSH, there is an added bonus is the transmission of data is compressed, so can speed up the transfer speed. SSH has many functions, it can replace the Telnet, and can provide FTP, PoP, and even for the PPP with a safe "tunnel".
From the client perspective, SSH provides two levels of security verification.
The first level (based on password security verification)
As long as you know your account number and password, you can log on to the remote host. All data transmission will be encrypted, but can't promise you attempting to connect to the server is that you want to connect to server. There may be other servers in the pretend to be the real server, is attacked by the "middleman" in this way.
The second level (based on key security verification)
Need to rely on the key, that is, you must create for himself a pair of keys, and put public keys need access to the server. If you want to connect to the SSH server, client software can send requests to the server, a request with your key for security verification. Server, after receipt of a request to your home directory on the server for your public key, and then put it and you send to come over to the public key is used in the comparison. If two keys are consistent, the server is "inquiry" is encrypted with the public key (challenge) and sends it to the client software. Client software have received the "question" you can use your private key to decrypt and sends it to the server again.
In this way, you must know your key password. However, compared with the first level, second level do not need to send password on the web.
The second level not only encrypt all transmitted data, and the "middleman" this way of attack, it would be impossible (because he was not your private key). But the entire login process may need to 10 seconds.
Edit this section if you look at in detail access ISP (Internet Service Provider, Internet Service Provider) or at the university of method, usually using Telnet or POP email client process. So, every time to get into his own account, the password you entered will be sent in clear way (i.e. no protection, directly readable), it will give an attacker a chance to steal your account - in the end you will be responsible for his actions. Due to the source code is open S S H, so it gained wide acceptance in the Unix world. Linux is its source code is open, the public can get free, and also won the recognition of similar. This makes all developers (or anyone) can be repaired by a patch or b u g to improve its performance, even can increase the function. Developers to obtain and install an SSH means that its performance can improve without having to get direct technical support from the original creator. S S H replaced the unsafe remote applications. SSH is designed to replace Berkeley version of the r command set; It also inherits the similar syntax. As a result, the user notices the difference ween using SSH and r command set. Use it, you can do something cool. By using SSH, you send information in an insecure network don't have to worry about will be listening in. You can also use the POP channel and Telnet, via SSH can use PPP channel to create a Virtual personal Network (Virtual Private Network, VPN). SSH also supports some other authentication methods, such as Kerberos and security ID card, etc.
But because of restricted by copyright and the encryption algorithm, now a lot of people to use OpenSSH instead. OpenSSH is SSH replacement software, moreover is free, can be expected in the future there will be more to the more people use it instead of SSH.
Edit this paragraph level SSH are mainly of three parts:
The transport layer protocol/SSH - TRANS
Provides the server authentication, confidentiality and integrity. It is sometimes also provide compression. SSH - TRANS usually run on the TCP/IP connection, may also be used for other reliable data flow. SSH - TRANS provides strong encryption technology, password, host authentication and integrity protection. Certification based on the host, in this agreement and this agreement does not perform user authentication. Higher level of user authentication protocol can be designed for in this agreement.
User authentication protocol [SSH - USERAUTH]
Used by the client to the server user authentication function. It runs on a transport layer protocol SSH - TRANS. When SSH - USERAUTH began, it received from the low-level protocol session identifier (in the first key exchange exchange hash H). Session identifier uniquely identifies the session and is suitable for the tag to prove the ownership of the private key. SSH - USERAUTH whether also need to know low-level protocol to provide privacy protection.
Connection protocol/SSH - CONNECT
Multiple encrypted tunnel into logical channel. It runs on the user authentication protocol. It provides the interactive logon session, remote command execution, forward X11 forwarding TCP/IP connection and connection.
SSH to edit this section structure is composed of client and server-side software, there are two incompatible version are: (1) and (2) x x. Use SSH 2. X client is not connected to the SSH (1) x service program. OpenSSH (2) x at the same time support SSH 1. 2 x and x.
The service side is a daemon (daemon), he runs in the background and response from the client connection requests. Server is commonly SSHD process, provide the handling of the remote connection, generally includes public key authentication and key exchange, the symmetric key encryption and secure connection.
Clients include SSH program and as SCP (remote copy), slogin (remote login), SFTP (secure file transfer), and other applications.
Their work mechanism is local client sends a connection request to a remote server, the server to check for the package and the IP address to send the key to the SSH client, local to the key back to the server, since the connection is established. SSH (1) x and SSH (2) x has some differences in connection protocol.
Once a secure transport layer connection is established, the client sends a service request. When complete the user authentication