Shulou(Shulou.com)06/01 Report--

The noun explains:

[ssh] ssh, the abbreviation of Secure Shell, is a protocol similar to telnet, except that ssh encrypts data in the process of information transmission.

[key] key is a way of encrypting data transmission, which is divided into symmetric key and asymmetric key. The encryption process and decryption process of symmetric key use the same ciphertext. Asymmetric key is divided into public key (encryption) and private key (decryption).

[symmetric key] the most common symmetric key is the "book encryption" commonly used in television, that is, An and B hold a book at the same time, and the words A will transmit are represented by the number of pages, rows, columns and other numbers of the book. After B gets these numbers, the information can be deduced backwards using the same book. The computer also refers to this way when encrypting. When the user tries to connect the device, the device sends a "conversion dictionary" to the user, and the user's client encrypts the user's instructions to generate ciphertext according to the conversion dictionary, and then sends it to the device through the network. After the device gets the ciphertext, the device decrypts the ciphertext into instructions according to the conversion dictionary, and the information transmission from the device to the client is the same process. The problem with symmetric keys is that if there is enough time, the conversion dictionary may still be cracked.

[asymmetric key] asymmetric key is relative to symmetric key, and the basic principle is similar to symmetric key, except that there are two books on asymmetric key, which are public key and private key. Metaphorically speaking, An and B hold two books An and B respectively. The words to be transmitted by An and B are encrypted by Book A. if B uses Book B, it can decrypt the information correctly, while B can not decrypt the information if it uses Book A. In the application scenario, when the user tries to connect to the device, the device sends a public key to the user's client and saves a private key in the device. Before the user sends the data, the client encrypts the information with the public key, and after passing it to the device, the device uses the private key to decrypt it. When the device sends information to the user, it first encrypts the information with the private key, and then the client uses the public key to decrypt it. The information encrypted in this way may also be cracked in theory, but the time cost and computing resources required are astronomical, that is, it is basically inoperable in fact.

[RSA] RSA is an algorithm for asymmetric keys proposed by Ron Rivest, Adi Shamir and Leonard Adleman, which takes the initials of the three names.

The meaning of one ssh

When users use telnet to interact with the device, there are two problems: one is that the data is transmitted in clear text on the network, and anyone connected to the network can use packet capture software to intercept this information. Second, it is unable to check the authenticity of the device, people with ulterior motives can disguise a target device on the network to intercept the user's instructions. Ssh is used to solve these two problems. When using ssh for data transmission, the data is encrypted. If necessary, an encrypted password can be placed on the target device to identify the authenticity of the device.

How to encrypt ssh when transmitting data

There are generally two roles in the application environment of ssh, one is the client of the user, and the other is the target device. When the user uses the client to try to connect to the target device, the ssh server on the device will generate a public key and a private key. The device first gives the public key to the client to save. When the user sends the information to the device, the client first uses the public key to encrypt the information. After the device gets the encrypted information, the device uses the private key to decrypt the ciphertext to get the real information sent by the user. The whole process of information transmission in the network is encrypted, so that other people in the network can not recognize its true meaning even if they intercept the information.

How does ssh ensure that the target equipment is real?

Before establishing a connection with the device, the user uses the tool to generate a public key An and a private key An on his computer. The user first saves the public key A to the device and binds it to a user name, and saves the private key A to the client. When establishing a connection, the device sends a public key B to the client. After the user enters the user name, the client encrypts the user name with the public key B and sends it to the device. The device decrypts the user name with the private key B and inquires whether the user name is bound with the public key A. if so, the public key An is sent to the client, and the client uses the private key A to decrypt the public key A. If it can be decrypted, it indicates that the device to which the user is currently connected is a specified device, and the verification is passed. Note that public key An is also encrypted and decrypted using the secret key generated by the device during the delivery process. The essence of this process is that the user saves a specific password on the device in advance, verifies the password when the connection is established, and allows the user to log in directly to the device without the need for a password.

Four ssh is configured for user name and password authentication

1. Create a test user

two。 Configure user test as username plus password authentication (default)

[AR] ssh user test authentication-type password

3. Ssh function of enabling device

[AR] stelnet server enable / / enable the ssh function [AR] rsalocal-key-pair create / / generate a new key pair

5. Ssh is configured for RSA authentication

In Huawei switches, RSA authentication is the use of pre-created keys to verify users and devices as mentioned in the previous "three".

1. Use the software puttygen to generate a key pair public.pub and private.ppk

two。 Import the private key into the user's client software

3. Use sshkey to parse the public.pub into a public key (a string of characters) that the device can recognize

4. Import the public key to the device

[AR] rsa peer-public-key test1-key / / create a public key test1-key [AR-rsa-public-key] public-key-code begin / / start character paste [AR-rsa-key-code] / / paste the previous public key (a string of characters) [AR-rsa-key-code] public-key-code end / / binding character paste [AR-rsa-public-] Key] peer-public-key end / / exit the creation of the public key

5. Create a test1 user

6. Configure user test1

[AR] ssh user test1 authentication-type rsa / / test1 user is configured for RSA authentication [AR] ssh user test1 assign rsa-key test1-key / / specifies that its public key is the test1-key created earlier

7. Ssh function of enabling device

[AR] stelnet server enable / / enable ssh function

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.