Quick overview of SSH
The SSH protocol uses encryption to secure the connection between a client and a server. All user authentication, commands, output, and file transfers are encrypted to protect against attacks in the network.
Cliet Server Model
- client 需要有 ssh program 負責發送 connection request
- server 運行一個 ssh daemon,負責監聽 ssh connection request (預設 TCP port22)
Public Key Cryptography
- 一個 publick key 對應一個 private key,兩者可以互相解密
- public key 加密資料、驗證簽名
- private key 解密資料、簽名(signature)
Signature
signature 確保資料傳輸的能符合
- 資料在傳輸過程中不會被篡改
- 確實是從持有 private key 的來源所發佈
簡易流程如下
- 將要傳送的資料 hash 後,以 private key 進行加密,得到簽名 (signature)
- 將簽名與資料一同送出
- 收到資料與簽名後,以同樣的 hash 方式將資料轉為 hash value
- 透過公鑰解開簽名,比對步驟 3 的 hash value
Password Authentication
未將 client 端的 public key 加至 server .ssh/authorized_keys
ssh <username>@<remote_host>
# specify the port
ssh -p 2222 <username>@<remote_host>Public Key Authentication
generating ssh keys
ssh-keygen -t rsa
# hit enter to put the key files in the default place
# hit enter to give an empty passphrase
# hit enter again to confirmadd the public key to server machine
mkdir ~/.ssh
vi ~/.ssh/authorized_keys # paste in client public key
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysconnecting to server
ssh <username>@<remote_host>