Tags » Ssh

Questions about the GSW UTS (Telnet and SSH) Security

Security is serious business! Don’t be afraid to ask questions about Telnet and SSH. You want to clearly understand what you are purchasing.

SSH Server Security Q&A: 588 more words

Ssh Server For Windows

Enabling Rsync to the WD My Cloud

Here’s how to set up the WD My Cloud to be able to back up to it and restore from it using rsync from Linux: 291 more words

Systems Administration

#ansible and #python pexpect for unconventional ssh interfaces

Eating some ansible last months. Love the way it works. However, when you need to deal with some appliances using unconventional ssh interfaces. Well, It’s been quite a challenge. 464 more words

DevOps

Execute one command on all hosts

I have a couple of machines in my data center and sometimes it can be useful to run the same command on all the hosts. 270 more words

Bash

ssh使用

ssh使用SSL非对称加密实现,是保障网络通信安全的重要手段。常见的ssh登录远程服务器和github的代码上传都是使用了ssh协议

非对称加密

不同于传统的用户名/密码的验证方式,ssh使用非对称加密算法来保证安全性。

简单的说,现在有一种加密算法Ek和解密算法Dk,和一对特殊生成的密钥k1,k2。我们可以使用加密算法E和密钥k1来加密一段信息M。即X=Ek1(M)。非对称加密算法特殊的地方在于加密后的信息只能用另一个密钥k2来解开。即M=Dk2( Ek1(M) )。而只有k1的话是只能对信息加密不能解密的。这一过程中的k1和k2可以交换。即M=Dk1( Ek2(M) )。

我们把这两个密钥中的某一个自己偷偷藏着谁也不告诉,叫做私钥,另一个则公开出来,叫做公钥。这就是常说的公钥加密只有私钥能解,私钥加密只有公钥能解。

对于ssh登录来说,我们提前将自己的公钥放在服务器,私钥则自己藏着。我们考虑一个简化的模型。当需要远程登录服务器时,服务器生成一个随机数,用公钥加密发给客户端。客户端用私钥解密后将答案发给服务器,只有能正确解密的客户端才是合法的客户端。这里我们可以看到由于公钥加密的信息只有私钥能解,因此除了掌握着私钥的自己其他通信中间人都不知道具体的通信内容。实际的ssh登录过程比上述要更复杂一些,但核心原理就是以上了。

如果想深入了解非对称加密的知识可以参考密码学的书籍。

实战:

基础的Linux服务器免密码登录

创建公钥与私钥

输入ssh-keygen

root@a617896eadbb:/home/service# ssh-keygen

Generating public/private rsa key pair.

默认存放位置为用户目录的.ssh文件夹下(~/.ssh)

Enter file in which to save the key (/root/.ssh/id_rsa): …

327 more words
Ssh

muCommander

muCommander is a simple to use program that is used to handle folders and files easily on your PC and features a double-sided interface. This application can be figure out effortlessly by advanced or inexperienced users and runs on Java-based system. 135 more words

Portable

Enable new Super User SSH login with existent Amazon EC2 key pair

If you want to create/enable new ssh login acting as superuser on your ec2 instance instead of using ec2-user for all you can simply add the new user and enable ssh/key for him… 98 more words

CentOS