Home >Common Problem >What is SSH? For a detailed explanation of the principle, just read this article!
How does SSH work?
Using PuTTY and OpenSSHSSH keys
When SSH is applied to STelnet, SFTP and SCP, the default SSH port used is 22. When SSH is applied to NETCONF, you can specify the SSH port to be 22 or 830. The SSH port supports modification. After the change, all current connections will be disconnected and the SSH server will start listening to the new port.
SSH consists of a server and a client. During the entire communication process, in order to establish a secure SSH channel, it will go through the following stages:
The SSH server listens for the client's connection request on the specified port. After the client initiates a connection request to the server, the two parties establish a TCP connection.
The SSH protocol currently exists in SSH1.X (the version before SSH2.0) and SSH2.0. Compared with the SSH1.X protocol, the SSH2.0 protocol has been expanded in structure and can support more authentication methods and key exchange methods, while improving service capabilities. The SSH server and client determine the final SSH version number used through negotiation.
SSH supports multiple encryption algorithms. Based on the algorithms supported by each party, both parties negotiate the key exchange algorithm that is ultimately used to generate the session key and the data information. Encrypted encryption algorithms, public key algorithms for digital signatures and authentication, and HMAC algorithms for data integrity protection.
Awesome! N open source projects that are essential for taking on private work!
The server and client use the key exchange algorithm to dynamically generate shared session keys and session IDs to establish encrypted channels. The session key is mainly used for encryption of subsequent data transmission, and the session ID is used to identify the SSH connection during the authentication process.
The SSH client initiates an authentication request to the server, and the server authenticates the client. SSH supports the following authentication methods:
After the authentication is passed, the SSH client sends a session request to the server, requesting the server to provide a certain type of service, that is, Requests to establish a corresponding session with the server. In addition, when searching for the public account Linux, this is how you should learn to reply "Linux" in the background to get a surprise gift package.
After the session is established, the SSH server and client exchange data information on the session.
PuTTY is a classic free SSH connection tool on Windows. It is usually used to remotely log in to the device using the SSH protocol. The latest version can be downloaded from the PuTTY official website .
OpenSSH is an open source implementation of the SSH protocol and supports running on Unix operating systems. The latest version can be downloaded from the OpenSSH official website. Currently, Windows 10 already includes OpenSSH client and server software, which can be searched and installed in "Settings—Applications—Applications and Features—Optional Features".
The basic way to improve security is encryption, encryption algorithm Convert plaintext to ciphertext via key for secure transmission. SSH uses a combination of symmetric encryption and asymmetric encryption algorithms during its working process to ensure the security of information transmission through pre-generated SSH keys. The encryption and decryption processes of the two encryption algorithms are shown in the figure below.
Symmetric encryption algorithm
The two most basic methods of SSH user authentication are password authentication and key authentication. Password authentication is to send your username and password to the server for authentication. This method is relatively simple, and you need to enter your username and password every time you log in. Key authentication uses a public key and private key pair for identity verification to achieve secure password-free login. It is a widely used and recommended login method. The basic principle of key authentication is that the server uses the client's public key to encrypt random content, and the client uses its own private key to decrypt and send it to the server to verify its identity. The specific process is shown in the figure below.
SSH key authentication login process
The above is the detailed content of What is SSH? For a detailed explanation of the principle, just read this article!. For more information, please follow other related articles on the PHP Chinese website!