首页 > 技术点滴 > ssh会话建立的整个过程

ssh会话建立的整个过程

2016年1月8日 baoz 阅读评论

今天老板电话问到ssh建立的整个过程,几年前看过,不过忘的差不多了,复习一下,有几个版本供大家阅读:

0、安全版。简单扼要,恰到好处。 https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process

其中的session key是由Diffie-Hellman密钥交换算法得到的,DH本身很复杂,有兴趣的自行研究。

  1. The client begins by sending an ID for the key pair it would like to authenticate with to the server.
  2. The server check’s the authorized_keys file of the account that the client is attempting to log into for the key ID.
  3. If a public key with matching ID is found in the file, the server generates a random number and uses the public key to encrypt the number.
  4. The server sends the client this encrypted message.
  5. If the client actually has the associated private key, it will be able to decrypt the message using that key, revealing the original number.
  6. The client combines the decrypted number with the shared session key that is being used to encrypt the communication, and calculates the MD5 hash of this value.
  7. The client then sends this MD5 hash back to the server as an answer to the encrypted number message.
  8. The server uses the same shared session key and the original number that it sent to the client to calculate the MD5 value on its own. It compares its own calculation to the one that the client sent back. If these two values match, it proves that the client was in possession of the private key and the client is authenticated.

1、码农版。从openssh函数看ssh连接建立过程

https://baoz.net/%E4%BB%8Eopenssh%E5%87%BD%E6%95%B0%E7%9C%8Bssh%E8%BF%9E%E6%8E%A5%E5%BB%BA%E7%AB%8B%E8%BF%87%E7%A8%8B/

2、运维版。用ssh -v 登陆一个服务器,仔细看输出,就可以知道具体的过程。

 

3、书虫版。

这本书里介绍的很详细。

oreilly ssh the secure shell

分类: 技术点滴 标签: ,
  1. 本文目前尚无任何评论.