两台机器如何通过 SSH 连接进行身份验证?

发布于 2024-08-16 16:54:25 字数 136 浏览 5 评论 0原文

我总是在 putty 中使用 ssh 连接远程服务器。据我所知,ssh是基于公钥/私钥机制的,是吗?

这是否意味着客户端在连接到服务器时将首先收到公钥,然后使用该公钥继续进行后续通信?

谢谢。

I always use ssh in putty to connect a remote server. As I know, ssh is based on public/private key mechanism, is it?

Does that mean the client will receive a public key first time when it connects to the server and then use the public key to continue with following communication?

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

喜你已久 2024-08-23 16:54:25

你的意思是用于身份验证,还是用于加密?

对于身份验证,第 5.5.1 节对此进行了介绍:
http://docstore.mik.ua/orelly/ networking_2ndEd/ssh/ch05_05.htm#ch05-46136.html

一般来说,您创建密钥对并通过其他方式获取它们。

如果您的意思是加密,请尝试此处的 3.9.1.3 节:
http://docstore.mik.ua/orelly/ networking_2ndEd/ssh/ch03_09.htm#ch03-65213.html

Do you mean for authentication, or for encryption?

For authentication, Section 5.5.1 here covers it:
http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch05_05.htm#ch05-46136.html

In general, you create the key pair and get them there through other means.

If you mean for the encryption, try section 3.9.1.3 here:
http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch03_09.htm#ch03-65213.html

思念绕指尖 2024-08-23 16:54:25

公钥/私钥有两个部分发挥作用——会话初始化和(可选)用户身份验证。

在会话初始化中,主机公钥和私钥用于建立加密连接,但不用于加密连接本身。相反,初始设置用于安全地生成用于加密连接的唯一会话密钥。主机公钥/私钥生成并安装在服务器上。

连接时,您的 ssh 客户端(本例中为 PuTTY)将验证主机密钥是否是它上次连接时记住的密钥。 (如果它们不同,那么有人可能正在窥探您的连接!)这就是为什么 PuTTY 要求您在第一次连接时确认主机密钥的哈希值 - 它没有记录密钥是什么< em>应该是,所以它要求您验证。如果您告诉 PuTTY 确认并保存,则 PuTTY 会将主机密钥的哈希值保存在注册表中以供将来连接。

在用户身份验证中,用户公钥和私钥用于允许访问服务器。公钥是为服务器上的用户安装的。然后,服务器可以使用该密钥向客户端发出质询,只有使用用户的私钥才能正确回答该质询。用户自己生成公钥/私钥(例如使用ssh-keygen)。

对于 PuTTY,您可以使用 PuTTYgen 实用程序(这是相当于 ssh-keygen 的 PuTTY)。如何获取公钥取决于您安装在服务器上。然后,运行 Pageant (一个小应用程序,位于您的通知区域)并添加您的私钥。如果您在私钥上设置了密码,那么 Pageant 会提示您输入该密码。 Pageant 在运行时将与 PuTTY(或 pscp、psftp 等)一起使用您的私钥。

这是所涉及流程的总体简化;请参阅 James 的回答以获取详细信息的链接。

There are two parts where public/private key come into play -- session initialization and (optionally) user authentication.

In session initialization, the host public and private keys are used to set up the encrypted connection, but are not used to encrypt the connection itself. Instead, the initial set up is used to securely generate a unique session key that is used to encrypt the connection. The host public/private keys are generated and installed on the server.

While connecting, your ssh client (PuTTY in this case) will verify that the host key is what it remembers from the last time you connected. (If they are different, then somebody might be snooping on your connection!) This is why PuTTY asks you to confirm the hash of the host key the first time you connect -- it doesn't have a record of what the key is supposed to be, so it asks you to verify. If you tell PuTTY to confirm and save, then PuTTY will save the hash of the host key in the registry for future connections.

In user authentication, the user public and private keys are used to allow access to the server. The public key is installed for the user on the server. The server can then use that key to issue a challenge to the client that can only be answered correctly by using the user's private key. The user generates the public/private keys him/herself (e.g. with ssh-keygen).

For PuTTY, you can generate your own public and private key using the PuTTYgen utility (this is the PuTTY equivalent to ssh-keygen). It's up to you how you want to get the public key installed on the server. Then, run Pageant (a little app that sits in your notification area) and add your private key. If you set a passphrase on your private key, then Pageant will prompt you to enter it. Pageant, while running, will then work with PuTTY (or pscp, psftp, etc.) to make use of your private key.

This is a gross simplification of the processes involved; see James' answer for links to details.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文