SSH基础
https://www.openssh.com/goals.html
The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2. SSH(Secure SHell)到目前为止有两个不兼容的版本——SSH1和SSH2。
The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both of them used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turns out to be flawed. SSH1又分为1.3和 1.5两个版本。SSH1采用DES、3DES、Blowfish和RC4等对称加密算法保护数据安全传输,而对称加密算法的密钥是通过非对称加密算法(RSA)来完成交换的。SSH1使用循环冗余校验码(CRC)来保证数据的完整性,但是后来发现这种方法有缺陷。
The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By requiring only the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports many other choices for symmetric and asymmetric ciphers, as well as many other new features. SSH2避免了RSA的专利问题,并修补了CRC的缺陷。SSH2用数字签名算法(DSA)和Diffie-Hellman(DH)算法代替RSA来完成对称密钥的交换,用消息证实代码(HMAC)来代替CRC。同时SSH2增加了AES和Twofish等对称加密算法。
Remote operations are done using ssh, scp, and sftp.
Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
The service side consists of sshd, sftp-server, and ssh-agent.
SSH 基于客户端-服务器体系结构,用户在其中工作的系统是客户端,所管理的远程系统是服务器。
OpenSSH 是安全 Shell (SSH) 工具的开放源代码版本,Linux 及其他非 Windows 系统的管理员使用此类工具跨平台管理远程系统。
OpenSSH 包含一系列组件和工具,用于提供一种安全且简单的远程系统管理方法,其中包括:
sshd.exe, 它是远程所管理的系统上必须运行的 SSH 服务器组件
ssh.exe, 它是在用户的本地系统上运行的 SSH 客户端组件
ssh-agent.exe, 存储用于公钥身份验证的私钥
ssh-add.exe, 将私钥添加到服务器允许的列表中
ssh-keygen.exe, 为 SSH 生成、管理和转换身份验证密钥
ssh-keyscan.exe,帮助从许多主机收集公用 SSH 主机密钥
sftp.exe, 这是提供安全文件传输协议的服务,通过 SSH 运行
scp.exe, 是在 SSH 上运行的文件复制实用工具
