What is ssh? How to use? What are the misunderstandings?

Preface

I believe that some people, including me, once thought that ssh is used for password-free login. In fact, it involves a lot of things, such as sftp/scp/winscp/etc., which are inseparable from ssh. Let's get into the main text.

What is ssh

ssh is a遠程加密傳輸協議, not the so-called password-free login function. That is only a small part of it. You can understand it as an encryption protocol like https , which helps to improve security. Is this easier to understand?
In addition, ssh is built-in in many systems, such as window, linux, mac

What is ssh used for?

SSH strengthens remote applications. It replaces traditional remote protocols such as FTP, POP and Telnet. These protocols are inherently unsafe. They transmit data in plain text and are easily stolen by middlemen. The SSH protocol can solve these problems. It adds a layer of encryption protection to the data during remote transmission, making it difficult for attackers to crack it. This is why protocols such as sftp / scp / winscp were later introduced. They are all created based on ssh . sftp , for example, is a secure version of the traditional remote file protocol ftp .

How to use ssh

Personally, I prefer to call it遠程工具, which is to log in to the remote server through the ssh command, and then help transfer and encrypt data between the local host and the server host.

1. Password login

The command is as follows

// Format ssh user@host
// Example ssh [email protected]

After entering the above command, ssh will prompt you to enter the remote server password. After entering the correct password, you can log in to the remote server and start interacting. In addition, since the server password needs to be entered every time the password is logged in, the second method is basically used: public key login.

TIp: Password login actually solves the previous "man-in-the-middle" attack problem, because the previous ssh login could enter the server by directly entering the password, but the middleman could pretend to be a server to interact with the client to obtain the password, and then use this password to interact with the real server. This is the so-called "man-in-the-middle attack". Later,口令登錄appeared to solve this problem. It will actively send a指紋when it first accesses the remote host. This指紋is from the server. At this time, you can check whether the server's指紋is consistent with this指紋. If they are consistent, just enter yes. In other words, password login gives you an option to let you identify whether it is a real server.

2. Public Key Login

The function of public key login is the so-called免密登錄. The usage is also very simple. Just put the public key in the ~/.ssh/authorized_keys file of the server. The next time you log in, you can directly enter the server without password verification.

1. If you have a public key, you must have a private key. They are a pair, also called secret keys. By default, they are placed in .ssh/ directory. The command to generate the secret key is as follows

ssh-keygen -t rsa -C "your email" 

The generation process will prompt you to enter a password. This password can provide an additional layer of protection to prevent your key from being stolen by others. If you do not need this password, you can press Enter all the way.

Enter passphrase (empty for no passphrase):

After that, two files will be automatically generated in ~/.ssh: id_rsa private key / id_rsa.pub public key

2. Submit the private key id_rsa to ssh-agent for management

ssh-agent ~/.ssh/id_rsa

ssh-agent function: When your key has a password set, you will need to enter the password every time you log in, which is very troublesome. ssh-agent is used to solve this problem. If this command prompts an error, you may not have started it. You can start ssh-agent by entering the following command in git/linux

eval `ssh-agent`

3. Upload the content of id_rsa.pub to the server ~/.ssh/authorized_keys

Upload method 1: Using the ssh-copy-id tool

ssh-copy-id -i id_rsa user@host

Upload method 2: Manual command upload

$ cat ~/.ssh/id_rsa.pub | ssh user@host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

In the above command, just replace user@host with yours. Now you can log in to the server without a password.

ssh re-correction

ssh is not specifically used to implement password-free login, that is just the tip of the iceberg. ssh is more used for remote operations. ssh interacts with the remote server according to the commands it provides. During this interaction, it will help you encrypt the transmission. This is做遠程加密傳輸協議. You can think of it as similar to https , except that it has one more command interaction operation than https

Well, that’s all for now. If you have any questions, please leave a message below.

Summarize

This is the end of this article about what is ssh? How to use? What are the misunderstandings? This is the end of the article. For more relevant ssh misunderstandings, please search 123WORDPRESS.COM’s previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!