• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】Secure Shell是什么

问答 admin 1年前 (2020-09-06) 223次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

Secure Shell是一种加密的网络传输协议,可在不安全的网络中为网络服务提供安全的传输环境。SSH通过在网络中创建安全隧道来实现SSH客户端与服务器之间的连接。SSH最常见的用途是远程登录系统。

Secure shell is an encrypted network transmission protocol, which can provide a secure transmission environment for network services in insecure networks. SSH realizes the connection between SSH client and server by creating a secure tunnel in the network. The most common use of SSH is remote login system.

Secure Shell 是一种加密的网络传输协议,可在不安全的网络中为网络服务提供安全的传输环境。SSH 通过在网络中创建安全隧道来实现 SSH 客户端与服务器之间的连接。SSH 最常见的用途是远程登录系统,人们通常利用 SSH 来传输命令行界面和远程执行命令。

Secure shell is an encrypted network transmission protocol, which can provide a secure transmission environment for network services in insecure networks. SSH realizes the connection between SSH client and server by creating a secure tunnel in the network. The most common use of SSH is remote login system. People usually use SSH to transmit command line interface and execute commands remotely.

SSH 使用频率最高的场合是类 Unix 系统,但是 Windows 操作系统也能有限度地使用 SSH。2015 年,微软宣布将在未来的操作系统中提供原生 SSH 协议支持,Windows 10 1803 版本已提供 OpenSSH 工具。

The most frequently used situation of SSH is UNIX like system, but windows operating system can also use SSH to a certain extent. In 2015, Microsoft announced that it will provide native SSH protocol support in future operating systems, and openssh tool has been provided in Windows 10 1803.

在设计上,SSH 是 Telnet 和非安全 shell 的替代品。Telnet 和 Berkeley rlogin、rsh、rexec 等协议采用明文传输,使用不可靠的密码,容易遭到监听、嗅探和中间人攻击。SSH 旨在保证非安全网络环境(例如互联网)中信息加密完整可靠。

SSH is a design alternative to telnet and non secure shell. Telnet and Berkeley rlogin, RSH, rexec and other protocols use plaintext transmission and use unreliable passwords, which are vulnerable to monitoring, sniffing and man in the middle attacks. SSH aims to ensure the integrity and reliability of information encryption in non secure network environment (such as the Internet).

不过,SSH 也被指出有被嗅探甚至解密的漏洞。早在 2011 年,中国的互联网审查机构已经有能力针对 SSH 连线的刺探及干扰。而后爱德华·斯诺登泄露的文件也指出,美国国家安全局有时能够把 SSH 协议传输的信息解密出来,从而读出 SSH 会话的传输内容。2017 年 7 月 6 日,非营利组织维基解密确认美国中央情报局已经开发出能够在 Windows 或 Linux 操作系统中窃取 SSH 会话的工具。

However, SSH has also been pointed out to be sniffed and even decrypted. As early as 2011, China’s Internet censorship agencies have been able to detect and interfere with SSH connections. Later, Edward Snowden’s leaked documents also pointed out that the NSA can sometimes decrypt the information transmitted by the SSH protocol, so as to read the transmission content of the SSH session. On July 6, 2017, Wikileaks, a non-profit organization, confirmed that the CIA has developed a tool that can steal SSH sessions in windows or Linux operating systems.

概述

summary

SSH 以非对称加密实现身份验证。身份验证有多种途径,例如其中一种方法是使用自动生成的公钥-私钥对来简单地加密网络连接,随后使用密码认证进行登录;另一种方法是人工生成一对公钥和私钥,通过生成的密钥进行认证,这样就可以在不输入密码的情况下登录。任何人都可以自行生成密钥。公钥需要放在待访问的电脑之中,而对应的私钥需要由用户自行保管。认证过程基于生成出来的私钥,但整个认证过程中私钥本身不会传输到网络中。

SSH implements authentication with asymmetric encryption. There are many ways of authentication. For example, one method is to use the automatically generated public key private key pair to simply encrypt the network connection, and then use password authentication to log in; the other method is to manually generate a pair of public key and private key, which are authenticated by the generated key, so that you can log in without entering a password. Anyone can generate their own key. The public key needs to be placed in the computer to be accessed, while the corresponding private key needs to be kept by the user himself. The authentication process is based on the generated private key, but the private key itself will not be transferred to the network during the whole authentication process.

SSH 协议有两个主要版本,分别是 SSH-1 和 SSH-2。无论是哪个版本,核实未知密钥来源都是重要的事情,因为 SSH 只验证提供用户是否拥有与公钥相匹配的私钥,只要接受公钥而且密钥匹配服务器就会授予许可。这样的话,一旦接受了恶意攻击者的公钥,那么系统也会把攻击者视为合法用户。

There are two major versions of SSH protocol, ssh-1 and ssh-2. Regardless of the version, it is important to verify the unknown key source, because SSH only verifies that the supplying user has a private key that matches the public key. As long as the public key is accepted and the key matching server grants the license. In this way, once a malicious attacker’s public key is accepted, the system will also regard the attacker as a legitimate user.

密钥管理

key management

在类 Unix 系统中,已许可登录的公钥通常保存在用户 /home 目录的 ~/.ssh/authorized_keys 文件中,该文件只由 SSH 使用。当远程机器持有公钥,而本地持有对应私钥时,登录过程不再需要手动输入密码。另外为了额外的安全性,私钥本身也能用密码保护。

In UNIX like systems, the public key that has been authorized to log in is usually stored in ~ /. SSH / authorized in the user / home directory_ Keys file, which is only used by SSH. When the remote machine holds the public key and the local machine holds the corresponding private key, the login process does not need to manually enter the password. In addition, for additional security, the private key itself can be password protected.

私钥会保存在固定位置,也可以通过命令行参数指定(例如 ssh 命令的“-i”选项)。ssh-keygen 是生成密钥的工具之一。

The private key is stored in a fixed location and can also be specified by a command line parameter (for example, the “- I” option of the SSH command). SSH keygen is one of the tools for generating keys.

SSH 也支持基于密码的身份验证,此时密钥是自动生成的。若客户端和服务端从未进行过身份验证,SSH 未记录服务器端所使用的密钥,那么攻击者可以模仿服务器端请求并获取密码,即中间人攻击。但是密码认证可以禁用,而且 SSH 客户端在发现新密钥或未知服务器时会向用户发出警告。

SSH also supports password based authentication, where the key is automatically generated. If the client and server have never been authenticated and SSH does not record the key used by the server, then the attacker can imitate the server request and obtain the password, which is man in the middle attack. However, password authentication can be disabled, and SSH clients warn users when they discover new keys or unknown servers.

应用

application

SSH 的经典用途是登录到远程电脑中执行命令。除此之外,SSH 也支持隧道协议、端口映射和 X11 连接。借助 SFTP 或 SCP 协议,SSH 还可以传输文件。

The classic use of SSH is to log on to a remote computer to execute commands. In addition, SSH also supports tunnel protocols, port mapping, and X11 connections. With SFTP or SCP protocol, SSH can also transfer files.

SSH 使用客户端-服务器模型,标准端口为 22。服务器端需要开启 SSH 守护进程以便接受远端的连接,而用户需要使用 SSH 客户端与其创建连接。

SSH uses a client server model with a standard port of 22. The server needs to open SSH daemons to accept remote connections, and users need to create connections with SSH clients.

大多数现代操作系统(包括 macOS、大部分 Linux、OpenBSD、FreeBSD、Solaris 等系统)都提供了 SSH,包括 Windows 系统也提供 SSH 程序(在 Windows 10 1809 版本之后)。在软件层次,许多关于 SSH 的专有软件、免费软件和开源软件被研发出来,如:

Most modern operating systems (including MacOS, most Linux, OpenBSD, FreeBSD, Solaris, etc.) provide SSH, including Windows systems, which also provide SSH programs (after windows 10 1809). At the software level, many proprietary software, free software and open source software about SSH have been developed, such as:

文件管理软件(同步、复制、删除等)。如:PuTTY 和 Windows 下的 WinSCP、类 Unix 系统下的 Konqueror 等

File management software (synchronization, copy, delete, etc.). For example, winscp under putty and windows, Konqueror under UNIX like system, etc

SSH 客户端

SSH client

从云计算的角度上讲,SSH 能够阻止一些因直接暴露在互联网而产生的安全问题,在解决连接问题上发挥了重要作用。SSH 隧道可以在互联网、防火墙和虚拟机之间提供一个安全的通道[12]。

From the perspective of cloud computing, SSH can prevent some security problems caused by direct exposure to the Internet, and plays an important role in solving connection problems. SSH tunnel can provide a secure channel between Internet, firewall and virtual machine [12].


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】Secure Shell是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址