个人工具

“Quick HOWTO : Ch17 : Secure Remote Logins and File Copying/zh”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
第11行: 第11行:
 
OpenSSH是最流行的文件传输和远程登录Linux应用程序之一,它提供了多种在客户端和服务器之间建立加密的远程终端和文件传输连接的方式。 OpenSSH Secure Copy (SCP) 和 Secure FTP (SFTP) 程序是FTP的安全替代品, 同时Secure Shell (SSH) 常常被用作是TELNET的一个默认替代程序。OpenSSH 并不局限于Linux系统; SSH 和 SCP 客户端可以运行在包括windows在内的绝大多数操作系统上。
 
OpenSSH是最流行的文件传输和远程登录Linux应用程序之一,它提供了多种在客户端和服务器之间建立加密的远程终端和文件传输连接的方式。 OpenSSH Secure Copy (SCP) 和 Secure FTP (SFTP) 程序是FTP的安全替代品, 同时Secure Shell (SSH) 常常被用作是TELNET的一个默认替代程序。OpenSSH 并不局限于Linux系统; SSH 和 SCP 客户端可以运行在包括windows在内的绝大多数操作系统上。
  
== SSH加密简介 ==
+
== SSH加密简介 ==  
  
数据加密通过使用特殊的数学算法来实现,这种算法把数据流中的数据分解以便使其对任何没有相应解密算法的人不可读。The process is usually made even harder through the use of an encryption key that is used to modify the way the equations do the scrambling. 只有当你拥有解密密码和相应的解密程序的时候你才能得到恢复原始数据。数据加密帮助人们阻止未授权的用户得到这些数据。 SSH uses the concept of randomly generated private and public keys to do its encryption. The keys are usually created only once, but you have the option of regenerating them should they become compromised. A successful exchange of encrypted data requires the receiver to have a copy of the sender's public key beforehand. Here's how it's done with SSH. When you log into an SSH server, you are prompted as to whether you want to accept the download of the server's public key before you can proceed. The SSH client's key is uploaded to the server at the same time. This creates a situation in which the computers at each end of the SSH connection have each other's keys and are able to decrypt the data sent from the other end of the encrypted link or "tunnel". All the public keys that an SSH client's Linux user encounters are stored in a file named ~/.ssh/known_hosts along with the IP address that provided it. If a key and IP address no longer match, then SSH knows that something is wrong. For example, reinstalling the operating system or upgrading the SSH application might regenerate the keys. Of course, keys changes can be caused by someone trying some sort of cyber attack, as well. Always investigate changes to be safe. Your server's own public and private SSH keys are stored in the /etc/ssh/ directory. Note: The .ssh directory is a hidden directory, as are all files and directories whose names begin with a period. The ls -a command lists all normal and hidden files in a directory. The ~/ notation is a universally accepted way of referring to your home directory and is recognized by all Linux commands. Linux uses other key files also to provide the capability of password-less logins and file copying to remote servers using SSH and SCP. In this case, the SSH connection is established, then the client automatically sends its public key which the server uses to match against a predefined list in the user's directory. If there is a match then the login is authorized. These files are also stored in your ~/.ssh directory and need to be specially generated. The id_dsa and id_dsa.pub files are your private and public keys respectively, and authorized_keys stores all the authorized public keys from remote hosts that may log into your account without the need for passwords (more on this later).
+
数据加密通过使用特殊的数学算法来实现,这种算法把数据流中的数据分解以便使其对任何没有相应解密算法的人不可读。The process is usually made even harder through the use of an encryption key that is used to modify the way the equations do the scrambling. 只有当你拥有解密密码和相应的解密程序的时候你才能得到恢复原始数据。数据加密帮助人们阻止未授权的用户得到这些数据。
 +
 
 +
SSH通过产生随机私有和公有密钥来实现加密过程。这些密钥通常只会生成一次,但是如果降低安全度的话你还可以再生成他们。 如果要成功的传送加密数据,接收端首先必须拥有一份发送端的公共密钥拷贝。 以下是使用SSH进行数据传输的具体过程。
 +
 
 +
When you log into an SSH server, you are prompted as to whether you want to accept the download of the server's public key before you can proceed. The SSH client's key is uploaded to the server at the same time. This creates a situation in which the computers at each end of the SSH connection have each other's keys and are able to decrypt the data sent from the other end of the encrypted link or "tunnel".  
 +
 
 +
All the public keys that an SSH client's Linux user encounters are stored in a file named ~/.ssh/known_hosts along with the IP address that provided it. If a key and IP address no longer match, then SSH knows that something is wrong. For example, reinstalling the operating system or upgrading the SSH application might regenerate the keys. Of course, keys changes can be caused by someone trying some sort of cyber attack, as well. Always investigate changes to be safe. Your server's own public and private SSH keys are stored in the /etc/ssh/ directory.
 +
 
 +
Note: The .ssh directory is a hidden directory, as are all files and directories whose names begin with a period. The ls -a command lists all normal and hidden files in a directory. The ~/ notation is a universally accepted way of referring to your home directory and is recognized by all Linux commands.  
 +
 
 +
Linux uses other key files also to provide the capability of password-less logins and file copying to remote servers using SSH and SCP. In this case, the SSH connection is established, then the client automatically sends its public key which the server uses to match against a predefined list in the user's directory. If there is a match then the login is authorized. These files are also stored in your ~/.ssh directory and need to be specially generated. The id_dsa and id_dsa.pub files are your private and public keys respectively, and authorized_keys stores all the authorized public keys from remote hosts that may log into your account without the need for passwords (more on this later).

2008年5月1日 (四) 21:20的版本


介绍

OpenSSH是最流行的文件传输和远程登录Linux应用程序之一,它提供了多种在客户端和服务器之间建立加密的远程终端和文件传输连接的方式。 OpenSSH Secure Copy (SCP) 和 Secure FTP (SFTP) 程序是FTP的安全替代品, 同时Secure Shell (SSH) 常常被用作是TELNET的一个默认替代程序。OpenSSH 并不局限于Linux系统; SSH 和 SCP 客户端可以运行在包括windows在内的绝大多数操作系统上。

SSH加密简介

数据加密通过使用特殊的数学算法来实现,这种算法把数据流中的数据分解以便使其对任何没有相应解密算法的人不可读。The process is usually made even harder through the use of an encryption key that is used to modify the way the equations do the scrambling. 只有当你拥有解密密码和相应的解密程序的时候你才能得到恢复原始数据。数据加密帮助人们阻止未授权的用户得到这些数据。

SSH通过产生随机私有和公有密钥来实现加密过程。这些密钥通常只会生成一次,但是如果降低安全度的话你还可以再生成他们。 如果要成功的传送加密数据,接收端首先必须拥有一份发送端的公共密钥拷贝。 以下是使用SSH进行数据传输的具体过程。

When you log into an SSH server, you are prompted as to whether you want to accept the download of the server's public key before you can proceed. The SSH client's key is uploaded to the server at the same time. This creates a situation in which the computers at each end of the SSH connection have each other's keys and are able to decrypt the data sent from the other end of the encrypted link or "tunnel".

All the public keys that an SSH client's Linux user encounters are stored in a file named ~/.ssh/known_hosts along with the IP address that provided it. If a key and IP address no longer match, then SSH knows that something is wrong. For example, reinstalling the operating system or upgrading the SSH application might regenerate the keys. Of course, keys changes can be caused by someone trying some sort of cyber attack, as well. Always investigate changes to be safe. Your server's own public and private SSH keys are stored in the /etc/ssh/ directory.

Note: The .ssh directory is a hidden directory, as are all files and directories whose names begin with a period. The ls -a command lists all normal and hidden files in a directory. The ~/ notation is a universally accepted way of referring to your home directory and is recognized by all Linux commands.

Linux uses other key files also to provide the capability of password-less logins and file copying to remote servers using SSH and SCP. In this case, the SSH connection is established, then the client automatically sends its public key which the server uses to match against a predefined list in the user's directory. If there is a match then the login is authorized. These files are also stored in your ~/.ssh directory and need to be specially generated. The id_dsa and id_dsa.pub files are your private and public keys respectively, and authorized_keys stores all the authorized public keys from remote hosts that may log into your account without the need for passwords (more on this later).