“This is the 29th day of my participation in the August Gwen Challenge.

The vast sea of millions, thank you for this second you see here. Hope my article is helpful to you!

May you keep your love and go to the mountains and seas in the coming days!

Linux advanced commands

Yesterday we have learned the Linux firewall management command, know how to close the firewall in Linux, because some applications need to access our virtual machine, we need to open some ports to allow external access or close the firewall operation! Of course, we learn more than that. Today we will learn about the secret free login of Linux! Let ‘s GO!

SSH in Linux has two types: secret login and non-secret login

SSH is a network protocol, short for Secure Shell, used for encrypted login between computers.

There are two authentication mechanisms for SSH login:

  1. Password-based security authentication (with secret login)
  2. Key based login authentication (non-secret login)

Logging In to the Remote Server

Command:

SSH IP address

Presentation:

There is a secret login effect

Secret – free login effect: To achieve secret – free login, you need to perform the following steps.

Symmetric and asymmetric encryption

SSH is mainly about security, which depends on encryption modes. Currently, there are two main encryption modes: symmetric encryption and asymmetric encryption.

  • Symmetric encryption

    Symmetric encryption uses the same key for encryption and decryption, which is safe and reliable during transmission. However, how to save the key safely? In a cluster, there are a large number of clients.

  • Asymmetric encryption

    Because of this drawback of symmetric encryption, asymmetric encryption is born, in which there are two keys: public key and private key. The public key is generated by the private key, but the private key cannot be calculated. The ciphertext encrypted by a public key can be decrypted only by using the corresponding private key.

    Asymmetric encryption login process:

    In asymmetric encryption, only the public key is transmitted and the private key is stored locally on the server. Therefore, even if the public key is monitored, the original password cannot be obtained to log in to the server.

Mechanism of SSH password-free login

  1. Used on the clientssh-keygenGenerate a pair of keys: public key + private key
  2. Append the client public key to the serverauthorized_keyThe public key authentication operation is complete
  3. After the authentication is complete, the client sends a login request to the server and passes the public key to the server
  4. Server searchauthorized_keyFile to check whether the public key exists
  5. If the public key exists, a random number is generatedRAnd uses the public key to encrypt and generate the public key encryption stringpubKey(R)
  6. Pass the public key encrypted string to the client
  7. The client decrypts the public key encryption string using the private key, and getsR
  8. A session occurs when a server communicates with a clientID(sessionKey)withMD5rightR and SessionKeyEncrypt and generate a digest (i.eMD5Encrypted string)
  9. The client will generateMD5Encrypted strings are passed to the server
  10. The server side is also generatedMD5(R,SessionKey)Encrypted string
  11. If the encrypted string sent by the client is equal to the encrypted string generated by the server itself, the authentication succeeds
  12. In this case, you do not need to enter the passwordshellThe command

To implement secret-free login

In other locations, The Linux system automatically completes the verification

  1. Generate a pair of public and private keys at fish, using rsa algorithm

    ssh-keygen
Copy the code

  2. When you send the public key to a fishing server, you must give a fishing password before fishing receives the public key

    SSH - copy - id 192.168.66.128Copy the code

  3. Send a login request to implement a secret-free login

Demonstration process:

conclusion

I believe that you are on the Linux system to open non-secret login and the principle of a certain understanding, looking forward to waiting for the next chapter in Linux advanced command of some service management commands to learn it!

Of course, there are more commands to watch next time! Welcome to the next chapter!

Let’s refuel together, too! I am not just, if there is any missing, wrong place, also welcome you to criticize in the comments of talent leaders! Of course, if this article is sure to help you a little, please kindly and lovely talent leaders to give a thumb-up, favorites, one key three even, thank you very much!

Here, the world is closed for today, good night! Although this article is over, I am still here, never finished. I will try to keep writing articles. The coming days are long, why fear the car yao ma slow!

Thank you all for seeing this! May you live up to your youth and have no regrets!