A,OpenSSH
An overview of the
1.1 SSH
SSH is a network protocol used for encrypted login between computers.
In 1995, Tatu Ylonen, a Finnish scholar, designed the SSH protocol to encrypt all login information, which has become a basic solution for Internet security and has been rapidly promoted around the world. At present, it has become a standard configuration of the Linux system.
1.2 the OpenSSH
OpenSSH is a free open source implementation of the Secure SHell (SSH) protocol. It’s a piece of software with a wide range of applications. The SSH protocol can be used for remote control or to transfer files between computers.
1.2.1 OpenSSH
Plug-in installation
The OpenSSH plugin allows you to connect to your phone, control it remotely, or transfer files. In the case of Cydia on jailbroken devices, you need to add a source to the software source:
// Apt.cydiami.com // Lei Fengyuan apt.abcydia.comCopy the code
These two sources are well-known and recommended. The software source can be understood as a server that houses the plug-in installation package.
Then do a search for OpenSSH from apt.bingner.com. You can also add the source directly.
1.3 SSH Login Process
SequenceDiagram Client (Mac)->> Jailbroken Device (iPhone): 1. Request link to iPhone (port 22) (root@device IP) Jailbreak Device (iPhone)-->> Client (Mac): 2. The phone sends the public key to the Mac client (Mac) -->> Jailbroken Device (iPhone): 3. The Mac encrypts the login password through the received public key (default: alpine) jailbroken Device (iPhone)-->> Client (Mac): 4. The mobile phone decrypts the login password with the private key, whether to allow login
Specific steps:
-
Request a link to iPhone (Port 22)
-
The phone sends the public key to the Mac
The hash value of the RSA key will be displayed at the first login, that is, the RSA key(public key) accepted here. Then save it to knuwn_host in ~/.ssh (the image below is generated during my testing).
-
The Mac encrypts the login password using the public key it receives
-
The mobile phone decrypts the login password with the private key, whether to allow login
1.4 Man-in-the-middle Attack (Man-in-the-middle attack
)
SequenceDiagram Participant Client (Mac) Middle Man Participant Jailbreak Device (iPhone) Client (Mac)->> Jailbreak device (iPhone): 1. Request link to iPhone (port 22) (root@device IP) Jailbreak device (iPhone)-->> Middleman: 2. The phone sends the public key to the Mac Note Right of middleman: the public key on the phone (intercepted) middleman -->> Client (Mac): 3. Note Right of client (Mac): Middleman's public key client (Mac)->> Middleman: 4. Mac encrypts login password through the received public key (default: alpine) Middleman ->> Jailbreak device (iPhone): 5. 6. IPhone decrypts the login password with the private key and allows login
-
Man-in-the-middle interception obtaining or simulating a computer to send a login request to the phone to obtain the public key of the phone (I)
-
Then generate the public and private key (M) and send the generated public key (M) to the computer
-
The computer password is encrypted using the public key (M) and sent to a middleman, who decrypts the password using the private key (M).
-
The middleman encrypts the password through a public key (I) to enable login.
1.5 Understand the principle, but how to prevent middlemen?
Actually, SSH solved this a long time ago,
At this point, the hash value returned by login is used to verify the public key.
Most servers publish the hash value of their public keys on their official websites. This effectively avoids a man-in-the-middle attack.