SSH and OpenSSH

SSH: Short for Secure Shell, SSH is a protocol that provides security for remote login. Using SSH, all transmitted data can be encrypted. Manin man attacks cannot be implemented to prevent DNS spoofing and IP spoofing

OpenSSHOpenSSH is a free open source discovery of the SSH protocol that allows a Mac to remotely log in to an iPhone using OpenSSH

2. Use OpenSSH for remote login

The prerequisites for remote login are as follows: 1. Install OpenSSH on a jailbroken mobile phone. 2. Since SSH communicates over TCP, make sure your Mac and iPhone are connected to the same LAN, such as the same Wifi

1. Login procedure

On the Mac terminal, enter SSH account name @ server host address (mobile phone)

For example: SSH [email protected].** (the server here is a mobile phone)

The default password is alpine

Exit, exit

2. The root and mobile:

There are two common ios accounts root and mobile

2.1: root

Root: the account with the highest permission. $HOME is /var/root

Login: SSH [email protected].**

Default password: alpine

2.2. Mobile

Mobile: SSH [email protected].** For common rights users

Default password: alpine

2.3 Changing the Login Passwords of root and Mobile

Change the passwords of user root and mobile. After logging in to user root, run passwd and passwd mobile respectively.

3. SSL, OpenSSL

SSL: Short for Secure Socket Layer, a security protocol that encrypts networks at the transport Layer to ensure network communication security and data completion

OpenSSL: Open source implementation of SSL Most HTTPS requests are equivalent to: HTTP+OpenSSL OpenSSH encryption is performed using OpenSSL

4. SSH version

The SSH protocol has two versions: SSH-1 and SSH-2

Ssh-2 is the one that's used a lot now,

The client and server must be consistent to communicate

View the SSH version (view the Protocol field in the configuration file)

1. Mac client:

Terminal command: CD /etc/ssh CD /etc/ssh

cat ssh_config

2. On the IP server, run the CD /etc/ssh cat ssh_config command

SSH communication consists of three phases: secure connection establishment, client authentication, and data transmission

Establishing a secure connection During establishing a secure connection, the server provides its identity certificate

If the client does not have the public key information of the server, it will ask whether to connect to the server

When establishing a secure connection, you may encounter the following error message: Notifies the server that the identity information has changed

If you want to connect to this server, simply run the ssh-keygen -r server IP address command or open the “known_hosts” file to delete the server’s public key information

5. Client authentication

5.1 Common Client Authentication Modes

• Password-based client authentication:Use the account and password to authenticate
• Key based client authentication:Password-free authentication One of the most secure authentication methods

By default, sSH-2 attempts only key authentication. If the authentication fails, sSH-2 attempts password authentication to establish a password-free authentication process based on the secret key

5.2 Specific implementation process

5.2.1 Generating ID_RSA (Private Key File) and ID_Rsa. pub (Public key File)

Ssh-keygen -t rsa(Specify algorithm) The default SSH algorithm is RSA

Make sure to generate ID_RSA (private key file) and ID_Rsa.pub (public key file).

5.2.2 Tracing id_rsa.pub (public key file) to the end of the authorization file

SSH – copy – id [email protected]