Traditional FTPs do not consider security mechanisms in the principles of transmission mechanisms and implementations, as they use clear text to transfer data, user accounts, and user passwords on the network, and others can easily intercept this data, user account, and user password. Moreover, these network service processes are easily attacked by "man-in-middle). The so-called "middleman" attack mode is "" Intermediary "posing as a real server to receive data from your pass, and then pretend that you will pass the data to the real server. Server and the data transfer between you is" intermediate people " After doing your hands and feet, there will be a very serious problem.
SSH is the abbreviation of Secure shell. By using SSH, all of the data can be encrypted, and DNS spoofing and IP spoof can be prevented. With SSH, the transmitted data can also be compressed, so the speed of the transmission can be accelerated. SSH can provide a secure "channel" for FTP.
The SSH protocol is a security protocol based on the application layer and the transport layer, which is mainly composed of three parts: SSH security security mechanism.
l Transportation Protocol, which provides security measures such as authentication, trust, and integrity inspection, and it can also provide data compression function arbitrarily. Normally, these transport layer protocols are built on top of the connected TCP data stream.
l User Certification Protocol layer, used to implement the identity authentication between the server and the client user, which is running over the transport layer protocol.
l Connect the protocol layer to allocate multiple encrypted channels to some logical channels, which is running over the User Certification Layer Agreement.
When the secure transport layer connection is established, the client will send a service request. A second service request will be sent after the user authentication layer connection is established. This allows new defined protocols to coexist with previous protocols. The connection protocol provides a variety of destination channels, providing a standard method for setting a secure interaction SHELL session and transfer any TCP / IP port and X11 connection.
SSH provides two levels of security verification: SSH1 and SSH2.
SSH1 (based on password security verification), as long as you know your account and password, you can log in to the remote host, and all transferred data will be encrypted. However, this verification method cannot guarantee that the server you are connecting is the server you want to connect. There may be other servers in pretending to be real servers, which are attacked by "middleman".
SSH2 (based on the key-based security verification), you need to rely on the key, that is, you must create a pair of keys for yourself and put the public key on the server that needs to be accessed. If you want to connect to the SSH server, the client software will send a request to the server, requiring safety verification with your key. After the server receives the request, you will take your public key in the root of the server, and then compare it with the public key you send. If the two keys are consistent, the server uses the public key to encrypt the "challenge" and send it to the client software. After the client software receives "challenge", you can use your private key to decrypt and send it to the server.
SSH2 does not need to transmit user passwords on the network than SSH1. In addition, SSH2 not only encrypts all transmitted data, and "intermediary" is impossible (because he doesn't have your private key). But the whole login process may be slow.
SSH's most common application is to replace traditional Telnet, FTP and other network applications, log in to the remote machine via SSH to perform the work and command you want to do. In an unsafe network communication environment, it provides a strong authentication mechanism and a very secure communication environment.
The protocol of FTP transmission is called SFTP (secure file transfer) using the SSH protocol. We can use SFTP as a protocol to deliver information files. With SFTP, you need to support the FTP server to support the SFTP protocol and use the SFTP access server on the client.
Support SSH server-side software
l vshell server, SSH server software under the Windows platform
l The SSH server software under the UNIX / Linux platform.
Support SSH client software under the Windows platform
l Entunnel
l SecureCrt
l SecureFX
l f_secrue
SFTP development
PuTTY is an SSH client program under a Windows platform that supports SFTP. More information about PUTTY can be referred to:
Http://www.chiark.greenend.org.uk/~sgtatham/putty/
