ssh - known_hosts 中究竟有什么？

Question

关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。












想改善这个问题吗？更新问题，使其成为 on-topic对于堆栈溢出。

5年前关闭。




Improve this question




我没有 .ssh目录，直到我跑
ssh user@foo.com
这创建了一个 .ssh 目录，其中包含一个文件 known_hosts .

里面有一些这样的文字。

foo.com,107.180.00.00 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff

我认为这可能是以某种方式从我的服务器中提取的公钥或私钥，但事实并非如此。

这是什么，它有什么用途？

我只是想更多地了解 ssh 及其工作原理。例如，在这种情况下，我没有在本地计算机上设置私钥，因此它按预期提示输入密码。

研究

它假设是服务器的公钥根据

https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-key-and-known-host-file-for-ssh

Answer 1

要添加到上面的答案和您的评论，
ssh session 有四个构建块

加密(每个 session key 交换后派生的对称 key )

数据完整性(MAC 使用例如 SHA,HMAC )

key 交换方法

公钥方法或主机 key 方法

SSH 算法协商涉及 key 交换状态机
当发送 SSH_MSG_KEXINIT 消息和算法列表时开始。

key 交换方法或简单的 kex 指定发送到客户端的加密和主机身份验证主机公钥( ssh-rsa 、 ssh-dss ..)的 session key 。以下步骤是使用 Diffie hellman key 交换算法为 kex 执行的基本步骤

引用 RFC https://tools.ietf.org/html/rfc4253

The following steps are used to exchange a key. In this, C is the client; S is the server; p is a large safe prime; g is a generator for a subgroup of GF(p); q is the order of the subgroup; V_S is S's identification string; V_C is C's identification string; K_S is S's public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's SSH_MSG_KEXINIT message that have been exchanged before this part begins.

1. C generates a random number x (1 < x < q) and computes e = g^x mod p. C sends e to S.

2. S generates a random number y (0 < y < q) and computes f = g^y mod p. S receives e. It computes K = e^y mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K) (these elements are encoded according to their types; see below), and signature s on H with its private host key. S sends (K_S || f || s) to C. The signing operation may involve a second hashing operation.

3. C verifies that K_S really is the host key for S (e.g., using certificates or a local database). C is also allowed to accept the key without verification; however, doing so will render the protocol insecure against active attacks (but may be desirable for practical reasons in the short term in many environments). C then computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K), and verifies the signature s on H.

在某些系统中，第三步中提到的本地数据库可能是 .ssh/known_hosts 文件。
因此，为了回答您的问题，主机在 key 交换期间将公钥发送给客户端。

The following public key and/or certificate formats are currently defined:

ssh-dss REQUIRED sign Raw DSS Key

ssh-rsa RECOMMENDED sign Raw RSA Key

pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key)

pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key)