known_hosts 中究竟有什么? [英] What is actually in known_hosts?

问题描述

在我运行之前我没有 .ssh 目录

ssh user@foo.com

这创建了一个 .ssh 目录，其中包含一个文件 known_hosts.

里面有一些这样的文字.

 <代码> foo.com，107.180.00.00 SSH-RSA AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk + 9ClqoSgfcu4vXbWtUGSjo75UVQf + uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t + biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM + S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO + 4BZfwvH3HSSH8IWoyFhki + NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A + U1fff

我认为这可能是从我的服务器中提取的公钥或私钥，但事实并非如此.

这是什么，有什么用?

我只是想更多地了解 ssh 及其工作原理.例如，在这种情况下，我没有在本地计算机上设置私钥，因此它按预期提示输入密码.

研究

根据

假设它是服务器的公钥

https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-key-and-known-host-file-for-ssh

解决方案

要添加到上面的答案和您的评论中，ssh 会话有四个构建块

1. 加密(每次会话密钥交换后派生的对称密钥)
2. 数据完整性(MAC 使用例如 SHA、HMAC)
3. 密钥交换方法
4. 公钥方法或主机密钥方法

SSH 算法协商涉及密钥交换状态机当发送 SSH_MSG_KEXINIT 消息和算法列表时开始.

密钥交换方法或简单的 kex 指定用于加密的会话密钥和主机身份验证主机公钥(ssh-rsa, ssh-dss ..)客户端.下面的步骤是使用 Diffie hellman 密钥交换算法对 kex 进行的基本步骤

引用 RFC https://tools.ietf.org/html/rfc4253 ><块引用>

以下步骤用于交换密钥.其中，C 是客户;S是服务器；p 是一个大的安全素数；g 是一个生成器对于 GF(p) 的子群；q 是子群的阶数；V_S 是 S识别字符串；V_C是C的标识串；K_S 是 S公共主机密钥；I_C 是 C 的 SSH_MSG_KEXINIT 消息，I_S 是 S 的这部分之前交换过的SSH_MSG_KEXINIT消息开始.

1. C 生成一个随机数 x (1

2. S 生成一个随机数 y (0

3. C 验证 K_S 确实是 S 的主机密钥(例如，使用证书或本地数据库).C 也允许接受密钥未经验证；但是，这样做会使协议对主动攻击不安全(但可能需要在许多环境中短期内的实际原因).C然后计算 K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S||e||f||K)，并验证 H 上的签名 s.

在某些系统中，第三步中提到的本地数据库可能是 .ssh/known_hosts 文件.因此，为了回答您的问题，主机在密钥交换期间将公钥发送给客户端.

<块引用>

当前定义了以下公钥和/或证书格式:

ssh-dss 需要签名原始 DSS 密钥

ssh-rsa 推荐签名原始 RSA 密钥

pgp-sign-rsa 可选签署 OpenPGP 证书(RSA 密钥)

pgp-sign-dss 可选签署 OpenPGP 证书(DSS 密钥)

I did not have an .ssh directory until I ran

ssh user@foo.com

This created a .ssh directory with one file known_hosts.

It had some text like this in it.

foo.com,107.180.00.00 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff

I thought this might have been a public or private key pulled of my server some how, but it was not.

What is this, and what is it used for?

I'm just trying to learn more about ssh and how it works. For example in this case I did not setup the private key on the local machine so it prompted for a password as expected.

Research

It's suppose to be a public key for the server according to

https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-key-and-known-host-file-for-ssh

解决方案

To add to the answer above and your comment, There are four building blocks for ssh session

1. Encryption( symmetric keys derived after key exhange per session)
2. Data integrity (MAC using eg SHA,HMAC )
3. Key exchange methods
4. Public key methods or host key methods

the SSH algorithm negotiation involves a key exchange state machine which begins when the SSH_MSG_KEXINIT message along with algorithms list is sent.

The key exchange method or simply kex specifies session keys for encryption and host authentication host public keys(ssh-rsa, ssh-dss ..) that are sent to the client. The step below are the basic steps that take place for kex using Diffie hellman key exchange algorithm

quoting the RFC https://tools.ietf.org/html/rfc4253

The following steps are used to exchange a key. In this, C is the client; S is the server; p is a large safe prime; g is a generator for a subgroup of GF(p); q is the order of the subgroup; V_S is S's identification string; V_C is C's identification string; K_S is S's public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's SSH_MSG_KEXINIT message that have been exchanged before this part begins.

1. C generates a random number x (1 < x < q) and computes e = g^x mod p. C sends e to S.

2. S generates a random number y (0 < y < q) and computes f = g^y mod p. S receives e. It computes K = e^y mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K) (these elements are encoded according to their types; see below), and signature s on H with its private host key. S sends (K_S || f || s) to C. The signing operation may involve a second hashing operation.

3. C verifies that K_S really is the host key for S (e.g., using certificates or a local database). C is also allowed to accept the key without verification; however, doing so will render the protocol insecure against active attacks (but may be desirable for practical reasons in the short term in many environments). C then computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K), and verifies the signature s on H.

the local database mentioned in step three in certain systems could be the .ssh/known_hosts file. So to answer your question the public key is sent to the client by the host during the key-exchange.

The following public key and/or certificate formats are currently defined:

ssh-dss REQUIRED sign Raw DSS Key

ssh-rsa RECOMMENDED sign Raw RSA Key

pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key)

pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key)

这篇关于known_hosts 中究竟有什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！