网络安全协议之比较(SSH、PKI、SET、SSL)
Wikipedia SSH
http://en.wikipedia.org/wiki/Secure_Shell
SSH can be used for many applications
(1) for forwarding X11 through multiple hosts
The X Window System (commonly X or X11) is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers, and was initially developed as part of Project Athena. It implements the X display protocol and provides windowing on raster graphics (bitmap) computer displays and manages keyboard and pointing device control functions.
(2) The goal of SSH was to replace the earlier rlogin, TELNET and rsh protocols, which did not provide strong authentication or guarantee confidentiality.
rlogin is a software utility for Unix-like computer operating systems that allows users to log in on another host via a network, communicating via TCP port 513. rlogin is also the name of the application layer protocol used by the software, part of the TCP/IP protocol suite. Authenticated users can act as if they were physically present at the computer. RFC 1258, in which it was defined, states that: "The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output." rlogin communicates with a daemon, rlogind, on the remote host. rlogin is similar to the Telnet command, but has the disadvantage of not being as customizable and being able to connect only to Unix hosts.
Telnet (Telecommunication network) is a network protocol used on the Internet or local area networks.Typically, Telnet provides access to a command-line interface on a remote machine.The term telnet also refers to software which implements the client part of the protocol. Telnet clients are available for virtually all computer platforms. Most network equipment and operating system with a TCP/IP stack support a Telnet service for remote configuration (including systems based on Windows NT). Because of security issues with Telnet, its use has waned in favor of SSH for remote access.
(3) SSHFS, access remote file system seamlessly
for securely mounting a directory on a remote server as a filesystem on a local computer using SSHFS. SSHFS (Secure SHell FileSystem) is a file system for Linux (and other operating systems with a FUSE implementation, such as Mac OS X or FreeBSD) capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module.
The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. On the remote computer the SFTP subsystem of SSH is used.
how to use SSHFS on Linux
If you have the login remoteuser on the host remotehost and want to mount the directory /path/to/remote_dir on the directory local_mountpoint, the following command can be used:
sshfs remoteuser@remotehost:/path/to/remote_dir local_mountpoint
To unmount use the command
fusermount -u local_mountpoint
or simply
umount local_mountpoint
(4) PAM authentication
Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API), which allows programs that rely on authentication to be written independently of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an Open Software Foundation Request for omments (RFC) dated October, 1995. Despite PAM being part of the X/Open Single Sign-on (XSSO) standard, PAM on its own cannot implement Kerberos, the most common type of SSO used in Unix environments.
(5) Generic Security Services Applicaton program Interface
The Generic Security Services Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. Limitations of the GSSAPI include that it standardizes only authentication, and not authorization, and that it assumes a client-server architecture. The dominant GSSAPI mechanism implementation in use is Kerberos.
阅读(668) | 评论(1) | 转发(0) |