关于ssl、ssh、OpenSSH、PuTTY、证书、加密等，一些概念的澄清

用heidisql连接一台VPS的数据库时，发现其依赖plink，之前用openssh-gen生成的pem格式的私钥不能用，必须先转换成ppk格式，用puttygen做了转换后成功连接上了。解决问题的过程中，发现关于ssl、ssh、openssh、putty等有一些长久以来的模糊认知，所以检索资料比较深入地了解一下，做一些记录以备忘、澄清。

PuTTY

PuTTY套件各部分的功能和区别

常用的就是putty、plink、puttygen。plink常用于非交互数据传输的通道，puttygen可用于生成证书、证书格式转换（pem <-> ppk）等。

putty.exe (the SSH and Telnet client itself)
pscp.exe (an SCP client, i.e. command-line secure file copy)
psftp.exe (an SFTP client, i.e. general file transfer sessions much like FTP)
puttytel.exe (a Telnet-only client)
plink.exe (a command-line interface to the PuTTY back ends)
pageant.exe (an SSH authentication agent for PuTTY, PSCP, PSFTP, and Plink)
puttygen.exe (a RSA and DSA key generation utility)

下面是包含上述全部文件的官方软件包：
32位ZIP包
 64位ZIP包

Plink

What is PuTTY Plink?
Plink (PuTTY Link) is a command-line connection tool similar to UNIX ssh . It is mostly used for automated operations, such as making CVS access a repository on a remote server. Plink is probably not what you want if you want to run an interactive session in a console window.

puttygen

对应于OpenSSH的ssh-keygen
ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

pagent

对应于OpenSSH的ssh-agent
ssh-agent is a program that can hold a user’s private key, so that the private key passphrase only needs to be supplied once. A connection to the agent can also be forwarded when logging into a server, allowing SSH commands on the server to use the agent running on the user’s desktop.

OpenSSH vs PuTTY

两者均是ssh通信工具，提供ssh连接、会话管理、文件传输等，分别在windows、unix/linux上原生实现。之前没有意识到它们的相互替代性。

Why do you recommend using Putty over OpenSSH to connect to a git server from windows?

We recommend PuTTY because it’s Windows-native. If you use passphrases with your keys (and really, you should – if you don’t your keys are very insecure) then you need to run an agent to avoid typing those passphrases more than once per login. OpenSSH’s agent is a command-line affair and can only easily be used from inside the same command line prompt, so it doesn’t play very nicely with using a mixture of command line and a GUI tool like SourceTree. In contrast, PuTTY uses a Windows system tray tool called Pageant which can serve any number of apps and sits in your tray for your Windows session. Many people also prefer the GUI tools for generating keys since they’re a bit more user-friendly.

SourceTree jumps through the hoops required to make OpenSSH work with passphrases outside a terminal so it’s fine if you want to use it, but OpenSSH was designed for Unix/Linux terminals and has to be somewhat shoehorned into working nicely in a Windows GUI setup, hence why we suggest the native tool as a preference. Many people will have already set up their systems for OpenSSH which is fine, but PuTTY can do everything OpenSSH does while being a bit more of a natural fit, so we tend to recommend it to brand new users since they’ll probably have an easier ride.

Windows 10 SSH vs. PuTTY: Time to Switch Your Remote Access Client?

One of the most common methods to communicate between computers, particularly Linux machines and web servers, is SSH. When it comes to establishing this sort of communication in Windows, the default option has been to install PuTTY.

PuTTY has long been the preferred choice for SSH on Windows. Whether controlling web servers, accessing Internet of Things devices or remotely administering a Linux PC, it’s a lightweight, easy to use app.

One of the reasons for PuTTY’s endurance is its wide selection of features. So, can SSH on Windows PowerShell compete with PuTTY?

There is a reason why PuTTY remains popular. Not only does it allow you to save (and name) your connections, the app also supports connections over Telnet, Serial, and other protocols. PuTTY’s appearance is also configurable, can it be quickly launched from the desktop. All in all, PuTTY is a solid utility that handles pretty much anything that you can throw at it.

SSH is easy to use in Windows 10’s PowerShell. However, its lack of features, along with requiring a few more clicks to load up, mean you might prefer to stick with PuTTY. Either way, the fact that Windows 10 has two good options for SSH is worth celebrating.

pem VS ppk，两种格式的证书

两种客户端，两种风格的证书；公钥是相同的，风格不同的是私钥。

While the data stored in Public/Private Key pairs is standardized, the storage format is not. Two common formats are available – OpenSSH and PuTTY style keys. Programs that rely on PuTTY cannot use OpenSSH style keys, and vice versa. Serv-U uses OpenSSH style keys only, and does not support PuTTY. It can be necessary to convert key formats in order to support specifc clients.

SCP vs SFTP

之前没有意识到scp和sftp不是一个东西，这里备忘澄清。它们都基于ssh，但是不一样的，最显著的区别是scp更快些，而sftp支持断点续传。

定义

SCP是Secure Copy的简称，是用来与远程主机之间进行数据传输的协议，相当于经过加密的Copy命令。SCP数据传输使用 ssh协议，并且和ssh 使用相同的认证方式，提供相同的安全保证。根据实际需要，scp进行验证时会要求你输入密码或口令。

SFTP=SSH File Transfer Protocol ，有时也被称作 Secure File Transfer Protocol。SFTP是用SSH封装过的FTP协议，相当于经过加密的FTP协议，功能与FTP一样，只是传输数据经过加密。
SFTP也有二个部分，服务端的SFTP-Server及SFTP Client。通常所说的用SFTP登录到某台主机，指的是用SFTP客户端登录到某台主机（该主机运行了SFTP-Server服务端程序）。

相同点

不管SCP还是SFTP，都是SSH的功能之一，也都是使用SSH协议来传输文件的。

不只是登录时的用户信息，相互传输的文件内容也是经过SSH加密的，所以说SCP和SFTP实现了安全的文件传输。

SCP和CP命令相似，SFTP和FTP的使用方法也类似。SCP和SFTP的共同之处在于「使用SSH将文件加密才传输的」

使用「WinSCP」或者「FileZilla」之类的客户端，还可以和Windows之间进行文件传输。

不同点

SCP和SFTP的不同之处，首先就是之前提到的，SCP使用「SCP命令」，SFTP则类似「FTP处理文件」的使用方式。

它们的不同之处还不止如此，还有「SCP比较简单，是轻量级的，SFTP的功能则比较多」。

虽然还有很多不同之处，但二者的最大不同之处在于「SFTP在文件传输过程中中断的话，连接后还可以继续传输，但SCP不行」。

由于各种原因导致的文件传输中断是经常讨论的话题，所以这个区别（SFTP支持断点续传，SCP则不支持）被认为是最大的区别。

SFTP、FTP、SCP三种文件传输协议的速度比较

SFTP Generally slowest (encryption and necessity to wait for packet confirmations).
FTP Generally fastest file transfer (no encryption and efficient file transfer), yet transfer setup is slow, so transfer of large number of small files can be slow.
SCP Medium (encryption, but efficient file transfer, yet it does not allow the transfer to be interrupted).

证书

证书的构成

cert.pem、chain.pem、fullchain.pem、privkey.pem这四个文件有什么区别？

I’m in confusion with key files generated with our beloved LetsEncrypt.

We will get 4 .pem files,

fullchain.pem
privkey.pem
cert.pem
chain.pem

privkey.pem is clear enough to understand that it is Private key. But I don’t understand,

what are the other files ?
why it is for or for which we should use that ?
In AWS Elastic Load balancer, SSL Certificate configuration asks for

Private key
Public Key
Chain (optional)

Which .pem file I should use for Public key, fullchain.pem or chain.pem or cert.pem ? Could anyone help me understanding this ?

The best answer should be provided by your hosting company, in this case Amazon. Anyway, from http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-add-or-delete-listeners.html

If you have an SSL certificate to upload, select Upload a new SSL Certificate to AWS Identity and Access Management (IAM).
Enter the name of the certificate.
In Private Key, copy and paste the contents of the private key file (PEM-encoded).
In Public Key Certificate, copy and paste the contents of the public key certificate file (PEM-encoded).
In Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded)

So,

Private Key ——–> privkey.pem
Public Key ———> cert.pem
Certificate Chain –> chain.pem

文件名	内容
cert.pem	服务端证书
chain.pem	浏览器需要的所有证书但不包括服务端证书，比如根证书和中间证书
fullchain.pem	包括了cert.pem和chain.pem的内容
privkey.pem	证书的私钥

证书类型

PGP证书通常用于代码、邮件加密，X.509证书用于HTTP传输的加密。
PGP证书是自签名的，X.509证书则有一个金字塔的层级认证体系。

PGP certificates differ from X.509 certificates, as seen by the general public, in two ways:

PGP certificates are issued (signed) by normal people while the popular impression is that X.509 certificates must be issued by a professional CA, and
PGP implements a security fault tolerance mechanism, called the Web of Trust, that was designed to compensate for the fact that issuers were not specially protected or professional.

Comparison of Certificate Types
Kind of Certificate	Certification Authority Characteristics	Kind of Identifier
X.509	Naming authority hierarchies; cross-certification; CPS	Global by original definition, but local in practice [X.500 Distinguished Name, chosen by and hopefully unique to the issuing CA]
PGP	Web of Trust = multiple path of certification, to achieve fault tolerance in compensation for the fact that amateur certifiers are signing certificates	Global [e-mail name, globally unique (thanks to the Domain Name System) but maybe not persistent]
SPKI/SDSI	Single naming authority; no CPS necessary	Local [arbitrary]
SPKI without names	Authorization authority hierarchies; optional k-of-n subjects	Global [public key or hash of the public key, globally unique (thanks to mathematics) and persistent]

CSR与证书

A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. … It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html

It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair. … A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key.
https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html

There’s no sensitive information in the CSR. It’s odd that a certificate authority asks you to send your CSR through email. … That means it’s safe to send this by email because what is important in a PKI infrastructure is the private key, that you must keep to yourself.
https://security.stackexchange.com/questions/14916/is-it-safe-to-send-a-csr-via-email

Can I reuse a CSR?
4 Answers. The short answer is that while yes you can reuse the CSR, it doesn’t mean you should. … Yes, you will need a new CSR for the domain and your user name/password. Some web servers allow to use old CSR but I recommend to create a new CSR.
https://security.stackexchange.com/questions/131188/do-i-need-a-new-csr-for-a-certificate-renewal/131192

去除私钥的密钥

How to remove a private key password using OpenSSL?

In some circumstances there may be a need to have the certificate private key unencrypted.

To remove the private key password follow this procedure:

Copy the private key file into your OpenSSL directory (or you can specify the path in the command line).

Run this command using OpenSSL: openssl rsa -in [file1.key] -out [file2.key]

Enter the passphrase and [file2.key] is now the unprotected private key.

The output file: [file2.key] should be unencrypted. To verify this open the file using a text editor (such as MS Notepad) and view the headers.

Encrypted headers look like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,

6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

Unencrypted headers look like this:

-----BEGIN RSA PRIVATE KEY-----
6AC307785DD187EF...
-----END RSA PRIVATE KEY-----

WARNING: Be aware that having an unencrypted private key adds a security risk by making it easier to obtain your private key if the private key file is stolen.
For more information on OpenSSL please visit: www.openssl.org

OpenSSH支持的认证方法

The methods available for authentication are: GSSAPI-based authentication, host-based authentication, public key authentication, challenge-response authentication, and password authentication. Authentication methods are tried in the order specified above, though PreferredAuthentications can be used to change the default order.

实际常用的就是密码和公钥两种。

OpenSSH支持的公钥加密算法

SSH支持的几种用于身份验证密钥的公钥算法：

rsa: 一种基于分解大数字难度的旧算法。RSA建议密钥大小至少为2048位; 4096位更好。RSA正在变老，并且在保理方面取得了重大进展。可能建议选择不同的算法。在可预见的将来，RSA算法很可能会变得切实可行。所有SSH客户端都支持此算法。
dsa: 旧的美国政府数字签名算法。它基于计算离散对数的难度。密钥大小通常与1024一起使用。不再推荐使用其原始形式的DSA。
ecdsa: 一种新的数字签名算法，由美国政府使用椭圆曲线标准化。这可能是当前应用程序的一个很好的算法。仅支持三种密钥大小：256,384和521（sic!）位。我们建议总是使用521位，因为密钥仍然很小，可能比较小的密钥更安全（即使它们也应该是安全的）。大多数SSH客户端现在支持此算法。
ed25519: 这是OpenSSH中添加的新算法。客户对它的支持尚未普及。因此，它在通用应用中的使用可能尚不可取。

了解更多：

Public key authentication works as follows: The scheme is based on public-key cryptography, using cryptosystems where encryption and decryption are done using sepa‐rate keys, and it is unfeasible to derive the decryption key from the encryption key. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of ssl contains a brief discussion of the DSA and RSA algorithms.
The user creates his/her key pair by running ssh-keygen. This stores the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user’s home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password.

OpenSSH的多样用途

除了最常见的远程连接，ssh提供的加密通道还可以用于 X11 connections, arbitrary TCP ports and UNIX-domain sockets的转发。

ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communi‐cations between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel.

OpenSSH连接/主机支持的配置选项

的确很多，常用的粗体标注一下。

AddKeysToAgent
AddressFamily
BatchMode
BindAddress
CanonicalDomains
CanonicalizeFallbackLocal
CanonicalizeHostname
CanonicalizeMaxDots
CanonicalizePermittedCNAMEs
CASignatureAlgorithms
CertificateFile
ChallengeResponseAuthentication
CheckHostIP
Ciphers
ClearAllForwardings
Compression
ConnectionAttempts
ConnectTimeout
ControlMaster
ControlPath
ControlPersist
DynamicForward
EscapeChar
ExitOnForwardFailure
FingerprintHash
ForwardAgent
ForwardX11
ForwardX11Timeout
ForwardX11Trusted
GatewayPorts
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
HashKnownHosts
Host
HostbasedAuthentication
HostbasedKeyTypes
HostKeyAlgorithms
HostKeyAlias
HostName
IdentitiesOnly
IdentityAgent
IdentityFile
IPQoS
KbdInteractiveAuthentication
KbdInteractiveDevices
KexAlgorithms
LocalCommand
LocalForward
LogLevel
MACs
Match
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
PermitLocalCommand
PKCS11Provider
Port
PreferredAuthentications
ProxyCommand
ProxyJump
ProxyUseFdpass
PubkeyAcceptedKeyTypes
PubkeyAuthentication
RekeyLimit
RemoteCommand
RemoteForward
RequestTTY
SendEnv
ServerAliveInterval / 心跳监测以保持连接
ServerAliveCountMax / 心跳监测以保持连接
SetEnv
StreamLocalBindMask
StreamLocalBindUnlink
StrictHostKeyChecking
TCPKeepAlive
Tunnel
TunnelDevice
UpdateHostKeys
User
UserKnownHostsFile
VerifyHostKeyDNS
VisualHostKey
XAuthLocation

OpenSSH实现X11转发时，-X和-Y参数的区别

-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user’s X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config for more information.
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.

参考资料

-- EOF --

本文最后修改于5年前 (2019-07-05)

(No Ratings Yet)

读取中...