{"id":70,"date":"2008-01-03T21:25:34","date_gmt":"2008-01-03T13:25:34","guid":{"rendered":"http:\/\/blog.urdada.net\/2008\/01\/03\/70\/"},"modified":"2015-10-27T23:25:13","modified_gmt":"2015-10-27T15:25:13","slug":"ssh2-vs-openssh","status":"publish","type":"post","link":"https:\/\/dada.tw\/blog\/2008\/01\/03\/70\/","title":{"rendered":"SSH2 vs OpenSSH"},"content":{"rendered":"

\u5e38\u898b\u7684 SSH Implementation \u6709\u5169\u7a2e\uff0cssh.com<\/a> \u7684 SSH \u4ee5\u53ca OpenSSH<\/a>\uff0c\u8a73\u7d30\u767c\u5c55\u7de3\u7531\u53ef\u53c3\u8003 OpenSSH History<\/a><\/p>\n

\u7531\u65bc\u6b77\u53f2\u56e0\u7d20\uff0c\u6240\u4ee5\u63d0\u5230 SSH \u76f8\u95dc\u7528\u8a9e\u6642\uff0c\u5e38\u56e0\u4e0d\u660e\u78ba\u800c\u6df7\u6dc6\u3002\u5efa\u8b70\u53ef\u4ee5\u53c3\u8003 O’Reilly book<\/a> \u51fa\u7248\u7684 SSH, The Secure Shell: The Definitive Guide<\/a> \u4e00\u66f8\u4e2d\u5c0d\u65bc SSH \u5404\u7a2e\u8a5e\u5f59\u7684\u7cbe\u78ba\u5b9a\u7fa9\uff1a<\/p>\n

Terminology: SSH Protocols and Products<\/b><\/p>\n

\nSSH\n    A generic term referring to SSH protocols or software products.\nSSH-1\n    The SSH protocol, Version 1. This protocol went through several\n    revisions, of which 1.3 and 1.5 are the best known, and we will\n    write SSH-1.3 and SSH-1.5 should the distinction be necessary.\nSSH-2\n    The SSH protocol, Version 2, as defined by several draft standards\n    documents of the IETF SECSH working group.\nSSH1\n    Tatu Yl\u00f6nen's software implementing the SSH-1 protocol; the original\n    SSH. Now distributed and maintained (minimally) by SSH\n    Communications Security, Inc.\nSSH2\n    The \"SSH Secure Shell\" product from SSH Communications Security, Inc.\n    This is a commercial SSH-2 protocol implementation, though it is\n    licensed free of charge in some circumstances.\nssh (all lowercase letters)\n    A client program included in SSH1, SSH2, OpenSSH, F-Secure SSH, and\n    other products, for running secure terminal sessions and remote\n    commands. In SSH1 and SSH2, it is also named ssh1\/ssh2, respectively.\nOpenSSH\n    The product OpenSSH from the OpenBSD project,\n    which implements both the SSH-1 and SSH-2 protocols.\nOpenSSH\/1\n    OpenSSH, referring specifically to its behavior\n    when using the SSH-1 protocol.\nOpenSSH\/2\n    OpenSSH, referring specifically to its behavior\n    when using the SSH-2 protocol.\n<\/pre>\n
OpenSSH \u57fa\u65bc\u76f8\u5bb9 BSD license \u7684 ssh 1.2.12 \u4f86\u958b\u767c\uff0c\u5f8c\u7e8c\u53c8\u52a0\u4e0a\u4e86\u5c0d SSH-2 \u7684\u652f\u63f4<\/p>\n
\u4f46 OpenSSH \u5c0d SSH-2 \u7684\u5be6\u4f5c\u8207 ssh.com \u5f8c\u4f86\u5c0d SSH-2 \u7684\u5be6\u4f5c\u5df2\u7d93\u6709\u4e86\u4e00\u4e9b\u5dee\u7570\u3002<\/p>\n
\u73fe\u4eca\u5927\u90e8\u5206\u7684 open source \u4f5c\u696d\u7cfb\u7d71\u90fd\u5df2\u7d93\u6539\u7528 OpenSSH \u4e86\uff0c\u4e0d\u904e\u6709\u4e9b\u5730\u65b9\u9084\u662f\u53ef\u4ee5\u770b\u5230 SSH2 \u7684\u8e64\u8de1\uff0c\u53ef\u80fd\u662f\u5546\u696d\u7248\u672c\u6216\u662f\u975e\u5546\u696d\u7248\u672c\uff0c\u4f8b\u5982:<\/p>\n
\n# ssh -V\nssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu\n<\/pre>\n
SSH Communications Security, Inc. (www.ssh.com<\/a>) \u7684\u5546\u696d\u7248\u672c SSH (SSH2) \u6b63\u5f0f\u540d\u7a31\u53eb\u505a Tectia SSH client\/server<\/a><\/p>\n
\u719f\u6089 OpenSSH \u7684\u4eba\u521d\u6b21\u63a5\u89f8 SSH2 \u6700\u5e38\u9047\u5230\u7684\u554f\u984c\u5c31\u662f Public-Key Authentication \u7684\u4f5c\u6cd5\u4ee5\u53ca Key format \u90fd\u4e0d\u592a\u4e00\u6a23\u3002<\/p>\n
OpenSSH\/1 \u8207 SSH1 \u7684 authorization file \u90fd\u662f\u653e\u5728 ~\/.ssh\/authorized_keys \u9019\u500b\u6a94\u6848\u4e4b\u5167\uff0cidentity \u5247\u662f\u653e\u5728 ~\/.ssh\/identity \u9019\u500b\u6a94\u6848\u5167<\/p>\n
OpenSSH\/2 \u7684 authorization file \u4e00\u6a23\u662f ~\/.ssh\/authorized_keys\uff0cidentity \u5247\u662f\u5728 ~\/.ssh\/id_dsa \u6216 ~\/.ssh\/id_rsa \u5167\uff0c\u4f9d\u64da key type \u800c\u7570\u3002\u4f46\u5176\u5be6\u56e0\u70ba OpenSSH\/2 \u6709\u5411\u4e0b\u76f8\u5bb9 OpenSSH\/1 \u7684\u529f\u80fd\uff0c\u6240\u4ee5\u4e8b\u5be6\u4e0a\u4e5f\u6703\u53c3\u8003 ~\/.ssh\/identity \u4f86\u7576\u4f5c SSH-1 \u7684 identity<\/p>\n
SSH2 \u5c31\u5f88\u4e0d\u4e00\u6a23\u4e86\u3002SSH2 \u5141\u8a31\u6709\u591a\u500b identity\uff0c\u56e0\u6b64\u6703\u6709\u4e00\u500b\u6a94\u6848 ~\/.ssh\/identification \u53ef\u4ee5\u8a2d\u5b9a\u6709\u54ea\u4e9b identity \u53ef\u7528\uff0c\u4f8b\u5982:<\/p>\n
\nIdKey identity-1\nIdKey identity-2\nIdKey identity-3\n<\/pre>\n
\u771f\u6b63\u7684 private key \u653e\u5728 identity-1, identity-2, identity-3 \u9019\u4e09\u500b\u6a94\u6848\u5167\uff0c\u800c\u4f7f\u7528 ssh -i \u6307\u5b9a identity \u6642\uff0c\u4e0d\u540c\u65bc OpenSSH \u662f\u76f4\u63a5\u6307\u5230 key \u672c\u8eab\uff0cSSH2 \u5fc5\u9808\u6307\u5b9a\u9019\u500b\u9593\u63a5\u7684 identification file<\/p>\n
SSH2 \u7684 public key format \u4e5f\u8207 OpenSSH \u4e0d\u540c\uff0c\u4e0d\u518d\u662f\u4e00\u884c\u800c\u5df2\uff0c\u4e5f\u56e0\u6b64 authorization file \u6c92\u8fa6\u6cd5\u8ddf ~\/.ssh\/authorized_keys \u4e00\u6a23\u4e00\u884c\u653e\u4e00\u500b key \u503c\u3002<\/p>\n
SSH2 \u4e5f\u662f\u4e00\u6a23\u4f7f\u7528\u4e00\u500b\u6a94\u6848\u4f86\u8a2d\u5b9a\u5141\u8a31\u7684 public key \u6709\u54ea\u4e9b\uff0c\u6a94\u6848\u653e\u5728 ~\/.ssh\/authorization<\/p>\n
\nKey identity-1.pub\nKey identity-2.pub\nKey identity-3.pub\n<\/pre>\n
\u9019\u500b\u6a94\u6848\u8868\u793a\u53ef\u63a5\u53d7\u4e09\u500b public key \u5206\u5225\u70ba identity-1.pub, identity-2.pub, identity-3.pub<\/p>\n
\u800c\u5982\u540c OpenSSH \u4e00\u6a23\uff0cSSH2 \u7684 authorization \u6a94\u6848\u5167\u4e5f\u53ef\u4ee5\u6307\u5b9a\u5404\u7a2e options\uff0c\u4f8b\u5982\uff1a<\/p>\n
\nKey identity-1.pub\nOptions no-port-forwarding,no-pty\nKey identity-2.pub\nOptions command=\"rsync -az --server . \/home\/backup-x\",no-pty\n<\/pre>\n
\u8a73\u7d30\u8cc7\u8a0a\u53ef\u53c3\u8003 SSH2 \u7684 manual<\/p>\n
SSH2 \u7684 key format \u8207 OpenSSH \u4e0d\u540c\uff0c\u9019\u5728\u5169\u8005\u4e4b\u9593\u8981\u4f5c public key authentication \u6642\u9020\u6210\u4e86\u4e00\u4e9b\u9ebb\u7169\u3002OpenSSH \u63d0\u4f9b\u7684 ssh-keygen \u53ef\u4ee5\u7528 -e \u548c -i \u5169\u500b\u9078\u9805\u4f86\u8f49\u63db\u5169\u8005\u7684 key format:<\/p>\n
\n# ssh-keygen -e -f openssh-key.pub > ssh2-key.pub\n# ssh-keygen -i -f ssh2-key.pub > openssh-key.pub\n<\/pre>\n
OpenSSH \u8207 SSH2 \u4e4b\u9593\u7684\u554f\u984c\u9084\u4e0d\u53ea\u9019\u6a23\uff0cSCP \u7684\u5be6\u4f5c\u65b9\u5f0f\u4e5f\u4e0d\u540c<\/p>\n
OpenSSH \u8207 SSH1 \u7684 SCP \u662f RCP over SSH\uff0c\u800c SSH2 \u9644\u7684 SCP2 \u80cc\u5730\u88e1\u5247\u662f\u7528 SFTP \u5be6\u4f5c\u7684\uff0c\u56e0\u6b64\u5169\u8005\u4e92\u76f8 copy \u6771\u897f\u6642\u6709\u6642\u6703 copy \u4e0d\u904e\u53bb\uff0c\u5efa\u8b70\u9084\u662f\u4e00\u5f8b\u6539\u7528\u6709\u7d93\u904e IETF \u6a19\u6e96\u8a8d\u8b49\u7684 SFTP \u5c31\u597d\u4e86<\/p>\n
\u5982\u679c\u53ef\u4ee5\u7684\u8a71\uff0c\u5168\u90e8\u7528 OpenSSH \u662f\u6700\u55ae\u7d14\u7684\uff0c\u4e0d\u904e\u6709\u6642\u4e0d\u662f\u81ea\u5df1\u80fd\u63a7\u5236\u7684\uff0c\u78b0\u5230\u4f7f\u7528 SSH2 \u7684\u7cfb\u7d71\uff0c\u5176\u5be6\u53ea\u8981\u7a0d\u5fae\u4e86\u89e3\u4e00\u4e0b\u5dee\u7570\u4e5f\u5f88\u5bb9\u6613\u9069\u61c9\u5c31\u662f\u4e86<\/p>\n
\u53c3\u8003\u8cc7\u6599:<\/p>\n