The invention relates to the technical field of spatial information, and discloses a low-orbit satellite security authentication method based on spatial channel characteristics. The method comprises a three-layer SDN distributed control structure consisting of a ground control center, a GEO satellite controller and an MEO satellite controller. In the whole authentication process, key agreement contains timestamp information, so that the freshness of the message is ensured. After the timestamp T is acquired, whether the timestamp T is within an allowable time range delta T is detected, if the timestamp T is valid, the acquired secret key is fresh, replay attacks can be effectively resisted, symmetric secret keys generated in the subsequent authentication process are iteratively generated based on the initial KEYab, and the shared secret key needs to be updated again every time a session is ended. The new secret key is based on the Hash operation of the channel characteristic value and the message and has randomness, so that even if an attacker obtains the current shared secret key, a subsequent new secret key cannot be generated, and the independence of the authentication process is guaranteed.