Method and device for user authentication

Abstract

The present invention proposes a method for user authentication in an SSH server, wherein the SSH server is provided with a client with a specific protocol, including: receiving a user authentication request message from a user that includes the user public key information ; Generate a first message encapsulated in the message format of the specific protocol, wherein the first message includes the information of the user's public key, the user's identifier, and the public key of the SSH server Information and the identification of the SSH server; the client through the specific protocol sends the first message to the authentication server, where the public key of the user and the public key of the SSH server are stored on the authentication server key; the SSH server receives the second message encapsulated in the message format of the specific protocol from the authentication server, wherein the second message includes information used to generate the user authentication response message.

Description

technical field [0001] The invention relates to the field of network security, in particular to the field of user authentication. Background technique [0002] SSH (Secure Shell) is widely used in the field of secure network management, for example, SSH-based Telnet, FTP, port forwarding and other services. The reason why the SSH protocol can provide higher security than the traditional RSH protocol is mainly because SSH can support a variety of security authentication mechanisms, such as password-based security mechanisms and host address-based security mechanisms. Among them, the most widely used is User authentication mechanism based on public key. In the user authentication mechanism based on the public key, each user needs to generate a pair of key pairs for encryption / authentication. key security. Corresponding to the private key is the public key. During the user authentication process, the client needs to pass the public key to the server, and the public key can a...

AI Technical Summary

Problems solved by technology

[0004] First of all, this mechanism is inconvenient to deploy for large-scale distributed systems

In a large-scale distributed system, there are multiple servers. If a high-authority user (for example, a system administrator) needs to be able to log in to all these servers, his public key needs to be stored on all servers in the system. This greatly increases the workload and complexity of deployment

[0005] Secondly, the uniqueness of the user key cannot be guaranteed, which increases the risk of the system

Since the public / private key pairs of each user are stored on different SSH servers without centralized management, it may happen that the public keys of different users on different servers are exactly the same, resulting in There is a situation where illegal users can log in legally

[0006] In addition, when the public key configurations on different servers are different, the cost of maintaining and tracking these different key configurations is also greatly increased

[0007] Finally, when it is necessary to change the key configuration of the above-mentioned high-privilege user, for example, when deleting a certain system administrator account, it must be configured on each server, delete the corresponding public key, and restart the server to take effect. Level restarts are often unacceptable

[0008] In short, since this mechanism configures the public key locally on the server, all related operations can only be performed locally, and centralized unified management cannot be performed, which greatly limits its application in large-scale distributed systems. Applications

Images