堆栈内存溢出
  简体   繁体   English

可以在非ssh应用程序中使用ssh密钥进行身份验证吗?

[英]can I use ssh keys for authentication in non-ssh application?

 原文  2014-06-13 14:37:47       linux/ node.js/ authentication/ tcp/ ssh-keys

问题描述

I have an application consisting of client and server pieces, separated by the internet, where I control the server but need to authenticate client connections. 我有一个由客户端和服务器部分组成的应用程序,由Internet分开,在这里我控制服务器,但需要对客户端连接进行身份验证。 The client connects to the server with a TCP connection and they then exchange JSON messages. 客户端通过TCP连接连接到服务器,然后它们交换JSON消息。 The client is not a browser-based app, it is a headless node.js app running on a Linux server. 客户端不是基于浏览器的应用程序,而是在Linux服务器上运行的无头node.js应用程序。

I would like to implement some authentication to the connection. 我想对连接实施一些身份验证。 My thought is that (similar to github) an authorized user (through a separate portal) can add their ssh public keys to a server-side database for the linux machines they will be running the clients on, and then I would like to authenticate using those ssh keys during TCP session establishment. 我的想法是(类似于github)授权用户(通过单独的门户)可以将其ssh公钥添加到将在其上运行客户端的linux机器的服务器端数据库中,然后我想使用TCP会话建立期间的那些ssh密钥。 Does this make sense? 这有意义吗? I am not familiar with using ssh key pairs for authentication for applications other than ssh, so I am not sure exactly how to implement this. 我不熟悉使用ssh密钥对为ssh以外的应用程序进行身份验证,因此我不确定如何实现此目的。 Also, I am wondering if there is an alternate "best practice" or suggestions people might have for implementing authentication for an application like this. 另外,我想知道是否存在替代的“最佳实践”或建议,人们可能对这样的应用程序实施身份验证。 I want to protect the server and its resources against non-authorized client access. 我想保护服务器及其资源免遭未经授权的客户端访问。 Any/all thoughts welcomed 欢迎任何/所有想法

1 个解决方案

解决方案1
 0  2014-09-11 12:15:31

You don't mention how your clients are being used - if it's all automated or if there are users manually starting the applications -, but technically, your solution would be a working (and probably not too uncommon) one: You would let the SSH client establish a tunnel for your TCP communication via the Internet and let your application connect to the local listening socket end of that tunnel. 您没有提到如何使用客户端-如果这是全自动化的,或者如果有用户手动启动应用程序-但是从技术上讲,您的解决方案将是一种可行的(并且可能不太常见):您可以使用SSH客户端为通过Internet的TCP通信建立隧道,并让您的应用程序连接到该隧道的本地侦听套接字端。 Thus, authentication (and, implicitly, encryption) would be handled by SSH, and apart from connecting to a different host (localhost), your application would be completely ignorant of that. 因此,身份验证(以及隐式地加密)将由SSH处理,并且除了连接到其他主机(本地主机)之外,您的应用程序将完全不知道这一点。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 Linux 中添加具有不同 SSH 密钥的用户? - How can I add users with different SSH keys in Linux? SSH 密码认证是否使用/bin/login? - Does SSH password authentication use /bin/login? 如何通过 ssh 在远程机器上运行应用程序? - How can I run an application on a remote machine by ssh? 我可以以某种方式在Web上使用plink进行SSH检查吗? - Can i somehow use plink on web for SSH check? 如何使用Expect回复SSH登录提示? - How can I use expect to reply to an SSH login prompt? 如何在另一台远程服务器上使用 Git 的 SSH 密钥? - How do I use my SSH keys for Git on another remote server? 针对开发人员的基于SSH密钥的身份验证 - SSH keybased authentication for developers nagios和ubuntu ssh认证 - nagios and ubuntu ssh authentication GitLab SSH请求密码并忽略SSH密钥 - GitLab SSH requests password and ignoring SSH Keys 我无法连接到 ssh 服务器 - I can not connect to ssh server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM