[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115567302B - SSH data transmission device, method, equipment and storage medium - Google Patents

SSH data transmission device, method, equipment and storage medium Download PDF

Info

Publication number
CN115567302B
CN115567302B CN202211193675.3A CN202211193675A CN115567302B CN 115567302 B CN115567302 B CN 115567302B CN 202211193675 A CN202211193675 A CN 202211193675A CN 115567302 B CN115567302 B CN 115567302B
Authority
CN
China
Prior art keywords
target host
login
data transmission
ssh
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211193675.3A
Other languages
Chinese (zh)
Other versions
CN115567302A (en
Inventor
吴兴伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202211193675.3A priority Critical patent/CN115567302B/en
Publication of CN115567302A publication Critical patent/CN115567302A/en
Application granted granted Critical
Publication of CN115567302B publication Critical patent/CN115567302B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides an SSH data transmission device, an SSH data transmission method, SSH data transmission equipment and an SSH data storage medium, and relates to the technical field of information security. The device comprises: the first instruction receiving module is configured to load the first data transmission module in response to a call instruction of a user and receive an access request of the user to the target host; the first data transmission module is configured to acquire login information of a user and send the login information to the target host when the access request is determined to be the first access request, establish SSH connection with the target host when the target host determines that the login information meets login conditions, forward a second access request to the target host when the access request is determined to be the second access request, and receive result data returned by the target host; the first data transmission module is packaged into wasm format by WebAssembly bytecodes. The application can directly establish SSH connection with the target host at the web end, and improves the data interaction efficiency.

Description

SSH data transmission device, method, equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to an SSH data transmission device, an SSH data transmission method, an electronic apparatus, and a computer readable storage medium.
Background
SSH is the protocol of the most commonly used telnet server at present, and different clients need to be selected under different scenarios, for example, a conventional office computer can select a client of a C/S architecture, so that performance is high, experience is better, but some specific scenarios cannot be met, for example, SSH telnet is temporarily used, and SSH client installation is also necessary to be performed to perform SSH connection. The current SSH client based on B/S architecture adopts a front-back end separation mode, uses websocket to realize front-back end two-way communication, fills in a command at the front end and submits the command to the back end for processing, and the back end returns a processing result, but the mode still has the following problems: the front end and the rear end are frequently interacted, and the efficiency is low; the security guarantee is lower.
Disclosure of Invention
The application provides an SSH data transmission device, method, equipment and storage medium, which are used for solving the problems of frequent interaction between front and back ends of an SSH client based on a B/S architecture, low efficiency and low security guarantee in the prior art.
In a first aspect of the present application, there is provided an SSH data transmission apparatus, applied to a web side, including:
the first instruction receiving module and the first data transmission module;
The first instruction receiving module is configured to respond to a call instruction of a user, load the first data transmission module and receive an access request of the user to a target host;
The first data transmission module is configured to acquire login information of a user and send the login information to the target host when the access request is determined to be a first access request, establish an SSH connection with the target host when the target host determines that the login information meets login conditions, forward a second access request to the target host when the access request is determined to be a second access request, and receive result data returned by the target host;
The first data transmission module is packaged into wasm format by preset WebAssembly byte codes.
Optionally, the login information of the user includes: target host ip address, target host port number, target host login name, target host login password, login mode, and private key.
Optionally, the first data transmission module is further configured to:
under the condition that the login mode of the user is determined to be a first login mode according to the login mode, acquiring the target host ip address, the target host port number, the target host login name and the target host login password;
And establishing communication connection with the target host according to the ip address and the port number of the target host, encrypting the login name and the login password of the target host by using a pre-generated key, and sending the encrypted login name and the login password of the target host to the target host, and establishing SSH connection with the target host under the condition that the target host determines that the login name and the login password of the target host meet login conditions.
Optionally, the first data transmission module is further configured to:
Under the condition that the login mode of the user is determined to be a second login mode according to the login mode, the target host ip address, the target host port number and the private key are obtained;
establishing communication connection with the target host according to the ip address of the target host and the port number of the target host, and receiving a temporary key and a session key sent by the target host, wherein the temporary key is obtained by encrypting a random number character string generated by the target host through a public key pre-stored on the target host;
Decrypting the temporary key through the private key to obtain the random number character string, encrypting the random number character string and the session key through a preset encryption algorithm to generate summary information of the random number character string and the session key, sending the summary information to the target host, and establishing SSH connection with the target host under the condition that the target host determines that the summary information meets login conditions.
Optionally, the first data transmission module is further configured to:
After SSH connection with the target host is established, an SSH connection channel with the target host is acquired, and the SSH connection channel is bound with a target page, so that data acquired from the target host through the SSH connection channel is displayed on the target page.
In a second aspect of the present application, an SSH data transmission device is provided, and is applied to a host, where the SSH data transmission device is used in combination with the host, and includes:
The second instruction receiving module is configured to receive login information and a second access request from the web terminal user;
the second data transmission module is configured to determine whether the login information meets login conditions or not under the condition that the login information is received, and if the login information meets the login conditions, SSH connection with the web terminal is established; and
And under the condition that the second access request is received, obtaining result data corresponding to the second access request and returning the result data to the web terminal.
In a third aspect of the present application, there is provided an SSH data transmission method applied to the SSH data transmission apparatus, including:
under the condition that a call instruction of a user is received through a first instruction receiving module, loading a first data transmission module;
receiving an access request of the user to a target host through the first instruction receiving module;
When the first data transmission module determines that the access request is a first access request, login information of a user is obtained and sent to the target host, when the target host determines that the login information meets login conditions, SSH connection with the target host is established, when the first data transmission module determines that the access request is a second access request, the second access request is forwarded to the target host, and result data returned by the target host is received.
In a fourth aspect of the present application, there is provided an SSH data transmission method applied to the SSH data transmission apparatus, including:
Receiving login information from a web terminal user and a second access request through a second instruction receiving module;
under the condition that the login information is received, determining whether the login information meets login conditions or not through a second data transmission module, and if the login information meets the login conditions, establishing SSH connection with the web terminal; and
And under the condition that the second access request is received, obtaining result data corresponding to the second access request through the second data transmission module and returning the result data to the web terminal.
In a fifth aspect of the present application, there is provided an electronic apparatus comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes the computer-executable instructions stored in the memory to implement the methods described above.
In a sixth aspect of the present application, there is provided a computer readable storage medium having stored therein computer executable instructions for carrying out the above method when executed by a processor.
In a seventh aspect of the application, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the method described above.
According to the method, the first instruction receiving module is built at the web end to monitor the input instruction of the user, the first data transmission module is built to analyze the input instruction of the user, the SSH connection with the target host is determined to be established or the result data is acquired from the target host according to the input instruction of the user, meanwhile, the first data transmission module is packaged into the wasm format through the preset WebAssembly byte code, so that front-end and back-end interaction is not needed during data interaction, SSH connection can be directly established with the target host at the web end, and the data interaction efficiency is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic structural diagram of a conventional SSH architecture according to an embodiment of the present application;
Fig. 2 is a schematic block diagram of an SSH data transmission device according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of a SSH architecture based on a Web end according to an embodiment of the present application;
fig. 4 is a logic schematic diagram of establishing an SSH connection according to an embodiment of the present application;
Fig. 5 is a schematic block diagram of another SSH data transmission apparatus according to an embodiment of the present application;
fig. 6 is a method flowchart of an SSH data transmission method according to an embodiment of the present application;
fig. 7 is a flowchart of another SSH data transmission method according to an embodiment of the present application;
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the detailed description described herein is merely for illustrating and explaining the embodiments of the present application, and is not intended to limit the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, if directional indications (such as up, down, left, right, front, and rear … …) are included in the embodiments of the present application, the directional indications are merely used to explain the relative positional relationship, movement conditions, etc. between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are correspondingly changed.
In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present application.
Existing browsers are usually based on JavaScript, and JavaScript is an interpreted language and is also a dynamic type language, in which the variable types are determined at runtime, and static type languages such as c++ and the like are also used, and the variable types are determined at the time of definition, relative to the dynamic type language. For static type languages, the compiler knows the type and memory location of the variable by one instruction, but for JavaScript, the same operation, the engine must check whether it is an integer or floating point number, or any other valid data type, each time the program is executed. Each instruction in JavaScript goes through several types of checks and conversions, thereby affecting the execution speed of the JavaScript program. Therefore, in the existing SSH basic architecture, the analysis processing is performed on the related instructions and data of the data interaction through the background system.
As shown in fig. 1, the existing SSH infrastructure includes a Web front end, configured to acquire user data, display returned data, and perform data interaction with an SSH background system through a websocket, where the background system specifically receives information of the Web front end, analyzes the received information, establishes SSH connection with a target server, returns data from the target server, and finally sends the returned data to the Web front end. In the process of establishing SSH connection and data interaction between the Web front end and the target server, the background system is used as a transfer station between the Web front end and the target server, analysis and processing of data are required to be executed on interaction data between the Web front end and the target server through the background system, and frequent interaction is required to be executed between the Web front end and the background system, so that the data transmission efficiency is low. The SSH is Secure Shell, a Secure Shell protocol, commonly used for a user to remotely log into a host.
In order to solve the above-mentioned problems, as shown in fig. 2, in a first aspect of the present application, there is provided an SSH data transmission apparatus, applied to a web side, including: the first instruction receiving module and the first data transmission module; the first instruction receiving module is configured to respond to a call instruction of a user, load the first data transmission module and receive an access request of the user to the target host; the first data transmission module is configured to acquire login information of a user and send the login information to the target host when the access request is determined to be the first access request, establish SSH connection with the target host when the target host determines that the login information meets the login condition, forward the second access request to the target host when the access request is determined to be the second access request, and receive result data returned by the target host; the first data transmission module is packaged into wasm format by preset WebAssembly byte codes.
In this way, the first command receiving module is constructed at the web end to monitor the input command of the user, the first data transmission module is constructed to analyze the input command of the user, the SSH connection with the target host is determined to be established or the result data is acquired from the target host according to the input command of the user, and meanwhile, the first data transmission module is packaged into the wasm format through the preset WebAssembly byte code, so that front-end and back-end interaction is not needed during data interaction, SSH connection can be directly established with the target host at the web end, and the data interaction efficiency is improved.
Specifically, in this embodiment, the target host is the target server. The first instruction receiving module may be constructed based on a front end terminal component xterm, where xterm is a front end terminal component written using TYPESCRIPT, and may directly implement a command line terminal application in a browser, and may provide multiple independent inputs and outputs. Firstly, an html file of a front-end page is created to collect input information of a user and display data returned from a target server, then simulation of a virtual terminal is carried out through xterm.
WebAssembly is an encoding scheme that converts the original program code into machine code that can be understood by a browser. In this embodiment, the first data transmission module may be a functional module obtained by a target method written in Python or go language, for example, the target method is a connection method of SSH. After encoding the connection method of the SSH, the obtained functional code, namely the first data transmission module, is compiled into a file in a wasm format through EMSCRIPTEN, and the front end can call the first data transmission module through wasm _exec.js, so that SSH data interaction processing between a user and a target server is executed. In this way, as shown in fig. 3, by compiling the first data transmission module into a file in the format of wasm, when the front end performs SSH data interaction with the target server, the browser can directly analyze and process the instruction and data generated by the front end without relying on a background system, so that SSH connection between the user and the target server is directly established.
According to the embodiment, the function module related to SSH connection is compiled into the code which can be directly identified by the browser through the preset webassembly byte code, so that a background system and a websocket channel connection required by a traditional Web end are removed, and meanwhile, because the background system does not exist in the SSH framework of the Web end, the SSH connection can be directly established between the Web front end and the target server, user data can not be stored in the whole SSH connection period of the front end and the target server, and compared with the prior art, the safety of data transmission can be better improved.
As shown in fig. 4, in this embodiment, when the first data transmission module receives the access request transmitted by the first instruction receiving module, the first data transmission module first determines a request type of the received access request, where the first access request indicates that the access request of the user is a login request of the login target server, and the second access request indicates that the access request of the user is command information. If the access request of the user is determined to be command information, the front end directly forwards the command information to the target server, the target server executes corresponding actions according to the command information, obtains result data obtained after executing the corresponding actions, returns the result data to the front end, and displays the result data through the front end terminal component xterm. If the access request of the user is judged to be a login request, login information of the user is obtained from the access request of the user, and SSH connection is established with the target server based on the obtained login information.
In this embodiment, basic logic of the SSH connection in the first data transmission module is established through the go language, so as to implement the function getSSHSession, so as to obtain a read-write channel of the SSH connection. The main input parameters of the function are login information of a user, wherein the login information of the user comprises: target host ip address, target host port number, target host login name, target host login password, login mode, private key, etc.
In this embodiment, when determining that the access request of the user is a login request, the first data transmission module is further configured to: under the condition that the login mode of the user is determined to be a first login mode according to the login mode, acquiring a target host ip address, a target host port number, a target host login name and a target host login password; and establishing communication connection with the target host according to the ip address of the target host and the port number of the target host, encrypting the login name of the target host and the login password of the target host by using a pre-generated key, and sending the encrypted login name and the login password of the target host to the target host, and establishing SSH connection with the target host under the condition that the login name of the target host and the login password of the target host meet login conditions.
The first login mode is password login, if the login mode of the user is password login, a target host ip address, a target host port number, a target host login name and a target host login password in user login information are obtained, an SSH client deployed on the target host is accessed according to the target host ip address and the target host port number, in the data transmission process, in order to ensure data transmission safety, the first data transmission module encrypts the target host login name and the target host login password through a preset secret key and then sends the encrypted login information to a target server, after receiving the encrypted login information, the target server decrypts the encrypted login information by adopting the same secret key and obtains the target host login name and the target host login password, the obtained target host login name and the target host login password are verified and matched, if matching is successful, the target server establishes SSH connection with the Web front end, and if matching fails, error information is returned to the Web front end. The preset secret key is a public key and can be stored in the target server in advance.
The second login mode is public key login, and the first data transmission module is further configured to: under the condition that the login mode of the user is determined to be a second login mode according to the login mode, acquiring a target host ip address, a target host port number and a private key; establishing communication connection with a target host according to the ip address of the target host and the port number of the target host, receiving a temporary key and a session key sent by the target host, and encrypting a random number character string generated by the target host through a public key stored on the target host in advance to obtain the temporary key; decrypting the temporary key through the private key to obtain a random number character string, encrypting the random number character string and the session key through a preset encryption algorithm to generate summary information of the random number character string and the session key, sending the summary information to the target host, and establishing SSH connection with the target host under the condition that the target host determines that the summary information meets login conditions.
Specifically, the Web terminal generates a pair of public and private keys in advance, the private keys are stored in the Web terminal and are sent to the target server, the public keys are usually stored in an authorized_key file of the target server, and the authorized_key file at least comprises public keys corresponding to ip addresses of different Web terminals. When determining that a login request of a user is public key login, a first data transmission module firstly obtains a target host ip address, a target host port number and a private key in user login information, accesses an SSH client deployed on a target host according to the target host ip address and the target host port number, establishes an SSH read-write channel of a Web front end and a target server, and generates a temporary session key of the read-write channel. It can be understood that the user login information further includes an ip address of the Web terminal, after the target server receives the access request sent by the front end, the target server first obtains a public key corresponding to the ip address from the authorized_key file according to the ip address of the Web terminal, and at the same time, the target server generates a string of random number character strings through a preset algorithm, encrypts the random number character strings through the public key, and generates a temporary key. And then, the target server sends the temporary key to a first data transmission module, the first data transmission module decrypts the temporary key through a private key to obtain a random number character string, encrypts the obtained random number character string and a session key through an MD5 encryption algorithm to extract abstracts of the random number character string and the session key, and sends the abstracts generated after encryption to the target server. After receiving the abstract information, the target server encrypts the session key and the random number character string by adopting an MD5 encryption algorithm, extracts the abstract, determines that the login information of the user meets the login condition if the generated abstract information is consistent with the received abstract information, establishes SSH connection with the Web terminal, and otherwise returns error information to the Web terminal.
In this embodiment, in order to further implement presentation of the interaction data, the first data transmission module is further configured to: after the SSH connection with the target host is established, acquiring an SSH connection channel with the target host, and binding the SSH connection channel with the target page, so that the data acquired from the target host through the SSH connection channel is displayed on the target page.
The first data transfer module is further configured to implement a function initConnection that is mainly used to initialize SSH connections and complete interactions with the front-end page. In this embodiment, interaction on the front-end page may be implemented using a syscall/js package built in the Go language. The syscall/js package can directly call JavaScript functions, the operation on a Dom tree and the like in the Go language, so that interaction with a front-end page is realized, after SSH connection is successfully established with a target server, an established SSH read-write channel is obtained, and the read-write channel is bound with front-end page data. Therefore, the data interaction between the Web terminal and the target server can be displayed through the front-end component xterm in real time, and meanwhile, the instruction input by the user through the front-end component xterm can be obtained in real time, so that the main logic of the whole SSH terminal simulation is completed, and the SSH connection and the data interaction between the Web terminal and the target server are realized. In particular implementations, to facilitate invocation, the above logical code may be Set as a JavaScript homonymous function using js.funchof and js.global (). Set for invocation, e.g., js.global (). Set ("initConnection", initConnection) may be Set. Finally, the resulting go code file may be compiled into a wasm suffix WebAssembly binary file using a go build command, while the compiled wasm file is imported for invocation using fetch and webassembly. In this embodiment, the generated initConnection function is monitored by setting a button component at the front end, and after clicking the button component, the user invokes the function, executes the connection logic step of the SSH, creates the SSH connection with the target server, and realizes data interaction.
As shown in fig. 5, in a second aspect of the present application, an SSH data transmission device is provided and applied to a host, where the SSH data transmission device is used in combination, and includes: the second instruction receiving module is configured to receive login information and a second access request from the web terminal user; the second data transmission module is configured to determine whether the login information meets login conditions under the condition that the login information is received, and establish SSH connection with the web terminal if the login information meets the login conditions; and under the condition that the second access request is received, obtaining result data corresponding to the second access request and returning the result data to the web side.
In some embodiments, the login information of the user includes: target host ip address, target host port number, target host login name, target host login password, login mode, and private key.
In some specific embodiments, the second data transmission module is further configured to:
And under the condition that the login mode of the user is the first login mode, decrypting the received login information through a prestored secret key to obtain a target host login name and a target host login password, matching the obtained target host login name and the target host login password with a prestored corresponding relation table of the target host login name and the target host login password, and if the received corresponding relation between the target host login name and the target host login password and one group of target host login names and target host login passwords in the prestored corresponding relation table is consistent, determining that the login information meets login conditions, establishing SSH connection with the Web terminal, otherwise, returning error information to the Web terminal.
In some specific embodiments, the second data transmission module is further configured to:
Under the condition that the login mode of the user is the second login mode, generating a session key, sending the session key to the Web end, generating a random number character string, acquiring a pre-stored corresponding public key, encrypting the random number character string through the public key, generating a temporary key, and sending the temporary key to the Web end; and receiving abstract information which is returned by the Web terminal and is generated based on the encryption of the session key and the random number character string, encrypting the session key and the random number character string by adopting an encryption algorithm which is the same as that of the Web terminal to generate the abstract information, determining that login information meets login conditions if the generated abstract information is consistent with the received abstract information, establishing SSH connection with the Web terminal, and otherwise, returning error information to the Web terminal.
It should be noted that, it should be understood that the division of the modules of the above apparatus is merely a division of a logic function, and may be fully or partially integrated into a physical entity or may be physically separated. And these modules may all be implemented in software in the form of calls by the processing element; or can be realized in hardware; the method can also be realized in a form of calling software by a processing element, and the method can be realized in a form of hardware by a part of modules. For example, the data transmission module may be a processing element which is set up separately, may be implemented in a chip of the above apparatus, or may be stored in a memory of the above apparatus in the form of program codes, and the functions of the above data acquisition module may be invoked and executed by a processing element of the above apparatus. The implementation of the other modules is similar. In addition, all or part of the modules can be integrated together or can be independently implemented. The processing element here may be an integrated circuit with signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in a software form.
As shown in fig. 6, a third aspect of the present application provides an SSH data transmission method, which is applied to the SSH data transmission device, and includes:
under the condition that a call instruction of a user is received through a first instruction receiving module, loading a first data transmission module;
receiving an access request of a user to a target host through a first instruction receiving module;
when the first data transmission module determines that the access request is a first access request, login information of a user is obtained and sent to the target host, when the target host determines that the login information meets login conditions, SSH connection with the target host is established, when the first data transmission module determines that the access request is a second access request, the second access request is forwarded to the target host, and result data returned by the target host is received.
As shown in fig. 7, in a fourth aspect of the present application, there is provided an SSH data transmission method applied to the SSH data transmission apparatus, including:
Receiving login information from a web terminal user and a second access request through a second instruction receiving module;
Under the condition that login information is received, determining whether the login information meets login conditions or not through a second data transmission module, and if the login information meets the login conditions, establishing SSH connection with a web terminal; and
Under the condition that the second access request is received, obtaining result data corresponding to the second access request through a second data transmission module and returning the result data to the web side.
The SSH data transmission method provided by the embodiment of the application is applied to the SSH data transmission device in the above embodiment, and its implementation principle and technical effects are similar, and will not be described here again.
In a fifth aspect of the present application, there is provided an electronic apparatus comprising: a processor, a memory communicatively coupled to the processor; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory to implement the method described above.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 8, the electronic device may include: a transceiver 121, a processor 122, a memory 123.
Processor 122 executes the computer-executable instructions stored in the memory, causing processor 122 to perform the aspects of the embodiments described above. Processor 122 may be a general-purpose processor including a central processing unit CPU, a network processor (network processor, NP), etc.; but may also be a digital signal processor DSP, an application specific integrated circuit ASIC, a field programmable gate array FPGA or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component.
Memory 123 is coupled to processor 122 via the system bus and communicates with each other, and memory 123 is configured to store computer program instructions.
The transceiver 121 may be used to acquire a task to be run and configuration information of the task to be run.
The system bus may be a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The system bus may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus. The transceiver is used to enable communication between the database access device and other computers (e.g., clients, read-write libraries, and read-only libraries). The memory may include random access memory (random access memory, RAM) and may also include non-volatile memory (non-volatile memory).
The electronic device provided by the embodiment of the application can be the terminal device of the embodiment.
The embodiment of the application also provides a chip for running the instruction, and the chip is used for executing the technical scheme of the task scheduling method in the embodiment.
In a sixth aspect of the present application, there is provided a computer readable storage medium having stored therein computer executable instructions for performing the method described above when executed by a processor.
In a seventh aspect of the application, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the method described above.
In summary, the application constructs relevant function modules of SSH connection based on python or go language codes, packages each function module into wasm format through webassembly, deploys the function modules to operate locally, so that SSH can be directly established between a Web end and a target server without analyzing relevant instructions by a background system, and meanwhile, the process that the traditional WEB_SSH needs to realize front-back end interaction by using a websocket channel can be removed, thereby effectively improving the execution efficiency and safety of WEB_SSH connection; the application realizes the login authentication of the user through different encryption modes at the same time, and compared with the prior art, the application further improves the login security of the user.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (11)

1. An SSH data transmission device, applied to a web terminal, comprising:
the first instruction receiving module and the first data transmission module;
The first instruction receiving module is configured to respond to a call instruction of a user, load the first data transmission module and receive an access request of the user to a target host;
The first data transmission module is configured to acquire login information of a user and send the login information to the target host when the access request is determined to be a first access request, establish an SSH connection with the target host when the target host determines that the login information meets login conditions, forward a second access request to the target host when the access request is determined to be a second access request, and receive result data returned by the target host;
The first data transmission module is packaged into wasm format by preset WebAssembly byte codes.
2. The SSH data transfer apparatus of claim 1, wherein the login information of the user includes: target host ip address, target host port number, target host login name, target host login password, login mode, and private key.
3. The SSH data transfer device of claim 2, wherein the first data transfer module is further configured to:
under the condition that the login mode of the user is determined to be a first login mode according to the login mode, acquiring the target host ip address, the target host port number, the target host login name and the target host login password;
And establishing communication connection with the target host according to the ip address and the port number of the target host, encrypting the login name and the login password of the target host by using a pre-generated key, and sending the encrypted login name and the login password of the target host to the target host, and establishing SSH connection with the target host under the condition that the target host determines that the login name and the login password of the target host meet login conditions.
4. The SSH data transfer device of claim 2, wherein the first data transfer module is further configured to:
Under the condition that the login mode of the user is determined to be a second login mode according to the login mode, the target host ip address, the target host port number and the private key are obtained;
establishing communication connection with the target host according to the ip address of the target host and the port number of the target host, and receiving a temporary key and a session key sent by the target host, wherein the temporary key is obtained by encrypting a random number character string generated by the target host through a public key pre-stored on the target host;
Decrypting the temporary key through the private key to obtain the random number character string, encrypting the random number character string and the session key through a preset encryption algorithm to generate summary information of the random number character string and the session key, sending the summary information to the target host, and establishing SSH connection with the target host under the condition that the target host determines that the summary information meets login conditions.
5. The SSH data transmission apparatus of any one of claims 3 or 4, wherein the first data transmission module is further configured to:
After SSH connection with the target host is established, an SSH connection channel with the target host is acquired, and the SSH connection channel is bound with a target page, so that data acquired from the target host through the SSH connection channel is displayed on the target page.
6. An SSH data transmission device, applied to a host, for use with the SSH data transmission device according to any one of claims 1 or 5, comprising:
The second instruction receiving module is configured to receive login information and a second access request from the web terminal user;
the second data transmission module is configured to determine whether the login information meets login conditions or not under the condition that the login information is received, and if the login information meets the login conditions, SSH connection with the web terminal is established; and
And under the condition that the second access request is received, obtaining result data corresponding to the second access request and returning the result data to the web terminal.
7. An SSH data transmission method applied to the SSH data transmission device according to any one of claims 1 to 5, comprising:
under the condition that a call instruction of a user is received through a first instruction receiving module, loading a first data transmission module;
receiving an access request of the user to a target host through the first instruction receiving module;
When the first data transmission module determines that the access request is a first access request, login information of a user is obtained and sent to the target host, when the target host determines that the login information meets login conditions, SSH connection with the target host is established, when the first data transmission module determines that the access request is a second access request, the second access request is forwarded to the target host, and result data returned by the target host is received.
8. An SSH data transmission method applied to the SSH data transmission device of claim 6, comprising:
Receiving login information from a web terminal user and a second access request through a second instruction receiving module;
under the condition that the login information is received, determining whether the login information meets login conditions or not through a second data transmission module, and if the login information meets the login conditions, establishing SSH connection with the web terminal; and
And under the condition that the second access request is received, obtaining result data corresponding to the second access request through the second data transmission module and returning the result data to the web terminal.
9. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of claim 7 or 8.
10. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of claim 7 or 8.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method of claim 7 or 8.
CN202211193675.3A 2022-09-28 2022-09-28 SSH data transmission device, method, equipment and storage medium Active CN115567302B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211193675.3A CN115567302B (en) 2022-09-28 2022-09-28 SSH data transmission device, method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211193675.3A CN115567302B (en) 2022-09-28 2022-09-28 SSH data transmission device, method, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115567302A CN115567302A (en) 2023-01-03
CN115567302B true CN115567302B (en) 2024-07-12

Family

ID=84743416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211193675.3A Active CN115567302B (en) 2022-09-28 2022-09-28 SSH data transmission device, method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115567302B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113950664A (en) * 2019-07-02 2022-01-18 布赖恩·霍尔特 Super stacker
CN114124496A (en) * 2021-11-12 2022-03-01 福州汇思博信息技术有限公司 SSH remote login method based on server issued key and server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959613B2 (en) * 2009-06-18 2015-02-17 Visa U.S.A. Inc. System and method for managing access to a plurality of servers in an organization
US9398102B2 (en) * 2013-03-06 2016-07-19 Netskope, Inc. Security for network delivered services
CN114417303A (en) * 2021-12-17 2022-04-29 中国建设银行股份有限公司 Login authentication management method, device, processor and machine-readable storage medium
CN115037552B (en) * 2022-06-29 2024-09-13 北京大甜绵白糖科技有限公司 Authentication method, device, equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113950664A (en) * 2019-07-02 2022-01-18 布赖恩·霍尔特 Super stacker
CN114124496A (en) * 2021-11-12 2022-03-01 福州汇思博信息技术有限公司 SSH remote login method based on server issued key and server

Also Published As

Publication number Publication date
CN115567302A (en) 2023-01-03

Similar Documents

Publication Publication Date Title
CN104735066B (en) A kind of single-point logging method of object web page application, device and system
US20060195588A1 (en) System for detecting vulnerabilities in web applications using client-side application interfaces
WO2017152050A1 (en) Deterministic reproduction of client/server computer state or output sent to one or more client computers
CN112131564B (en) Method, device, equipment and medium for encrypting data communication
US8291227B2 (en) Method and apparatus for secure communication
CN110071933B (en) Secure socket layer acceleration method, device, equipment and readable storage medium
CN110708335A (en) Access authentication method and device and terminal equipment
US11405403B2 (en) Method and device, and server and terminal for processing network resource access
CN112241298A (en) Page display method and device, storage medium and electronic device
CN111404695A (en) Token request verification method and device
CN112925589B (en) Calling method and device of expansion interface
CN111770072A (en) Method and device for accessing function page through single sign-on
CN116974583A (en) Data processing method, apparatus, computer device, storage medium, and program product
CN107066888B (en) Extensible trusted user interface, method and electronic device
CN115567302B (en) SSH data transmission device, method, equipment and storage medium
CN114416169A (en) Data processing method, medium, device and computing equipment based on micro front end
EP3477531A1 (en) Integrity of user input in web pages
CN111371811A (en) Resource calling method, resource calling device, client and service server
CN112182617B (en) Processing method, device and system for interface request
CN114090996A (en) Multi-party system mutual trust authentication method and device
CN115221562A (en) Browser file signature method and device and computer readable storage medium
CN115951884A (en) Information processing method and device and micro front end architecture system
CN112988162A (en) Data extraction method, device, equipment and storage medium of Chrome browser
CN112000313A (en) Request response method, device, equipment and storage medium
CN113901377B (en) Service calling method, device, storage medium and equipment of legacy system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant