Search

CN-122001945-A - SSH agent realization method and device based on peer-to-peer architecture

CN122001945ACN 122001945 ACN122001945 ACN 122001945ACN-122001945-A

Abstract

The invention discloses a peer-to-peer architecture-based SSH agent realization method and a peer-to-peer node network, which are used for enabling each node to have the functions of an agent server and a client, and realizing the distributed deployment and cooperation of the SSH agent without depending on a central node. Each distributed node independently runs SSH service, completes SSH session negotiation process with a client, independently processes service messages carried by SSH session, and can automatically clean a new node which is offline and online when a certain node fails, wherein the new node participates in SSH session negotiation and service message processing functions. The method can realize that the peer-to-peer architecture nodes respectively and independently establish SSH session with the client without adding new devices, ensure that the SSH service of each node can independently operate without being interfered by other nodes, realize the hot backup of the distributed system, and further ensure the reliability, safety and stability of the operation of the distributed system.

Inventors

  • PEI XUEWU
  • ZHANG JIN
  • HUANG SHIFENG

Assignees

  • 紫金山实验室

Dates

Publication Date
20260508
Application Date
20260324

Claims (10)

  1. 1. An SSH proxy implementation method based on a peer-to-peer architecture, comprising: each node receives a link establishment request of the same SSH client, and an interconnection channel exists among the nodes; According to the priority of each node relative to the SSH client, selecting the node with the highest priority as a first master node to respond to the link establishment request of the SSH client, performing session negotiation with the SSH client to obtain a first negotiation result, and synchronizing a random value generated by the session negotiation of the SSH client information and the first master node to other nodes through an interconnection channel; If the negotiation result of any other node or the first main node is inconsistent with the final negotiation result, the other nodes are cleaned and disconnected, and the new node is disconnected again, and session negotiation is conducted again until the negotiation result of all the nodes is consistent with the final negotiation result; and according to the priority of each node relative to the SSH client, reselecting the node with the highest priority as a second master node, if the second master node is consistent with the first master node, using the first master node as an SSH server to interact service messages with the SSH client, and if the second master node is inconsistent with the first master node, using the second master node as the SSH server to take over and respond to the link establishment request of the SSH client and interact service messages with the SSH client.
  2. 2. The SSH proxy implementation method based on peer-to-peer architecture of claim 1, wherein the final negotiation result is determined in a first negotiation result and all local session negotiation results by a majority algorithm.
  3. 3. The peer-to-peer architecture based SSH proxy implementation method of claim 1, wherein the random value is used to ensure that each node generates a consistent key through each node's asymmetric encryption algorithm in session negotiation.
  4. 4. The SSH proxy implementation method based on peer-to-peer architecture according to claim 1, wherein if the negotiation result of any remaining node or the first master node is inconsistent with the final negotiation result, the node is purged to be offline and a new node is re-online, including: if the negotiation result of the first master node is inconsistent with the final negotiation result, reselecting a new first master node from other nodes with the local session negotiation result inconsistent with the final negotiation result based on the priority, cleaning the old first master node to be off line and re-uploading the new node as one of the other nodes; If the negotiation result of the first master node is consistent with the final negotiation result, cleaning the nodes of which the local negotiation result is inconsistent with the final negotiation result in the rest nodes which are offline, and re-uploading the new nodes.
  5. 5. The method of claim 4, wherein the re-establishing session negotiation includes receiving, by the new node that is re-online, SSH client information, a random value, and a request for establishing a link for the SSH client sent by the first master node, simulating the SSH client based on the request for establishing a link for the SSH client, and performing local session negotiation with the simulated SSH client according to the SSH client information and the random value.
  6. 6. An SSH proxy implementation apparatus based on a peer-to-peer architecture, comprising: The receiving module is used for receiving a link establishment request of the same SSH client by each node, wherein an interconnection channel exists among the nodes; The session negotiation module is used for selecting a node with the highest priority as a first master node according to the priority of each node relative to the SSH client, responding to the link establishment request of the SSH client, carrying out session negotiation with the SSH client to obtain a first negotiation result, and synchronizing a random value generated by the session negotiation of SSH client information and the first master node to other nodes through an interconnection channel; The abnormal recovery module is used for informing the local session negotiation result to the first master node by the other nodes, and determining a final negotiation result in the first negotiation result and all the local session negotiation results; if the negotiation result of any other node or the first main node is inconsistent with the final negotiation result, the node is cleaned to be off line, the new node is re-on line, and session negotiation is performed again until the negotiation result of all the nodes is consistent with the final negotiation result; And the transmission module is used for reselecting the node with the highest priority as a second master node according to the priority of each node relative to the SSH client, if the second master node is consistent with the first master node, the first master node is used as an SSH server to interact service messages with the SSH client, and if the second master node is inconsistent with the first master node, the second master node is used as the SSH server to take over the link establishment request of responding the SSH client and interact service messages with the SSH client.
  7. 7. The SSH proxy implementation apparatus based on peer-to-peer architecture of claim 6, wherein the final negotiation result is determined in the first negotiation result and all local session negotiation results by majority algorithm in the anomaly recovery module.
  8. 8. An electronic device, the electronic device comprising: At least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the peer-to-peer architecture based SSH proxy implementation method of any of claims 1-5.
  9. 9. A computer readable storage medium storing computer instructions for causing a processor to implement the peer-to-peer architecture based SSH proxy implementation method of any one of claims 1-5 when executed.
  10. 10. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements the SSH proxy implementation method based on peer-to-peer architecture according to any of claims 1-5.

Description

SSH agent realization method and device based on peer-to-peer architecture Technical Field The invention belongs to the technical field of distributed architecture and network communication systems, and particularly relates to an SSH agent realization method and device based on a peer-to-peer architecture. Background The SSH (Secure Shell) protocol is a security protocol for remote login and network communication, and is widely applied to the scenes of server management, remote operation and the like. In practical applications, to implement cross-network, cross-regional SSH access, it is generally necessary to perform transit through a separate SSH proxy server, or through a node. Conventional SSH agents mostly employ a centralized architecture, i.e., rely on a single or a few central agent nodes to provide services. However, the architecture has obvious defects that firstly, single-point failure risks exist, the whole proxy service is paralyzed due to the failure of the central node, secondly, the expansibility is poor, the central node is easy to become a network bottleneck along with the increase of the access quantity and is difficult to meet large-scale concurrency requirements, thirdly, the flexibility is insufficient, and when the distance between the central node and a target network is far, the transmission delay is increased, so that the access efficiency is influenced. Disclosure of Invention The invention aims to provide a distributed SSH agent realization method and device, which aim to solve the problems of single point fault risk, poor expansibility and poor flexibility of the existing SSH agent. The invention provides an SSH agent realization method based on a peer-to-peer architecture, which comprises the following steps: each node receives a link establishment request of the same SSH client, and an interconnection channel exists among the nodes; According to the priority of each node relative to the SSH client, selecting the node with the highest priority as a first master node to respond to the link establishment request of the SSH client, performing session negotiation with the SSH client to obtain a first negotiation result, and synchronizing a random value generated by the session negotiation of the SSH client information and the first master node to other nodes through an interconnection channel; If the negotiation result of any other node or the first main node is inconsistent with the final negotiation result, the other nodes are cleaned and disconnected, and the new node is disconnected again, and session negotiation is conducted again until the negotiation result of all the nodes is consistent with the final negotiation result; and according to the priority of each node relative to the SSH client, reselecting the node with the highest priority as a second master node, if the second master node is consistent with the first master node, using the first master node as an SSH server to interact service messages with the SSH client, and if the second master node is inconsistent with the first master node, using the second master node as the SSH server to take over and respond to the link establishment request of the SSH client and interact service messages with the SSH client. The invention also provides an SSH agent realization device based on the peer-to-peer architecture, which comprises: The receiving module is used for receiving a link establishment request of the same SSH client by each node, wherein an interconnection channel exists among the nodes; The session negotiation module is used for selecting a node with the highest priority as a first master node according to the priority of each node relative to the SSH client, responding to the link establishment request of the SSH client, carrying out session negotiation with the SSH client to obtain a first negotiation result, and synchronizing a random value generated by the session negotiation of SSH client information and the first master node to other nodes through an interconnection channel; The abnormal recovery module is used for informing the local session negotiation result to the first master node by the other nodes, and determining a final negotiation result in the first negotiation result and all the local session negotiation results; if the negotiation result of any other node or the first main node is inconsistent with the final negotiation result, the node is cleaned to be off line, the new node is re-on line, and session negotiation is performed again until the negotiation result of all the nodes is consistent with the final negotiation result; And the transmission module is used for reselecting the node with the highest priority as a second master node according to the priority of each node relative to the SSH client, if the second master node is consistent with the first master node, the first master node is used as an SSH server to interact service messages with the SSH client, and if the second master node is in