CN103475491B - A kind of remote maintenance system logged in without cryptosecurity and implementation method - Google Patents

A kind of remote maintenance system logged in without cryptosecurity and implementation method Download PDF

Info

Publication number
CN103475491B
CN103475491B CN201310468078.1A CN201310468078A CN103475491B CN 103475491 B CN103475491 B CN 103475491B CN 201310468078 A CN201310468078 A CN 201310468078A CN 103475491 B CN103475491 B CN 103475491B
Authority
CN
China
Prior art keywords
user
service
tcp
password login
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310468078.1A
Other languages
Chinese (zh)
Other versions
CN103475491A (en
Inventor
廖建新
曾金梁
张莲龙
张少杰
张建虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dongxin Beiyou Information Technology Co Ltd
Original Assignee
Hangzhou Dongxin Beiyou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dongxin Beiyou Information Technology Co Ltd filed Critical Hangzhou Dongxin Beiyou Information Technology Co Ltd
Priority to CN201310468078.1A priority Critical patent/CN103475491B/en
Publication of CN103475491A publication Critical patent/CN103475491A/en
Application granted granted Critical
Publication of CN103475491B publication Critical patent/CN103475491B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of remote maintenance system logged in without cryptosecurity and implementation method, implementation method includes: step one, central control server carry out authentication to user, and after the authentication of user is passed through, the service server specified to user sends unlatching Service Notification message;Central control server is sent the unlatching Service Notification message come and is transmitted to without password login service unit by step 2, the remote access interface device of described service server, TCP service opened by service unit without code entry, and unlatching TCP information on services is returned to remote access interface device;Step 3, remote access interface device are according to the unlatching TCP information on services returned without password login service unit, and set up TCP connecting link without password login service unit.The invention belongs to network communication technology field, logging in without cryptosecurity of user can be realized in remote maintenance.

Description

A kind of remote maintenance system logged in without cryptosecurity and implementation method
Technical field
The present invention relates to a kind of remote maintenance system logged in without cryptosecurity and implementation method, belong to network communication technology field.
Background technology
Along with telecommunication technology and the development of Internet technology, the demand of class of business is increased by user day by day.Service provider is suitable Answer the development in market, meet the demand of user, develop large number of value-added service platform.How to ensure that these are the hugest, Growing value-added service stably becomes a difficult problem for common carrier.
These business platforms are typically deployed on multiple server, and service maintenance mode is different, make maintenance work more and more loaded down with trivial details. For all business platforms of management and control, network management system it is generally required on 100 multiple servers installation agent program.These Agents Carry out typically requiring access host during the operations such as function adjustment, Abnormality remove, carry out attended operation.And numerous server, password Variation is frequent, in the urgent need to the remote maintenance mode that a kind of comparison is convenient, safe.
On the other hand, during service provider is evolving, according to client of operator difference demand, release multiple business. Each business generally also can be deployed on multiple server, carries out load sharing.Along with increasing of business, maintenance work is increasingly Complicated: attendant is not only it should be understood that multiple service maintenance knowledge, in addition it is also necessary to undertake the daily O&M of numerous business main frame.Especially It is in recent years, and principal and subordinate's account, for improving information security, is separated, regular update password by operator, allows the dimension of each business especially Nurse makees more and more loaded down with trivial details.
How to isolate the password variation impact on remote maintenance?Patent application CN 201310030683.0 (application title: Plant verification method of no-password unauthenticated login, the applying date: 2013-01-28, applicant: Shanghai giant's network technology company limited) Disclose a kind of verification method of no-password unauthenticated login, in different platform, carry out isolation input in order to ensure account number, password, first First needing to carry out mobile device the binding procedure of corresponding account number, this process needs to use mobile device hardware information to carry out correspondence The binding of account number cipher, the local verification data base so generated is the equipment that can not depart from binding, it is to avoid mobile device end data Storehouse is stolen use, and in binding procedure, the hardware information of mobile device can submit to binding server and authentication server simultaneously, To generate the server-side devices checking binding data of corresponding account number, this process only there will be once, and proof procedure is to step on every time Record will perform, and in binding procedure, user has only to input an account number cipher, and other are automatically performed, and verifies login process Middle user has only to confirm to log in, one-key operation, and other are automatically performed, and after using the present invention, user again need not remember complexity Password.This technical scheme needs to bind mobile device hardware information, i.e. user uses same mobile device hardware Can realize without password login, if user uses other terminal hardware or multiple different user by same terminal hardware, should Technical scheme can not solve the login problem without cryptosecurity in remote maintenance.
Therefore, how to realize logging in without cryptosecurity in remote maintenance, be still a technical problem being worth further investigation.
Summary of the invention
In view of this, it is an object of the invention to provide a kind of remote maintenance system logged in without cryptosecurity and implementation method, can be Remote maintenance realizes logging in without cryptosecurity of user.
In order to achieve the above object, the invention provides a kind of remote maintenance system logged in without cryptosecurity, include center control Control server and several service servers, wherein:
Central control server, for receiving the logging request of user, carries out authentication to user, and when the identity of user is tested Card is by rear, and the service server specified to user sends unlatching Service Notification message;After user logins successfully, by user's Operation and Maintenance request is sent to service server and performs, and the execution result that service server returns is transmitted to user terminal,
Service server has farther included:
Remote access interface device, for communicating with central control server, sends, by central control server, the unlatching of coming Service Notification message is transmitted to without password login service unit, according to the unlatching TCP service letter returned without password login service unit Breath, and set up TCP connecting link without password login service unit;
Service unit without password login, for receiving the unlatching Service Notification message that remote access interface device is sent, opens TCP Service, and unlatching TCP information on services is returned to remote access interface device,
Central control server is connected by network with service server,
Service unit without password login further includes:
Unit is opened in TCP service, forwards, for receiving remote access interface device, the unlatching Service Notification message of coming, it is judged that self Whether have turned on TCP service, open if it is not, then extract from described unlatching Service Notification message or local default configuration TCP information on services, and the IP address opened in TCP information on services is set to 0, then the end of TCP service is opened in binding Mouthful, create TCP service processes simultaneously, whether the port that described TCP service processes opens TCP service for periodically monitoring connects Receive new request connection message, finally described unlatching TCP information on services is sent to remote access interface device.
In order to achieve the above object, present invention also offers a kind of without cryptosecurity log in remote maintenance implementation method, when with When family sends logging request, include:
Step one, central control server carry out authentication to user, and after the authentication of user is passed through, refer to user Fixed service server sends opens Service Notification message;
Central control server is sent the unlatching Service Notification of coming by step 2, the remote access interface device of described service server Message is transmitted to, without password login service unit, open TCP service without code entry service unit, and will open TCP service Information returns to remote access interface device;
Step 3, remote access interface device are according to the unlatching TCP information on services returned without password login service unit, with without close Code login service device sets up TCP connecting link, after user logins successfully, the operation of user is tieed up central control server The request of protecting is sent to service server and performs, and the execution result that service server returns is transmitted to user terminal,
Step 2 has farther included:
Central control server is sent the unlatching Service Notification message of coming by step 21, the remote access interface device of service server It is transmitted to without password login service unit;
Step 22, judge self whether to have turned on TCP service without password login service unit, if it is not, then from described unlatching Service Notification message or local default configuration are extracted and opens TCP information on services, and the IP that will open in TCP information on services Address is set to 0, then binding open TCP service port, simultaneously create TCP service processes, described TCP service into Whether the port that journey opens TCP service for periodically monitoring receives new request connection message, finally by described unlatching TCP Information on services is sent to remote access interface device.
Compared with prior art, the invention has the beneficial effects as follows: at the remote access interface device of service server the machine with without close Set up TCP connecting link between code login service device, and the IP address opened in TCP information on services is 0, so, use After family is by the authentication of central control server, only by the TCP connecting link in service server the machine, could be right Service server carries out long-range attended operation, such that it is able to after effectively preventing service from opening, be illegally used or remotely invade In service server;Remote access interface device can utilize the long-range of universal information Middleware implementation and central control server Communication, thus there is higher stability, reliability and safety;By remote access interface device from central control server Received message, controls remote access interface device and the TCP connecting link without setting up between password login service unit Being turned on and off, user is not required to when Telnet transmit password, so its safety is high compared to access waies such as telnet, The restriction of service server disabling telnet function can also be got around;By pseudo terminal device, can well realize file is entered Edlins etc. operate;When service server is Linux or Unix operating system, user can also log in industry without cryptosecurity After business server, other desired user rights accessed are used to complete the every attended operation to service server.
Accompanying drawing explanation
Fig. 1 is the composition structural representation of a kind of remote maintenance system logged in without cryptosecurity of the present invention.
Fig. 2 is when user sends logging request, the flow process of a kind of remote maintenance implementation method logged in without cryptosecurity of the present invention Figure.
Fig. 3 is the concrete operations flow chart of Fig. 2 step 2.
Fig. 4 is the concrete operations flow chart of Fig. 2 step 3.
Fig. 5 is the concrete operations flow chart when user logins successfully and send operation maintenance request.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with the accompanying drawings the present invention is made the most in detail Describe.
As it is shown in figure 1, the present invention a kind of without cryptosecurity log in remote maintenance system, if include central control server and Dry service server, wherein:
Central control server, for receiving the logging request of user, carries out authentication to user, and when the identity of user is tested Card is by rear, and the service server specified to user sends unlatching Service Notification message;After user logins successfully, by user's Operation and Maintenance request is sent to service server and performs, and the execution result that service server returns is transmitted to user terminal,
Service server has farther included:
Remote access interface device, for communicating with central control server, sends, by central control server, the unlatching of coming Service Notification message is transmitted to without password login service unit, according to the unlatching TCP service letter returned without password login service unit Breath, and set up TCP connecting link without password login service unit, by described TCP connecting link, user can be without password Secure log is in the service server specified;
Service unit without password login, for receiving the unlatching Service Notification message that remote access interface device is sent, opens TCP Service, and unlatching TCP information on services is returned to remote access interface device;TCP is set up even with remote access interface device Behind chain link road, open pseudo terminal device, and described TCP connecting link is bound with pseudo terminal device;
Pseudo terminal device, for reading the operation maintenance command of user from the TCP connecting link of binding, and returns execution result Return in TCP connecting link,
Central control server is connected by network with service server.
Remote access interface device can use universal information middleware, application process management i.e. in real time and communications component (component package of real time application process management and communication, COPART-MACO), by abstract link model, support various IPC mechanism in a uniform manner, can realize across machine General with cross-platform, and there is the highest stability and reliability, thus meet the communicating requirement of remote maintenance.
Remote access interface device further includes:
TCP connection establishment unit, for receiving the unlatching TCP information on services returned without password login service unit, and when connecing Receive central control server when sending the request connection message come, according to described unlatching TCP information on services, and without password login TCP connecting link set up by service unit, then newly-established TCP connecting link information is saved in the machine session pool;This Sample, when there being multiple user to sign in in service server, the corresponding one or more TCP connecting links of each user, business takes The session pool of business device is preserved the TCP connecting link information of all users logging in the machine;
Operation and Maintenance performance element, sends the Operation and Maintenance request of the user come, searches the machine for receiving central control server Session pool, obtains the TCP connecting link information that described user is corresponding, and read operation is safeguarded from the Operation and Maintenance of user is asked Instruction, is then sent to without password login service unit, finally by described operation maintenance command by corresponding TCP connecting link From TCP connecting link, obtain the execution result of Operation and Maintenance request, and execution result is returned to central control server.
Service unit without password login further includes:
Unit is opened in TCP service, forwards, for receiving remote access interface device, the unlatching Service Notification message of coming, it is judged that self Whether have turned on TCP service, open if it is not, then extract from described unlatching Service Notification message or local default configuration The port of TCP service, login master catalogue, default user, maximum number of connections etc. open TCP information on services, and will open TCP IP address in information on services is set to 0, and then the port of TCP service is opened in binding, creates TCP service processes simultaneously, Whether the port that described TCP service processes opens TCP service for periodically monitoring receives new request connection message, finally Described unlatching TCP information on services is sent to remote access interface device, the IP address in described unlatching TCP information on services When being set to 0, only by the remote access interface device of the machine with without password login service unit, could be to service server Carry out the operations such as remote maintenance, thus ensure that the safety of access, prevent service to be illegally used after opening, remotely invade industry Business server;
TCP link establishment unit, for setting up TCP connecting link with remote access interface device;
TCP link maintenance unit, for safeguarding, when a TCP connecting link the session pool state of service server Do not use for a long time, then this session failed be described, clearing up while this session, send session failed notification message in The heart controls server.
When service server is Linux or Unix operating system, owing to being created user's by without password login service unit Authority limits, and some attended operation of service server possibly cannot realize, and the present invention can also be according to the reality of user's attended operation Border needs, and user right changes to the user right accessed desired by other, thus completes the every maintenance to service server Operation.Described service unit without password login can also include:
Change subscriber unit, for the user that creates without password login service unit is changed to the user of access desired by other, And authorize the establishment user without password login service unit by the authority of the user of described expectation access.
Change subscriber unit can further include:
Expect that user changes parts, be used for using chown and chmod order, the establishment without password login service unit is used Family changes to other desired users accessed, and arranges the SUID (i.e. arranging ID) without password login service unit, so After without inside password login service unit perform setreuid order;
Expect user's switching part, for from system file :/etc/passwd file obtains the argument of the desired user accessed Record information, then performs source order, in the environment of thus switching to the user of desired access, and/etc/passwd file It is system general file, is mainly used in preserving user id, affiliated group, the content such as master catalogue information.
Described pseudo terminal device has farther included:
Pseudo-terminal main equipment, for obtaining the operation maintenance command of user, and by described operation from the TCP connecting link of binding Maintenance instruction is transmitted to pseudo-terminal and performs from equipment, then receives pseudo-terminal and holds described operation maintenance command from what equipment returned Row result, is finally sent to remote access interface device by execution result by TCP connecting link;
Pseudo-terminal, from equipment, sends, for performing pseudo-terminal main equipment, the operation maintenance command of coming, and execution result is returned to puppet Terminal main equipment.
Described central control server has farther included conversation recording device and black and white lists judgment means:
Conversation recording device, for asking to recorded in session information by the Operation and Maintenance of user, and returns according to service server Execution result, update the execution resultant content in session information, this session information be saved in central control server simultaneously Session pool in;Send, when receiving service server, the session failed notification message of coming, update the session of central control server Session information corresponding in pond;
Black and white lists judgment means can further include:
Blacklist judging unit, for the logging request according to user, searches the black and white lists user of the service server that user specifies List, and judge whether described user is the user in blacklist, if it is, forbid that described user signs in without cryptosecurity In service server, if it is not, then after the authentication of described user is passed through, the service server transmission specified to user is opened Open Service Notification message and request connection message;
White list judging unit, for the logging request according to user, searches the black and white lists user of the service server that user specifies List, and judge whether described user is the user in white list, if it is, after the authentication of described user is passed through, The service server specified to user sends unlatching Service Notification message and request connection message, if it is not, then forbid described user Sign in in service server without cryptosecurity.
As in figure 2 it is shown, when user sends logging request, a kind of remote maintenance implementation method logged in without cryptosecurity of the present invention Include:
Step one, central control server carry out authentication to user, and after the authentication of user is passed through, refer to user Fixed service server sends opens Service Notification message;
Central control server is sent the unlatching Service Notification of coming by step 2, the remote access interface device of described service server Message is transmitted to, without password login service unit, open TCP service without code entry service unit, and will open TCP service Information returns to remote access interface device;
Step 3, remote access interface device are according to the unlatching TCP information on services returned without password login service unit, with without close Code login service device sets up TCP connecting link;By described TCP connecting link, user can sign in without cryptosecurity In the service server specified;
Step 4, open pseudo terminal device without password login service unit, described pseudo terminal device include pseudo-terminal main equipment and Pseudo-terminal is from equipment, and described TCP connecting link is bound with pseudo terminal device.
As it is shown on figure 3, Fig. 2 step 2 has farther included:
Central control server is sent the unlatching Service Notification message of coming by step 21, the remote access interface device of service server It is transmitted to without password login service unit, described unlatching Service Notification message can include unlatching TCP information on services;
Step 22, judge self whether to have turned on TCP service without password login service unit?If it is, this flow process terminates; If it is not, then port, login that from described unlatching Service Notification message or local default configuration, extraction unlatching TCP services are main Catalogue, default user, maximum number of connections etc. open TCP information on services, and are set the IP address opened in TCP information on services Being set to 0, then the port of TCP service is opened in binding, creates TCP service processes simultaneously, and described TCP service processes is used for Whether the port periodically monitoring unlatching TCP service receives new request connection message, finally by described unlatching TCP service letter Breath is sent to remote access interface device, and this flow process terminates.
When the IP address in described unlatching TCP information on services is set to 0, only by the remote access interface device of the machine With without password login service unit, service server could be carried out the operations such as remote maintenance, thus non-after preventing service from opening Method utilizes, and remotely invades service server.
As shown in Figure 4, Fig. 2 step 3 has farther included:
Step 31, central control server send request connection message to remote access interface device;
Step 32, remote access interface device send request connection message to without password login service unit, and step on according to without password Record service unit sends the unlatching TCP information on services of coming, and sets up TCP connecting link with without password login service unit;
Newly-established TCP connecting link information is saved in the machine session pool by step 33, remote access interface device;So, When there being multiple user to sign in in service server, the corresponding one or more TCP connecting links of each user, service server Session pool in preserve the TCP connecting link information of all users logging in the machine.
As it is shown in figure 5, when user logins successfully and send operation maintenance request, also include:
The Operation and Maintenance of user is asked to be sent to service server by step A1, central control server, and the operation of user is tieed up The request of protecting recorded in session information;
Step A2, the remote access interface device of service server search the machine session pool, obtain the TCP that described user is corresponding Connecting link information, and read operation maintenance instruction from the Operation and Maintenance of user is asked, then lead to described operation maintenance command The TCP connecting link crossing correspondence is sent to without password login service unit;
If including multiple operation maintenance command in the Operation and Maintenance request of user, then remote access interface device is by described operation After maintenance request splits into multiple operation maintenance command, one by one each operation maintenance command is sent out by corresponding TCP connecting link Give without password login service unit;
Step A3, pseudo-terminal main equipment obtain the operation maintenance command of user from TCP connecting link, and by described operation dimension Finger shield order is transmitted to pseudo-terminal and performs from equipment, then receives the execution to described operation maintenance command that pseudo-terminal returns from equipment As a result, finally execution result is sent to remote access interface device by TCP connecting link;
Step A4, remote access interface device obtain the execution result of Operation and Maintenance request from TCP connecting link, and will hold Row result returns to central control server;
Step A5, central control server update the execution resultant content in session information, and described execution result is returned to user Terminal, and this session information is saved in the session pool of central control server.
It is noted that the session pool of each service server is a subset of the session pool of central control server.Center The session pool controlling server is indifferent to TCP connecting link information, and pays close attention to the Operation and Maintenance request of user and perform result, So, the session pool of central control server is mainly used in preserving the Operation and Maintenance request of user and performing the session informations such as result, Such that it is able to improve system maintenance efficiency.By configuring, central control server can be allowed the Operation and Maintenance of all session informations Request and execution result thereof are written to specified file, in case consulting.
When service server is Linux or Unix operating system, owing to being created user's by without password login service unit Authority limits, and some attended operation of service server possibly cannot realize, and the present invention can also be according to the reality of user's attended operation Border needs, and user right changes to the user right accessed desired by other, thus completes the every maintenance to service server Operation.Can also include before Fig. 2 step 2:
Step B, the user that user changes to access desired by other will be created, and by the described phase without password login service unit The authority hoping the user accessed authorizes the establishment user without password login service unit.
Described step B has farther included:
Step B1, employing chown and chmod order, change to other institutes by the establishment user without password login service unit Expect the user accessed, and the SUID (i.e. arranging ID) without password login service unit is set, then taking without password login Euid after business device starts is other desired IDs accessed;
Step B2, without inside password login service unit perform setreuid order, so when in step 2 without password login clothes When business device receives unlatching Service Notification message, the desired user accessed will be used to open TCP and to service;
Step B3, without inside password login service unit from system file :/etc/passwd file obtains desired access User.home information, then perform source order, in the environment of thus switching to the desired user accessed. / etc/passwd file is system general file, is mainly used in preserving user id, affiliated group, the content such as master catalogue information.
For strengthening user access administration safety, it is also possible to increasing black and white lists user list, Fig. 2 step one also includes:
Central control server searches the black and white lists user list of the service server that user specifies, and whether judges described user It is the user in blacklist?If it is, forbid that described user signs in in service server without cryptosecurity, this flow process terminates; If it is not, then continuation step 2, or
Central control server searches the black and white lists user list of the service server that user specifies, and whether judges described user It is the user in white list?If it is, allow described user to sign in in service server without cryptosecurity, continue step 2; If it is not, then this flow process terminates.
Above are only presently preferred embodiments of the present invention, not in order to limit the present invention, all the spirit and principles in the present invention it In, any modification, equivalent substitution and improvement etc. done, within should be included in the scope of protection of the invention.

Claims (14)

1. one kind without cryptosecurity log in remote maintenance system, it is characterised in that include central control server and several Service server, wherein:
Central control server, for receiving the logging request of user, carries out authentication to user, and when the identity of user is tested Card is by rear, and the service server specified to user sends unlatching Service Notification message;After user logins successfully, by user's Operation and Maintenance request is sent to service server and performs, and the execution result that service server returns is transmitted to user terminal,
Service server has farther included:
Remote access interface device, for communicating with central control server, sends, by central control server, the unlatching of coming Service Notification message is transmitted to without password login service unit, according to the unlatching TCP service letter returned without password login service unit Breath, and set up TCP connecting link without password login service unit;
Service unit without password login, for receiving the unlatching Service Notification message that remote access interface device is sent, opens TCP Service, and unlatching TCP information on services is returned to remote access interface device,
Central control server is connected by network with service server,
Service unit without password login further includes:
Unit is opened in TCP service, forwards, for receiving remote access interface device, the unlatching Service Notification message of coming, it is judged that self Whether have turned on TCP service, open if it is not, then extract from described unlatching Service Notification message or local default configuration TCP information on services, and the IP address opened in TCP information on services is set to 0, then the end of TCP service is opened in binding Mouthful, create TCP service processes simultaneously, whether the port that described TCP service processes opens TCP service for periodically monitoring connects Receive new request connection message, finally described unlatching TCP information on services is sent to remote access interface device.
System the most according to claim 1, it is characterised in that remote access interface device further includes:
TCP connection establishment unit, for receiving the unlatching TCP information on services returned without password login service unit, and when connecing Receive central control server when sending the request connection message come, according to described unlatching TCP information on services, and without password login TCP connecting link set up by service unit, then newly-established TCP connecting link information is saved in the machine session pool;
Operation and Maintenance performance element, sends the Operation and Maintenance request of the user come, searches the machine for receiving central control server Session pool, obtains the TCP connecting link information that described user is corresponding, and read operation is safeguarded from the Operation and Maintenance of user is asked Instruction, is then sent to without password login service unit, finally by described operation maintenance command by corresponding TCP connecting link From TCP connecting link, obtain the execution result of Operation and Maintenance request, and execution result is returned to central control server.
System the most according to claim 1, it is characterised in that further include without password login service unit:
TCP link establishment unit, for setting up TCP connecting link with remote access interface device;
TCP link maintenance unit, for safeguarding, when a TCP connecting link the session pool state of service server Do not use for a long time, then, while clearing up this session, send session failed notification message to central control server.
System the most according to claim 1, it is characterised in that when service server is Linux or Unix operating system Time, also include without password login service unit:
Change subscriber unit, for the user that creates without password login service unit is changed to the user of access desired by other, And authorize the establishment user without password login service unit by the authority of the user of described expectation access.
System the most according to claim 4, it is characterised in that change subscriber unit has farther included:
Expect that user changes parts, be used for using chown and chmod order, the establishment without password login service unit is used Family changes to other desired users accessed, and arranges the SUID without password login service unit, is then taking without password login Business device is internal performs setreuid order;
Expect user's switching part, for from system file :/etc/passwd file obtains the argument of the desired user accessed Record information, then performs source order, in the environment of thus switching to the user of desired access.
System the most according to claim 1, it is characterised in that service server also includes pseudo terminal device, wherein:
Service unit without password login, and after remote access interface device sets up TCP connecting link, open pseudo terminal device, and Described TCP connecting link is bound with pseudo terminal device;
Pseudo terminal device, for reading the operation maintenance command of user from the TCP connecting link of binding, and returns execution result Return in TCP connecting link.
System the most according to claim 6, it is characterised in that pseudo terminal device has farther included:
Pseudo-terminal main equipment, for obtaining the operation maintenance command of user, and by described operation from the TCP connecting link of binding Maintenance instruction is transmitted to pseudo-terminal and performs from equipment, then receives pseudo-terminal and holds described operation maintenance command from what equipment returned Row result, is finally sent to remote access interface device by execution result by TCP connecting link;
Pseudo-terminal, from equipment, sends, for performing pseudo-terminal main equipment, the operation maintenance command of coming, and execution result is returned to puppet Terminal main equipment.
System the most according to claim 1, it is characterised in that central control server has farther included conversation recording dress Put and black and white lists judgment means, wherein:
Conversation recording device, for asking to recorded in session information by the Operation and Maintenance of user, and returns according to service server Execution result, update the execution resultant content in session information, this session information be saved in central control server simultaneously Session pool in;Send, when receiving service server, the session failed notification message of coming, update the session of central control server Session information corresponding in pond,
Black and white lists judgment means has farther included:
Blacklist judging unit, for the logging request according to user, searches the black and white lists user of the service server that user specifies List, and judge whether described user is the user in blacklist, if it is, forbid that described user signs in without cryptosecurity In service server, if it is not, then after the authentication of described user is passed through, the service server transmission specified to user is opened Open Service Notification message and request connection message;Or
White list judging unit, for the logging request according to user, searches the black and white lists user of the service server that user specifies List, and judge whether described user is the user in white list, if it is, after the authentication of described user is passed through, The service server specified to user sends unlatching Service Notification message and request connection message, if it is not, then forbid described user Sign in in service server without cryptosecurity.
9. the remote maintenance implementation method logged in without cryptosecurity, it is characterised in that when user sends logging request, bag Include:
Step one, central control server carry out authentication to user, and after the authentication of user is passed through, refer to user Fixed service server sends opens Service Notification message;
Central control server is sent the unlatching Service Notification of coming by step 2, the remote access interface device of described service server Message is transmitted to, without password login service unit, open TCP service without code entry service unit, and will open TCP service Information returns to remote access interface device;
Step 3, remote access interface device are according to the unlatching TCP information on services returned without password login service unit, with without close Code login service device sets up TCP connecting link, after user logins successfully, the operation of user is tieed up central control server The request of protecting is sent to service server and performs, and the execution result that service server returns is transmitted to user terminal,
Step 2 has farther included:
Central control server is sent the unlatching Service Notification message of coming by step 21, the remote access interface device of service server It is transmitted to without password login service unit;
Step 22, judge self whether to have turned on TCP service without password login service unit, if it is not, then from described unlatching Service Notification message or local default configuration are extracted and opens TCP information on services, and the IP that will open in TCP information on services Address is set to 0, then binding open TCP service port, simultaneously create TCP service processes, described TCP service into Whether the port that journey opens TCP service for periodically monitoring receives new request connection message, finally by described unlatching TCP Information on services is sent to remote access interface device.
Implementation method the most according to claim 9, it is characterised in that step 3 has farther included:
Step 31, central control server send request connection message to remote access interface device;
Step 32, remote access interface device send request connection message to without password login service unit, and step on according to without password Record service unit sends the unlatching TCP information on services of coming, and sets up TCP connecting link with without password login service unit;
Newly-established TCP connecting link information is saved in the machine session pool by step 33, remote access interface device.
11. implementation methods according to claim 9, it is characterised in that also include after step 3:
Step 4, open pseudo terminal device without password login service unit, described pseudo terminal device include pseudo-terminal main equipment and Pseudo-terminal is from equipment, and described TCP connecting link is bound with pseudo terminal device.
12. implementation methods according to claim 11, it is characterised in that when user sends Operation and Maintenance request, also Include:
The Operation and Maintenance of user is asked to be sent to service server by step A1, central control server, and the operation of user is tieed up The request of protecting recorded in session information;
Step A2, the remote access interface device of service server search the machine session pool, obtain the TCP that described user is corresponding Connecting link information, and read operation maintenance instruction from the Operation and Maintenance of user is asked, then lead to described operation maintenance command The TCP connecting link crossing correspondence is sent to without password login service unit;
Step A3, pseudo-terminal main equipment obtain the operation maintenance command of user from TCP connecting link, and by described operation dimension Finger shield order is transmitted to pseudo-terminal and performs from equipment, then receives the execution to described operation maintenance command that pseudo-terminal returns from equipment As a result, finally execution result is sent to remote access interface device by TCP connecting link;
Step A4, remote access interface device obtain the execution result of Operation and Maintenance request from TCP connecting link, and will hold Row result returns to central control server;
Step A5, central control server update the execution resultant content in session information, and described execution result is returned to user Terminal, and this session information is saved in the session pool of central control server.
13. implementation methods according to claim 9, it is characterised in that when service server is Linux or Unix operation During system, also include before step 2:
Step B, the user that user changes to access desired by other will be created, and by the described phase without password login service unit The authority hoping the user accessed authorizes the establishment user without password login service unit.
14. implementation methods according to claim 13, it is characterised in that step B has farther included:
Step B1, employing chown and chmod order, change to other institutes by the establishment user without password login service unit Expect the user accessed, and the SUID without password login service unit is set;
Step B2, without inside password login service unit perform setreuid order;
Step B3, without inside password login service unit from system file :/etc/passwd file obtains desired access User.home information, then perform source order, in the environment of thus switching to the desired user accessed.
CN201310468078.1A 2013-10-10 2013-10-10 A kind of remote maintenance system logged in without cryptosecurity and implementation method Expired - Fee Related CN103475491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310468078.1A CN103475491B (en) 2013-10-10 2013-10-10 A kind of remote maintenance system logged in without cryptosecurity and implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310468078.1A CN103475491B (en) 2013-10-10 2013-10-10 A kind of remote maintenance system logged in without cryptosecurity and implementation method

Publications (2)

Publication Number Publication Date
CN103475491A CN103475491A (en) 2013-12-25
CN103475491B true CN103475491B (en) 2017-01-04

Family

ID=49800203

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310468078.1A Expired - Fee Related CN103475491B (en) 2013-10-10 2013-10-10 A kind of remote maintenance system logged in without cryptosecurity and implementation method

Country Status (1)

Country Link
CN (1) CN103475491B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363245A (en) * 2014-11-28 2015-02-18 上海斐讯数据通信技术有限公司 Remote login system and method based on telnet protocol
CN109804610B (en) 2017-03-23 2022-05-13 柏思科技有限公司 Method and system for limiting data traffic transmission of network enabled devices
WO2018172819A1 (en) * 2017-03-23 2018-09-27 Pismo Labs Technology Ltd. Method and system for updating a whitelist at a network node
CN111697694A (en) * 2020-06-02 2020-09-22 广西电网有限责任公司电力科学研究院 Power distribution terminal near-end maintenance identity authentication method and system
CN113553557A (en) * 2021-07-23 2021-10-26 咪咕文化科技有限公司 Application secret-free login method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1848884A (en) * 2005-04-14 2006-10-18 华为技术有限公司 Method for realizing call transfer
CN102158511A (en) * 2010-02-11 2011-08-17 上海博泰悦臻电子设备制造有限公司 Vehicle equipment, vehicle system and vehicle login method
CN103118022A (en) * 2013-01-28 2013-05-22 上海巨人网络科技有限公司 Verification method of no-password unauthenticated login

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3217696A1 (en) * 2011-03-23 2017-09-13 InterDigital Patent Holdings, Inc. Device and method for securing network communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1848884A (en) * 2005-04-14 2006-10-18 华为技术有限公司 Method for realizing call transfer
CN102158511A (en) * 2010-02-11 2011-08-17 上海博泰悦臻电子设备制造有限公司 Vehicle equipment, vehicle system and vehicle login method
CN103118022A (en) * 2013-01-28 2013-05-22 上海巨人网络科技有限公司 Verification method of no-password unauthenticated login

Also Published As

Publication number Publication date
CN103475491A (en) 2013-12-25

Similar Documents

Publication Publication Date Title
CN109873834B (en) Enterprise-level cloud mobile application integrated platform and system based on cloud computing
CN104753887B (en) Security management and control implementation method, system and cloud desktop system
CN103475491B (en) A kind of remote maintenance system logged in without cryptosecurity and implementation method
CN104754582B (en) Safeguard the client and method of BYOD safety
CN103295304B (en) Based on community intelligent entrance guard control method and the device thereof of mobile phone 3G network
CN1805441B (en) Integrated WLAN authentication architecture and method of implementing structural layers
CN105827624B (en) A kind of authentication system
CN107426174A (en) A kind of access control system and method for credible performing environment
CN105656890A (en) FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation
CN101986598B (en) Authentication method, server and system
CN106230594B (en) Method for user authentication based on dynamic password
CN106209838A (en) The IP cut-in method of SSL VPN and device
CN110336788A (en) A kind of data safety exchange method of internet of things equipment and mobile terminal
CN106878987B (en) Communication method, system and cloud server
CN103051448A (en) Authentication method, device and system for pairing code of business terminal attached to home gateway
CN102413466A (en) Logging-in authentication method for cell phone
CN107104958A (en) Manage the method, private clound and public cloud equipment and storage device of private clound equipment
CN107341406A (en) A kind of method and terminal for protecting privacy of user data
CN104767621A (en) Single-point security certification method for having access to enterprise data through mobile application
CN108881127A (en) A kind of method and system of control remote access permission
CN103036883A (en) Secure communication method and system of secure server
CN105577686B (en) LAN single-point logging method based on network controller
CN107231378A (en) A kind of security control method based on electric power mobile office equipment, apparatus and system
CN102917359A (en) Mobile terminal with PPPoE number dialing function and number dialing method thereof
CN108154026A (en) Safety communicating method and system of the Root without intrusion are exempted from based on android system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 310013, Zhejiang, Xihu District, Wensanlu Road, No. 398, 4 floor, Hangzhou

Patentee after: Dongxin Beiyou Information Technology Co., Ltd., Hangzhou

Address before: 100191 Beijing, Zhichun Road, No. 9, hearing the building on the floor of the 7 floor,

Patentee before: Dongxin Beiyou Information Technology Co., Ltd., Hangzhou

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170104

Termination date: 20181010