CN103475491A - Remote maintenance system which is logged in to safely without code and achieving method - Google Patents
Remote maintenance system which is logged in to safely without code and achieving method Download PDFInfo
- Publication number
- CN103475491A CN103475491A CN2013104680781A CN201310468078A CN103475491A CN 103475491 A CN103475491 A CN 103475491A CN 2013104680781 A CN2013104680781 A CN 2013104680781A CN 201310468078 A CN201310468078 A CN 201310468078A CN 103475491 A CN103475491 A CN 103475491A
- Authority
- CN
- China
- Prior art keywords
- user
- tcp
- service
- password login
- connecting link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a remote maintenance system which is logged in to safely without any code and an achieving method. The achieving method includes the following steps that firstly, a center control server verifies the identity of a user and sends a service initiating notification message to a service server designated by the user after the user passes the identity verification; secondly, a remote access interface device of the service sever forwards the service initiating notification message from the center control sever to a codeless log-in service device, and the codeless log-in service device initiates a TCP service and feeds TCP service initiating information back to the remote access interface device; thirdly, the remote access interface device sets up a TCP connection link with the codeless log-in service device according to the TCP service initiating information fed back by the codeless log-in service device. The remote maintenance system which is logged in to safely without any code and the achieving method belong to the technical field of network communication, and can achieve codeless safety log-in by the user during remote maintenance.
Description
Technical field
The present invention relates to a kind of remote maintenance system and implementation method without the cryptosecurity login, belong to network communications technology field.
Background technology
Along with the development of telecommunication technology and Internet technology, the user increases day by day to the demand of class of business.The service provider is the development of complying with market, meets user's demand, has developed the value-added service platform of One's name is legion.How to ensure the stable difficult problem that becomes common carrier of these day by day huge, growing value-added services.
These business platforms are deployed on a plurality of servers usually, and the service maintenance mode is different, make maintenance work more and more loaded down with trivial details.For all business platforms of management and control, network management system generally need to be on 100 multiple servers the installation agent program.These Agents need access host while carrying out the operation such as function adjustment, abnormal eliminating usually, carry out attended operation.And numerous servers, the password change is frequent, in the urgent need to a kind of more convenient, safe remote maintenance mode.
On the other hand, the service provider, in the development process, according to the different demands of client of operator, releases multiple business.Each business also can be deployed on a plurality of servers usually, carries out load sharing.Along with increasing of business, maintenance work becomes increasingly complex: the attendant not only needs to understand a plurality of service maintenance knowledge, also needs to bear the daily O&M of numerous business main frames.Especially in recent years, operator, for improving information security, by the separation of principal and subordinate's account, regular update password, allowed the maintenance work of each business more and more loaded down with trivial details especially.
How to isolate the impact of password change on remote maintenance? patent application CN 201310030683.0(applies for title: a kind ofly without the password heterodoxy, log in verification method, the applying date: 2013-01-28, applicant: Shanghai giant's network technology Co., Ltd) disclosed and a kind ofly without the password heterodoxy, logged in verification method, in order to ensure account number, password carries out Isolation input on different platform, at first need mobile device is carried out the binding procedure of corresponding account number, this process need is used the mobile device hardware information to carry out the binding of corresponding account number cipher, the local verification database generated like this is the equipment that can not break away from binding, avoid the use that is stolen of mobile device client database, in binding procedure, the hardware information of mobile device can be submitted to binding server and authentication server simultaneously, in order to generate the server end device authentication binding data of corresponding account number, this process only there will be once, proof procedure is that each login all will be carried out, in binding procedure, the user only need to input account number cipher one time, other complete automatically, in the checking login process, the user only need to confirm login, one-key operation, other complete automatically, after using the present invention, the user again need not remember complicated password.This technical scheme need to be bound the mobile device hardware information, be that the user uses same mobile device hardware could realize without password login, when if the user uses other terminal hardware or a plurality of different user by same terminal hardware, this technical scheme can not solve in remote maintenance without the cryptosecurity login problem.
Therefore, how in remote maintenance, to realize without the cryptosecurity login, be still a technical problem that is worth further investigation.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of remote maintenance system and implementation method without the cryptosecurity login, can in remote maintenance, realize logining without cryptosecurity of user.
In order to achieve the above object, the invention provides a kind of remote maintenance system without the cryptosecurity login, include center Control Server and several service servers, wherein:
The center Control Server, for receiving user's logging request, carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message; After the user logins successfully, send to service server to carry out user's Operation and Maintenance request, and the execution result that service server is returned is transmitted to user terminal,
Service server further includes:
Long-range access interface device, for communicating with the center Control Server, the unlatching Service Notification message that the center Control Server is sent is transmitted to without the password login service unit, according to the unlatching TCP information on services returned without the password login service unit, and set up the TCP connecting link without the password login service unit;
Without the password login service unit, the unlatching Service Notification message of sending for receiving remote access interface device, open the TCP service, and will open the TCP information on services and return to long-range access interface device,
The center Control Server is connected by network with service server.
In order to achieve the above object, the present invention also provides a kind of remote maintenance implementation method without the cryptosecurity login, when the user sends logging request, includes:
Step 1, center Control Server carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message;
The unlatching Service Notification message that the long-range access interface device of step 2, described service server sends the center Control Server is transmitted to without the password login service unit, log in service unit without password and open the TCP service, and will open the TCP information on services and return to long-range access interface device;
Step 3, long-range access interface device be according to the unlatching TCP information on services returned without the password login service unit, and set up the TCP connecting link without the password login service unit.
Compared with prior art, the invention has the beneficial effects as follows: at the long-range access interface device of service server the machine with between without the password login service unit, set up the TCP connecting link, and the IP address of opening in the TCP information on services is 0, like this, the user is by after the authentication of center Control Server, only have by the TCP connecting link on service server the machine, could carry out long-range attended operation to service server,, after thereby the service that can effectively prevent is opened, illegally utilized or long-range invading in service server; Long-range access interface device can utilize the telecommunication of universal information Middleware implementation and center Control Server, thereby has higher stability, reliability and fail safe; The message received from the center Control Server by long-range access interface device, control and open or close to long-range access interface device with without the TCP connecting link of setting up between the password login service unit, the user does not need to transmit password when Telnet, so its fail safe is high compared to access waies such as telnet, can also get around the restriction of service server forbidding telnet function; By pseudo terminal device, can well realize file is edited etc. to operation; When service server is Linux or Unix operating system, the user can also after without cryptosecurity registering service server, use the user right of other desired accesses to complete the every attended operation to service server.
The accompanying drawing explanation
Fig. 1 is the composition structural representation of a kind of remote maintenance system without the cryptosecurity login of the present invention.
Fig. 2 is when the user sends logging request, the flow chart of a kind of remote maintenance implementation method without the cryptosecurity login of the present invention.
Fig. 3 is the concrete operations flow chart of Fig. 2 step 2.
Fig. 4 is the concrete operations flow chart of Fig. 2 step 3.
Fig. 5 is the concrete operations flow chart when the user logins successfully and send the operation maintenance request.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, the present invention is described in further detail.
As shown in Figure 1, a kind of remote maintenance system without the cryptosecurity login of the present invention, include center Control Server and several service servers, wherein:
The center Control Server, for receiving user's logging request, carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message; After the user logins successfully, send to service server to carry out user's Operation and Maintenance request, and the execution result that service server is returned is transmitted to user terminal,
Service server further includes:
Long-range access interface device, for communicating with the center Control Server, the unlatching Service Notification message that the center Control Server is sent is transmitted to without the password login service unit, according to the unlatching TCP information on services returned without the password login service unit, with set up the TCP connecting link without the password login service unit, by described TCP connecting link, the user can sign in in the service server of appointment without cryptosecurity;
Without the password login service unit, the unlatching Service Notification message of sending for receiving remote access interface device, open the TCP service, and will open the TCP information on services and return to long-range access interface device; After setting up the TCP connecting link with long-range access interface device, open pseudo terminal device, and described TCP connecting link and pseudo terminal device are bound;
Pseudo terminal device, read user's operation maintenance command for the TCP connecting link from binding, and execution result turned back in the TCP connecting link,
The center Control Server is connected by network with service server.
Long-range access interface device can adopt the universal information middleware, be real-time application process management and communications component (component package of real time application process management and communication, COPART-MACO), by abstract link model, support various IPC mechanism in unified mode, can realize across machine and cross-platform general, and there is very high stability and reliability, thereby meet the communicating requirement of remote maintenance.
Long-range access interface device further includes:
Unit is set up in the TCP connection, for receiving the unlatching TCP information on services returned without the password login service unit, and when request connection message that the center Control Server of receiving sends, according to described unlatching TCP information on services, with set up the TCP connecting link without the password login service unit, then newly-established TCP connecting link information is saved in the machine session pool; Like this, when having a plurality of users to sign in in service server, the corresponding one or more TCP connecting links of each user, preserve all users' of login the machine TCP connecting link information in the session pool of service server;
The Operation and Maintenance performance element, the user's who sends for the receiving center Control Server Operation and Maintenance request, search the machine session pool, obtain TCP connecting link information corresponding to described user, and from user's Operation and Maintenance request the read operation maintenance instruction, then described operation maintenance command is sent to without the password login service unit by corresponding TCP connecting link, finally obtain the execution result of Operation and Maintenance request from the TCP connecting link, and execution result is returned to the center Control Server.
Without the password login service unit, further include:
Unit is opened in the TCP service, forward for receiving remote access interface device the unlatching Service Notification message of coming, judge and self whether opened the TCP service, if not, from described unlatching Service Notification message, or extract in local default configuration and open the port that TCP serves, the login master catalogue, default user, maximum numbers of connections etc. are opened the TCP information on services, and the IP address of opening in the TCP information on services is set to 0, then the port of TCP service is opened in binding, create the TCP service processes simultaneously, whether described TCP service processes receives new request connection message for regularly monitoring the port of opening the TCP service, finally described unlatching TCP information on services is sent to long-range access interface device, when the IP address in described unlatching TCP information on services is set to 0, only have by the long-range access interface device of the machine with without the password login service unit, could carry out to service server the operations such as remote maintenance, thereby guaranteed the fail safe of access, the service that prevents is illegally utilized after opening, long-range intrusion service server,
TCP link establishment unit, for setting up the TCP connecting link with long-range access interface device;
TCP link maintenance unit, for the session pool state of service server is safeguarded, when a TCP connecting link, do not use for a long time, this session failed is described, in this session of cleaning, send the session failed notification message to the center Control Server.
When service server is Linux or Unix operating system, due to the Warrant Bounds be subject to without the establishment user of password login service unit, some attended operation of service server possibly can't be realized, the present invention can also be according to the actual needs of user's attended operation, user right is changed to the user right of other desired accesses, thereby complete the every attended operation to service server.Describedly without the password login service unit, can also include:
The change subscriber unit, for changing to without the establishment user of password login service unit the user of other desired accesses, and authorize the establishment user without the password login service unit by the user's of described expectation access authority.
The change subscriber unit can further include:
Desired user change parts, for adopting chown and chmod order, to change to without the establishment user of password login service unit the user of other desired accesses, and the SUID(arranged without the password login service unit arranges user ID), then without password login service unit inside, carrying out the setreuid order;
The desired user switching part, be used for from system file :/etc/passwd file obtains the user.home information of desired access, then carry out the source order, thereby be switched under user's the environment of desired access, / etc/passwd file is the system general file, is mainly used in preserving the contents such as user id, affiliated group, master catalogue information.
Described pseudo terminal device further includes:
The pseudo-terminal main equipment, obtain user's operation maintenance command for the TCP connecting link from binding, and described operation maintenance command is transmitted to pseudo-terminal carries out from equipment, then receive the execution result to described operation maintenance command that pseudo-terminal returns from equipment, finally execution result is sent to long-range access interface device by the TCP connecting link;
Pseudo-terminal is from equipment, the operation maintenance command of sending for carrying out the pseudo-terminal main equipment, and execution result is returned to the pseudo-terminal main equipment.
Described center Control Server further includes conversation recording device and black and white lists judgment means:
The conversation recording device, for user's Operation and Maintenance request is recorded to session information, and the execution result returned according to service server, upgrade the execution result content in session information, this session information is saved in the session pool of center Control Server simultaneously; When the session failed notification message that receives service server and send, upgrade corresponding session information in the session pool of center Control Server;
The black and white lists judgment means can further include:
The blacklist judging unit, for the logging request according to the user, search the black and white lists user list of the service server of user's appointment, and judge whether described user is the user in blacklist, if so, forbid that described user signs in in service server, without cryptosecurity if not,, after described user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message and request connection message;
The white list judging unit, for the logging request according to the user, search the black and white lists user list of the service server of user's appointment, and judge whether described user is the user in white list, if so,, after described user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message and request connection message, if not, forbid that described user signs in in service server without cryptosecurity.
As shown in Figure 2, when the user sends logging request, a kind of remote maintenance implementation method without the cryptosecurity login of the present invention includes:
Step 1, center Control Server carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message;
The unlatching Service Notification message that the long-range access interface device of step 2, described service server sends the center Control Server is transmitted to without the password login service unit, log in service unit without password and open the TCP service, and will open the TCP information on services and return to long-range access interface device;
Step 3, long-range access interface device be according to the unlatching TCP information on services returned without the password login service unit, and set up the TCP connecting link without the password login service unit; By described TCP connecting link, the user can sign in in the service server of appointment without cryptosecurity;
Step 4, without the password login service unit, open pseudo terminal device, described pseudo terminal device includes pseudo-terminal main equipment and pseudo-terminal from equipment, and described TCP connecting link and pseudo terminal device are bound.
As shown in Figure 3, Fig. 2 step 2 further includes:
The unlatching Service Notification message that the long-range access interface device of step 21, service server sends the center Control Server is transmitted to without the password login service unit, can include in described unlatching Service Notification message and open the TCP information on services;
Do you step 22, without the password login service unit, judge self whether to have opened TCP service? if so, this flow process finishes; If not, from described unlatching Service Notification message or local default configuration, the port of extraction unlatching TCP service, login master catalogue, default user, maximum number of connections etc. are opened the TCP information on services, and the IP address of opening in the TCP information on services is set to 0, then the port of TCP service is opened in binding, create the TCP service processes simultaneously, whether described TCP service processes receives new request connection message for regularly monitoring the port of opening the TCP service, finally described unlatching TCP information on services is sent to long-range access interface device, this flow process finishes.
When the IP address in described unlatching TCP information on services is set to 0, only have by the long-range access interface device of the machine with without the password login service unit, could carry out to service server the operations such as remote maintenance, thereby the service that prevents is illegally utilized after opening, long-range intrusion service server.
As shown in Figure 4, Fig. 2 step 3 further includes:
Step 31, center Control Server sends request connection message to long-range access interface device;
Step 32, long-range access interface device be to without the password login service unit, sending request connection message, and according to the unlatching TCP information on services sent without the password login service unit, and sets up the TCP connecting link without the password login service unit;
As shown in Figure 5, when the user logins successfully and send the operation maintenance request, also include:
Steps A 1, center Control Server send to service server by user's Operation and Maintenance request, and user's Operation and Maintenance request is recorded in session information;
The long-range access interface device of steps A 2, service server is searched the machine session pool, obtain TCP connecting link information corresponding to described user, and from user's Operation and Maintenance request the read operation maintenance instruction, then described operation maintenance command is sent to without the password login service unit by corresponding TCP connecting link;
If include a plurality of operation maintenance command in user's Operation and Maintenance request, after long-range access interface device splits into a plurality of operation maintenance command by described Operation and Maintenance request, one by one each operation maintenance command is sent to without the password login service unit by corresponding TCP connecting link;
Steps A 3, pseudo-terminal main equipment obtain user's operation maintenance command from the TCP connecting link, and described operation maintenance command is transmitted to pseudo-terminal carries out from equipment, then receive the execution result to described operation maintenance command that pseudo-terminal returns from equipment, finally execution result is sent to long-range access interface device by the TCP connecting link;
Steps A 4, long-range access interface device obtain the execution result of Operation and Maintenance request from the TCP connecting link, and execution result is returned to the center Control Server;
Steps A 5, center Control Server upgrade the execution result content in session information, described execution result is returned to user terminal, and this session information is saved in the session pool of center Control Server.
It is worth mentioning that, the session pool of each service server is a subset of the session pool of center Control Server.The session pool of center Control Server is indifferent to TCP connecting link information, and concern user's Operation and Maintenance request and execution result thereof, like this, the session pool of center Control Server is mainly used in preserving the session informations such as user's Operation and Maintenance request and execution result thereof, thereby can improve system maintenance efficiency.By configuration, can allow the center Control Server that Operation and Maintenance request and the execution result thereof of all session informations are written to specified file, in order to consulting.
When service server is Linux or Unix operating system, due to the Warrant Bounds be subject to without the establishment user of password login service unit, some attended operation of service server possibly can't be realized, the present invention can also be according to the actual needs of user's attended operation, user right is changed to the user right of other desired accesses, thereby complete the every attended operation to service server.Before Fig. 2 step 2, can also include:
Step B, will change to without the establishment user of password login service unit the user of other desired accesses, and authorize the establishment user without the password login service unit by the user's of described expectation access authority.
Described step B further includes:
Step B1, employing chown and chmod order, to change to without the establishment user of password login service unit the user of other desired accesses, and the SUID(arranged without the password login service unit arranges user ID), the euid after starting without the password login service unit is the user ID of other desired accesses;
Step B2, without the password login service unit is inner, carrying out setreuid order, receiving and the user of the desired access of employing is opened to TCP and serve while opening Service Notification message without the password login service unit when step 2 in like this;
Step B3, without password login service unit inside from system file: obtain the user.home information of desired access/etc/passwd file, then carry out the source order, thereby be switched under user's the environment of desired access./ etc/passwd file is the system general file, is mainly used in preserving the contents such as user id, affiliated group, master catalogue information.
For strengthening the user access administration fail safe, can also increase the black and white lists user list, Fig. 2 step 1 also includes:
Is the center Control Server searched the black and white lists user list of the service server of user's appointment, and judges that described user is the user in blacklist? if so, forbid that described user signs in in service server without cryptosecurity, this flow process finishes; If not, continue step 2, or
Is the center Control Server searched the black and white lists user list of the service server of user's appointment, and judges that described user is the user in white list? if so, allow described user to sign in in service server without cryptosecurity, continue step 2; If not, this flow process finishes.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (15)
1. the remote maintenance system without the cryptosecurity login, is characterized in that, includes center Control Server and several service servers, wherein:
The center Control Server, for receiving user's logging request, carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message; After the user logins successfully, send to service server to carry out user's Operation and Maintenance request, and the execution result that service server is returned is transmitted to user terminal,
Service server further includes:
Long-range access interface device, for communicating with the center Control Server, the unlatching Service Notification message that the center Control Server is sent is transmitted to without the password login service unit, according to the unlatching TCP information on services returned without the password login service unit, and set up the TCP connecting link without the password login service unit;
Without the password login service unit, the unlatching Service Notification message of sending for receiving remote access interface device, open the TCP service, and will open the TCP information on services and return to long-range access interface device,
The center Control Server is connected by network with service server.
2. system according to claim 1, is characterized in that, long-range access interface device further includes:
Unit is set up in the TCP connection, for receiving the unlatching TCP information on services returned without the password login service unit, and when request connection message that the center Control Server of receiving sends, according to described unlatching TCP information on services, with set up the TCP connecting link without the password login service unit, then newly-established TCP connecting link information is saved in the machine session pool;
The Operation and Maintenance performance element, the user's who sends for the receiving center Control Server Operation and Maintenance request, search the machine session pool, obtain TCP connecting link information corresponding to described user, and from user's Operation and Maintenance request the read operation maintenance instruction, then described operation maintenance command is sent to without the password login service unit by corresponding TCP connecting link, finally obtain the execution result of Operation and Maintenance request from the TCP connecting link, and execution result is returned to the center Control Server.
3. system according to claim 1, is characterized in that, without the password login service unit, further includes:
Unit is opened in the TCP service, forward for receiving remote access interface device the unlatching Service Notification message of coming, judge and self whether opened the TCP service, if not, from described unlatching Service Notification message, or extract in local default configuration and open the TCP information on services, and the IP address of opening in the TCP information on services is set to 0, then the port of TCP service is opened in binding, create the TCP service processes simultaneously, whether described TCP service processes receives new request connection message for regularly monitoring the port of opening the TCP service, finally described unlatching TCP information on services is sent to long-range access interface device,
TCP link establishment unit, for setting up the TCP connecting link with long-range access interface device;
TCP link maintenance unit, safeguarded for the session pool state to service server, when a TCP connecting link is not used for a long time,, in this session of cleaning, sends the session failed notification message to the center Control Server.
4. system according to claim 1, is characterized in that, when service server is Linux or Unix operating system, without the password login service unit, also includes:
The change subscriber unit, for changing to without the establishment user of password login service unit the user of other desired accesses, and authorize the establishment user without the password login service unit by the user's of described expectation access authority.
5. system according to claim 4, is characterized in that, the change subscriber unit further includes:
Desired user change parts, for adopting chown and chmod order, to change to without the establishment user of password login service unit the user of other desired accesses, and the SUID without the password login service unit will be set, then without password login service unit inside, carry out the setreuid order;
The desired user switching part, for from system file :/etc/passwd file obtains the user.home information of desired access, then carries out the source order, thereby is switched under user's the environment of desired access.
6. system according to claim 1, is characterized in that, service server also includes pseudo terminal device, wherein:
Without the password login service unit, and, after long-range access interface device sets up the TCP connecting link, open pseudo terminal device, and described TCP connecting link and pseudo terminal device are bound;
Pseudo terminal device, read user's operation maintenance command for the TCP connecting link from binding, and execution result turned back in the TCP connecting link.
7. system according to claim 6, is characterized in that, pseudo terminal device further includes:
The pseudo-terminal main equipment, obtain user's operation maintenance command for the TCP connecting link from binding, and described operation maintenance command is transmitted to pseudo-terminal carries out from equipment, then receive the execution result to described operation maintenance command that pseudo-terminal returns from equipment, finally execution result is sent to long-range access interface device by the TCP connecting link;
Pseudo-terminal is from equipment, the operation maintenance command of sending for carrying out the pseudo-terminal main equipment, and execution result is returned to the pseudo-terminal main equipment.
8. system according to claim 1, is characterized in that, the center Control Server further includes conversation recording device and black and white lists judgment means, wherein:
The conversation recording device, for user's Operation and Maintenance request is recorded to session information, and the execution result returned according to service server, upgrade the execution result content in session information, this session information is saved in the session pool of center Control Server simultaneously; When the session failed notification message that receives service server and send, upgrade corresponding session information in the session pool of center Control Server,
The black and white lists judgment means further includes:
The blacklist judging unit, for the logging request according to the user, search the black and white lists user list of the service server of user's appointment, and judge whether described user is the user in blacklist, if so, forbid that described user signs in in service server, without cryptosecurity if not,, after described user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message and request connection message; Or
The white list judging unit, for the logging request according to the user, search the black and white lists user list of the service server of user's appointment, and judge whether described user is the user in white list, if so,, after described user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message and request connection message, if not, forbid that described user signs in in service server without cryptosecurity.
9. the remote maintenance implementation method without the cryptosecurity login, is characterized in that, when the user sends logging request, includes:
Step 1, center Control Server carry out authentication to the user, and, after user's authentication is passed through, to the service server transmission of user's appointment, open Service Notification message;
The unlatching Service Notification message that the long-range access interface device of step 2, described service server sends the center Control Server is transmitted to without the password login service unit, log in service unit without password and open the TCP service, and will open the TCP information on services and return to long-range access interface device;
Step 3, long-range access interface device be according to the unlatching TCP information on services returned without the password login service unit, and set up the TCP connecting link without the password login service unit.
10. implementation method according to claim 9, is characterized in that, step 2 further includes:
The unlatching Service Notification message that the long-range access interface device of step 21, service server sends the center Control Server is transmitted to without the password login service unit;
Step 22, without the password login service unit, judge self whether to have opened TCP service, if not, extract from described unlatching Service Notification message or local default configuration and open the TCP information on services, and the IP address of opening in the TCP information on services is set to 0, then the port of TCP service is opened in binding, create the TCP service processes simultaneously, whether described TCP service processes receives new request connection message for regularly monitoring the port of opening the TCP service, finally described unlatching TCP information on services is sent to long-range access interface device.
11. implementation method according to claim 9, is characterized in that, step 3 further includes:
Step 31, center Control Server sends request connection message to long-range access interface device;
Step 32, long-range access interface device be to without the password login service unit, sending request connection message, and according to the unlatching TCP information on services sent without the password login service unit, and sets up the TCP connecting link without the password login service unit;
Step 33, long-range access interface device are saved in newly-established TCP connecting link information in the machine session pool.
12. implementation method according to claim 9, is characterized in that, also includes after step 3:
Step 4, without the password login service unit, open pseudo terminal device, described pseudo terminal device includes pseudo-terminal main equipment and pseudo-terminal from equipment, and described TCP connecting link and pseudo terminal device are bound.
13. implementation method according to claim 12, is characterized in that, when the user sends the Operation and Maintenance request, also includes:
Steps A 1, center Control Server send to service server by user's Operation and Maintenance request, and user's Operation and Maintenance request is recorded in session information;
The long-range access interface device of steps A 2, service server is searched the machine session pool, obtain TCP connecting link information corresponding to described user, and from user's Operation and Maintenance request the read operation maintenance instruction, then described operation maintenance command is sent to without the password login service unit by corresponding TCP connecting link;
Steps A 3, pseudo-terminal main equipment obtain user's operation maintenance command from the TCP connecting link, and described operation maintenance command is transmitted to pseudo-terminal carries out from equipment, then receive the execution result to described operation maintenance command that pseudo-terminal returns from equipment, finally execution result is sent to long-range access interface device by the TCP connecting link;
Steps A 4, long-range access interface device obtain the execution result of Operation and Maintenance request from the TCP connecting link, and execution result is returned to the center Control Server;
Steps A 5, center Control Server upgrade the execution result content in session information, described execution result is returned to user terminal, and this session information is saved in the session pool of center Control Server.
14. implementation method according to claim 9, is characterized in that, when service server is Linux or Unix operating system, also includes before step 2:
Step B, will change to without the establishment user of password login service unit the user of other desired accesses, and authorize the establishment user without the password login service unit by the user's of described expectation access authority.
15. implementation method according to claim 13, is characterized in that, step B further includes:
Step B1, employing chown and chmod order, will change to without the establishment user of password login service unit the user of other desired accesses, and the SUID without the password login service unit will be set;
Step B2, without the password login service unit is inner, carrying out the setreuid order;
Step B3, without password login service unit inside from system file: obtain the user.home information of desired access/etc/passwd file, then carry out the source order, thereby be switched under user's the environment of desired access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310468078.1A CN103475491B (en) | 2013-10-10 | 2013-10-10 | A kind of remote maintenance system logged in without cryptosecurity and implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310468078.1A CN103475491B (en) | 2013-10-10 | 2013-10-10 | A kind of remote maintenance system logged in without cryptosecurity and implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103475491A true CN103475491A (en) | 2013-12-25 |
| CN103475491B CN103475491B (en) | 2017-01-04 |
Family
ID=49800203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310468078.1A Expired - Fee Related CN103475491B (en) | 2013-10-10 | 2013-10-10 | A kind of remote maintenance system logged in without cryptosecurity and implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103475491B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363245A (en) * | 2014-11-28 | 2015-02-18 | 上海斐讯数据通信技术有限公司 | Remote login system and method based on telnet protocol |
| CN109964469A (en) * | 2017-03-23 | 2019-07-02 | 柏思科技有限公司 | For updating the method and system of white list at network node |
| CN111697694A (en) * | 2020-06-02 | 2020-09-22 | 广西电网有限责任公司电力科学研究院 | Power distribution terminal near-end maintenance identity authentication method and system |
| CN113553557A (en) * | 2021-07-23 | 2021-10-26 | 咪咕文化科技有限公司 | Application secret-free login method and device, electronic equipment and storage medium |
| US11722458B2 (en) | 2017-03-23 | 2023-08-08 | Pismo Labs Technology Limited | Method and system for restricting transmission of data traffic for devices with networking capabilities |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1848884A (en) * | 2005-04-14 | 2006-10-18 | 华为技术有限公司 | Method for realizing call transfer |
| CN102158511A (en) * | 2010-02-11 | 2011-08-17 | 上海博泰悦臻电子设备制造有限公司 | Vehicle equipment, vehicle system and vehicle login method |
| US20130080769A1 (en) * | 2011-03-23 | 2013-03-28 | Interdigital Patent Holdings, Inc. | Systems and methods for securing network communications |
| CN103118022A (en) * | 2013-01-28 | 2013-05-22 | 上海巨人网络科技有限公司 | Verification method of no-password unauthenticated login |
-
2013
- 2013-10-10 CN CN201310468078.1A patent/CN103475491B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1848884A (en) * | 2005-04-14 | 2006-10-18 | 华为技术有限公司 | Method for realizing call transfer |
| CN102158511A (en) * | 2010-02-11 | 2011-08-17 | 上海博泰悦臻电子设备制造有限公司 | Vehicle equipment, vehicle system and vehicle login method |
| US20130080769A1 (en) * | 2011-03-23 | 2013-03-28 | Interdigital Patent Holdings, Inc. | Systems and methods for securing network communications |
| CN103118022A (en) * | 2013-01-28 | 2013-05-22 | 上海巨人网络科技有限公司 | Verification method of no-password unauthenticated login |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363245A (en) * | 2014-11-28 | 2015-02-18 | 上海斐讯数据通信技术有限公司 | Remote login system and method based on telnet protocol |
| CN109964469A (en) * | 2017-03-23 | 2019-07-02 | 柏思科技有限公司 | For updating the method and system of white list at network node |
| CN109964469B (en) * | 2017-03-23 | 2021-09-28 | 柏思科技有限公司 | Method and system for updating white lists at a network node |
| US11722458B2 (en) | 2017-03-23 | 2023-08-08 | Pismo Labs Technology Limited | Method and system for restricting transmission of data traffic for devices with networking capabilities |
| CN111697694A (en) * | 2020-06-02 | 2020-09-22 | 广西电网有限责任公司电力科学研究院 | Power distribution terminal near-end maintenance identity authentication method and system |
| CN113553557A (en) * | 2021-07-23 | 2021-10-26 | 咪咕文化科技有限公司 | Application secret-free login method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103475491B (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110719276B (en) | Network equipment safety access system based on cache password and working method thereof | |
| US9240977B2 (en) | Techniques for protecting mobile applications | |
| US7640581B1 (en) | Method and system for providing secure, centralized access to remote elements | |
| CN104754582B (en) | Safeguard the client and method of BYOD safety | |
| US20100197293A1 (en) | Remote computer access authentication using a mobile device | |
| US20130239181A1 (en) | Secure tunneling platform system and method | |
| CN104753887A (en) | Safety control implementation method and system and cloud desktop system | |
| CN103916296B (en) | A kind of communication system for merging LAN | |
| CN110138779B (en) | Hadoop platform safety management and control method based on multi-protocol reverse proxy | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN103475491A (en) | Remote maintenance system which is logged in to safely without code and achieving method | |
| CN106817347A (en) | Third-party application authentication method, certificate server, terminal and management server | |
| CN103368809A (en) | Internet reverse penetration tunnel implementation method | |
| CN103906052A (en) | Mobile terminal authentication method, service access method and equipment | |
| CN101350865A (en) | Apparatus for monitoring computer using mobile phone | |
| CN106878987B (en) | Communication method, system and cloud server | |
| CN108243187A (en) | A kind of automatic encryption method, system and service module based on SSH tunnels | |
| CN101640685A (en) | Method and system for delivering private attribute information | |
| CN103036883A (en) | Secure communication method and system of secure server | |
| EP2866404B1 (en) | Mobile terminal with built-in pppoe dialing function and dialing method thereof | |
| CN103138961A (en) | Server control method, controlled server and central control server | |
| EP4169219B1 (en) | Methods, system and communication devices related to lawful interception | |
| CN112333088B (en) | Compatible instant messaging transmission method | |
| CN204206214U (en) | A kind of secure access control system | |
| CN102801538A (en) | Authentication and accounting method, device and system for local area network user, and network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 310013, Zhejiang, Xihu District, Wensanlu Road, No. 398, 4 floor, Hangzhou Patentee after: Dongxin Beiyou Information Technology Co., Ltd., Hangzhou Address before: 100191 Beijing, Zhichun Road, No. 9, hearing the building on the floor of the 7 floor, Patentee before: Dongxin Beiyou Information Technology Co., Ltd., Hangzhou |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170104 Termination date: 20181010 |