The network was attacked, and many cases were caused by the server providing the Telnet service. Indeed, for UNIX systems, if you want to manage it remotely, you must use a remote terminal. To use a remote terminal, you must start the Telnet service on the server. But the Telnet service has a fatal weakness - it transmits usernames and passwords in clear text, so it's easy to steal passwords from people with ulterior motives. Currently, a useful tool to effectively replace the Telnet service is the SSH service. When the SSH client communicates with the server, the username and password are encrypted, which effectively prevents the eavesdropping of the password. This article introduces you to the use of SSH server packages running on popular operating systems. First, the SSH package consists of two parts, one is the server-side package, and the other is the client package. For UNIX and Linux systems, the two packages are packaged separately in two different files. In Windows 9x/NT/2000, it is also divided into two parts. The difference is that the server package can only run on Windows NT and Windows 2000 Server and above, and client SSH can run on all Windows systems. . In addition, SSH is also divided into two versions, SSH1 and SSH2. SSH1 is a completely free software package, while SSH2 is paid for in commercial use. It is also known that SSH1 is the first version. Its function is not as powerful as SSH2, but since it is free, it is widely used in many websites. SSH2 adds a lot of features and is compatible with SSH1 server, which can provide good service support for SSH1 clients. So, if SSH2 is installed on your system, there is no need to install the SSH1 package.
SSH/Linux SSH2 installation steps
1. Download the package, download the address www.ssh.com, download the latest package SSH2, it is best to download the source package to compile it yourself. 2. Unzip and install: # tar -zxvf ssh2-2.4.0.tar.gz # cd ssh2-2.4.0 # ./configure # make #make install The installation is complete. This process actually installs the server package and the client software together, without having to install the client package again. The compiled binary package is stored in the rpm format in the FTP://ftp.ssh.com/pub/ssh/rpm directory. It is a package for non-commercial users. The package name is: ssh-2.4.0-1.i386.rpm, which contains support for X Window. Another package that does not support X Window is ssh- .0-1nox.i386.rpm, can be installed directly after downloading. The installer installs the SSH2 package in /usr/local/bin and /usr/local/sbin. Installing SSH on Windows NT
In the NT and Windows 2000 Server environment, the optional server software is: Vshell, ssh2-2.4.0.win-server. Vshell is a software package provided by Van Dyke that provides SSH2 server under Windows NT/2000 environment. The download address is as follows: //www.vandyke.com/download/index.Html. Another SSH server running under Windows is SSHWinServer.exe, which can be downloaded directly from the ftp://ftp.ssh.com/pub/ssh directory. Installation in the Windows environment is very simple, this article will not introduce more. Unlike UNIX, in the Windows environment, you need to install the server and client packages separately. The client software running in the Windows environment can also be downloaded from the above two sites, the file names are SecureCRT and SSHWin-2.4.0-pl2. About the preparation of the key
A. The server generates the user's own encryption key and the public key for public use. In the UNIX environment, the method of generating the key is as follows: The user is required to enter a long authentication string, which has the same function as passWord, but it is longer, usually within 20 characters. Enter the same string again to confirm the correct input, after which the system generates a pair of keys and a public key. Copy the public key to the local so that the client can decrypt the information sent by the server. Of course, if you don't copy, the server will automatically push its public key to the client the first time you log in, so that the client can decrypt the information provided by the server. B. The client generates the user's encryption key and public key. The client generates its own key and public key in the same way as the server. Some client softwares that support SSH in the Windows environment use their own methods, which vary, but it is certain that all clients that support SSH can and must be generated. Take sshWin2.4 as an example: Open the menu: Edit→Settings→Globe settings→User keys→Generate New keypairs. Follow the prompts to automatically generate new keys and public key pairs. Finally, copy the public key generated by the client to the user's directory on the server's host (in the /home/usrname/.ssh2 directory under UNIX). Different versions of SSH have specific requirements for the public key and the file name of the key. For details, please read the installation instructions in the package. Start SSH Server
In the UNIX/Linux environment, the server program is placed in the /usr/local/sbin directory. The startup method is as follows: # sshd # ps x You can see that the SSHD has been started. If you do not want to restart the system every time, you must manually start the SSHD, you can write a script, placed in the init.d directory, let the system start automatically, after the start of the system. Or add a line /usr/local/sbin/sshd directly to rc.local. Start SSH2 Server under Windows NT/2000/and run start SSH2 Server in the program group. Using SSH
Clients are SSH on UNIX/Linux systems and are stored in the /usr/local/bin directory. Among them are SSH1, SSH2, scp and other client tools. The method of logging in to the remote host using SSH is as follows: host.ip.of.remote is the same as using Telnet. The difference is that the user is required to input the authentication string. If the authentication string passes the authentication. , the user directly logs in successfully; if not, the user is required to enter the system password. After the password authentication is successful, the user can also successfully log in to the system. From the point of view of use, there is no difference with Telnet. And with the SSH client software, if you want to upload files, you don't have to open an FTP window again, authenticate again, and then upload the file. Using the scp tool that comes with the SSH client, you can upload files directly to the remote server. The usage is as follows: host1: dir/filename host2: /home/abc/filename On Windows systems, the available SSH clients are: SecurCRT, which is the version of CRT that supports SSH (download address: //www.vandyke .com/), this is a good remote terminal that supports SSH. It supports both SSH1 and SSH2. Users can freely choose according to the server side, so that it supports the corresponding standards. Another option is the client provided by ssh.com, download address: ftp://ftp.ssh.com/pub/ssh/SSHWin-2.4.0-pl2.exe, this is the new version of SSH2 client. . In addition, there is an FTP client tool that supports SSH. There is an SSH Secure File Transfer ient in sshwin-2.4, which can be used to transfer encrypted files between two hosts. That is the function of scp. In conjunction with SecureCRT, there is also a corresponding FTP tool that supports SSH, the name is: SecureFX, which can be downloaded from www.vandyke.com/. For various reasons, some GUI clients that support SSH may not support the above servers well. You can combine the above tools to find the right tool for you. In general, the support for various servers on the client under UNIX is the best. Usually when selecting the server and client software, it is best to choose the same software vendor's product, so there will be no incompatibility issues. What needs to be added is that if you want to use SSH2 and don't want to pay, then one free software to choose from is Openssh, which is a GPL-compliant package that supports both SSH1 and SSH2 standards and is another widely used one. SSH package (downloadable from www.openssh.com). The latest version of Openssh is Openssh- 2.5.1, which provides full source code. However, you should read the documentation carefully before compiling. The zlib and openssl packages are used during the compilation process. Users need to download and install them first, then compile openssh. Please read the install file in the package for the specific process.