· SSH is a standard network protocol that can be used in most UNIX operating systems
. It can implement remote login management of character interface. It uses port 22 by default and uses cipher text in the network. Transmitting data is more secure than Telnet over plaintext.
· SSH provides both password and key user authentication methods, both of which transfer data via cipher text.
· The difference is that the password user authentication method transmits the user's account name and password, which requires the input password to be sufficiently complex to have higher security.
· and key-based security verification must create a pair of keys for the user and place the shared key on the server that needs to be accessed. When it is necessary to connect to the SSH server, the client software will make a request to the server to request secure verification using the client's key. After the server receives the request, it looks for the common key in the root directory of the user and compares it with the public key sent. If the two keys match, the server encrypts “question" with the public key and sends it to the client software. After the client receives the challenge, it can decrypt it with the local private key and send it to the server. This way is quite safe.
Building ssh server under Linux
I experiment platform is Fedora14 2.6.35.6
< Br>
First, install ssh
ssh software consists of two parts: ssh server and ssh client.
ssh configuration file is in /etc/ssh/directory, where The configuration file of the server is sshd_config, the configuration file of the client is ssh_config.
Install ssh, here only the method of installing via yum (provided that your yum source is configured correctly, and Can be used):
# yum install openssh-* -y
//yum will automatically install all openssh related packages
Second, configure ssh server
According to the two authentication methods of ssh, configure two login modes that cannot be security level.
·Login via password authentication
1.Open the sshd_config configuration file with the vim editor
# vim /etc/ssh/sshd_config< Br>
2. Modify the configuration file as follows (can be adjusted according to its actual situation):
Port 22 //The default is 22 ports, you can also modify it to Other ports, but you need to type the port number when logging in.
#ListenAddress //Specify the IP that provides the ssh service, here I commented out.
PermitRootLogin //Disable remote login as root
PasswordAuthentication yes //Enable password authentication method
PermitEmptyPassword //Prohibit login with blank password
LoginGraceTime 1m //Repeat verification time is 1 minute
MaxAuthTimes 3 //Maximum test number
Save the modified configuration and exit.
3. Restart sshd service
# service sshd restart
·Login by key pair authentication method
1. Generate a key pair on the client
Note: Before generating a key pair, you need to switch the user identity . For example, when user1 needs to log in to the server, user1 must generate its own key file on the client. The same is true for other users.
# su - user1
# ssh-keygen -t rsa //Generate key file
Generating public/private rsa key pair.
Enter File in which to save the key (/root/.ssh/id_rsa): //Press Enter
Enter passphrase (empty for no passphrase): //Set the password to protect the private key file, ie the key. Password when logging in
Enter same passphrase again: //Enter the password to protect the private key file again
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
33:ee:01:7d:c3:74:83:13 :ef:67:ee:d7:60:2d:e1:16 root@localhost
# ll -a .ssh/
Total 24
drwxrwxrwx 2 root root 4096 10-08 19:29 .
drwxr-x--- 21 root root 4096 10-08 19:25 ..
-rw------- 1 root root 1743 10-08 19:29 id_rsa //created private key
-rw-r--r-- 1 root root 396 10-08 19:29 id_rsa.pub //created public key
-rw-r--r-- 1 root root 790 2015-11-04 known_hosts
2. Upload the public key file to the server or use a USB flash drive Copy to server
# scp .ssh/id_rsa.pub [email protected]:/home/user1/
3. On the server side, put the public key Add the file to the corresponding user's keystore
# mkdir -p /home/user1/.ssh///Note that the .ssh directory permissions created here must be read-only for other users except themselves. , that is, the permission bit is set to 644, the owner and the owner group are their users
# mv /home/user1/id_rsa.pub /home/user1/,ssh/authorized_keys //due to the generated public The key name does not match the specified public key name, so you need to replace the generated file name with authorized_keys.
4. Modify the sshd_config configuration file:
# vim /etc/ssh/sshd_config
PasswordAuthentication no //Disable password authentication, can't The original PasswordAuthentication yes is commented out. After the comment, even if there is no public key, the password can be logged in. This is not safe and loses the meaning of key verification.
RSAAuthentication yes //Enable RSA Authentication
PubkeyAuthentication yes //Enable Public Key Verification
AuthorizedKeysFile .ssh/authorized_keys //Enable public key file location, the following path is Set the location of the public key to store the file
Save the modified configuration and exit.
5. Restart sshd service
# service sshd restart
Three, login server
1.Linux client
# ssh 192.168.1.100 //Enter server IP login, no username By default, log in as root
or
# ssh [email protected] //Log in as server1
2. Login client login
The most popular one is putty this login software, no need to install, download it can be used, simple, convenient and safe!
· When the server uses password authentication, just enter the username and password.
·When the server uses the key authentication method, you need to do the following: A few steps:
1. Download puttygen software, this software is used to generate key pair
2. Open puttygen, click on the "generated key type" column ;SSH-2 RSA”
3. Click on "Generate", the software automatically generates the key
4. Enter the key password, click “Save Private Key”. This private key is the key information that must be loaded as a putty login in the future. Be careful not to lose it
5. Copy the public key information and create a new notepad in windows to save
6. It will be saved. The notepad file with the public key information is uploaded to the server, and then the information in the vim check is all lined up (note that the public key information must be one line, the information must be complete)
7. The file is named authorized_keys and copied to the .ssh/directory in the corresponding user's home directory
For beginners, the learning of Linux commands is not so simple. Many beginners rarely use commands o
Faced with powerful Microsoft and early NetWare, Linux server operating system can be said to be a r
Whether you are a Linux command line newbie or a veteran, these tips can help you improve, save time
After VPN connection is established, need to make the following settings: 1, click & ldquo; att
NVIDIA graphics card to solve Ubuntu Linux resolution problem
Linux port listener implementation tutorial
Solaris restart syslog configure separate authentication log
Linux disk partition and mobile hard disk mounting method
Linux driver development details
How does Linux solve system problems with fsck?
Glusterfs cluster distributed file system off the brick processing
Want to be an embedded programmer should know 0x10 basic questions
What should I do if the Sailfish browser appears garbled after upgrading the Win10 system?
Win10 can't play old games, what should I do?
Microsoft is releasing a June security update: 2 serious vulnerabilities
Windows 7 64-bit system recycle bin can not be emptied
Is there a hin in my computer version?
Win10 opens the Spartan browser path method
How to modify the Linux host name
Tips for using library functions in Win7 system
Drive the extra local connection 2 after reloading? Three steps to easily get
Several ways to open the task manager under Win8 system (you don't know)