Deploy an SSH application on a Linux operating system

Article Title: deploy an SSH application on a Linux operating system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Remote Management is a must for system administrators. If the system administrator needs to run to the front of the server for repair every time the server fails, it is a headache. Generally, Telnet or SSH can be used for remote connection. However, these two protocols are quite different.

Although the Telnet service is also a client/server model service, it is more important to achieve remote logon, that is, remote interactive computing, based on the Telnet protocol. Remote Login refers to the process in which a user uses Telnet commands to temporarily turn his computer into a simulation terminal of the remote host. The simulation terminal is equivalent to a non-intelligent machine. It is only responsible for passing each character entered by the user to the host, and then displaying each information output by the host on the screen. However, this Protocol has a weakness, that is, its data transmission on the Internet is in plaintext format, that is, it does not encrypt the transmitted data (including accounts and passwords. In this case, unauthorized attackers can easily intercept account names and passwords as long as they have network listening tools to prepare for the next attack. Therefore, traditional network service programs such as Telnet are inherently insecure because they transmit passwords and data in plaintext over the network. Attackers can easily intercept these passwords and data. In addition, the security authentication methods of these service programs are also quite flawed and vulnerable to attacks. Attacks such as man-in-the-middle attacks. The so-called man-in-the-middle attack means that the man-in-the-middle impersonates a Real Server to receive data from you to the server, and then impersonates you to pass the data to the Real Server. When the data transfer between the server and you is transferred by the intermediary, serious security problems may occur.

The SSH protocol is like Telnet, an alternative to insecure remote login programs. The SSH protocol uses a strong encryption algorithm to encrypt the data to be transmitted, including accounts, passwords, command code, and so on, to ensure the security of data transmission. Therefore, it is more secure than Telnet remote login programs. In addition, to further improve the security of the SSH protocol, you can configure the Linux operating system to the TCP-Wrappers mode for additional security protection. TCP-Wrappers provides enhanced security for services generated by inetd. TCP Wrappers is a replacement method for using/etc/inetd. sec. TCP-Wrappers provides protection against host name and host address spoofing. Spoofing is a method disguised as a valid user or host to obtain unauthorized access to the system. Meanwhile, TCP-Wrappers uses the access control list to prevent spoofing. The access control list is a list of systems in Linux Files. When you configure to verify host name-to-IP address ing and reject software packages that use IP source routing, TCP Wrappers provides protection against IP spoofing. However, TCP Wrappers does not provide password verification or data encryption. Similar to inetd, information is transmitted in plaintext. The combination of SSH and SSH can complement each other. Because SSH can provide encrypted transmission, TCP-Wrappers can solve the problem of spoofing. This makes remote logon and remote maintenance more secure.

　　1. Install the SSH protocol.

By default, the SSH protocol is installed during Linxu installation. However, sometimes the SSH protocol may be corrupted and needs to be re-installed. Or, if you do not install the SSH protocol during system installation, you need to install the SSH protocol manually.

The system administrator can download the sshsoftware package from http://www.ssh.fi/website, and download it from another website. Then install the SDK. The installation of this software package is not difficult and I will not repeat it. However, I want to emphasize that, for the convenience of subsequent maintenance, it is best to make a list of all the files in the system before the software package compilation and installation, and then compare their differences using the diff command. That is to say, before the software package is compiled and installed, use the find/*> test1 command to create a list of all files in the system. After the software package is installed and compiled, use this command (find/*> test2) to create a list of all files in the system. Then run the diff test1 test2> test3 command to check the system file changes before and after the software package is compiled and installed. The system administrator is familiar with this change and is conducive to the maintenance of the subsequent operating systems.

[1] [2] [3] Next page