SSH service in Linux

The Ssh:secure Shell, which belongs to the application layer protocol, works on TCP port 22. Relative to the TELNET,SSH communication process and authentication process are encrypted, it is more secure.

In Linux, OpenSSH is commonly used to implement SSH

SSH authentication with password authentication and key authentication

One, password-based authentication

1. Client initiates connection request

     2,        &NBSP, The server sends its own public key to the client, and the client decides whether to accept it (ssh .shh known hosts

3, The client generates a random number as a symmetric password

4, the random password with the service side public key encryption sent to the server

Second, the key-based authentication

The client itself generates a pair of keys and then stores the public key in the. Ssh/authorized_keys or. Ssh/authorized_key2 of the user's home directory, after which the client does not need to enter a password when connecting; for security, the. SSH directory should have a 7 permission. 00

SSH configuration using:

Server-side:

Master configuration file:/etc/ssh/sshd_config

Some common setup instructions for this file:

ListenAddress 0.0.0.0 # Address of service (if all 0 means that all addresses on the server are Enabled)

Keyregenerationinterval # time the asymmetric key generated by the client can be used

Permitrootlogin # whether to allow administrators to log in directly

Maxauthtries # Sets the maximum number of attempts

Rsaauthentication # Whether RSA authentication is supported

Pubkeyauthentication # whether to support key authentication

Passwordauthentication # Whether password authentication is supported

Allowusers #指定允许特定用户使用ssh连接

Denyusers #禁止特定用户使用ssh连接

Editable/etc/hosts.deny and/etc/hosts.allow files when you need to restrict IP logins

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/61/wKioL1ccu1GR2wqMAAAhIrfL7Eo204.png "title=" Image 1.png "alt=" Wkiol1ccu1gr2wqmaaahirfl7eo204.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/61/wKioL1ccvD3RUWDfAAAUAPUZZms902.png "title=" Image 2.png "alt=" Wkiol1ccvd3ruwdfaaauapuzzms902.png "/>

After setting up the configuration file, run service sshd to start the SSH service.

Client:

To initiate an SSH connection:

SSH [email protected]

Ssh-l USERNAME HOST

SSH [email protected] ' COMMAND ' #在远程主机上执行命令并返回结果后断开连 Pick up

If you do not specify a user name, the remote host is logged on as the client's current user

When you want to use key authentication, the pre-connect client is ready to do the work:

①ssh-keygen-t RSA #产生一对密钥, the key is saved by default in the ~/.ssh/directory (the private key is id_rsa; the public key is Id_rsa.pub)

②ssh-copy-id-i ~/.ssh/id_rsa.pub '-P?? [Email protected] ' #将产生的公钥复制 to the server corresponding to the user's home directory (?? Port for SSH listening)

Considerations for using SSH:

1. Passwords should be frequently changed and complex enough

2. Use non-default port

3, prohibit the administrator to log in directly, should first log in with ordinary users, and then switch to root

4. Only limited users are allowed to log in

5. Limit Client Address

6. Use version 2

7. Use key-based authentication, but set the. SSH directory permission to 700

SCP command:

For file replication, SSH-based services

Usage:

Download file from remote host: SCP [email protected]:/path/to/somefile/path/to/local

Upload file to remote host: scp/path/to/local [email Protected]:/path/to/somefile

SCP can also use many options, with the same option usage as CP

This article is from the "Lin Chu-sheng" blog, make sure to keep this source http://lzs66.blog.51cto.com/9607068/1767299

SSH service in Linux