SSH sshd SCP based on key authentication login dual-Machine mutual trust

Telnet: remote Login TCP/23

Remote authentication is clear text; data transmission is plaintext; not practical.

Ssh:secure SHell TCP/22 Protocol v1 v2 V1 basically does not use the implementation of the authentication process encryption

Openssh: SSH is an open-source version of SSH is not only a software, but also a protocol

The mechanism of SSH encryption authentication

Password-based: default is password

Based on the key: in advance on the server side of the user into the client's public key, and then link to the password

netstat-tnl View server-side open a service waiting for others to access listen monitoring

The configuration files for SSH and sshd are

/etc/ssh/ssh_config client-side configuration files

/etc/sshd_config server-side configuration files

Vim Sshd_config # followed by a space is a comment, no space is an option; Remove # is enabled, plus # is off

For example, you can modify the server port number inside

For example: ListenAddress 192.168.9.112 Service only on the 112 machine

Example: Permitrootlogin No does not allow administrators to log in directly

For example: maxauthtries 6 input error password more than 6 times, will be prompted to wait a while to enter

For example: Authorizedkeyfile. Ssh/authorized_keys the client-generated public key is placed under this directory, it can be implemented based on key encryption authentication

Last to service sshd Restart/reload

Client applications:

ssh:ssh-l [email protected] ' ifconfig ' do not log on to the host, only return command execution results

How to implement based on key authentication:

One host for the client (based on a user implementation)

1. Generate a pair of keys

SSH-KEYGEN-T Specifies the encryption algorithm RSA or DSA

2. Transfer the public key to the. ssh/authorized_keys file in the home directory of a user on the server side

Use the file Transfer tool to transfer the public key to the past with Ssh-copy-id or SCP

3. Test Login

SCP: SSH-based remote replication command that allows data to be transferred between hosts

-R replication directories need to be recursive with-R

Example: Copying a remote file to the local current directory: Standing on 1

SCP [email protected]:/etc/fstab./

Example: Copy local file to remote host: stand on 1

SCP fstab [Email protected]:/root

Experiment: Key authentication between two host computers

1, RM-RF. ssh/* 9.1 Delete the original key file

2, ssh-keygen-t rsa-f. Ssh/id_rsa generate key File save under/ssh called Id_rsa

3, even enter two times password automatically generate a pair of passwords

After the second step, add-n ' can specify password '

4. Transfer your public key to another host. Ssh/id_rsa

Method One: ssh-copy-id-i. ssh/id_rsa.pub [email protected] He can automatically append to 9.2. Ssh/authorized_keys's Tail

Automatic login on Next link 9.2

Method Two: SCP first copy the past and then append >> to the tail of. Ssh/authorized_keys

You can also configure two-machine trust

SFTP: Both the client and server side

Example: Downloading files from 9.2 to 9.1

1. SFTP [email protected]

2, get download a file to local mget download multiple files to local

Server Security Summary:

Regular password change

Using non-default ports

Restrict Login Client Address

Prohibit direct login by administrator

Allow only limited users to log on

Using key-based authentication

Do not use Protocol version 1

SSH 192.168.9.1 8092

SSH sshd SCP based on key authentication login dual-Machine mutual trust