SSH protocol and TCP Wapper

First, SSH

1.SSH (Secure Shell), security channel protocol, mainly for the remote connection of character interface, remote replication, etc. encrypted data transfer, user password, instructions, etc.

2.Telnet (remote login): A general user remotely connects to a network device, such as a switch, and can also be used for port testing; unencrypted data

3.C (Client)/S (Server)

4.OPENSSH Package provides SSH protocol

5. Login Verification Method

1) Password Authentication: Remote connection with the user name password in the server to match, allow logon

2) Password pair Authentication: The client creates the key (private key, public key), puts the public key to the server specified location (/root/.ssh/), the server can resolve the client's sending data, that is, allow login

6.SSH Client

1) Windows Connect Linux:xshell, CRT

2) Linux Connection Linux:ssh command, SCP (copy)

Second, the Password authentication method (The following edits should be removed or added before the comment # number changes)

1) Edit Key Verification method Vim/etc/ssh/sshd_config

SSH protocol listening port, default 22

IPV4 address of the listener; 0.0.0.0 listen to all IP addresses

Delete this row, the secondary behavior setting listens to the IPV6 address

Set no operation time for the connection, disconnect after arrival time

Allow the root user to use SSH

Number of password errors

Maximum number of connections

Do not allow users with password null to use SSH

/Enable Password authentication method

Disabling the GSSAPI authentication method

Disable GSSAPI

Disable DNS Resolution

Prompt file when logging in to SSH

Allow only hehe users to log in; Denyusers hehe deny hehe user login; Do not enable it at the same time (if you add it yourself)

2) Restart sshd service/etc/init.d/sshd restart

4.chkconfig--level sshd on//start 3, 5 operating level sshd on self-boot

5.Linux authentication: SSH user name @ip//linux remote connection to Linux server

6.Linux Copy file: SCP local file Username @ip: path//upload Linux local file to remote Linux server specified location

7.Linux download file: SCP username @ip: path local path//Copy files from remote Linux service to local Linux system

Third, the key pair authentication method

1. The Linux client generates a key pair;-t specifies the key type,-b specifies the number of encryption bits SSH-KEYGEN-T rsa-b 1024

2. The client uploads the Linux local public key to the remote Linux Server system root user home directory SCP ~/.ssh/id_rsa.pub [email protected]:/root/

3. Create the. SSH directory on the linux server mkdir. SSH

4. Move/root/id_rsa.pub to ~/.ssh/authorized_keys on the Linux server

5. Edit the key authentication method on the Linux server Vim/etc/ssh/sshd_config

Pubkeyauthentication Yes//enable key pair authentication authorizedkeysfile. Ssh/authorized_keys//Specify Public key file location

Passwordauthentication No//Disable Password authentication method

6. Restart the sshd service/etc/init.d/sshd restart

7. Verify No password login

Note: If you want to log on with a multi-user key pair, copy the public key file to multiple users. Ssh/authorized_keys; a key pair is recommended to implement a user login or to use the same public key file

Iv. TCP Wapper

1. Enabling access to control services

2.TCP Wapper

1) Allow access to the list of files/etc/hosts.allow add the allowed access to the service + (IP or network segment)

2) List of files denied access/etc/hosts.deny

3. Access Priority

1) First check if the/etc/hosts.allow has a corresponding entry, if any, allow access

2) Re-check/etc/hosts.deny if there are no entries, if any, deny access

3) If there are no client entries for two files, access is allowed

Case:

Vim/etc/hosts.deny

Service Name: IP

sshd:192.168.1. Deny 192.168.1.0 network segment Access sshd service, all the rest allow

Sshd:all//Deny all network segments access to SSHD services

sshd:192.168.1.10//Deny 192.168.1.10 access to sshd service, all the rest allow

SSH protocol and TCP Wapper