Introduction to SSH Services

1. Introduction to Online encryption technology:

Public Key : Provides data encryption for a remote host, that is, everyone can obtain your public key to encrypt the data.

private Key : The remote host uses your public key to encrypt the data, and the local side can use the private key to decrypt it. Because the private key is so important, the private key cannot be drained out and can only be stored on its own host.

Since each host should have its own key (the host's public key and its own private key), and the public key is used for encryption and the private key is used for decryption, the private key cannot be drained. But because the network is two-way online, everyone should have the other side of the public key.

2. There are currently two versionsof SSH, Version1 and version2, where version2 plus an on-line detection mechanism to avoid being plugged into malicious attack code during online It is therefore more secure than version1.

Introduction to 3.ssh online behavior

Online steps:

1) The server establishes a public key file: Each time the SSHD service is started, the service will take the initiative to find the/etc/ssh/ssh_host* file, if the system has just been installed, because there is no such public key files, So sshd will take the initiative to calculate the required public key files, but also calculate the server's own needs of the private files.

2) client active online requirements: If the client wants to go online to the SSH server, it needs to use the appropriate client program to come online, including ssh,pietty and other client programs

3) The server sends the public key to the client: After receiving the client's request, it transmits the public key file obtained by the first step to the client (this should be a plaintext transfer).

4) The client records the public key data of the server and randomly calculates its own public private key: If the client connects to this server for the first time, it will record the public key data to the ~/.ssh/known_hosts in the client's user home directory . If the server's public key data has been recorded, then the client will be compared to the previous record that was received. If this public key data is accepted, the client's own public private key data is calculated.

5) Return the client's public key data to the server side: the user transmits his or her public key to the server. At this point the server has the server's private key and the client's public key, while the client is the public key with the service side and the client's own private key, because the server side and the client's key system (public key + private key) is not the same, so it is also called asymmetric Key System .

6) start two-way encryption: The server to the client , the server transmits data, take the user's public key to send out, after the client receives, with their own private key decryption; client-to-server , when the client transmits data, The server's public key is encrypted and sent out, after the server receives, with the server's private key decryption.

The whole process:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/20/wKioL1T3wszgMUenAAGQwm8m2s4066.jpg "title=" 10q9 " PLF4U3} @YG {iqudizk.png "alt=" Wkiol1t3wszgmuenaagqwm8m2s4066.jpg "/>

from the above, the client's key is the random operation generated in the online, so you this time the online with the next key may be different. In addition, the client's home directory (~/.ssh/known_hosts) records the public key of the host that wasonce online toconfirm that we are connected to the correct server.

4. Create a new server-side public and private key by deleting the/etc/ssh/ssh_host* file and restarting the sshd service.

The 5.ssh provides shell and ssh-ftp server two services. The ports used by default are all.

6.SSH [–f] [-o parameter Project ] [ -P irregular port ] [ account @]ip [ instruction ]: Direct login to the remote host's instructions, parameters,

1)-F: Need to cooperate with the following instructions, do not log into the remote host directly send a command past just

2)-o: Parameter item: Main parameter item has,

connecttimeout= seconds: Number of seconds to wait online, reducing waiting time

Stricthostkeycheking=[yes|no|ask]: The default is ask, if you let public key actively join known_hosts, you can set to No can

3)-P: Set the login port (useful when using a non-default port)

4)[ instruction ]: in combination with-f , without logging on to the host, the instructions sent to the host, this mode of instruction will be run on the host, the client and the server link has been disconnected, that is, there is no client lag, if not added f, the client will not respond until after the command is executed.

5) when no account is specified, the host is logged in with the current account.

7. When the host public key of the server is changed due to the system reload or deletion of the/etc/ssh/ssh_host* file, the client cannot connect to the host. The workaround is to delete the corresponding line from the ~/.ssh/known_hosts file and reconnect it.

8.sftp username @ host IP or domain name: use SSH channel for file upload and download. The supported directives are:

1) CD: Switch directory

2) LS: Displays the files in the directory

3) mkdir: Create directory

4) rmdir: Delete directory

5) PWD: Displays the current path

6) Chgrp: Modify a group of files or directories

7) Chown: Modify the owner of the file or directory

8) chmod: Modify the permissions of the file or directory

9) ln Oldnamenewname: Establishing a Connection file

RM Path: Delete file or directory

One) renameoldname newname: Change the file or directory name

Exit or bye or quit: Leave the remote host

for the behavior of the machine plus L ( the first letter of localhost), such as LCD,lls and so on.

Put [ Local directory or archive ] [ remote ]: Upload the file from the local computer to the remote host, if you do not specify the remote host directory, will be placed in the current remote host directory

Get [ Remote host directory or archive ] [ native ]: Download the file from the remote host, if you do not specify a local directory, the file will be placed in the current directory of the machine.

9.SCP [-PR] [-l rate ] file [ account @] Host: directory name: upload;

SCP [-PR] [-l rate ] [ account @] Host:file directory name: download; parameters,

1)-P: Retain the original file permission data

2)-R: You can copy the entire directory (including subdirectories) when copying the source to a directory

3)-L: can limit transmission speed, Unit is kbits/s,eg,-l-100kbytes/s

This article is from "Tiger Brother's Blog" blog, please be sure to keep this source http://7613577.blog.51cto.com/7603577/1617509

Introduction to SSH Services