Remote Login method has telnet and ssh two way, because Telnet uses the clear text transmission, the transmission process System account password and so on important information is easy to intercept, the security is inferior to SSH (secure shell), therefore now generally uses SSH as the remote login tool.
In fact, many Linux versions such as Ubuntu have built-in ssh-agent, this is a remote connection tool, through the ssh-agent can initiate remote connection, but if you want to achieve in other computers telnet to their own computer, you must install OpenSSH, you can use the following command
Ubuntu
| The code is as follows | Copy Code |
| sudo apt-get install OpenSSH |
|
ArchLinux
| The code is as follows | Copy Code |
| sudo pacman-s openssh |
|
The system will automatically download and complete the installation, and when you are done, you can see if the SSH service is started with the following command
| The code is as follows | Copy Code |
| Ps-ef | grep sshd |
|
If this process is not sshd, start manually
Ubuntu
| The code is as follows | Copy Code |
| Sudo/etc/init.d/ssh start |
|
ArchLinux
| The code is as follows | Copy Code |
| Sudo/etc/rc.d/sshd start |
|
ArchLinux add sshd to daemons array boot up
daemons= (Syslog-ng network crond dbus alsa @openntpd sshd)
If the sshd process appears, indicating that the SSH service has started, it is not an accident that you can connect to your computer via SSH on other computers. About the SSH connection tool, the Windows platform recommended SECURE-CRT software, this is a very popular software, the use is relatively simple. Can also choose Putty, but the proposal to download the official English version, some time ago the Chinese version of the Putty has a back door in the internet speculation. The Linux system is convenient because it has its own ssh-agent, enter the following command directly inside the terminal
SSH Username@ip
Username is your login account, IP is the IP address, of course, you can also use the domain name
SSH username@domain
The system will require you to enter a password for verification, verify that you can log on to the remote host. For security reasons, some simple configuration is required, otherwise a large number of IP logon failure information will be found when viewing the SSH log files later. In fact, someone else through the port scanning software scan the open (SSH default) port host, and then through the exhaustive method for password guessing, if you are using a weak password, the probability of being guessed is very high.
Configuration file path
Ubuntu
| The code is as follows | Copy Code |
| /etc/ssh/ssh.conf |
|
ArchLinux
| The code is as follows | Copy Code |
| /etc/ssh/sshd.config |
|
We can configure this file by editing it. When you try to log on to someone else's host, what identity will you log in to? Root, of course, because root is a user of every Linux system. So we should disable the root user login and find
| The code is as follows | Copy Code |
| Permitrootlogin Yes |
|
Change the yes to No.
The port scan software defaults to scan Port 22, so we can also change the port to another port and find the following statement
Port 22
Change the 22 to your other ports, like 1022.
Limit the maximum number of password errors, 3 times, their own login basic will not be a continuous error 3 times, password errors more than 3 times refused to log in
Maxauthtries 3
Save exit after modification, reboot SSH service
Ubuntu
| The code is as follows | Copy Code |
| Sudo/etc/init.d/ssh restart |
|
ArchLinux
| The code is as follows | Copy Code |
| Sudo/etc/rc.d/sshd restart |
|
Note that you need to declare a port after you modify the port and log on in CLI mode
| The code is as follows | Copy Code |
| Ssh-p 1022 Username@ip |
|
With a simple configuration you will find a significant reduction in failed logins from unknown IP. Forgot to say that the SSH login log was saved in this file
| The code is as follows | Copy Code |
| /var/log/auth.log |
|
Under ArchLinux, the owner of this file is root, the group is log, the permission is 640, in order to facilitate ordinary users to view the log, the user to join the log group (not recommended others plus permissions)
| The code is as follows | Copy Code |
| sudo gpasswd-a song log |
|
Usually can cat this file to see login record, of course, sometimes the file will be longer, especially before the root user is not disabled, often from the same IP login failed to reach thousands of, if you see a line of time, so we only output root login failed record ( Although root logging is disabled, the system will still log when someone attempts to log in as root
| The code is as follows | Copy Code |
| grep "Failed password for root"/var/log/auth.log | awk {' Print $11 '} | uniq-c | Sort-rn |
|
The system lists the IP that failed to log in and counts the number of failures from top to bottom, but you can also enter a record of successful login
| The code is as follows | Copy Code |
| grep "Accepted password for"/var/log/auth.log |
|
The system will list the records that have been logged on to the host, including time, IP address, etc.
In addition, I use the Android mobile phone, using the Linux kernel, so I hope to also remotely log on to their own computer. First, the mobile phone to support the installation of SSH software, CYANOGENMOD7 version of the system with a terminal, is simply a micro-Linux terminal, basically a lot of basic instructions can be implemented, such as: Ls,cd,mount,cat,nano and so on. Next there is a problem, I use telecommunications adsl, through the Tp-link router PPPoE dial-up Internet, each dial-up access to the IP is not the same, this is not SSH login, because you do not know the next time to get the IP address is how much. So think of windows under the Peanut Shell client, can dynamically resolve domain name, hurriedly to Peanut Shell website application for a free domain name, but did not release Linux client (now has source code installation), vaguely seem to remember tp-link have dynamic DNS function, log up to Sure, In the dynamic DNS service provider selected peanut shell, account password on the Peanut shell site to fill the account password, after login will be the peanut Shell account binding domain name resolution to the local, but when you through the domain name SSH connection is found to be not connected, because dial-up Internet is the router, peanut shell will be the domain name resolution to your router, Instead of your computer, you need to make further settings. In the Tp-link router set the forwarding rules of the page select the DMZ host, the DMZ state settings enabled, DMZ host IP address to fill you from the router DHCP server to obtain IP, if your router is more than a person on the Internet may each time from DHCP to obtain the IP is not the same, So to put your host MAC address and a certain IP address binding, that is, a certain IP address reserved to your network card, so that each time you get the same IP, the IP address to fill in the DMZ host IP address inside. And then use the domain name to SSH connection found that the normal link is available.
Finally, put on a few cell phones telnet host success after the screenshot
Welcome to Ubuntu
root directory
ll view file properties
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
