Linux SSH service and key-free authentication

SSH Secure Shell

SSH 22/tcp

Traditional Network service programs, such as:FTP, pop, andtelnetAre inherently unsafe because they are used on the networkplaintextsend passwords and data, and people with ulterior motives can easily intercept these passwords and data. Furthermore, these service programs areSecurity VerificationThe way also has its weaknesses, is very vulnerable to the "middleman" (Man-in-the-middle) this way of attack. The so-called "middleman" attack means that the "middleman" pretends to be the realServerreceive the data you pass to the server, and then impersonate you to send the data to the real server. The data transfer between the server and you is a very serious problem after the hands and feet of the "middleman". By using SSH, you can encrypt all the transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS spoofing and IP spoofing. An additional benefit of using SSH is that the transmitted data is compressed so that it can be transferred fasterSpeed. SSH has many functions, which can replaceTelnet, but also forFTP,PoP, even forPPPprovide a secure "channel".

SSH protocol version:

V1: Mac based on CRC-32, unsafe

V2: Two host protocols choose a secure Mac mode

Based on the DH algorithm to do secret key exchange, based on RSA or DSA algorithm to achieve identity authentication;

2 Ways User Login authentication:

Based on password

Based on key

SSH [[email protected]]host [COMMAND]

User name IP Address

Options supported by SSH:

-P : Port The remote server listens on

-B: Specify the source IP of the connection

-V: Debug mode

-C: Compression mode

-X: Supports x11 forwarding

-Y: Support Trust X11 forwarding forward X11 trusted Yes

-T: Force Pseudo- TTY assignment

Ssh-t remoteserver1 ssh Remoteserver2

-L: Log in to the sshd server directly

Let's look at one of the simplest keyless entry commands:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/8A/B0/wKioL1g36zSzb9tTAABHxgo4aHY580.png "style=" float: none; "title=" 1.png "alt=" Wkiol1g36zszb9ttaabhxgo4ahy580.png "/>

Go to the secret key folder and send it to 220 machine and enter the password

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8A/B4/wKiom1g36zWwRrHbAABZl0RhBhU719.png "style=" float: none; "title=" 2.png "alt=" Wkiom1g36zwwrrhbaabzl0rhbhu719.png "/>

You can then see a secret key file in the. SSH directory of the 220 machine.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8A/B0/wKioL1g36zbiw9R5AAB3HBzQwQk970.png "style=" float: none; "title=" 3.png "alt=" Wkiol1g36zbiw9r5aab3hbzqwqk970.png "/>

And then back to 201 Machine input command SSH [email protected] Wait a few seconds for direct access

You can also ping the IP to see if it is 220.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/8A/B4/wKiom1g36zegG7SeAACgKdhuRro790.png "style=" float: none; "title=" 4.png "alt=" Wkiom1g36zegg7seaacgkdhurro790.png "/>

You can also see the folder content comparison is not entered in 220

201 of the home directory is there are many packages of 220 is not

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8A/B4/wKiom1g37Prg0C3AAACXiqE7Jxs613.png "style=" float: none; "title=" 7.png "alt=" Wkiom1g37prg0c3aaacxiqe7jxs613.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/8A/B0/wKioL1g37PuijD1aAAB7ImTyDEQ316.png "style=" float: none; "title=" 6.png "alt=" Wkiol1g37puijd1aaab7imtydeq316.png "/>

These are the simplest ways to avoid secret keys.

Linux SSH service and key-free authentication