Home > Others

OpenSSH service and its related applications

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

OpenSSH is a free, open-source implementation of the SSH (Secure SHell) protocol. The SSH protocol family can be used for remote control, or to transfer files between computers. Traditional ways of doing this, such as Telnet (terminal emulation protocol), RCP ftp, rlogin, rsh, are extremely insecure, and passwords are sent in clear text. OpenSSH provides server-side daemon and client tools to encrypt data in remote control and file transfer processes, replacing the original similar services.

OpenSSH is the realization of using SSH to encrypt communication through the computer network. It is an open source solution that supersedes the commercial version provided by SSH Communications security. Currently OpenSSH is OpenBSD's sub-plan.

OpenSSH is often mistaken for a connection to OpenSSL, but in fact the two programs have different purposes, and different development teams have similar names just because they have the same software development goal-to provide open source encrypted communication software.

SSH mainly has two versions V1 (basic not used), V2

Client Tools:

Linux:ssh

Windows:putty,securecrt,sshsecureshellclient,xmanager

Server-side tools:

Linux:sshd

Certification:

(1) Password-based authentication

(2) authentication based on secret key

Installation package: Rpm-qa | grep ssh

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EE/wKiom1WLx7nB7P4cAAEOpxbuQlY804.jpg "title=" Qq20150625171443_meitu_1.jpg "alt=" Wkiom1wlx7nb7p4caaeopxbuqly804.jpg "/>

View SSH version: Ssh-version

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/EA/wKioL1WLxm2iebUaAABphCrP5I4097.jpg "title=" 11.jpg "alt=" Wkiol1wlxm2iebuaaabphcrp5i4097.jpg "/>

Related documents:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EE/wKiom1WLyFvxUQVHAADViWMK3_Y171.jpg "title=" 12.jpg "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:67PX; "alt=" Wkiom1wlyfvxuqvhaadviwmk3_y171.jpg "/>

Configuration file:

Client:/etc/ssh/ssh_config

Server side:/etc/ssh/sshd_config

Secret key:

V2 version of the secret key:

Rsa:ssh_host_rsa_key,ssh_host_rsa_key.pub

Dsa:ssh_host_dsa_key,ssh_host_dsa_key.pub

V1 version of the secret key:

Ssh_host_key,ssh_host_key.pub

Server configuration file Description:

Port 22

AddressFamily any specifies which address family the sshd (8) should use. The range of values is: "any" (default), "Inet" (IPv4 only), "Inet6" (IPv6 only).

Protocol 2 Default Usage protocol version

How often does the Keyregenerationinterval 1h secret key change

Serverkeybits 1024 secret key length

Logingracetime 2m Login Timeout length

Permitrootlogin Yes to allow root login (recommended to close, Su to root with normal user login)

Maxauthtries 6 Number of trial and error logins

Printlastlog Yes to print the last login information (try not to expose this information)

Subsystem Sftp/usr/libexec/openssh/sftp-server about SFTP settings

SFTP is based on Ssh,ftps SSL-based


SSH usage tips:

SSH-L User name remote hostname [' command '] does not log on to the remote host, but returns command execution results

SSH user name @ remote Host name

-x:enablex11 forwarding

-Y


~/.ssh/known_hosts Save login information with permissions of 644


Experiment: authentication based on secret key

1. Generate a pair of secret keys (Ssh-keygen)

Ssh-keygen-t Specify algorithm-F save File location and name (default in/home/user/.ssh/id_rsa)-N Specify password

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6E/EF/wKiom1WL08qSiMrLAAIadfb103k751.jpg "title=" 36020150625180932957_meitu_3.jpg "alt=" Wkiom1wl08qsimrlaaiadfb103k751.jpg "/>

2.transfer the public key to a . Ssh/authorized_keys file in a user's home directory on the server side

(1) using the tool Ssh-copy-id

usage:ssh-copy-id–i/path/to/pubkey user name @ Host name

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EF/wKiom1WL1kSi_3vyAAEWJHVC5jM112.jpg "title=" 36020150625182157231.jpg "width=" 680 "height=" border= "0" hspace= "0" vspace= "0" style= "width:680px;height:132px;" alt= "Wkiom1wl1ksi_3vyaaewjhvc5jm112.jpg"/>

(2) SCP, then append to Authorized_keys

3. Test login

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6E/EF/wKiom1WL1_eC_425AABEA4Ny4Jo725.jpg "title=" 36020150625182912215.jpg "alt=" Wkiom1wl1_ec_425aabea4ny4jo725.jpg "/>


Summarize:

1, password to change frequently

2. Use non-default port

3. Restricted Login Address

4. Disable Administrator Login

5. Open Limited Users only

6. Using key-based authentication

7. Do not use the V1 version


SCP and SFTP usage:

1, SCP: SSH- based remote replication command, can be implemented between the host data transfer

Command format: SCP [options]src dest

Remote host

user name @ host name:/path/to/somefile

Options are commonly used in the following ways:

-R: Recursive replication, using when copying directories

-P: Keep the source file's metadata information; mostly mode and timestamp.

-Q: Silent mode

-P Port: Specifies the port of the remote server

2. SFTP:

sftp [[Email Protected]]host

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EB/wKioL1WL2zKC-in1AAByhcOC0RE515.jpg "title=" 36020150625183532780.jpg "alt=" Wkiol1wl2zkc-in1aabyhcoc0re515.jpg "/>


Tips:

If you want to connect to Linux based on a secret key, you can do this by pressing:

1.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6E/EA/wKioL1WLwJ7QNcbeAACIecqLIv4992.jpg "title=" 1.png " Style= "Float:none;" alt= "wkiol1wlwj7qncbeaaciecqliv4992.jpg"/>

2.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6E/ED/wKiom1WLvuOQSQXXAACKq9QwDok437.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1wlvuoqsqxxaackq9qwdok437.jpg "/>

3.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EA/wKioL1WLwQPzn1mBAAGJ_0zjafY430.jpg "title=" 6.png " alt= "Wkiol1wlwqpzn1mbaagj_0zjafy430.jpg"/>

4.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/ED/wKiom1WLv3Oi8XzdAAEvmNTYfKg707.jpg "title=" 7.png " alt= "Wkiom1wlv3oi8xzdaaevmntyfkg707.jpg"/>

5.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EA/wKioL1WLwJ-gsBBNAAEY3T5o-YE106.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1wlwj-gsbbnaaey3t5o-ye106.jpg "/>

6.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/ED/wKiom1WLvuTzlOmpAAGBVj0bfz8305.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1wlvutzlompaagbvj0bfz8305.jpg "/>

7. Cat id_rsa_1024.pub >> Ssh/authorized_keys

8.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/EA/wKioL1WLwJ_zHbE1AADW2Lyg5eo787.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1wlwj_zhbe1aadw2lyg5eo787.jpg "/>

only for Personal Learning to organize, if there are mistakes, big God do not spray ~ ~ ~





This article is from the "Black and White" blog, be sure to keep this source http://2232284.blog.51cto.com/2222284/1665680

OpenSSH service and its related applications

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
openssh linear algebra and applications pearson packaging and deploying desktop java applications eclipse building applications with microservices and docker network security essentials applications and standards handbook of data structures and applications debian openssh

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More