OpenSSH is a free, open-source implementation of the SSH (Secure SHell) protocol. The SSH protocol family can be used for remote control, or to transfer files between computers. Traditional ways of doing this, such as Telnet (terminal emulation protocol), RCP ftp, rlogin, rsh, are extremely insecure, and passwords are sent in clear text. OpenSSH provides server-side daemon and client tools to encrypt data in remote control and file transfer processes, replacing the original similar services.
OpenSSH is the realization of using SSH to encrypt communication through the computer network. It is an open source solution that supersedes the commercial version provided by SSH Communications security. Currently OpenSSH is OpenBSD's sub-plan.
OpenSSH is often mistaken for a connection to OpenSSL, but in fact the two programs have different purposes, and different development teams have similar names just because they have the same software development goal-to provide open source encrypted communication software.
SSH mainly has two versions V1 (basic not used), V2
Client Tools:
Linux:ssh
Windows:putty,securecrt,sshsecureshellclient,xmanager
Server-side tools:
Linux:sshd
Certification:
(1) Password-based authentication
(2) authentication based on secret key
Installation package: Rpm-qa | grep ssh
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EE/wKiom1WLx7nB7P4cAAEOpxbuQlY804.jpg "title=" Qq20150625171443_meitu_1.jpg "alt=" Wkiom1wlx7nb7p4caaeopxbuqly804.jpg "/>
View SSH version: Ssh-version
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/EA/wKioL1WLxm2iebUaAABphCrP5I4097.jpg "title=" 11.jpg "alt=" Wkiol1wlxm2iebuaaabphcrp5i4097.jpg "/>
Related documents:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EE/wKiom1WLyFvxUQVHAADViWMK3_Y171.jpg "title=" 12.jpg "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:67PX; "alt=" Wkiom1wlyfvxuqvhaadviwmk3_y171.jpg "/>
Configuration file:
Client:/etc/ssh/ssh_config
Server side:/etc/ssh/sshd_config
Secret key:
V2 version of the secret key:
Rsa:ssh_host_rsa_key,ssh_host_rsa_key.pub
Dsa:ssh_host_dsa_key,ssh_host_dsa_key.pub
V1 version of the secret key:
Ssh_host_key,ssh_host_key.pub
Server configuration file Description:
Port 22
AddressFamily any specifies which address family the sshd (8) should use. The range of values is: "any" (default), "Inet" (IPv4 only), "Inet6" (IPv6 only).
Protocol 2 Default Usage protocol version
How often does the Keyregenerationinterval 1h secret key change
Serverkeybits 1024 secret key length
Logingracetime 2m Login Timeout length
Permitrootlogin Yes to allow root login (recommended to close, Su to root with normal user login)
Maxauthtries 6 Number of trial and error logins
Printlastlog Yes to print the last login information (try not to expose this information)
Subsystem Sftp/usr/libexec/openssh/sftp-server about SFTP settings
SFTP is based on Ssh,ftps SSL-based
SSH usage tips:
SSH-L User name remote hostname [' command '] does not log on to the remote host, but returns command execution results
SSH user name @ remote Host name
-x:enablex11 forwarding
-Y
~/.ssh/known_hosts Save login information with permissions of 644
Experiment: authentication based on secret key
1. Generate a pair of secret keys (Ssh-keygen)
Ssh-keygen-t Specify algorithm-F save File location and name (default in/home/user/.ssh/id_rsa)-N Specify password
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6E/EF/wKiom1WL08qSiMrLAAIadfb103k751.jpg "title=" 36020150625180932957_meitu_3.jpg "alt=" Wkiom1wl08qsimrlaaiadfb103k751.jpg "/>
2.transfer the public key to a . Ssh/authorized_keys file in a user's home directory on the server side
(1) using the tool Ssh-copy-id
usage:ssh-copy-id–i/path/to/pubkey user name @ Host name
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EF/wKiom1WL1kSi_3vyAAEWJHVC5jM112.jpg "title=" 36020150625182157231.jpg "width=" 680 "height=" border= "0" hspace= "0" vspace= "0" style= "width:680px;height:132px;" alt= "Wkiom1wl1ksi_3vyaaewjhvc5jm112.jpg"/>
(2) SCP, then append to Authorized_keys
3. Test login
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6E/EF/wKiom1WL1_eC_425AABEA4Ny4Jo725.jpg "title=" 36020150625182912215.jpg "alt=" Wkiom1wl1_ec_425aabea4ny4jo725.jpg "/>
Summarize:
1, password to change frequently
2. Use non-default port
3. Restricted Login Address
4. Disable Administrator Login
5. Open Limited Users only
6. Using key-based authentication
7. Do not use the V1 version
SCP and SFTP usage:
1, SCP: SSH- based remote replication command, can be implemented between the host data transfer
Command format: SCP [options]src dest
Remote host
user name @ host name:/path/to/somefile
Options are commonly used in the following ways:
-R: Recursive replication, using when copying directories
-P: Keep the source file's metadata information; mostly mode and timestamp.
-Q: Silent mode
-P Port: Specifies the port of the remote server
2. SFTP:
sftp [[Email Protected]]host
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/EB/wKioL1WL2zKC-in1AAByhcOC0RE515.jpg "title=" 36020150625183532780.jpg "alt=" Wkiol1wl2zkc-in1aabyhcoc0re515.jpg "/>
Tips:
If you want to connect to Linux based on a secret key, you can do this by pressing:
1.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6E/EA/wKioL1WLwJ7QNcbeAACIecqLIv4992.jpg "title=" 1.png " Style= "Float:none;" alt= "wkiol1wlwj7qncbeaaciecqliv4992.jpg"/>
2.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6E/ED/wKiom1WLvuOQSQXXAACKq9QwDok437.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1wlvuoqsqxxaackq9qwdok437.jpg "/>
3.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EA/wKioL1WLwQPzn1mBAAGJ_0zjafY430.jpg "title=" 6.png " alt= "Wkiol1wlwqpzn1mbaagj_0zjafy430.jpg"/>
4.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/ED/wKiom1WLv3Oi8XzdAAEvmNTYfKg707.jpg "title=" 7.png " alt= "Wkiom1wlv3oi8xzdaaevmntyfkg707.jpg"/>
5.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/EA/wKioL1WLwJ-gsBBNAAEY3T5o-YE106.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1wlwj-gsbbnaaey3t5o-ye106.jpg "/>
6.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6E/ED/wKiom1WLvuTzlOmpAAGBVj0bfz8305.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1wlvutzlompaagbvj0bfz8305.jpg "/>
7. Cat id_rsa_1024.pub >> Ssh/authorized_keys
8.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6E/EA/wKioL1WLwJ_zHbE1AADW2Lyg5eo787.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1wlwj_zhbe1aadw2lyg5eo787.jpg "/>
only for Personal Learning to organize, if there are mistakes, big God do not spray ~ ~ ~
This article is from the "Black and White" blog, be sure to keep this source http://2232284.blog.51cto.com/2222284/1665680
OpenSSH service and its related applications