Secure SSH connection under Linux

SSH is a security protocol based on application layer and Transport layer, and SSH protocol can prevent information leakage between computer communication.

The SSH protocol commonly used under Linux is SSH command, and SCP command, there is no security key for SSH, SCP. is password-based security authentication, the use of remote commands to enter a password, although this is a secure connection, but also the transmission of passwords in the network, if often operating between multiple Linux systems, re-enter the password is a bit inconvenient.

A safer and more efficient approach is to set up a security key, is to establish a pair of security keys, public and private, the public to the destination server, the destination server in each receive client request will be compared to your key, if the public is consistent, the purpose of the server will be a public cryptographic challenge transmission to the client, After the client receives the challenge, it will decrypt it privately and send the result to the destination server, and the whole process will not transfer the password in the network or repeat the password.

We are now going to implement the security key, the lab environment is two Linux hosts

A ip:172.16.15.168

B ip:172.16.15.24

Simple login between two hosts, a with SSH connection to B

The a client is executed with the root password: ssh-keygen-t RSA

Ssh-keygen is a system tool that generates authentication keys, using an asymmetric encryption algorithm that includes

RSA, DSA

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/90/wKioL1Xm0evC2yLKAAKKFryTZbo806.jpg "title=" Picture 1.png "alt=" wkiol1xm0evc2ylkaakkfrytzbo806.jpg "/>

Return

You will find two files generated under/root/.ssh/: Id_rsa (Private), id_rsa.pub (public)

Upload id_rsa.pub to B server and create a new/root/.ssh/authorized_keys under B server

Write the client's public-secret Authorized_keys

Cat Id_rsa.pub >> Authorized_keys (note that appending is not an overlay)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/72/93/wKiom1Xmz-Sy2QgFAAFsP-rOByY536.jpg "title=" Picture 2.png "alt=" wkiom1xmz-sy2qgfaafsp-robyy536.jpg "/>

This allows the a client to SSH to the B server without entering the password

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/72/90/wKioL1Xm0higGqx8AABpf2fwF54083.jpg "title=" Picture 3.png "alt=" wkiol1xm0higgqx8aabpf2fwf54083.jpg "/>

If you want a two-way connection, use it on the B server: ssh-keygen-t RSA

Put the generated male steganography into the authorized_keys of the end of a

If you want a host to access more than one server, is to put their own public to the destination server written to the Authorized_keys (the Pro test is invalid) so far do not know why

To implement a host to access multiple servers, login without entering the password you have to each other to their own

Bang Mifa to each other.

Here is just a simple example of more ssh-keygen usage and the principle of ssh can go to OpenBSD

Http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ssh-keygen.1?query=ssh-keygen&sec=1

or Google yourself

This article is from the "Fly to Capetown" blog, please be sure to keep this source http://capetowns.blog.51cto.com/8244664/1690902

Secure SSH connection under Linux