SSH practical skills and instructions for using common commands

Article Title: Practical SSH skills and instructions for using common commands. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Commands available for SFTP

CD change Directory

LS to list objects

MKDIR

RMDIR

PWD

CHGRP

CHOWN

CHMOD

LN oldna em NEWNAME

RM PATH

RENAME OLDNAME NEWNAEM

EXIT

LCD PATH changes the current directory to the local directory

LLS

LMKDIR

Lpwd l = LOCALHOST

PUT LOCALHOST_PATH HOST_PATH

PUT local directory or file

GET remote host directory local directory

GET remote host directory or file

GET *

GET *. RPM

# $ OpenBSD: sshd_config, v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See

# Sshd_config (5) for more information.

# This sshd was compiled with PATH =/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped

# OpenSSH is to specify options with their default value where

# Possible, but leave them commented. Uncommented options change

# Default value.

# Port 22 SSH default strong Port

# Select the SSH version for Protocol

# ListenAddress 0.0.0.0 IP address of the listener

# ListenAddress ::

# HostKey for protocol version 1

# Key used by HostKey/etc/ssh/ssh_host_key ssh version 1

# HostKeys for protocol version 2

# The RSA private key used by HostKey/etc/ssh/ssh_host_rsa_key ssh version 2

# DSA private key used by HostKey/etc/ssh/ssh_host_dsa_key ssh vaesion 2

# Lifetime and size of ephemeral version 1 server key

# KeyRegenerationInterval 3600 key generation interval

# Length of ServerKeyBits 768 SERVER_KEY

# Logging

# Obsoletes QuietMode and FascistLogging

# SyslogFacility the default location of the SSH Login system record information is/VAR/LOG/SECUER

SyslogFacility AUTHPRIV

# LogLevel INFO

# Authentication:

# UserLogin no does not accept LOGIN program LOGIN under SSH

# LoginGraceTime 120

# PermitRootLogin yes whether to allow the ROOT user to log on

# StrictModes yes the user's HOST_KEY is not allowed to log on when it is changed.

# Does RSAAuthentication yes use pure RAS authentication for VERSION 1?

# PubkeyAuthentication yes whether to use PUBLIC_KEY for VERSION 2

# AuthorizedKeysFile. ssh/authorized_keys the name of the file in which the account stores files when using an account that does not require password login

# Rhosts authentication shocould not be used

# RhostsAuthentication no local system does not use RHOSTS is not secure

# Don't read the user's ~ /. Rhosts and ~ /. Shosts files

# Whether IgnoreRhosts yes cancels the above authentication method. Of course, yes

# For this to work you will also need host keys in/etc/ssh/ssh_known_hosts

# RhostsRSAAuthentication no. It is not recommended to use the RHOSTS file for VERSION 1 for authentication in/ETC/HOSTS. EQUIV and RAS.

# Similar for protocol version 2

# HostbasedAuthentication no is for VERSION 2.

# Change to yes if you don't trust ~ /. Ssh/known_hosts

# RhostsRSAAuthentication and HostbasedAuthentication

# IgnoreUserKnownHosts no whether to ignore the main directory ~ /. Ssh/known_hosts file record

# To disable tunneled clear text passwords, change to no here!

# PasswordAuthentication yes password verification required

# PermitEmptyPasswords no whether empty password login is allowed

# Change to no to disable s/key passwords

# ChallengeResponseAuthentication yes challenge any password verification

# Kerberos options

# Define custom uthentication no

# KerberosOrLocalPasswd yes

# Define osticketcleanup yes

# AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver

# Define ostgtpassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication

# Warning: enabling this may bypass the setting of 'passwordauthentication'

# PAMAuthenticationViaKbdInt no

# X11Forwarding no

X11Forwarding yes

# X11DisplayOffset 10

# X11UseLocalhost yes

# PrintMotd yes whether the last login information is displayed

# PrintLastLog yes: displays the Last login information

# KeepAlive yes send connection information

# UseLogin no

# UsePrivilegeSeparation yes user permission settings

# PermitUserEnvironment no

# Compression yes

# Set the connection screen of MaxStartups 10 from the connection to the login screen

# No default banner path

# Banner/some/path

# VerifyReverseMapping no

# Override default of no subsystems

Subsystem sftp/usr/libexec/openssh/sftp-server

DenyUsers * sets blocked users to represent all users

DenyUsers test

DenyGroups test

SSH Automatic Login settings

1. Set PUBLIC_KEY and PRIVATE_KEY for the CLIENT.

[TEST @ TEST] SSH-KEYGEN? T rsa //-T indicates that the RSA encryption algorithm is used.

Key Generation folder $ HOME/. SSH/ID_RSA

Upload PUBLIC_KEY to SERVER

Sftp test @ TEST

LCD/HOME/. SSH

PUT ID_RSA.PUB

EXIT

Log on to the SERVER

Execute Command

[TEST @ test ssh] CAT ...... /ID_RSA.PUB> AUTHORIZED_KEYS

Related Security Settings

/ETC/SSH/SSHD_CONFIG

/ETC/HOSTS. ALLOW

/ETC/HOSTS. DENY

IPTABLES

Edit/ETC/HOSTS. DENY

SSHD: ALL: SPAWN (/BIN/echo security notice from host'/BIN/hostname ';\

/BIN/ECHO;/USR/SBIN/SAFE_FINGER @ % H) | \

/BIN/MAIL? S "% d-% h security" ROOT @ LOCALHOST &\

: TWIST (/BIN/ECHO? E "\ N \ nWARNING connection not allowed. You attempt has been logged. \ n warning information