Telnet to a Linux host using the SSH service

SSH is a protocol that provides remote logins in a secure manner, and is the preferred way to remotely manage Linux systems today. It is the transmission of ciphertext to ensure security. In general, the Linux system is installed by default during installation.

To remotely administer a Linux system using the SSH protocol, you need to deploy the SSHD service program. SSHD is a remote Management Service program developed based on SSH protocol, which is not only fast and convenient, but also provides two methods of security authentication.

-Password-based authentication-for accounts and passwords to authenticate logins

-Key-based authentication-the key file needs to be generated locally, and then the public key file in the key pair is uploaded to the server and compared with the public key in the server, and a remote login can be made consistent.

Lab Environment:

A Redhat7 system as the SSH server, the current user is the Lisi,ip address is 192.168.10.70.

Another REDHAT7 system as the client, the current user is the Zhangsan,ip address is 192.168.10.80.

Two hosts to ensure interoperability.

User Password Authentication Login

The SSHD service has been installed and started by default on the REDHAT7 system, and then the SSH command is used on the client computer to connect remotely.

[[email protected] ~]$ ssh [email protected]   //ssh远程登录lisi用户的服务器The authenticity of host ‘192.168.10.70 (192.168.10.70)‘ can‘t be established.ECDSA key fingerprint is 93:8e:e7:3f:9a:22:6f:66:3a:f7:57:68:a1:57:3b:09.Are you sure you want to continue connecting (yes/no)? yes  //确认连接Warning: Permanently added ‘192.168.10.70‘ (ECDSA) to the list of known hosts.[email protected]‘s password:  //输入目标服务器的lisi用户的密码Last login: Wed May 23 03:36:52 2018[[email protected] ~]$ exit   //退出远程登录登出Connection to 192.168.10.70 closed.

Secure Key Verification

1th Step: generate a key pair in the client host.

  [[email protected] ~]$ ssh-keygen-t RSA//Create key pair generating public/private RSA key pair. Enter file in which to save the key (/HOME/ZHANGSAN/.SSH/ID_RSA)://Press ENTER to default specifies the private key location in the host directory of the hidden folder. SSH under Enter passphrase (empty F or no passphrase)://Set private key phrase 123123Enter same passphrase again://Confirm set Phrase your identification has been saved In/home /zhangsan/.ssh/id_rsa. Your public key have been saved in/home/zhangsan/.ssh/id_rsa.pub.the key fingerprint is:d0:b6:b9:96:b2:00:b8:f3:ea:a5:61                 : 96:64:bd:b0:54 [email protected]the key ' s randomart image is:+--[RSA 2048]----+|       ||         .   || E. O | | . o o O | |.    =.. S | |    +.+.. O | | O* O.. +        || oo+. +         ||   o+.          . |+-----------------+

[[email protected] ~]$ ls -lh ~/.ssh/id_rsa*  //确认生成的密钥文件-rw-------. 1 zhangsan zhangsan 1.8K 5月  22 19:50 /home/zhangsan/.ssh/id_rsa-rw-r--r--. 1 zhangsan zhangsan  400 5月  22 19:50 /home/zhangsan/.ssh/id_rsa.pub

The newly generated key pair file, Id_rsa is the private key file, and the permissions default to 600,id_rsa.pub is the public key file that is used to provide to the SSH server.

2nd Step: Modify the server host SSH configuration file so that it allows only key verification, specifying the public key data file location.

Modify the configuration file as root administrator (/etc/ssh/sshd_config)

 vim /etc/ssh/sshd_config

Pubkeyauthentication Yes//enable key pair verification

Authorizedkeysfile. Ssh/authorized_keys//Specify Public key library data files

3rd Step: Transfer the public key file generated from the client host to the server host.

  [[email protected] ~]$ ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]//Upload public key library file to server/bin/  Ssh-copy-id:info:attempting to log in with the new key (s), to filter out any that is already installed/bin/ssh-copy-id: Info:1 key (s) remain to be installed – if you're prompted now it's to install the new keys[email protected] ' s PA ssWOrd://Input Server Lisi user's password number of key (s) Added:1now try logging into the machine, with: "SSH" [email protected] ' "A nd check to make sure, the key (s) you wanted were added.  

[[email protected] ~]$ tail -1 ~/.ssh/authorized_keys   //显示公钥库文件信息ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/p8OHTUBJMKqJbxxwUiNJvKVHv8KSMywrtFB3BEsC02MyU29NKXkGUVM/lC++7b/bK1j/xVg6gJXqCHk2lNrMk/jHjvR6qR7aLYhzWlCaoDW0/Df9V9nrJNIg82DbXHUziwe6WoR9l+pzzQqYyI1Yq0iPTD4VZM5T94wRMX4taSgO8EQumWEeGtoHX/vgklapyMaG3ncA4SBxC0G4JUHo3q2KAfJ4eECrZ9LBwVsPq+4exlzDSeXmGhaZO+VGo6Kbp7Q6ReA5U1YUbfsa9nKyAexiKxyzaGMXzBEri/aXGUpDibBWzRT4JDocF7PVwHr+sshYqt4ULdG0wj91SK+D [email protected]

[[email protected] ~]$ ls -l ~/.ssh/authorized_keys  //查看公钥库文件-rw-------. 1 lisi lisi 400 5月  23 04:07 /home/lisi/.ssh/authorized_keys

Note Any user cannot have write permission to the Public key library file.

4th step: Restart the SSHD service program

service sshd restart

5th step: Use key pair authentication on the client host

[[email protected] ~]$ ssh [email protected]     //远程登录服务器Enter passphrase for key ‘/home/zhangsan/.ssh/id_rsa‘:123123 //输入私钥短语，以便调用私钥文件进行匹配Last login: Wed May 23 03:37:45 2018 from 192.168.10.80[[email protected] ~]$

Therefore, when using the key to authenticate the way to log on, do not need to know the target server user's password, only need to verify the client user's private key phrase, check whether the public private key files match, so more secure.

Telnet to a Linux host using the SSH service