1.openssh-server
Function: Allow remote host to access sshd service over the network, start a secure shell
2. Client Connection mode
SSH remote host user @ remote host IP
Operation Process
[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t beestablished.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes # #连接陌生主机时需要建立认证关xi
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: # #远程用户密码
Last Login:mon Oct 3 03:13:472016
[Email protected] ~]# # #登陆成功
SSH remote host user @ remote host Ip-x # #调用远程主机图形工具
SSH remote host user @ Remote host IP Command # #直接在远程主机运行某条命令
Operation
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/8F/C4/wKiom1jsZ6rRVyhtAAHfmH-KXBw768.png-wh_500x0-wm_ 3-wmp_4-s_1497077884.png "title=" screenshot from 2017-04-09 21-02-09.png "alt=" Wkiom1jsz6rrvyhtaahfmh-kxbw768.png-wh_50 "/>
3.sshkey encryption
1). Generate Public Key Private key
Operation Process
[Email protected] ~]#Ssh-keygen# #生成公钥私钥工具
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):[Enter]# #加密字符保存文件 (default recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase):[Enter] # #密钥密码, must >4 characters
Enter same Passphrase again:[Enter] # #确认密码
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =. . . |
|o. oo.+. |
| .. o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Id_rsa id_rsa.pub
Id_rsa # #私钥 is the key
Id_rsa.pub # #公钥 is the lock
After operation
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/8F/C4/wKiom1jsaN7hCozYAADylUNNQ44541.png-wh_500x0-wm_ 3-wmp_4-s_3174608245.png "style=" Float:none; "title=" screenshot from 2017-04-09 21-06-37.png "alt=" Wkiom1jsan7hcozyaadylunnq44541.png-wh_50 "/>
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/8F/C4/wKiom1jsaN6QTrXAAACEKDAmliQ003.png-wh_500x0-wm_ 3-wmp_4-s_1032968275.png "style=" Float:none; "title=" screenshot from 2017-04-09 21-07-01.png "alt=" Wkiom1jsan6qtrxaaacekdamliq003.png-wh_50 "/>
2. Add key authentication method
Operation Process
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id # #添加key认证方式的工具
-I # #指定加密key文件
/root/.ssh/id_rsa.pub # #加密key
Root # #加密用户为root
172.25.254.244 # #被加密主机ip
650) this.width=650; "Src=" Https://s3.51cto.com/wyfs02/M02/8F/C3/wKioL1jsac7g_UCAAAHq_r6Gzrw044.png-wh_ 500x0-wm_3-wmp_4-s_635855084.png "title=" screenshot from 2017-04-08 22-01-59.png "alt=" wkiol1jsac7g_ucaaahq_ R6gzrw044.png-wh_50 "/>
scp/root/.ssh/id_rsa [email protected]:/root/.ssh/
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/8F/C4/wKiom1jsamPAX-E_AAJT_B4JfpY822.png-wh_500x0-wm_ 3-wmp_4-s_872670890.png "title=" screenshot from 2017-04-08 21-34-01.png "alt=" Wkiom1jsampax-e_aajt_b4jfpy822.png-wh _50 "/>
4. Testing
[[email protected] ~]# ssh [email protected] # #通过id_rsa直接连接不需要输入用户密码
Last Login:mon Oct 3 03:58:10 from172.25.0.250
[Email protected] ~]#
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/8F/C3/wKioL1jsavCwMbZpAADlF6BupZs023.png-wh_500x0-wm_ 3-wmp_4-s_3996217134.png "title=" screenshot from 2017-04-08 22-02-37.png "alt=" Wkiol1jsavcwmbzpaadlf6bupzs023.png-wh_50 "/>
4. Improve the OpenSSH security level
1.openssh-server configuration file
/etc/ssh/sshd_config
Passwordauthentication Yes|no # #是否开启用户密码认证, yes to support no for off
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/8F/C3/wKioL1jsbIKDCj9DAAE9uLSI1UM078.png-wh_500x0-wm_ 3-wmp_4-s_2364146511.png "title=" screenshot from 2017-04-09 21-23-50.png "style=" Float:none; "alt=" Wkiol1jsbikdcj9daae9ulsi1um078.png-wh_50 "/>
Permitrootlogin Yes|no # #是否允许超级用户登陆
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/8F/C4/wKiom1jsbIKwXMdcAABY8otgWy0351.png-wh_500x0-wm_ 3-wmp_4-s_3724022156.png "title=" screenshot from 2017-04-09 21-30-57.png "style=" Float:none; "alt=" Wkiom1jsbikwxmdcaaby8otgwy0351.png-wh_50 "/>
Allowusers Student Westos # #用户白名单, only users appearing on the list can use sshd to build the shell
Denyusers Westos # #用户黑名单
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/8F/C3/wKioL1jsbIPzGGz5AABfkOMC-kg713.png-wh_500x0-wm_ 3-wmp_4-s_3076357921.png "style=" Float:none; "title=" screenshot from 2017-04-09 21-34-53.png "alt=" Wkiol1jsbipzggz5aabfkomc-kg713.png-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/8F/C4/wKiom1jsbIWg7sMDAAFKJY-eJts919.png-wh_500x0-wm_ 3-wmp_4-s_2315790415.png "style=" Float:none; "title=" screenshot from 2017-04-09 21-38-12.png "alt=" Wkiom1jsbiwg7smdaafkjy-ejts919.png-wh_50 "/>
9.openssh-serve (Linux)