SSH (Secureshell) is a relatively reliable protocol that provides security for remote login sessions and other network services at the moment. The use of SSH protocol can effectively prevent the information leakage in the remote management process. With SSH, all transmitted data can be encrypted, as well as prevent DNS spoofing and IP spoofing. The following describes the concept of SSH in Ubuntu and how to use it, as described below.
What is SSH
The English name of SSH is the SECURESHELL,SSH protocol family developed by the IETF (Internetengineeringtaskforce) Networkworkinggroup, The SSH protocol is a security protocol based on the application layer and the transport layer. By using SSH, you can encrypt all transmitted data so that the "man-in-the-middle" attack is not possible, and it can prevent DNS and IP spoofing. An additional benefit is that the transmitted data is compressed so that the transfer speed can be speeded up.
Traditional Web services, such as FTP, pop, and telnet, are inherently insecure because they transmit data, user accounts, and user passwords in clear text over the network, and are vulnerable to an attack by a man-in-the-middle (man-in-the-middle) attack. Is that there is another person or a machine impersonating a real server to receive data from a user to the server, and then impersonating the user to pass the data to the real server.
An additional benefit of SSH is that the transmitted data is compressed so that the transfer speed can be speeded up. SSH has many functions, which can replace Telnet and provide a secure "channel" for FTP, POP, and even PPP.
Originally, SSH was developed by a Finnish company. But because of the limitations of copyright and encryption algorithms, many people now use OpenSSH instead. OpenSSH is an alternative to SSH and is free, and it can be expected that more and more people will use it instead of SSH in the future. SSH is made up of client and server software. SSH installation is easy, easy to use, and more common, the General UNIX system, Linux system, FreeBSD system are attached with an SSH-enabled application package.
Let Ubuntu start the SSH service
This needless to say, or apt-getinstall Dafa:
- #sudoapt-getinstallssh
SSH without a private key is a risky operation. Now we're trying to generate the private key and public key on the Ubuntu server
- #ssh-keygen
Later will prompt you the private key file name, where, these questions, choose the default is OK, halfway will let you enter the password, this you have to remember. This will give you a hidden. SSH folder in your user directory. You can use Ls-a to view. There are also two files in it, one is id_rsa (private key), and the other is id_rsa.pub (public key)
What is the concept of this private key and public key?
Simply put, the public key is your bank account, which may be known to others, but only a credit card or passbook can be qualified to test the account password. So this credit card and Passbook is your private key. So the private key has to be preserved.
In other words, the Id_rsa file you have to save, you can get on the USB stick, carry with you. and id_rsa.pub to be changed to the system default recognized Authorized_keys and saved in the. SSH folder
Now the server can have two ways of landing, one is the direct user password identification login, there is a RSA login. Of course, the latter is more secure, then we have a server and a way to get rid of the landing.
Locate etc/ssh/sshd.conf This file, which is responsible for the settings on the server side:
#最好把这个选项设置成 "Permitrootloginwithout-password" so that the "root" user cannot log on from a computer that does not have a key. Set this option to "no"
#将禁止 "root" user login, can only be used "su" command from ordinary users to "root".
- Permitrootloginwithout-password
#把这个选项设置为 "No" only allows users to log in using a key-based method.
- Passwordauthenticationno
Using RSA to login with putty
Hard-to-fix keys, then we'll use them. This operation is on the Windows platform.
First open the Unzip putty.tgz file. First find the "Puttygen.exe" This file, we want it to help us make a pass.
Select "Load", that is, load the saved key file (private file), Pop-up dialog box "file type" to "All Files" and then select the Id_rsa file we generated from the Ubuntu server.
Next, it will prompt you to enter the password, which is not your Linux user password, but the password before generating the key
After completion, you will be prompted to save the private key file, press "Save private key" name, note (format is *.PPK) because Putty only recognize their own keys ... If you just use Putty remote login, then another Id_rsa file can not, keep good *.ppk on the line
Down is to use this key to land, as long as the landing before the completion of this step:
All right. Basically SSH connection to the remote Linux task is complete.
SSH Remote login Ubuntu machine
- [Email protected] ' SIP (eg.192.168.0.1)
Copy files/folders from a remote Ubuntu machine to a local (SCP)
- [Email protected]:/home/username/remotefile.txt.
Copy files/folders from local to the remote Ubuntu Machine (SCP)
- [Email protected]:/home/username/
Copy files/folders from a remote Ubuntu machine to local (rsync)
- rsync-v-u-a–delete–rsh=ssh–[email protected]:/home/username/remotefile.txt.
Copy files/folders from local to the remote Ubuntu Machine (rsync)
- rsync-v-u-a–delete–rsh=ssh–[email protected]:/home/username/
Telnet to an Ubuntu machine on a Windows machine with SSH
- [Email protected]
Support SSH GUI. In other words, gedit Open and save are operating on the server side. Nautilus Open the server-side file manager. This is much more convenient than just using the command line. Do not know the Putty support under Windows does not
- [Email protected]
Executes the LS return result directly on the server side to the client
Download putty
How to copy files/folders from/To a remote Ubuntu machine on a Windows machine
Download FileZilla
How to restrict user accounts that are connected remotely via SSH
For example, if you enable the SSH service, any user with a valid account can connect remotely. This may lead to some security issues because some remote password cracking tools can try common username/password
Backing up the configuration file for the SSH service
- Sudocp/etc/ssh/sshd_config/etc/ssh/sshd_config. ORIGINAL
Editing a configuration file
- #sudogedit/etc/ssh/sshd_config
* Change the parameter permitrootlogin from Yes to No. The superuser cannot be directly online through the remote.
* Add parameter Allowusers set the user name of the remote connection (separated by a space).
* You can also use Denyusersforfine-grainedselectionofusers.
- *ifyouenabletheopensshserverandyouhavenointentionfornowtoenableremoteconnections, Youmayaddallowusersnosuchuserheretodisableanyoneconnecting.
SSH command
The SSH command can be used to execute commands on a remote machine without a shell prompt to log on. Its syntax format is: Sshhostnamecommand. For example, if you want to execute the ls/usr/share/doc command on the remote host penguin.example.net, type the following command at the shell prompt:
- Sshpenguin.example.netls/usr/share/doc
Using the SCP command
The SCP command can be used to transfer files between machines through secure, encrypted connections. It is similar to RCP.
The general syntax for transferring local files to a remote system is:
- [Email Protected]:/newfilename
LocalFile Specify the source file, [email protected]ostname:/newfilename Specify the destination file.
To transfer the local file Shadowman to your account on Penguin.example.net, type (replace the username with your username) at the shell prompt:
- [Email Protected]:/home/username
This will transfer the local file Shadowman to the/home/username/shadowman file on Penguin.example.net.
The general syntax for transferring remote files to the local system is:
- [Email Protected]:/remotefile/newlocalfile
REMOTEFILE Specifies the source file, Newlocalfile specifies the destination file.
The source file can consist of multiple files. For example, to transfer the contents of the directory/downloads to the existing uploads directory on the remote machine penguin.example.net, type the following command at the shell prompt:
- Scp/downloads/*[email protected]:/uploads/
Using the SFTP command
The SFTP tool can be used to open a secure interactive FTP session. It is similar to FTP, except that it uses a secure, encrypted connection. Its general syntax is: [email protected]. Once verified, you can use a set of commands similar to those used by FTP. Please refer to the SFTP manual page (man) for a list of these commands. To read the instructions page, execute the mansftp command at the shell prompt. The SFTP tool is only available for OpenSSH version 2.5.0p1.
Reprint: http://blog.csdn.net/candycat1992/article/details/8043978
An explanation of SSH commands in Ubuntu