Basic SSH tutorial

Source: Internet
Author: User
Tags openssh server scp command secure copy

Basic SSH tutorial

In Linux, OpenSSH is the most popular remote system logon and file transmission application, and is also a new product for traditional network applications such as Telenet, FTP, and R series. Among them, ssh (Secure Shell) can replace telnet, rlogin and rsh, scp (Secure Copy) and sftp (Secure FTP) can replace ftp.

OpenSSH uses keys to encrypt data to ensure data transmission security. Before data transmission starts, both parties must first exchange keys. When receiving data from the other party, they can use the keys and corresponding programs to decrypt the data. This encrypted data transmission helps prevent illegal users from obtaining data information.

OpenSSH generates public/private keys randomly. A key is usually generated once and can be re-created if necessary.

When you log on to the remote system using the ssh command, the sshd daemon of the OpenSSH server will send a public key, and the OpenSSH client software ssh will prompt you to confirm whether to receive the public key sent. At the same time, the OpenSSH client will return a key to the server so that each system on both sides of the OpenSSH connection has the key of the other party, so that the other party can decrypt the encrypted data sent through the encrypted link.

The public key and private secret of the OpenSSH server are both stored in the/etc/ssh directory. On the OpenSSH client, all the public keys received by the user and the IP addresses of the OpenSSH server providing the keys are stored in ~ /. Ssh/known_hosts file (. ssh is a hidden directory ). If the key does not match the IP address, OpenSSH considers that a problem occurs at a specific stage. For example, reinstalling the operating system or upgrading OpenSSH will cause the system to generate a new key again, and malicious network attacks will also cause key changes. Therefore, when the key changes, you should always first understand the reasons for the key changes to ensure data security during network access.

Solve the latency problem during remote login through OpenSSH

Offline installation of OpenSSH in Ubuntu 12.10

OpenSSH upgrade steps and precautions

Solutions for failures of common OpenSSH users

General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication

Install OpenSSH and configure the sftp lock directory for RedHat

1. Install the OpenSSH server

In Ubuntu, the OpenSSH client is installed along with the system as a basic system software, but the OpenSSH server needs to be installed separately. Install the openssh-server software package and use software tools such as apt-get, aptitude, and synaptic.

$ Sudo apt-get install openssh-server

After installation, run the following command to verify whether the sshd daemon of the OpenSSH server is enabled.

$ Pidof sshd

2. log on to the remote system using SSH

In OpenSSH, ssh is an important client application. Ssh can be used to log on to the remote system through encrypted communication. The syntax format is as follows:

Ssh [options] [-l login_name] [user @] hostname [command]

The "-llogin_name" option is used to specify the user name, indicating which user is used to log on to the remote system. If no user name is provided, log on to the remote system as the current user. For example, the following command indicates to log on to the remote system as a webgod user using the default port 22 (Note: Here "Welcome to Ubuntu 12.04 LTS (GNU/Linux )...... Https://helo.ubunut.com/# /etc/motdfile ). In addition to the "-l" option, to log on to the remote system as another user, you can also use "user @ hostname" to log on to the remote system.

When you log on to the remote system using ssh for the first time, ssh will give a warning message prompting you to confirm that the remote system is connected correctly. If you confirm yes, ssh will be in ~ The/. ssh/known_hosts file stores the keys of the remote system, and also sends the keys of client users to the remote system. When a user logs on to the same remote system again, no message is displayed.

3. Use ssh to execute remote system commands

For specific usage, add a command after the ssh command, which is enclosed in double quotation marks.

$ Ssh webgod@10.203.138.129 "uname-r"

This one-time logon function is very useful when you execute remote commands and then return immediately.

4. Use SCP instead of FTP

From the network communication point of view, the FTP data transmission method is insecure, because the FTP user name, password, and data transmitted over the network are not encrypted. A safer method is to use OpenSSH SFTP and SCP.

Scp is another important client software in OpenSSH. The scp command format is as follows:

Scp [[user @ host1:] file1 [[user @] host2:] file2

The first parameter is the source file, and the second parameter is the target file. To copy files from a remote system, SCP must first log on to the remote system and start file transmission. Therefore, the name, user name, and password of the remote system must be provided.

Use scp to download files

For example ~ The/. ssh/id_rsa.pub file is copied to the/tmp directory of the local system.

$ Scp webgod@10.203.138.129 :~ /. Ssh/id_rsa.pub/tmp

Assume that the TCP port listened by the sshd daemon has been modified to 435. To use this port to copy files, run the following command.

$ Scp-P 534 webgod@10.203.138.129 :~ /. Ssh/id_rsa.pub/tmp

Use scp to upload files

$ Scp/etc/hosts webgod@10.203.138.129:/tmp

$ Scp-P 435/etc/hosts webgod@10.203.138.129:/tmp

For more details, please continue to read the highlights on the next page:

  • 1
  • 2
  • 3
  • 4
  • Next Page
[Content navigation]
Page 7: basic use of OpenSSH Page 2nd: OpenSSH Configuration File Parsing
Page 7: SSH and SCP logon Without Password Page 6: OpenSSH Security

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.