Basic SSH tutorial
In Linux, OpenSSH is the most popular remote system logon and file transmission application, and is also a new product for traditional network applications such as Telenet, FTP, and R series. Among them, ssh (Secure Shell) can replace telnet, rlogin and rsh, scp (Secure Copy) and sftp (Secure FTP) can replace ftp.
OpenSSH uses keys to encrypt data to ensure data transmission security. Before data transmission starts, both parties must first exchange keys. When receiving data from the other party, they can use the keys and corresponding programs to decrypt the data. This encrypted data transmission helps prevent illegal users from obtaining data information.
OpenSSH generates public/private keys randomly. A key is usually generated once and can be re-created if necessary.
When you log on to the remote system using the ssh command, the sshd daemon of the OpenSSH server will send a public key, and the OpenSSH client software ssh will prompt you to confirm whether to receive the public key sent. At the same time, the OpenSSH client will return a key to the server so that each system on both sides of the OpenSSH connection has the key of the other party, so that the other party can decrypt the encrypted data sent through the encrypted link.
The public key and private secret of the OpenSSH server are both stored in the/etc/ssh directory. On the OpenSSH client, all the public keys received by the user and the IP addresses of the OpenSSH server providing the keys are stored in ~ /. Ssh/known_hosts file (. ssh is a hidden directory ). If the key does not match the IP address, OpenSSH considers that a problem occurs at a specific stage. For example, reinstalling the operating system or upgrading OpenSSH will cause the system to generate a new key again, and malicious network attacks will also cause key changes. Therefore, when the key changes, you should always first understand the reasons for the key changes to ensure data security during network access.
Solve the latency problem during remote login through OpenSSH
Offline installation of OpenSSH in Ubuntu 12.10
OpenSSH upgrade steps and precautions
Solutions for failures of common OpenSSH users
General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication
Install OpenSSH and configure the sftp lock directory for RedHat
1. Install the OpenSSH server
In Ubuntu, the OpenSSH client is installed along with the system as a basic system software, but the OpenSSH server needs to be installed separately. Install the openssh-server software package and use software tools such as apt-get, aptitude, and synaptic.
$ Sudo apt-get install openssh-server
After installation, run the following command to verify whether the sshd daemon of the OpenSSH server is enabled.
$ Pidof sshd
2. log on to the remote system using SSH
In OpenSSH, ssh is an important client application. Ssh can be used to log on to the remote system through encrypted communication. The syntax format is as follows:
Ssh [options] [-l login_name] [user @] hostname [command]
The "-llogin_name" option is used to specify the user name, indicating which user is used to log on to the remote system. If no user name is provided, log on to the remote system as the current user. For example, the following command indicates to log on to the remote system as a webgod user using the default port 22 (Note: Here "Welcome to Ubuntu 12.04 LTS (GNU/Linux )...... Https://helo.ubunut.com/# /etc/motdfile ). In addition to the "-l" option, to log on to the remote system as another user, you can also use "user @ hostname" to log on to the remote system.
When you log on to the remote system using ssh for the first time, ssh will give a warning message prompting you to confirm that the remote system is connected correctly. If you confirm yes, ssh will be in ~ The/. ssh/known_hosts file stores the keys of the remote system, and also sends the keys of client users to the remote system. When a user logs on to the same remote system again, no message is displayed.
3. Use ssh to execute remote system commands
For specific usage, add a command after the ssh command, which is enclosed in double quotation marks.
$ Ssh webgod@10.203.138.129 "uname-r"
This one-time logon function is very useful when you execute remote commands and then return immediately.
4. Use SCP instead of FTP
From the network communication point of view, the FTP data transmission method is insecure, because the FTP user name, password, and data transmitted over the network are not encrypted. A safer method is to use OpenSSH SFTP and SCP.
Scp is another important client software in OpenSSH. The scp command format is as follows:
Scp [[user @ host1:] file1 [[user @] host2:] file2
The first parameter is the source file, and the second parameter is the target file. To copy files from a remote system, SCP must first log on to the remote system and start file transmission. Therefore, the name, user name, and password of the remote system must be provided.
Use scp to download files
For example ~ The/. ssh/id_rsa.pub file is copied to the/tmp directory of the local system.
$ Scp webgod@10.203.138.129 :~ /. Ssh/id_rsa.pub/tmp
Assume that the TCP port listened by the sshd daemon has been modified to 435. To use this port to copy files, run the following command.
$ Scp-P 534 webgod@10.203.138.129 :~ /. Ssh/id_rsa.pub/tmp
Use scp to upload files
$ Scp/etc/hosts webgod@10.203.138.129:/tmp
$ Scp-P 435/etc/hosts webgod@10.203.138.129:/tmp
For more details, please continue to read the highlights on the next page:
[Content navigation] |
Page 7: basic use of OpenSSH |
Page 2nd: OpenSSH Configuration File Parsing |
Page 7: SSH and SCP logon Without Password |
Page 6: OpenSSH Security |