OpenSSH has been installed in centos by default, even if you install it with minimal effort. So here we will not introduce the installation of OpenSSH.
SSH Configuration:
1. Modify VI/etc/ssh/sshd_config, and delete and modify the parameter values according to the parameter annotations to be modified in the template:
Port 22 specifies the port number of the SSH connection. We do not recommend that you use the default port 22 for security.
Protocol allows connection between SSH1 and SSH2. We recommend that you set this parameter to protocal 2.
Other parameters are adjusted as needed. For the configuration method, see man ssh_config.
2. Modify hosts. Deny and add a line at the end:
Sshd: All
3. Modify hosts. Allow to add a line at the end:
Sshd: All
If you want to install an IP address that can restrict access, set it as follows:
Sshd: 192.168.0.101
Sshd: 192.168.0.102
The above configuration indicates that only 101 and 102 servers are allowed for SSH connection.
4. Start SSH
/Etc/init. d/sshd start
Now SSH can be connected.
Enter the connection IP Address
Configure related parameters
Select UTF-8 to support Chinese display
Automatically enter the logon User Root
Enter the user name to connect to the server.
However, at present, we still need to enter a password for SSH connection. The following describes how to use a key to connect, saving the trouble of entering a password:
1. Create a key on the managed Machine
1 [Root @ localhost ~] # Mkdir /Root /. SSH 2 [Root @ localhost ~] # Ssh-keygen-T RSA 3 Generating public/private RSA key pair. 4 Enter file in which to save the key (/root/. Ssh/id_rsa) : ## Directly press enter to the default path 5 Enter passphrase (emptyFor No passphrase) : ## Enter a password phrase 6 Enter same passphrase again: # repeated password phrase 7 Your identification has been saved in/root/. Ssh/id_rsa. # if an error is reported due to SELinux, follow the policy: Yum install SELinux-Policy 8 Your public key has been saved in/root/. Ssh/id_rsa.pub. 9 The key fingerprint is: 10 AA: 76: 71: 1E: 51 : Fe : 3B: 4C: 51: 30 : B2 : 90: 55 : E9 : 58: 7C root @ localhost. Localdomain 11 The key's randomart image is: 12 + -- [RSA 2048] ---- + 13 |. OOO + O | 14 |... O +. E | 15 | O. + O | 16 |. O | 17 | S... | 18 | .. O | 19 |. +. O. | 20 |... + | 21 | .... | 22 + ----------------- +
2. Putty production key
Open puttygen.ProgramYou can download it from the official putty website.
Click Generate. in the red box, move the mouse to see that the key generation is complete.
The above red box shows the public key we generated. This public key is used to place it on the managed server, and the private key is placed on your own machine.
Key comment is a remark. If it is an enterprise environment, there will be a lot of public keys on a machine. for recognition, a remark is usually defined according to everyone's own.
You can use the email address or employee ID, enter the key comment, copy the public key, and click saved public key and saved Private Key to save the two keys.
Access the password-opening proxy tool pageant.exe(in the same example, you can download it on the official website of putty2. if you still need to use other tools of putty, they can share the key verification without repeatedly setting the key.
Right-click the pageant.exe icon in the task column and choose View keys to open the following window.
Click Add key to add the saved private key.
3. Deploy managed machine keys
Copy the generated id_rsa.pub on the management machine to authrized. Keys.
[Root @ localhost. Ssh] # cp id_rsa.pub authrized.Keys[Root @ localhost. Ssh] # chmod 600 authrized.Keys # this step is required. Otherwise, the connection fails.
Modify VI/root/. Ssh/authrized. Keys to delete the original secret, and delete the key produced by puttygen.exe (that is, the public key copied earlier)
Sh-RSA aaaab3nzac1yc2eaaaabjqaaaieah + gdpvsniwbhzvmhs240aouenhigdhhczq/fhin/samples/u2lsjkldu2buixkevlngnuc = hellwen.Wu ~~~~
Save and exit.
4. Enable putty Login
Pay attention to the red part. If if you are often connected to this machine, it is recommended that you enter the IP address and configure it before entering the recognition name in the saved sessions and click the Save button, in this way, the connection configuration of the server will be retained for a long time in the list box.