CentOS SSH Installation and configuration

SSH is the abbreviation for secure Shell, developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer and transport layer.

Traditional Web services, such as FTP, pop, and telnet, are inherently insecure because they transmit data, user accounts, and user passwords in clear text over the network, and are vulnerable to an attack by a man-in-the-middle (man-in-the-middle) attack. Is that there is another person or a machine impersonating a real server to receive data from a user to the server, and then impersonating the user to pass the data to the real server.

SSH is now a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process. All transmitted data can be encrypted via SSH, as well as prevent DNS spoofing and IP spoofing.

Installing SSH :

Yum Install SSH

To start SSH:

Service sshd Start

Set the boot up run:

Chkconfig sshd on

The general default CentOS already has OpenSSH installed, even if you are minimizing the installation.

SSH configuration:

1. Modify the Vi/etc/ssh/sshd_config to remove and modify the parameter values according to the parameter annotations that the template will modify:

Port 22 Specifies the port number of the SSH connection, the default 22 port is not recommended for security

Protocol 2,1 allows SSH1 and SSH2 connections and is recommended to be set to Protocal 2

The other parameters are adjusted to suit your needs. Configuration method See: Man Ssh_config

2. Modify Hosts.deny to add a line on the last side:

Sshd:all

3. Modify Hosts.allow to add a line on the last side:

Sshd:all

If you want to install an IP that you can restrict access to, set the following:

Sshd:192.168.0.101

sshd:192.168.0.102

The above configuration indicates that only 101 and 102 of the servers are allowed SSH connections

4. Start SSH

/etc/init.d/sshd start

SSH is now ready to connect.

Enter the connection IP

Configuring related parameters

Select Utf-8 Support Chinese display

Automatically enter login user root

You can connect to the server after you enter the user name

But now we need to enter the SSH connection password, the following will be the use of the key to connect, eliminating the hassle of entering the password:

1. Production key on managed machine

[Email protected] ~]# mkdir/root/.ssh[[email protected] ~]# ssh-keygen-t rsagenerating public/private RSA key pair. Enter file in which to save the key (/root/.ssh/id_rsa):   # #直接回车默认路径Enter Passphrase (empty for no passphrase):                # #输 Enter the passphrase same passphrase again:                               # #重复密码短语Your identification has been saved In/root/.ssh/id_rsa.   # #如果在这里报错是因为SeLinux引起的按照Policy: Yum install selinux-policyyour Public key have been saved in/root/.ssh/id_rsa.pub.the key Fingerprint is:aa:76:71:1e:51:fe:3b:4c:51:30:b2:90:55:e9:58:7c [email protected]the key ' s randomart image is:+--[RSA 2048]----+|        . Ooo+o   | |        ... o+. E  | |         o.+ O | |. o O |    |        S. ...   | |.      . o   o    | |      . + . O.   | |    ... .   +    ||   ...       .   | +-----------------+

2, Putty production key

Open Puttygen, if not the program can be downloaded to the Putty official website.

Click the Generate button to appear, moving the mouse in the red box to know that the key generation is complete

The red box above is the public key we generate, the public key is used on the managed server, and the private key is placed on its own machine.

Key comment is a note information, if the enterprise environment then there will be a lot of public key on a machine, in order to identify the general will be based on each person's own definition of a note.

You can use the mailbox or the work number, enter the key comment first copy the public key, and click on the Saved Private key to save the key Saved.

Then open the key Agent tool Pageant.exe (also available on Putty's official website), using Pageant.exe has a great advantage, if you also need to use the other tools of putty then they can share the key authentication, without having to repeatedly set the key.

The Pageant.exe icon in the taskbar right-click the view keys to open the window below.

Tap add key to add the private key you just saved.

3. Managed secret key deployment

Copy the id_rsa.pub that was just produced on the management machine into Authrized.keys

Modify Vi/root/.ssh/authrized.keys Delete the original key, add the Puttygen.exe production key (that is, the previously copied public key)

Save exit.

4. Open Putty Login

Pay attention to the red part, if you are often connected to this machine, it is recommended to enter the IP and configure to saved sessions enter the recognition name and click the Save button, so in the list box will retain the server's connection configuration for a long time.

CentOS SSH Installation and configuration