The Remote Operation server has multiple connection methods, such as ftp and telnet, but it is plain text transmission, which poses a great risk to the server. My favorite is SSH connection.
SSH Secure Shell, encrypted transmission, and compressed data, so the transmission efficiency is higher.
Configuration File:/etc/ssh/sshd_config
Service command: service sshd {start | stop | restart | reload | force-reload | condrestart | try-restart | status}
The following are some useful configurations:
PasswordAuthentication yes/no // whether password verification is allowed
PermitRootLogin no/yse // whether the root account is allowed
ListenAddress x. x is bound to an IP address. It can also be bound to an Eni.
AllowUsers xx // only allow xx users to log on. Comment out if there is no limit.
LoginGraceTime 30 s // set the password wait time
ClientAliveInterval 10 // The number of seconds for automatic disconnection. If this parameter is not enabled, set it to 0.
ClientAliveCountMax 3 // number of times out. The default value is 3.
There are two ssh connection methods: public key and private key, and password.
1. Password-less logon is achieved through the Public Key/private key. for public and private keys, the corresponding public key is called the public key, A private key is called a private key and can only be decrypted by another key, the data must be encrypted by another key. We all know that ssh is configured on the server. We need to add public key information for it and save the private key information by ourselves. The most important thing is that the private key is never transmitted over the network, so it is different from the https request key exchange method, but the principle is the same.
Each public key of the private key is stored in ~ /. Ssh/id_rsa and ~ In/. ssh/id_rsa.pub, authorized_keys stores the Authenticated Key. The known hosts ensures the connection information.
Command: ssh-keygen-t rsa // you can create it yourself if there is no. ssh
Ssh-copy-id-I ~ /. Ssh/id_rsa.pub user @ IP // send the public key to the server. You can manually add it to the end of authorized_keys (cat id_rsa.pub> authorized_keys)
Find the following content and remove the annotator "#"
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile. ssh/authorized_keys
After the service is restarted, you can directly connect to the service by using an ssh ip address or an ssh user @ ip address.
PS: If a connection problem occurs, check authorized_key permission. sudo chmod 600 ~ /. Ssh/authorized_keys
Ssh-v user @ localhost can display the connection information for error checking. ssh-p can specify the port number.
Tail/var/log/secure-n 20 to view log information
Of course, you can also use ssh-agent and ssh-add to manage your own keys more efficiently. If you enter the password once, your private key will be cached at high speed, you don't have to lose any more next time.
Start ssh-agent, and ssh-add (~ /. Ssh/id_rsa,
Set | grep SSH _ to view current connection information
Ii. Telnet
Install: yum-y install telnet-server
Configuration File:/etc/xinetd. d/telnet
Set the disable in the configuration file to no. Otherwise, the connection is disabled.
Command: service xinetd {start | stop | status | restart | condrestart | reload}
Configure the firewall and enable port 23 -- add-a input-m state -- state NEW-m tcp-p tcp -- dport 23-j ACCEPT to/etc/sysconfig/iptalbles
Modify the port: edit/etc/services and find the telnet line. Change to telnet xxxx/tcp telnet xxxx/udp. reconfigure the firewall and restart the service.
Other configurations:
In/etc/xinetd. d/telnet
Only_from = 192.168.x.x // The IP Address 192.168.1.0/24 is specified.
No_access = 192.168.1. {100,101} // different logon periods ending with 100 and 101 in the CIDR Block
Access_times =--// Time Limit
Instance = 2 // limit the number of connections
Open root Login
Sudo mv/etc/securetty. bak // remove securetty to allow root login
PS. The SCP can be used to upload files to the server. The basic command is:
Scp localfilename user @ ip: serverfile (note the colon, followed by the directory under the user's root directory)