Create an ssh remote logon system

Ssh is a standard network protocol used to build an ssh remote logon system. it is mainly used to implement remote login management on the character interface and remote file copy functions. Data transmitted over the network is encrypted to provide better security. Next we will learn about the basic configuration of the Openssh remote login service...
Ssh is a standard network protocol used to build an ssh remote logon system. it is mainly used to implement remote login management on the character interface and remote file copy functions.
Data transmitted over the network is encrypted to provide better security. The following describes the basic configuration and management of the Openssh remote logon service: the configuration file of the www.2cto.com service is located in/etc/ssh/sshd_config by default. you can adjust the configuration items in the file to enhance the remote login service
Security, after modifying the configuration file, you need to load the "service sshd rekoad" command to make the new configuration take effect. for example, in the ssh_config file, Prot 2234 ListenAddress 172.16.107.3 means to modify the listening port number to 2234 and the limit is only this ip address provides services. The default port is 22. wangwu admin@172.16.107.9 allows wangwu user remote login allows user admin to log on from host 172.16.107.9, other dentions. Note that they are not allowed.
At the same time, AllowUsers and DenyUsers 2: province verification mode www.2cto.com generally use password verification and key pair verification password verification: you only need to use the account name and password of the system user on the server to pass verification, key pair verification: a paired key can pass verification. The client user creates a pair of key files
Private key. The public key must be transmitted to the server to be accessed through scp or sftp. When remotely logging on to the server
Encryption/decryption of public key files enhances the security of user login and data transmission. The following describes how to build an ssh logon mechanism for key pair verification. 1. create a key pair on the client. use the ssh-keygen command tool on the client to create a key pair file for the current user, you can use the RSA and DSA encryption algorithms. for example, you can use a zhangsan user to log on to the client host and create an RSA-based key pair. [Zhangsan @ localhost ~] $ Ssh-keygen-t rsa Enter file in which to save the key (/home/zhnagsan /. ssh/id_rsa): # Enter passphrase (empty for no passphrase) when prompted: # set the password phrase here to protect the private key file [zhangsan @ localhost ~] $ Ls-lh ~ /. Ssh/$ in this directory, the id_rsa and id_rsa.pub files will be output
Now, the former is the private key and the latter is the public key. 2: upload the public key file to the server, that is, the ssh server you want to log on to, and upload the public key to the server. in/ssh/authorized_keys, note that scp is generally used to upload files. /ssh Directory
Go to cat id_rsa.pub> authorized_keys. 3: adjust the server settings. [root @ localhost ~] $ Vi/etc/ssh/sshd_config PasswordAuthentication no PubkeyAuthentication yes AuthorizedKeysFile./ssh/authorized_keys [root @ localhost ~] $ Service sshd restart: modify the sshd_config configuration file to disable password verification. enable key pair verification. This means that you can remotely log on to the server using ssh on the client. www.2cto.com [zhangsan @ localhost ~] $ Ssh root @ service ip # after you press enter, you will be prompted to enter the pre-set password phrase and it will be OK.