Detailed description of SSH remote access control in Linux

Source: Internet
Author: User
Tags openssh server reverse dns scp command ssh server

SSH: a secure channel protocol used for remote logon and remote replication on the Character interface (TCP port 22 is used ). The SSH protocol encrypts the data transmission between the communication parties, including the user password entered during user logon.

In RHEL 5 systems, the OpenSSH server is provided by software packages such as openssh and openssh-server (installed by default) and added as a standard system service.

Recommended reading:

Deep understanding of Puppet syntax and working mechanism through SSH Configuration

Install or set SSH in Ubuntu

SUSE enables SSH and FTP

Solution for garbled characters After logging on to Linux using the SSH client

SSH provides two logon verification methods:
1. Password verification: Use the login name and password of the local system user on the server for verification.
2. Verify the key pair: You must provide the matching key information to pass the verification. Generally, create a pair of key files (public and private keys) in the client, and then place the public key files in the specified location on the server.

Note: When both password verification and private key verification are enabled, the server will give priority to key verification.

SSH configuration file:
By default, the configuration file of the sshd service is in/etc/ssh/sshd_config. Correct configuration items can further improve the security of sshd remote logon.

The configuration file content can be divided into the following three parts:

1. Common SSH server listening options are as follows:
Port 22 // The listening Port is 22
Protocol 2 // use the SSH V2 Protocol
ListenAdderss 0.0.0.0 // The listening address is all addresses
UseDNS no // disable reverse DNS resolution

2. Common User Logon control options are as follows:
PermitRootLogin no // disable root user logon
PermitEmptyPasswords no // disable empty password User Login
LoginGraceTime 2 m // login verification time is 2 minutes
MaxAuthTries 6 // The maximum number of retries is 6
AllowUsers user // only allow the user to log on, opposite to the DenyUsers Option

3. Common logon authentication methods are as follows:
PasswordAuthentication yes // enable password verification
PubkeyAuthentication yes // enable key verification
AuthorsizedKeysFile. ssh/authorized_keys // specify the public key database file


SSH client command program ssh, scp, sftp
By using ssh commands, You can remotely log on to the sshd service to provide users with a Secure Shell environment for managing and maintaining the server. Specify the logon username and the target host as the parameter. As follows:

When you log on to the SSH server for the first time, you must accept the RSA key from the server (based on input yes) before continuing. The received key information will be saved to "~ /. Ssh/known_hosts "file. If the default port is changed, use the-p command to specify the port.
Using the scp command, you can use SSH to Securely connect to the remote host and copy files to each other. When using the scp command, in addition to the replication source and target, the target host address, login user, and prompt verification password after execution should also be set. As follows:

Copy a file to the SSH server

Download a file from the SSH server to your local computer.

The sftp command allows you to use SSH Secure Connection and remote host upload and file download. It adopts a login process and interactive environment similar to FTP to facilitate directory resource management. As follows:
Use the sftp command to Securely connect to the remote server through SSH

If the client is a windows system, we can use some graphical tools to access the Linux server. Some common graphical and chemical tools such as PuTTY and WinSCP are available. Please study how to use them on your own.

Next Page

  • 1
  • 2
  • Next Page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.