Detailed description of the CentOS SSH configuration

Basic concepts
Linux comes with SSH as OpenSSH

SSH protocol provides two kinds of user authentication methods
1, password-based security authentication: Use the user name, password to authenticate the logged-in user

2. Key-Based Security authentication: Use public and private key pairs to authenticate logged-in users

OpenSSH RPM package is made up of four parts (default installed)
　　openssh-4.3p2-26.el5.i386.rpm(be sure to install this RPM package first)

openssh-server-4.3p2-26.el5.i386.rpm

openssh-clients-4.3p2-26.el5.i386.rpm
openssh-askpass-4.3p2-26.el5.i386.rpm (required when using the SSH service under the graphical interface)

The main configuration file for OpenSSH is:
　　/etc/ssh/sshd_config #ssh服务器的配置文件

　　/etc/ssh/ssh_config #ssh客户端的配置文件

OpenSSH supports remote hosts with client programs such as SCP (encrypted copy) and SFTP (encrypted FTP)
The file copy

OpenSSH server-side Configuration Example 1: Login based on user name password
1,vi/etc/ssh/sshd_config (listed below is the common configuration)

#Port #定义ssh监听的端口号, the default is 22
#Protocol 2,1 #设置使用ssh协议的顺序, use SSH2 First, if you do not use SSH successfully

Protocol 2 #设置只使用ssh2协议
#ListenAddress 0.0.0.0 #设置ssh服务器绑定的ip地址, default to all available IP addresses

#PermitRootLogin Yes #设置是否允许root登录, default allows
#PermitEmptyPasswords no #设置是否允许空密码的客户登录, default is prohibit
passwordauthentication Yes #设置是否使用口令认证方式, if you want to use the public key authentication method, you can set it to No

2. Restart the SSH service

/etc/init.d/sshd Restart
3. If Iptables is enabled, you need to add the following statement to open SSH

Iptables–i input–p tcp–dport 22–j ACCEPT

Iptables–i output–p tcp–sport 22–j ACCEPT
3. Windows Client Login

Use Xshell, putty, SECURECRT and other client software to log in

4. Linux Client Login

1. Install openssh-clients (installed by default)

2. Basic use of SSH commands

SSH [email protected]

Ssh–l username Sshserver

OpenSSH server-Side Configuration Example 2: SSH login based on public key authentication
1. Get Puttygen Program
You can use the Puttygen program to generate a key pair,
Http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2. Generate key

3. Save Key

4. Transfer the public key file to the SSH server
Public key files can be exposed to all users, regardless of security issues, you can use the FTP, U-disk can

5. Convert public key file format
Because the public key file format generated by Puttygen is incompatible with the format of the OpenSSH, it is also used in Linux to convert it using the OpenSSH Ssh-keygen, openssh the directory where the public key is stored by default, if there is no such directory , you can manually create

[[email protected] ~]# mkdir. SSH
[Email protected] ~]# ssh-keygen-i-F wtcentoskey.pub >/root/.ssh/authorized_keys
If more than one public key needs to be added, use the following command to append the public key file to Authorized_keys

[Email protected] ~]# ssh-keygen-i-F abcxyz.pub >>/root/.ssh/authorized_keys

6. Enable public key authentication on the SSH server
[Email protected] ~]# vi/etc/ssh/sshd_config

7. Restart the SSHD service
[Email protected] ~]# /etc/init.d/sshd Restart

8, the client uses putty to log into the SSH server

Putty The following interface will appear after successful connection to the SSH server


Attached: If using Xshell is simpler because the Xshell generated key pair and OpenSSH are fully compatible without conversion, simply append the public key file to the/root/.ssh/authorized_keys, as follows: cat/root/ Wtxshell.pub >>/root/.ssh/authorized_keys

Detailed description of the CentOS SSH configuration