Remotely logging on to your computer with your mobile phone is too high-end ....

Reprinted from http://songtl.com/2012/04/22/%E4%BB%A3%E7%A0%81%E6%B5%8B%E8%AF%95/

SSH remote logon in Linux

Author:
Song Date: interval l 22nd, 2012

Remote logon can be performed through telnet or ssh. Because telnet uses plain text transmission, important information such as the system account and password is easily intercepted during transmission, which is less secure than SSH (Secure Shell ), therefore, this article discusses how to implement remote logon through SSH.

In fact, many Linux versions such as Ubuntu have built-in ssh-agent. This is a remote connection tool, that is, you can use SSH-agent to connect to others' computers for remote login, however, if you want to remotely log on to your computer on another computer, you must install OpenSSH by running the following command:
Ubuntu

sudo apt-get install openssh

Archlinux

sudo pacman -S openssh

The system automatically downloads and completes the installation. After installation, run the following command to check whether the SSH service is enabled:

ps -e | grep sshd

If there is no sshd process, start it manually
Ubuntu

 sudo /etc/init.d/ssh start

Archlinux

sudo /etc/rc.d/sshd start

Archlinux adds sshd to The daemons array and starts the startup.

DAEMONS=(syslog-ng network crond dbus alsa @openntpd sshd)

If the sshd process appears, it indicates that the SSH service has been started. In this case, you can connect to your computer through SSH on another computer. For ssh-linked tools, Putty software is recommended on the Windows platform. It is a very popular software and easy to use. We recommend that you download the English version officially (which is actually just a few simple English words). Some time ago, the Chinese putty had a backdoor which had stirred up on the Internet. Linux is more convenient because it already comes with an SSH-agent. Enter the following command in terminal:

ssh username@ip

Username is your login account, and the IP address is the IP address. Of course, you can also use the Domain Name

ssh username@domain

At this time, the system will require you to enter a password for verification. After verification, you can log on to the remote host. So far, we have completed the installation of SSH remote login! However, we need to perform some simple security configurations for the SSH service. Otherwise, you will find a large number of Logon failures of IP addresses when you view the SSH log file in the future. In fact, someone else uses the port scanning software to scan the host that enables port 22 (default SSH), and then uses the brute-force method to guess the password. If you are using a weak password, the probability of being guessed is very high.

The configuration information is saved in
Ubuntu

/etc/ssh/ssh.conf

Archlinux

/etc/ssh/sshd.config

You can edit this file for configuration. What identity do you log on to when you try to log on to another host? Of course it is a root user, because each system of the root user exists. Therefore, we should disable root user logon and find

PermitRootLogin yes

Change yes to No.

Port Scanning Software scans port 22 by default, so we can also change the port to another port, find the following statement

port 22

Change 22 to another port, such as 1022.

Limit the maximum number of password errors. Three logon attempts are not followed by three consecutive logon attempts.

MaxAuthTries 3

Save and exit after modification. For advanced security configurations, refer to the official documentation.

Restart the SSH service
Ubuntu

sudo /etc/init.d/ssh restart

Archlinux

sudo /etc/rc.d/sshd restart

Note: After modifying the port, you must declare the port when logging on in CLI mode.

ssh -p 1022 username@ip

After simple configuration, you will find that the number of failed logons from unknown IP addresses is significantly reduced. Forget to say that the SSH Login log is saved in this file.

/var/log/auth.log

In archlinux, the file owner is root, the group is log, and the permission is 640. To make it easier for common users to view logs, add users to the log group (others is not recommended for permissions)

sudo gpasswd -a song log

You can usually cat this file to check the logon record. Of course, sometimes the file is too long, especially before the root user is disabled, the number of Logon failures from the same IP address Reaches thousands, if you can see the time in a row, we will only output the records of root logon failures (although root logon is disabled, the system will still record it when someone tries to log on as root)

grep "Failed password for root" /var/log/auth.log | awk {'print $11'} | uniq -c | sort -rn

The system lists the IP addresses that failed to log on and lists the failed IP addresses in the descending order. You can also enter the logon success records.

grep "Accepted password for " /var/log/auth.log

The system will list records of previously logged on hosts, including time and IP addresses.

In addition, I am using an Android phone and a Linux kernel, so I hope to remotely log on to my computer from my mobile phone. First, install the software that supports SSH connection on the mobile phone. The cyanogenmod7 system comes with a terminal, which is simply a micro Linux terminal. Basically, many basic commands can be executed, for example: ls, CD, mount, Cat, Nano, etc. Next, there is another problem. I am using China Telecom's ADSL and use the TP-link router pppoe to dial up the Internet. The IP addresses obtained each time are different, so that I cannot log on via ssh, because you don't know what the IP address is next. So I thought of the peanut shell client in windows, and I could dynamically resolve the domain name. I quickly applied for a free Domain Name on the peanut shell website, but I didn't release the Linux client yet (now I have the source code to install it ), it seems vaguely that TP-link has a dynamic dns function. If you log on to the Dynamic DNS service provider, you can select a peanut shell, and enter the account password of the peanut shell website, after login, the domain name bound to the peanut shell account will be resolved to the local, but when you use the domain name SSH connection, you find that it is not connected, because the dial-up Internet access is a router, the peanut shell will resolve the domain name to your router, not your computer, so further settings are required. Select the DMZ host in the forwarding rule on the TP-link router settings page and enable the DMZ status setting. Enter the IP address of the DMZ host to obtain the IP address from the DHCP server of the router, if your vrodhcp is accessed by many people, the IP addresses obtained from DHCP may be different each time. Therefore, you need to bind the MAC address of your host to a certain IP address, that is to say, you should keep an IP address for your Nic so that you can get the same IP address every time and fill the IP address in the DMZ Host IP address. Use the domain name for SSH connection and you will find that the link can be properly connected.

After the host is successfully remotely logged on
Welcome to Ubuntu

Familiar root directory

File details