Ssh service FAQs

Summary of common issues of the ssh service-Linux general technology-Linux technology and application information. The following is a detailed description. The full name of SSH is Secure SHell. By using SSH, You can encrypt all transmitted data so that the "man-in-the-middle" attack method is impossible and can also prevent DNS and IP spoofing. Another advantage is that the data transmitted is compressed, which can speed up transmission. SSH has many functions. It can replace telnet and provide a secure "channel" for ftp, pop, and even ppp ". When the SSH client communicates with the server, the user name and password are encrypted to effectively prevent password eavesdropping. SSH was initially developed by a Finnish company. However, due to copyright and encryption algorithm restrictions, many people have switched to OpenSSH. OpenSSH is an alternative to SSH and is free of charge. It is expected that more and more people will use it instead of SSH in the future. SSH is composed of client and server software. SSH is easy to install, easy to use, and common. Generally, Unix, Linux, and FreeBSD systems all come with application packages that support SSH.
　
How does SSH security authentication work?
From the client perspective, SSH provides two levels of security authentication.
Level 1 (password-based security verification) you can log on to the remote host as long as you know your account and password. All transmitted data is encrypted, but it cannot be guaranteed that the server you are connecting to is the server you want to connect. Other servers may pretend to be real servers, that is, being attacked by man-in-the-middle.
The second level (key-based security verification) depends on the key, that is, you must create a pair of keys for yourself and put the public key on the server to be accessed. If you want to connect to the SSH server, the client software will send a request to the server, requesting your key for security verification. After receiving the request, the server first looks for your public key in the home directory of the server, and then compares it with the public key you sent. If the two keys are the same, the server uses the public key to encrypt the challenge and send it to the client software. After receiving the question, the client software can use your private key to decrypt it and then send it to the server.
In this way, you must know your key password. However, compared with the first level, the second level does not need to transmit passwords over the network. The second level not only encrypts all transmitted data, but also the "man-in-the-middle" attack method is impossible (because he does not have your private key ). However, the entire logon process may take 10 seconds.

Command Format
First, make sure that the ssh service on the server is enabled (service shhd start)
Then enter ssh usrname @ serverip (Remote logon) on the client)
Scp filename usrname @ serverip:/URL (remote transmission)


Common problems:

Question 1
An error occurred while logging on to the ssh client.
Tip (1 ):
# Ssh 172.16.81.221
Ssh: connect to host 172.16.81.221 port 22: No route to host
This is because the server is not started or the network is disconnected (this is a lot of reason, the simplest is that the network cable is not plugged in. In addition, the NIC may be down)

Tip (2 ):
# Ssh work@172.16.81.221
Ssh: connect to host 172.16.81.221 port 22: Connection refused
This is because the ssh service of the other server is not enabled. This server enables the service.

Question 2,
The password is correct when ssh is sent to the server, but the following information is reported:
# Ssh 172.16.81.221
Root@172.16.81.221's password:
Permission denied, please try again.

This is because the root user is used by default when the user name is not entered, but the ssh service does not enable the ssh permission of the root user by default during the security period.

Solution:

To modify the root ssh permission, modify the/etc/ssh/sshd_config file.
Change PermitRootLogin no to PermitRootLogin yes

Question 3
The following prompt appears during logon:
Ssh root@172.16.81.221

@ WARNING: remote host identification has changed! @

It is possible that someone is doing something nasty!
Someone cocould be eavesdropping on you right now (man-in-the-middle attack )!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
76: fb: b3: 70: 14: 48: 19: d6: 29: f9: ba: 42: 46: be: fb: 77.
Please contact your system administrator.
Add correct host key in/home/fante/. ssh/known_hosts to get rid of this
Message.
Offending key in/home/fante/. ssh/known_hosts: 68
RSA host key for 172.16.81.221 has changed and you have requested strict checking.
Host key verification failed.

When the password or ip address of the server is changed. Generally, the solution needs to be deleted ~ /. Ssh/known_hosts, and then log on to it.

Question 4
How to use a remote image to start to a local device through ssh.

Run xhost + on the local machine to modify the remote/etc/ssh/sshd_config file. The X11Forwarding yes line is yes. Restart the ssh service. Execute ssh-X [remote IP address] during logon and then execute the graphical Configuration tool to display it on the local machine.