The Ssh:secure Shell, which belongs to the application layer protocol, works on TCP port 22. Relative to the TELNET,SSH communication process and authentication process are encrypted, it is more secure.
In Linux, OpenSSH is commonly used to implement SSH
SSH authentication with password authentication and key authentication
One, password-based authentication
1. Client initiates connection request
2,        &NBSP, The server sends its own public key to the client, and the client decides whether to accept it (ssh .shh known hosts
3, The client generates a random number as a symmetric password
4, the random password with the service side public key encryption sent to the server
Second, the key-based authentication
The client itself generates a pair of keys and then stores the public key in the. Ssh/authorized_keys or. Ssh/authorized_key2 of the user's home directory, after which the client does not need to enter a password when connecting; for security, the. SSH directory should have a 7 permission. 00
SSH configuration using:
Server-side:
Master configuration file:/etc/ssh/sshd_config
Some common setup instructions for this file:
ListenAddress 0.0.0.0 # Address of service (if all 0 means that all addresses on the server are Enabled)
Keyregenerationinterval # time the asymmetric key generated by the client can be used
Permitrootlogin # whether to allow administrators to log in directly
Maxauthtries # Sets the maximum number of attempts
Rsaauthentication # Whether RSA authentication is supported
Pubkeyauthentication # whether to support key authentication
Passwordauthentication # Whether password authentication is supported
Allowusers #指定允许特定用户使用ssh连接
Denyusers #禁止特定用户使用ssh连接
Editable/etc/hosts.deny and/etc/hosts.allow files when you need to restrict IP logins
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/61/wKioL1ccu1GR2wqMAAAhIrfL7Eo204.png "title=" Image 1.png "alt=" Wkiol1ccu1gr2wqmaaahirfl7eo204.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/61/wKioL1ccvD3RUWDfAAAUAPUZZms902.png "title=" Image 2.png "alt=" Wkiol1ccvd3ruwdfaaauapuzzms902.png "/>
After setting up the configuration file, run service sshd to start the SSH service.
Client:
To initiate an SSH connection:
SSH [email protected]
Ssh-l USERNAME HOST
SSH [email protected] ' COMMAND ' #在远程主机上执行命令并返回结果后断开连 Pick up
If you do not specify a user name, the remote host is logged on as the client's current user
When you want to use key authentication, the pre-connect client is ready to do the work:
①ssh-keygen-t RSA #产生一对密钥, the key is saved by default in the ~/.ssh/directory (the private key is id_rsa; the public key is Id_rsa.pub)
②ssh-copy-id-i ~/.ssh/id_rsa.pub '-P?? [Email protected] ' #将产生的公钥复制 to the server corresponding to the user's home directory (?? Port for SSH listening)
Considerations for using SSH:
1. Passwords should be frequently changed and complex enough
2. Use non-default port
3, prohibit the administrator to log in directly, should first log in with ordinary users, and then switch to root
4. Only limited users are allowed to log in
5. Limit Client Address
6. Use version 2
7. Use key-based authentication, but set the. SSH directory permission to 700
SCP command:
For file replication, SSH-based services
Usage:
Download file from remote host: SCP [email protected]:/path/to/somefile/path/to/local
Upload file to remote host: scp/path/to/local [email Protected]:/path/to/somefile
SCP can also use many options, with the same option usage as CP
This article is from the "Lin Chu-sheng" blog, make sure to keep this source http://lzs66.blog.51cto.com/9607068/1767299
SSH service in Linux