Ssh
SSH: Secure remote Login
User login authentication in two ways
Based on Passwork
Based on key
Client
Common client Tools are: Windows version of Putty, SecureCRT, xshell;linux with SSH, SFTP, SCP, slogin, etc.
Configuration file:/etc/ssh/ssh_config
SSH command
Usage: SSH [email protected] CMD
Options:
-P Port: remote server listening port
-B: Specify the source IP of the connection
-V: Debug mode
-C: Compression mode
-X: Supports X11 forwarding
-Y: Support Trust x11 forwarding
-T: Mandatory pseudo-TTY allocation example: ssh-t remoteserver1 ssh remoteserver2
SSH Client
When the client connects to the server for the first time, the server sends its own public key to the client and is saved in the client's ~./ssh/know_hosts. You will not be asked again the next time you connect.
SSH Service Login Verification
Password-based login verification
Let us summarize the following steps
(1) The client initiates an SSH request from a one-way server, and the server sends its own public key to the client
(2) The user encrypts the password according to the public key sent by the server
(3) The encrypted information back to the server, the server with its own private key decryption, if the password is correct, the user logon success
Authentication of login method based on secret key
(1) First generate a pair of keys on the client (Ssh-keygen)
(2) and copy the client's public key (Ssh-copy-id) to the server
(3) When the client sends the connection request again, including the IP, the user name
(4) After the server gets the client's request, it will look in the Authorized--keys, if there is a response to the IP and the user, will randomly generate a string, such as: ACDF
(5) The server encrypts the string using the public key copied by the client and sends it to the client.
(6) After receiving the message from the server, the client decrypts with the private key and sends the decrypted string to the service side
(7) The server accepts a string from the client, compares it to the previous string, and allows password-free login if it is consistent
Key-based authentication
Key-based authentication:
(1) Generating a key pair on the client
SSH-KEYGEN-T RSA (Specify encryption mode)-P ' (Specify empty password)-F "~/.ssh/id_rsa"
(2) Transfer the public key file to the home directory of the remote server corresponding to the user
Ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]
(3) test
(4) Implement key-based verification in SECURECRT or Xshell
Creating a Identity.pub file, create a public key, SECURECRT tools
Convert to OpenSSH compatible format (suitable for Securecrt,xshell do not need conversion format), and copied to the required log on the host on the corresponding file Authorized_keys, note that the permissions must be 600, the need to log on the SSH host to execute:
Ssh-keygen-i-F identity.pub >>. Ssh/authorized_keys
(5) Reset the private key password:
Ssh-keygen–p (Encrypt the private key)
(6) Authentication Agent (authentication agent) Confidential decrypted key
So the password only needs to be entered once
In Gnome, the agent is automatically provided to the root user
Otherwise run Ssh-agent bash
(7) Key is added to the agent by command
Ssh-add
Example: Configuring a key-based, password-free login
1. Generate key pair in client A, press 3 times enter key
[[email protected] ~/.ssh] #ssh-keygen
2. Pass the public key to the corresponding home directory of client B and rename it to Authorized_keys
3. Check if there are authorized_keys files in the directory of the client BDE ~/.ssh
4, in Client A test connection Client B, found no need to enter a password, direct login
Linux Nine Yin canon of nine yin Bones claw fragment 2 (SSH)