Article Title: Practical SSH skills and instructions for using common commands. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Commands available for SFTP
CD change Directory
LS to list objects
MKDIR
RMDIR
PWD
CHGRP
CHOWN
CHMOD
LN oldna em NEWNAME
RM PATH
RENAME OLDNAME NEWNAEM
EXIT
LCD PATH changes the current directory to the local directory
LLS
LMKDIR
Lpwd l = LOCALHOST
PUT LOCALHOST_PATH HOST_PATH
PUT local directory or file
GET remote host directory local directory
GET remote host directory or file
GET *
GET *. RPM
# $ OpenBSD: sshd_config, v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# Sshd_config (5) for more information.
# This sshd was compiled with PATH =/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped
# OpenSSH is to specify options with their default value where
# Possible, but leave them commented. Uncommented options change
# Default value.
# Port 22 SSH default strong Port
# Select the SSH version for Protocol
# ListenAddress 0.0.0.0 IP address of the listener
# ListenAddress ::
# HostKey for protocol version 1
# Key used by HostKey/etc/ssh/ssh_host_key ssh version 1
# HostKeys for protocol version 2
# The RSA private key used by HostKey/etc/ssh/ssh_host_rsa_key ssh version 2
# DSA private key used by HostKey/etc/ssh/ssh_host_dsa_key ssh vaesion 2
# Lifetime and size of ephemeral version 1 server key
# KeyRegenerationInterval 3600 key generation interval
# Length of ServerKeyBits 768 SERVER_KEY
# Logging
# Obsoletes QuietMode and FascistLogging
# SyslogFacility the default location of the SSH Login system record information is/VAR/LOG/SECUER
SyslogFacility AUTHPRIV
# LogLevel INFO
# Authentication:
# UserLogin no does not accept LOGIN program LOGIN under SSH
# LoginGraceTime 120
# PermitRootLogin yes whether to allow the ROOT user to log on
# StrictModes yes the user's HOST_KEY is not allowed to log on when it is changed.
# Does RSAAuthentication yes use pure RAS authentication for VERSION 1?
# PubkeyAuthentication yes whether to use PUBLIC_KEY for VERSION 2
# AuthorizedKeysFile. ssh/authorized_keys the name of the file in which the account stores files when using an account that does not require password login
# Rhosts authentication shocould not be used
# RhostsAuthentication no local system does not use RHOSTS is not secure
# Don't read the user's ~ /. Rhosts and ~ /. Shosts files
# Whether IgnoreRhosts yes cancels the above authentication method. Of course, yes
# For this to work you will also need host keys in/etc/ssh/ssh_known_hosts
# RhostsRSAAuthentication no. It is not recommended to use the RHOSTS file for VERSION 1 for authentication in/ETC/HOSTS. EQUIV and RAS.
# Similar for protocol version 2
# HostbasedAuthentication no is for VERSION 2.
# Change to yes if you don't trust ~ /. Ssh/known_hosts
# RhostsRSAAuthentication and HostbasedAuthentication
# IgnoreUserKnownHosts no whether to ignore the main directory ~ /. Ssh/known_hosts file record
# To disable tunneled clear text passwords, change to no here!
# PasswordAuthentication yes password verification required
# PermitEmptyPasswords no whether empty password login is allowed
# Change to no to disable s/key passwords
# ChallengeResponseAuthentication yes challenge any password verification
# Kerberos options
# Define custom uthentication no
# KerberosOrLocalPasswd yes
# Define osticketcleanup yes
# AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
# Define ostgtpassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'passwordauthentication'
# PAMAuthenticationViaKbdInt no
# X11Forwarding no
X11Forwarding yes
# X11DisplayOffset 10
# X11UseLocalhost yes
# PrintMotd yes whether the last login information is displayed
# PrintLastLog yes: displays the Last login information
# KeepAlive yes send connection information
# UseLogin no
# UsePrivilegeSeparation yes user permission settings
# PermitUserEnvironment no
# Compression yes
# Set the connection screen of MaxStartups 10 from the connection to the login screen
# No default banner path
# Banner/some/path
# VerifyReverseMapping no
# Override default of no subsystems
Subsystem sftp/usr/libexec/openssh/sftp-server
DenyUsers * sets blocked users to represent all users
DenyUsers test
DenyGroups test
SSH Automatic Login settings
1. Set PUBLIC_KEY and PRIVATE_KEY for the CLIENT.
[TEST @ TEST] SSH-KEYGEN? T rsa //-T indicates that the RSA encryption algorithm is used.
Key Generation folder $ HOME/. SSH/ID_RSA
Upload PUBLIC_KEY to SERVER
Sftp test @ TEST
LCD/HOME/. SSH
PUT ID_RSA.PUB
EXIT
Log on to the SERVER
Execute Command
[TEST @ test ssh] CAT ...... /ID_RSA.PUB> AUTHORIZED_KEYS
Related Security Settings
/ETC/SSH/SSHD_CONFIG
/ETC/HOSTS. ALLOW
/ETC/HOSTS. DENY
IPTABLES
Edit/ETC/HOSTS. DENY
SSHD: ALL: SPAWN (/BIN/echo security notice from host'/BIN/hostname ';\
/BIN/ECHO;/USR/SBIN/SAFE_FINGER @ % H) | \
/BIN/MAIL? S "% d-% h security" ROOT @ LOCALHOST &\
: TWIST (/BIN/ECHO? E "\ N \ nWARNING connection not allowed. You attempt has been logged. \ n warning information