SSH remote control

SSH remote control-Linux Enterprise Application-Linux server application information. See the following for details. What is SSH
In short, ssh provides a remote shell mechanism for linux. Take machine A and machine B as an example. ssh can use machine A to mobilize the shell program in machine B to process transactions. In addition to remote shell calls, ssh also provides ftp functions for file transfer between hosts.

In fact, telnet and ftp have similar functions as ssh, but the data transmitted by telnet and ftp during host interconnection is not encrypted and can be easily stolen by a third party. Ssh can encrypt the data transmitted between hosts, providing high security. Therefore, telnet and ftp are not recommended.

Start the SSH service
Ssh is composed of clients and servers. Before using the ssh service, first check whether ssh has been installed in your Linux system (each release has its corresponding software package management tool available ), run the following command to check whether the server (the machine you want to remotely log on to) has been started:

#> Netstat-tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
......
Tcp 0 0 *: ssh *: * LISTEN
......

Netstat is a network query command. Its Parameter "-t" indicates the connection behavior of tcp data packets, and the parameter "-l" indicates the listener status. If the output result of "netstat-tl" is shown in the code above, it indicates that the server-side ssh service is started.

If the ssh service is not started, you need to start it manually by searching for the "ssh" or "sshd" file in the/etc/init. d directory. If yes, run the following command:

# Cd/etc/init. d
#./Ssh start

In some Linux distributions, the "init. d" directory is not necessarily under "/etc", depending on the specific version.

If you want to automatically start the ssh service when starting the instance, you can:
# Rc-update add/etc/init. d/ssh default

Other Linux distributions also have their own configuration methods. If you are not clear about them, you can choose the specific release version based on google.

Ssh connections
For example, if the IP address of my machine is "192.168.0.22", I want to ssh to the IP address is "192.168.0.2" and perform some operations with the user "m2" on this machine. The steps are as follows:

$ Ssh m2@192.168.0.2.

The authenticity of host' 192. 168.0.2 (192.168.0.2) 'can't be established.
RSA key fingerprint is
83: a0: ed: c8: db: 18: b4: 23: 28: 9b: e8: 0d: e3: fd: 96: 91.

Are you sure you want to continue connecting (yes/no )? Yes
<= Enter "yes" here "!

Warning: Permanently added '192. 168.0.88 '(RSA) to the list of known hosts.

M2@192.168.0.2's password:
<= Enter the password of user m2 on machine 192.168.0.2, and then enter the machine

[M2 @ ~] $

Enter the m2@192.168.0.2, you can call the machine's shell function. To exit the ssh disconnection, type "exit. Using sftp to log on to a remote host is similar to using ssh.

Ssh advanced connection
According to the general ssh connection operation steps, you must repeatedly enter the host user password every time you log on to the remote host, which is too cumbersome. You can use the authentication mechanism provided by ssh to avoid repeated host-End User Password Input. Here we will talk about the remote connection encryption mechanism.

After the ssh server is started, a Public Key (actually a group of numbers) is generated ). When an ssh client sends a connection request to an ssh server, the ssh server usually sends a private key to the ssh client. After a communication connection is established, the data sender can encrypt the transmitted data based on the master key. The recipient can use the master key to decrypt the data. Data encryption and decryption are actually matching the public key and private key.

The authentication mechanism between hosts and clients provided by ssh is also implemented by matching the public key of the ssh server with the private key of the ssh client. The specific implementation steps are as follows:

# Generate a Public Key and a Private Key on the client. The rsa option parameter in the following command indicates that the Key is generated using the rsa encryption algorithm.

$ Ssh-keygen-t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/silent/. ssh/id_rsa): <= Press Enter

Enter passphrase (empty for no passphrase): <= Enter

Enter same passphrase agin: <= Enter

Your identification has been saved in/home/silent/. ssh/id_rsa <= This is the private key

Your public key has been saved in/home/silent/. ssh/id_rsa.pub <= This is the public key

Keep the private key in the default generated directory, and use sftp to copy the public key to the Home Directory of the corresponding user on the ssh server, for example, if the IP address is "192.168.0.2", the m2 user "/home/m2" directory on the machine is:

$ Sftp m2@192.168.0.2

Enter the password:
Sftp> put/home/silent/. ssh/id_rsa_pubsftp> exit

Then, connect to the ssh server using ssh and perform the following operations ,:

$ Cd/home/m2/. ssh
$ Cat ../id_rsa_pub> authorized_keys

After completing the above steps, you can directly log on to the m2@192.168.0.2 on the ssh client machine without entering the password:

$ Ssh m2@192.168.0.2.