SSH under Ubuntu

Source: Internet
Author: User
Tags file transfer protocol openssh server rsync ssh port ssh secure shell ssh server

ssh under Ubuntu
First, introduce

SSH is the abbreviation for secure Shell, developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer and transport layer. SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process. SSH was originally a program on a UNIX system, and later expanded quickly to other operating platforms. SSH can compensate for vulnerabilities in the network when it is used correctly. The SSH client is available on a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and other platforms-can run SSH.


SSH is divided into client and server.
The server is a daemon, typically an sshd process that runs in the background and responds to requests from the client. Provides processing of remote requests, typically including public key authentication, key exchange, symmetric key encryption, and unsecured connections.
The client is usually the SSH process, and also includes SCP, Slogin, SFTP and other processes.

Working mechanism:
1. The client sends a connection request to the remote server
2. The server checks the requested package and IP address, and then the key to the SSH client;
3. The client then sends the key back to the server, from which the connection is established.

From the client side, SSH provides two levels of security validation.
First level (password-based security authentication)
As long as you know your account number and password, you can log on to the remote host. All transmitted data will be encrypted, but there is no guarantee that the server you are connecting to is the one you want to connect to. There may be other servers impersonating a real server, which is an attack by the "middleman".
Second level (key-based security verification)
You need to rely on the key, which means you have to create a pair of keys for yourself and place the public key on the server you need to access. If you are connecting to an SSH server, the client software makes a request to the server requesting security verification with your key. After the server receives the request, look for your public key in your home directory on the server and compare it to the public key you sent. If the two keys are consistent, the server encrypts the "Challenge" (challenge) with a public key and sends it to the client software. After the client software receives a "challenge", it can use your private key to decrypt it and send it to the server.
In this way, you must know the password of your secret key. However, the second level does not require a password to be sent over the network compared to the first level.
The second level not only encrypts all transmitted data, but the "man in the middle" approach is also impossible (because he does not have your private key). However, the entire login process may take up to 10 seconds.


-----------------------------------------------------------------------------------------------------
Second, Ubuntu open SSH service 1 Install SSH sub-client openssh-client and Openssh-server
If you just want to login to another machine, SSH only need to install Openssh-client (Ubuntu has a default installation, if not the sudo apt-get install openssh-client), If you want to make the native SSH service open, you need to install Openssh-server

sudo apt-get install Openssh-server



(View the returned results, and if there is no error, enter the IP address of your server with the SSH client software, such as Putty, SecureCRT, SSH Secure Shell client, and so on.) If all goes well, wait a moment to connect. And you should be able to log in using your existing username and password.

2 Viewing the SSH client version sometimes it is necessary to confirm the SSH client and its corresponding version number. Use the SSH-V command to get the version number. It is important to note that Linux generally comes with OpenSSH: The following example shows that the system is using OpenSSH:
$ ssh-v openssh_6.6.1p1 ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014


3 Confirm that the Sshserver is started:
Ps-e |grep SSH


Or
Netstat-tlp



If you see sshd that means Ssh-server has been activated.
If only ssh-agent that Ssh-server has not yet started.

3 Start SSH
Start if not started: Sudo/etc/init.d/ssh start

The Ssh-server configuration file is located in/etc/ssh/sshd_config, where you can define the service port for SSH, the default port is 22, and you can define it yourself as a different port number, such as 222.

Port 222

Then restart the SSH service.

OpenSSH Server is installed. You can make the login time shorter by/etc/ssh/sshd_config files.
Because sshd needs to reverse-check the client's DNS information, the logon time slows down. You can disable this feature to increase the speed of login. First, open the Sshd_config file:
sudo gedit/etc/ssh/sshd_config
Find the GSSAPI Options section and comment out the following two lines:
#GSSAPIAuthentication Yes #GSSAPIDelegateCredentials no

Then restart the SSH service.

4 Restart SSH service sudo/etc/init.d/ssh stop #停止
Sudo/etc/init.d/ssh Start #启动
or Sudo/etc/init.d/ssh Resart #重启


5 Client login ssh:1) SSH remote_ip
2) ssh-l username remote_ip
3) SSH [email protected]_ip #将username换成自己的用户名, replace remote_ip with the IP address of the remote server
     SSH [email protected]
WSH is a user on the 192.168.3.102 machine and needs to enter a password.
4) Log in to the server by using PuTTy certificate authentication
SSH service, all the content is encrypted transmission, security is basically guaranteed. With certificate authentication, security is higher, and certificate authentication can be automatically logged in.
First, modify the Sshd_config file to turn on the certificate authentication option:
Rsaauthentication Yes
Pubkeyauthentication Yes
Authorizedkeysfile%h/.ssh/authorized_keys
Restart the SSH service after the modification is complete.
Second, establish the private key and public key for the SSH user.
Log in to the account where you need to establish the key (note that you need to exit the root user), use the SU command----> Run: Ssh-keygen----> Store the generated key in the default directory.
(The process will be prompted to enter passphrase, which is equivalent to the certificate with a password, so that even if the certificate is accidentally copied away is not afraid.) If this is left blank, you can implement PUTTY certificate-certified automatic login later.
The Ssh-keygen command generates two keys, and we need to rename the public key to be left on the server:
CD ~/.ssh MV Id_rsa.pub Authorized_keys
The private key Id_rsa is then copied from the server and the Id_rsa file on the server is removed. The settings on the server are done.
The following steps need to be done on the client computer.
First, we need to convert the Id_rsa file to the PuTTy supported format. Here we need to use the PuTTyGEN tool:
Click the Load button in the PuTTyGen interface, select the Id_rsa file, enter passphrase (if any), then click the Save privatekey button so that the PuTTy accepted private key is ready.
Open PuTTy, enter the server's IP address in the Session, click the Browse button under Connection->ssh->auth, and select the private key that you just generated. Then go back to the Connection option and enter the user name that the certificate belongs to in Auto-login username. Go back to the Session tab and enter a name to save the session. Click on the bottom of Open should be able to log on to the server through certificate authentication. If there is passphrase, the login process will require input passphrase, otherwise it will be directly logged on to the server, very convenient.



6 Disconnecting: Exit
7 Some operations:
1) Copy files/folders from remote server to local (SCP)
  scp-r [email protected]_ip:/home/username/remotefile.txt./


2) Copy files/folders from local to remote server (SCP)
Scp-r localfile.txt [Email protected]_ip:/home/username/


3) Copy files/folders from remote server to local (rsync)
Rsync-v-u-a--delete--rsh=ssh–stats [email protected]_ip:/home/username/remotefile.txt


4) Copy files/folders from local to remote server (rsync)
Rsync-v-u-a--delete--rsh=ssh--stats localfile.txt [email protected]_ip:/home/username/



5) Connect a server with a remote SSH non-22 port (SSH port 12345)

Ssh-p 12345 [Email protected]_ip



6) remote copy of SSH non 22 port server files (SSH port is 12345)

     Scp-p 12345 local_file [email protected]_ip:remote_dir     scp-p 12345 [email protected]_ip:remote_file local_dir    Scp-o port=12345 [email protected]_ip:remote_file local_dir    scp-p 12345-r local_dir/.* [email protected]_ip:remote _dir

Copy directory,-R is a recursive copy of the directory under directory. ". *" is a copy of the hidden file is also copied past. You will need to create the appropriate directory at the far end first.

7) Usage of SFTP (Secure File Transfer Protocol)

  Sftp-o port=12345 [Email protected]_ip:remote_dir



8) SSH default configuration is to allow root login, you can modify the configuration table to prevent its login
Permitrootlogin No #禁止
Permitrootlogin Without-password #不需要密码登陆
-------------------------------------------------------------------------------------
Resources:
[1] Baidu Encyclopedia
[2] Http://www.cnblogs.com/xiazh/archive/2010/08/13/1798844.html
[3] Http://www.cnblogs.com/chen1987lei/archive/2010/12/02/1894768.html
[4] Http://blog.sina.com.cn/s/blog_6cb543ef0100upx9.html
[5] Http://www.cnblogs.com/rond/p/3688529.html
---------------------------------------------------------------------------------


Author:wsh

Email: [Email protected]


Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

SSH under Ubuntu

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.