How to install and configure ssh in yum in CentOS

Source: Internet
Author: User
Tags ssh server
1. install the SSH copy code example: yuminstallssh2. start the SSH copy code example: servicesshdstart3. set the sample code for running the Copy code at startup: chkconfigsshdon 1. modify the SSH configuration file first.

1. install SSH
 

Sample code for copying code:

Yum install ssh

2. start SSH
 

Sample code for copying code:

Service sshd start

3. set the startup operation
 

Sample code for copying code:

Chkconfig sshd on

1. modify SSH-related configuration files

First, modify the SSH configuration file.
 

Sample code for copying code:

[Root @ jbxue ~] # Vi/etc/ssh/sshd_config using vi to open the SSH configuration file
# Protocol locate this row and delete the line header "#". then, delete ", 1" at the end of the line, and only allow connections in SSH2 mode.
Bytes
The Protocol 2 Protocol changes to this status after modification. only SSH2 is used.

# ServerKeyBits 768 rows find this line, remove "#" at the beginning of the line, and change 768 to 1024
Bytes
Changed ServerKeyBits 1024 bytes to this status, and changed the ServerKey strength to 1024 bits.

# PermitRootLogin yes locate this line, remove "#" at the beginning of the line, and change "yes" to "no ".
Bytes
PermitRootLogin no logs is changed to this status and cannot be logged on using root.

# PasswordAuthentication yes locate this line and change yes to no
Bytes
PasswordAuthentication no. login is changed to this status, and password-based logon is not allowed.

# PermitEmptyPasswords no longer find this row and delete the line header "#". empty password logon is not allowed.
Bytes
PermitEmptyPasswords no. changed to this status. do not log on with a blank password.

Save and exit. (The command for saving and exiting vi is ZZ)

Because we only want to make the SSH service more convenient for the management system, we only allow the intranet client to log on to the server through SSH without going through the Internet remote management system, to minimize unsafe factors.
The setting method is as follows:
 

Sample code for copying code:

[Root @ jbxue ~] # Vi/etc/hosts. deny blocks modify the blocking rule and add corresponding lines at the end of the text
# Hosts. deny This file describes the names of the hosts which are
# ** Not * allowed to use the local INET services, as decided
# By the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# The new secure portmap uses hosts. deny and hosts. allow. In particle
# You shoshould know that NFS uses portmap!
Sshd: ALL clients add this line to shield all ssh connection requests.
[Root @ jbxue ~] # Vi/etc/hosts. allow modify permit rules and add corresponding lines at the end of the text
#
# Hosts. allow This file describes the names of the hosts which are
# Allowed to use the local INET services, as decided
# By the '/usr/sbin/tcpd' server.
#

Sshd: 192.168.0. allow add this line, only allow SSH connection requests from the intranet

II. restart SSH to start
After modifying the SSH configuration file, you must restart the SSH service to make the new settings take effect.
 

Sample code for copying code:

[Root @ jbxue ~] #/Etc/rc. d/init. d/sshd restart the SSH server
Stopping sshd: [OK]
Starting sshd: [OK] the restart SSH server is successfully restarted.

At this time, on the remote terminal (personal PC, etc.), you cannot log on to the server by using the SSH client software with a normal password. In order for the customer to log on to the server, we will create a public key and private key for SSH to log on to the SSH server as a "key" for the client.

3. establishment of the public key and private key of SSH2
Logon is a general user who establishes a public key and a private key based on this user. (The following uses the centospub user as an example)
 

Sample code for copying code:

[Root @ jbxue ~] # Centospub login: general user centospub
[Centospub @ jbxue ~] $ Ssh-keygen-t rsa KeyStore creates a public key and a private key
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kaz/. ssh/id_rsa): the name of the KeyStore key file. press Enter by default.
Created directory '/home/kaz/. ssh'
Enter passphrase (empty for no passphrase): Enter your password
Enter same passphrase again: Enter the password again
Your identification has been saved in/home/kaz/. ssh/id_rsa.
Your public key has been saved in/home/kaz/. ssh/id_rsa.pub.
The key fingerprint is:
Tf: rs: e3: 7 s: 28: 59: 5 s: 93: fe: 33: 84: 01: cj: 65: 3b: 8e centospub@jbxue.centospub.com

Then confirm the establishment of the public key and the key, and some processing corresponding to the client.
 

Sample code for copying code:

[Centospub @ jbxue ~] $ Cd ~ /. Enter the Directory of the user's ssh configuration file.
[Centospub @ jbxue. ssh] $ ls-l hosts list objects
Total 16
-Rw --- 1 centospub 951 Sep 4 id_rsa Keys confirm that the private key has been created
-Rw-r-1 centospub 241 Sep 4 id_rsa.pub secret confirm that the public key has been created
[Centospub @ jbxue. ssh] $ cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys export public key content to the corresponding file
[Centospub @ jbxue. ssh] $ rm-f ~ /. Ssh/id_rsa.pub KeyStore delete the original public key file
[Centospub @ jbxue. ssh] $ chmod 400 ~ /. Ssh/authorized_keys secret set the attribute of the new public key file to 400

Then, the private key is securely transferred to the PC on which you want to connect to the server through SSH. The following uses a 3.5-inch disk as the media:
 

Sample code for copying code:

[Centospub @ jbxue. ssh] $ exit logging out of normal user logon (return to root logon)
[Root @ jbxue ~] # Mount/mnt/floppy/ephemeral mount the floppy drive
[Root @ jbxue ~] # Mv/home/centospub/. ssh/id_rsa/mnt/floppy/volumes move the created private key to a floppy disk
[Root @ jbxue ~] # Umount/mnt/floppy/uninstall detach a floppy disk drive

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.