Install and configure CentOS SSH

SSH is short for Secure Shell, developed by the Network Working Group of IETF. SSH is a security protocol built on the application layer and transport layer.

Traditional network service programs, such as FTP, POP, and Telnet, are inherently insecure because they transmit data, user accounts, and user passwords in plaintext over the network, attackers are vulnerable to man-in-the-middle attacks. There is another person or a machine impersonating a Real Server to receive data from the user to the server, and then impersonating the user to pass the data to the Real Server.

SSH is a reliable protocol designed for remote logon sessions and other network services. The SSH protocol can effectively prevent information leakage during Remote Management. SSH can be used to encrypt all transmitted data and prevent DNS Spoofing and IP spoofing.

Install SSH:

Yum install ssh

Start SSH:

Service sshd start

Set the startup to run:

Chkconfig sshd on

OpenSSH is installed on CentOS by default, even if you install it with minimal effort.

SSH Configuration:

1. Modify vi/etc/ssh/sshd_config, and delete and modify the parameter values according to the parameter annotations to be modified in the template:

Port 22 specifies the Port number of the SSH connection. We do not recommend that you use the default Port 22 for security.

Protocol allows connection between SSH1 and SSH2. We recommend that you set this parameter to Protocal 2.

Other parameters are adjusted as needed. For the configuration method, see man ssh_config.

2. Modify hosts. deny and add a line at the end:

Sshd: All

3. Modify hosts. allow to add a line at the end:

Sshd: All

If you want to install an IP address that can restrict access, set it as follows:

Sshd: 192.168.0.101

Sshd: 192.168.0.102

The above configuration indicates that only 101 and 102 servers are allowed for SSH connection.

4. Start SSH

/Etc/init. d/sshd start

Now SSH can be connected.

Enter the connection IP Address

Configure related parameters

Select UTF-8 to support Chinese display

Automatically enter the logon User root

Enter the user name to connect to the server.

However, at present, we still need to enter a password for SSH connection. The following describes how to use a key to connect, saving the trouble of entering a password:

1. Create a key on the managed Machine

[Root @ localhost ~] # Mkdir/root/. ssh [root @ localhost ~] # Ssh-keygen-t rsaGenerating public/private rsa key pair. enter file in which to save the key (/root /. ssh/id_rsa): # Enter the default path Enter passphrase (empty for no passphrase): # Enter the password phrase Enter same passphrase again: # repeated password phrase Your identification has been saved in/root /. ssh/id_rsa. # if an error is reported here because SeLinux is caused by the following Policy: yum install selinux-policyYour public key has been saved in/root /. ssh/id_rsa.pub.The key fingerprint is: aa: 76: 71: 1e: 51: fe: 3b: 4c: 51: 30: b2: 90: 55: e9: 58: 7c root@localhost.localdomainThe key's randomart image is: + -- [RSA 2048] ---- + |. ooo + o |... o +. E | o. + o |. o | S... | .. o |. +. o. | .... + | .... | + --------------- +

2. putty production key

Open puttygen. If you do not have this program, you can download it from the official putty website.

Click Generate. in the red box, move the mouse to see that the key generation is complete.

The above red box shows the public key we generated. This public key is used to place it on the managed server, and the private key is placed on your own machine.

Key comment is a remark. If it is an enterprise environment, there will be a lot of public keys on a machine. for recognition, a remark is usually defined according to everyone's own.

You can use the email address or employee ID, enter the Key comment, copy the public Key, and click Saved public Key and Saved Private Key to save the two keys.

Access the password-opening proxy tool pageant.exe(in the same example, you can download it on the official website of putty2. if you still need to use other tools of putty, they can share the key verification without repeatedly setting the key.

Right-click the pageant.exe icon in the task column and choose view keys to open the following window.

Click Add key to Add the saved private key.

3. Deploy managed machine keys

Copy the generated id_rsa.pub on the management machine to authrized. keys.

[Root @ localhost. ssh] # cp id_rsa.pub authrized. keys [root @ localhost. ssh] # chmod 600 authrized. keys # this step is required; otherwise, the connection fails.

Modify vi/root/. ssh/authrized. keys to delete the original secret, and delete the key produced by puttygen.exe (that is, the public key copied earlier)

sh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAh+gDpVSNIwBHZvmHS240AoueNHIgDHhczQ/fhiN/IdAQVdh7Ovw2pnJ4sd6so0kqCizsU7FOu2rvaK7vHC3QrrYmeqn94V595pYGLnMCbtEd7ONew47TU8wjtdldbc7liEmkTVIdkCbbrzQa372/u2LSjkldu2BUiXkevlnGNUc= hellwen.wu~~~~ 

Save and exit.

4. Enable putty Login

Pay attention to the red part. If you are often connected to this machine, it is recommended that you enter the IP address and configure it before entering the recognition name in the Saved Sessions and click the Save button, in this way, the connection configuration of the server will be retained for a long time in the list box.