Installation and configuration of Ubuntu 16.04 Server Software

Source: Internet
Author: User
Tags openssh server ssh server

Installation and configuration of SSH

SSH sub-client openssh-client and Openssh-server

If you just want to log on to another machine SSH only need to install Openssh-client (Ubuntu has a default installation, if not sudoapt-get install openssh-client), If you want to make the native SSH service open, you need to install Openssh-server.

One Installing the client

Ubuntu has the SSH client installed by default.

sudo apt-get install ssh  or sudo apt-get installopenssh-clientssh

(press ENTER to set default values)

The Id_rsa and id_rsa.pub files are generated by default, respectively, the private key and the public key.

description : If sudo apt-get insall ssh error, unable to install can be installed using sudo apt-get install openssh-client

Assume that the server IP is 192. 168.1. 1 , the port number for the SSH service is 22, the server has a user root, and the command to log in to the server with SSH is:  [email protected]192.168. 1.1> enter the password for the root user
Second, install the service side

Ubuntu does not have SSH Server installed by default and installs using the following command:

sudo apt-get Install Openssh-server

Then confirm that the Sshserver is started: (or with "NETSTAT-TLP" command)

Ps-e|grep SSH

If only ssh-agent that Ssh-server has not started, need to/etc/init.d/ssh start, if you see the sshd that shows that Ssh-server has been started.

If not, you can start this way:

Sudo/etc/init.d/ssh start

In fact, if there are no special needs, here OpenSSH Server is installed. But setting it up further can make the OpenSSH logon time shorter and more secure. All of this is done by modifying the OpenSSH configuration file sshd_config.

third, SSH configuration

The Ssh-server configuration file is located in/etc/ssh/sshd_config, where you can define the service port for SSH, the default port is 22, and you can define it yourself as a different port number, such as 222. Then restart the SSH service:

Sudo/etc/init.d/ssh Resart  

By modifying the configuration file/etc/ssh/sshd_config, you can change the SSH login port and disable root login. The port can be changed to prevent the port from being scanned.

sudo cp/etc/ssh/sshd_config/etc/ssh/sshd_config.original  sudochmod a-w/etc/ssh/sshd_config.original  

To edit a configuration file:

 A Permitrootlogin prohibit-password

Modify:

2233 Permitrootlogin No

Restart when configuration is complete:

iv. SSH service commands

Stop service: Sudo/etc/init.d/ssh stop

Start Service: SUDO/ETC/INIT.D/SSH start

Restart Service: Sudo/etc/init.d/sshresart

Disconnect: Exit

Login: [Email protected]

Root is the user on the 192.168.0.100 machine and needs to enter a password.

v. SSH LOGIN Commands

Common format: SSH [-llogin_name] [-P port] [[Email Protected]]hostname

More details can be viewed with ssh-h.

Example

Do not specify User:

192.168. 0.1

Specify User:

192.168. 0.1   ssh [email protected]192.168. 0.1  

If you have modified the SSH login port, you can:

2233 192.168. 0.111 2233 216.230 .    230.105 2233 [email protected]216.230.     230.105  
six, improve logon speed

When you log in remotely, you may find that you need to wait a long time before entering your username to prompt for a password. In fact this is because sshd needs to reverse the client's DNS information caused. You can significantly increase the speed of logins by disabling this feature. First, open the Sshd_config file:

sudo nano/etc/ssh/sshd_config  

Find the GSSAPI Options section and comment out the following two lines:

# GSSAPI Options#gssapiauthentication no#gssapicleanupcredentials Yes

Then restart the SSH service.

Vii. using PuTTy to log on to the server through certificate authentication

SSH service, all the content is encrypted transmission, security is basically guaranteed. However, if you can use certificate authentication, security will be higher, and after certain settings, but also to achieve the effect of automatic login certificate certification.

First modify the Sshd_config file to turn on the certificate authentication option:

rsaauthentication yespubkeyauthentication yes#authorizedkeysfile      %h/.ssh/authorized_keys

Restart the SSH service after the modification is complete.

Next we need to establish a private key and public key for the SSH user. First of all to login to the account that needs to establish the key, here note the exit root user, need to use the SU command to switch to another user. Then run:

Ssh-keygen  

Here, we will store the generated key in the default directory. The establishment of the process will be prompted to enter passphrase, which is equivalent to the certificate to add a password, but also to improve security measures, so that even if the certificate was accidentally copied away is not afraid. Of course, if this is left blank, then you can implement PuTTy through certificate authentication automatic login.

The Ssh-keygen command generates two keys, first we need to rename the public key to the server:

CD ~/.ssh MV Id_rsa.pub Authorized_keys  

The private key Id_rsa is then copied from the server and the Id_rsa file on the server is removed.

The settings on the server are finished, and the following steps need to be done on the client computer. First, we need to convert the Id_rsa file to the PuTTy supported format. Here we need to use the PuTTyGEN tool:

Click the Load button in the PuTTyGen interface, select the Id_rsa file, enter passphrase (if any), then click the Save privatekey button so that the PuTTy accepted private key is ready.

Open PuTTy, enter the server's IP address in the Session, click the Browse button under Connection->ssh->auth, and select the private key that you just generated. Then go back to the Connection option and enter the user name that the certificate belongs to in Auto-login username. Go back to the Session tab and enter a name to save the session. Click on the bottom of Open should be able to log on to the server through certificate authentication. If there is passphrase, the login process will require input passphrase, otherwise it will be directly logged on to the server, very convenient.

La La la

Installation and configuration of Ubuntu 16.04 Server Software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.