Installation and use of SSH in Ubuntu environment

Installation and use of SSH in Ubuntu environment

SSH refers to secure Shell, which is a secure transport protocol that allows Ubuntu clients to access remote servers via SSH. SSH introduction and working mechanism can be a look at the article SSH introduction and working mechanism.

SSH sub-client openssh-client and Openssh-server

If you just want to log on to another machine SSH only need to install Openssh-client (Ubuntu has a default installation, if not sudoapt-get install openssh-client), If you want to make the native SSH service open, you need to install Openssh-server.

One Installing the client

Ubuntu has the SSH client installed by default.

sudo apt-get install ssh or sudo apt-get installopenssh-client

Ssh-keygen

(press ENTER to set default values)

The Id_rsa and id_rsa.pub files are generated by default, respectively, the private key and the public key.

description : If sudo apt-get insall ssh error, unable to install can be installed using sudo apt-get install openssh-client.

Assume that the server IP for the 192.168.1.1,SSH service port number is 22, the server has a user root;

The commands to log in to the server with SSH are:

>ssh–p [email protected]

> Enter the root user's password

Second, install the service side

Ubuntu does not have SSH Server installed by default and installs using the following command:

sudo apt-get install Openssh-server

Then confirm that the Sshserver is started: (or with "NETSTAT-TLP" command)

Ps-e|grep SSH

If only ssh-agent that Ssh-server has not started, need to/etc/init.d/ssh start, if you see the sshd that shows that Ssh-server has been started.

If not, you can start this way:

Sudo/etc/init.d/ssh start

In fact, if there are no special needs, here OpenSSH Server is installed. But setting it up further can make the OpenSSH logon time shorter and more secure. All of this is done by modifying the OpenSSH configuration file sshd_config.

third, SSH configuration

The Ssh-server configuration file is located in/etc/ssh/sshd_config, where you can define the service port for SSH, the default port is 22, and you can define it yourself as a different port number, such as 222. Then restart the SSH service:

[HTML]View PlainCopy

1. Sudo/etc/init.d/sshresart

By modifying the configuration file/etc/ssh/sshd_config, you can change the SSH login port and disable root login. The port can be changed to prevent the port from being scanned.

[HTML]View PlainCopy

1. sudo cp/etc/ssh/sshd_config/etc/ssh/sshd_config.original
2. Sudochmod a-w/etc/ssh/sshd_config.original

To edit a configuration file:

[HTML]View PlainCopy

1. Gedit/etc/ssh/sshd_config

Locate #port 22, remove the comment, and modify it to a five-bit port:

Port 22333

Find #permitrootlogin Yes, remove the comment, and modify it to:

Permitrootlogin No

Restart when configuration is complete:

[HTML]View PlainCopy

1. Sudo/etc/init.d/ssh restart

[HTML]View PlainCopy

iv. SSH service commands

Stop service: Sudo/etc/init.d/ssh stop

Start Service: SUDO/ETC/INIT.D/SSH start

Restart Service: Sudo/etc/init.d/sshresart

Disconnect: Exit

Login: SSH[email protected]

Root is the user on the 192.168.0.100 machine and needs to enter a password.

v. SSH LOGIN Commands

Common format: SSH [-llogin_name] [-P port] [[Email Protected]]hostname

More details can be viewed with ssh-h.

Example

Do not specify User:

[HTML]View PlainCopy

1. SSH 192.168.0.1

Specify User:

[HTML]View PlainCopy

1. Ssh-l Root 192.168.0.1
2. SSH [email protected]

If you have modified the SSH login port, you can:

[HTML]View PlainCopy

1. Ssh-p 22333 192.168.0.111
2. Ssh-l root-p 22333 216.230.230.105
3. Ssh-p 22333 [email protected]

six, improve logon speed

When you log in remotely, you may find that you need to wait a long time before entering your username to prompt for a password. In fact this is because sshd needs to reverse the client's DNS information caused. You can significantly increase the speed of logins by disabling this feature. First, open the Sshd_config file:

[HTML]View PlainCopy

1. sudo nano/etc/ssh/sshd_config

Find the GSSAPI Options section and comment out the following two lines:

#GSSAPIAuthentication Yes #GSSAPIDelegateCredentials No and then restart the SSH service:

[HTML]View PlainCopy

1. Sudo/etc/init.d/ssh restart

Try again, it should be very fast.

Vii. using PuTTy to log on to the server through certificate authentication

SSH service, all the content is encrypted transmission, security is basically guaranteed. However, if you can use certificate authentication, security will be higher, and after certain settings, but also to achieve the effect of automatic login certificate certification.

First modify the Sshd_config file to turn on the certificate authentication option:

Rsaauthentication Yes pubkeyauthentication yesauthorizedkeysfile%h/.ssh/authorized_keys after the modification is complete, restart the SSH service.

Next we need to establish a private key and public key for the SSH user. First of all to login to the account that needs to establish the key, here note the exit root user, need to use the SU command to switch to another user. Then run:

[HTML]View PlainCopy

1. Ssh-keygen

Here, we will store the generated key in the default directory. The establishment of the process will be prompted to enter passphrase, which is equivalent to the certificate to add a password, but also to improve security measures, so that even if the certificate was accidentally copied away is not afraid. Of course, if this is left blank, then you can implement PuTTy through certificate authentication automatic login.

The Ssh-keygen command generates two keys, first we need to rename the public key to the server:

[HTML]View PlainCopy

1. CD ~/.ssh MV Id_rsa.pub Authorized_keys

The private key Id_rsa is then copied from the server and the Id_rsa file on the server is removed.

The settings on the server are finished, and the following steps need to be done on the client computer. First, we need to convert the Id_rsa file to the PuTTy supported format. Here we need to use the PuTTyGEN tool:

Click the Load button in the PuTTyGen interface, select the Id_rsa file, enter passphrase (if any), then click the Save privatekey button so that the PuTTy accepted private key is ready.

Open PuTTy, enter the server's IP address in the Session, click the Browse button under Connection->ssh->auth, and select the private key that you just generated. Then go back to the Connection option and enter the user name that the certificate belongs to in Auto-login username. Go back to the Session tab and enter a name to save the session. Click on the bottom of Open should be able to log on to the server through certificate authentication. If there is passphrase, the login process will require input passphrase, otherwise it will be directly logged on to the server, very convenient.

http://blog.csdn.net/netwalk/article/details/12952051

Installation and use of SSH in Ubuntu environment