1. What is openssh
is a software that provides remote access control.
2. remote login via ssh
SSH [email protected] # Login
Louout # Log Out
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/86/F6/wKioL1fP2MCQ4wcLAAFQgJ_mgnc851.png "title=" Picture 1.png "alt=" Wkiol1fp2mcq4wclaafqgj_mgnc851.png "/>
2.ssh key authentication
key is divided into public Keyand PrivateKey# Public Key equivalent to lock private Keyequivalent to the key
(1) Create key
Ssh-keygen # Generate key
[[email protected] desktop]# Ssh-keygen # Create key
Generating public/private RSA key pair. # Creation Process
Enter file in which to save the key (/root/.ssh/id_rsa): # generates A key storage location, it is recommended to use the default
Enter passphrase (empty for no passphrase): #key password, can be empty
Enter same passphrase again: # repeat key 's password
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
8c:dd:ed:96:49:73:db:e8:38:0a:7c:fc:25:90:c4:42 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| E |
| . . |
| . o |
| + + O |
| . S + +. |
| . . + = + |
| o O * +. |
| o o.= |
| .. O.. |
+-----------------+ # creation process
Key storage location #is_rsa. Pub is the public key,Id_rsa is the private key
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/86/F7/wKiom1fP2Omg1j9MAAB04MzRNpA036.png "title=" Picture 2.png "alt=" Wkiom1fp2omg1j9maab04mzrnpa036.png "/>
(2) use key to encrypt target user of target host
Ssh-copy-id-i/home/test/.ssh/id_rsa.pub [email protected]
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/86/F6/wKioL1fP2QSBT1SIAAFWHzwAxyk633.png "title=" Picture 3.png "alt=" Wkiol1fp2qsbt1siaafwhzwaxyk633.png "/>
Ssh-copy-id # # # tools to upload key
- I. # # # Specifies the public key to use
/home/test/.ssh/id_rsa.pub ##### using the name of the public key
Root # # # of managed target users
172.25.28.10 # # # IP of the host on which the managed user resides
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/86/F8/wKiom1fP2RrT8kpgAAB-MtcmatE397.png-wh_500x0-wm_3 -wmp_4-s_327287044.png "title=" image 4.png "alt=" Wkiom1fp2rrt8kpgaab-mtcmate397.png-wh_50 "/>
The highlighted Authorized_keys file is the final key file created. # The content is the same as the public key. Can be sent to specific users for their login.
(3) Simple configuration of sshd services
/etc/ssh/sshd_config # # #sshd configuration file for service
permitrootlogin yes|no# # # # # # allows the root user to pass sshd The Certification
passwordauthentication Yes|no # # # Turn user password Authentication on or off
allowusers Student Westos # # # user Whitelist, only allow users appearing on the list to use the sshd service
systemctl Restart sshd # # Reload configuration
Key authentication for SSH and SSH