Sometimes it is necessary to confirm the SSH client and its corresponding version number. Use the SSH-V command to get the version number. It is important to note that Linux generally comes with OpenSSH: The following example shows that the system is using OpenSSH:
OPENSSH_3.9P1, OpenSSL 0.9.7a Feb 19 2003
The following example shows that the system is using SSH2:
Ssh:ssh Secure Shell 184.108.40.206 (non-commercial version) on I686-pc-linux-gnu
SSH [email protected] or
SSH remoteserver-l Name
Note: Both of these methods can telnet to the remote host, the server represents the remote host, and the name is the user name of the remote host that is logged on.
SSH [email protected]-P 2222 or
SSH remoteserver-l name-p 2222
Note: The p parameter specifies the port number, usually in the route to do ports mapping, we do not map the 22 port directly out, but instead of the conversion to other port number, then we need to use the-P port number command format.
Ssh-t remoteserver1 ssh Remoteserver2
Description: When the remote host Remoteserver2 cannot be reached directly, you can use the-t parameter and then jump from Remoteserver1 to Remoteserver2. In this process, you need to enter the Remoteserver1 password, and then enter the Remoteserver2 password, then you can operate the remoteserver2.
Ssh-l name remoteserver ' command '
Description: Connect to the remote host and execute command commands for the remote host. For example, view the memory usage of the remote host.
$ ssh-l Root 192.168.1.100 svmon-g
By default, SSH listens to the connection port 22, the attacker uses the port scanning software to see if the host is running the SSH service, it is a wise choice to modify the SSH port to a port greater than 1024, because most of the port scanning software (including nmap) does not scan the high port by default. Open the/etc/ssh/sshd_config file and look for a line such as the following:
Remove the # number in front of the line, then modify the port number and restart the SSH service:
There are two SSH protocol versions, only using SSH protocol version 2 is more secure, SSH protocol version 1 has security issues, including man-in-the-middle attacks (man-in-the-middle) and injection (insertion) attacks. Edit the/etc/ssh/sshd_config file and look for a line such as the following:
# Protocol 2,1
Revision changed to
Usually, do not use directly with the root user to log on to the remote host, because the root user has super privilege, this will bring security risks, so, generally we use ordinary user login, when the need to manage the remote host, and then switch to the root user. Open the/etc/ssh/sshd_config file and look for a line such as the following:
Remove the # number and then modify yes to No to restart the SSH service so that the root user can be prevented from logging on.
Remove the # number and replace the full path of the Bannertest.txt file with/some/path, then save and restart the SSH service. When the client logs in, you will see a prompt in the Bannertest.txt file.
If the company intranet has a Web server, but only inward and outward, so that the external network can not access the port map with SSH to achieve the external network access to the Web server intranet. If the Web server name is Webserver,webserver, you can use SSH to access the remote host RemoteServer, log in to Webserver, and then use the following command to map
Ssh-r 3000:localhost:80 RemoteServer
After execution, on the RemoteServer machine, perform the Netstat-an | grep 3000 to see if there is a 3000 port open. and execute the following command to see if the Web page on webserver can be opened
$ w3m http://127.0.0.1:3000
If you can open the interface, the mapping succeeds. However, this is limited to native access to the Web server, which can only remoteserver machine access to webserver. Because Port 3000 is bound to the 127.0.0.1 port of the remoteserver machine. You can edit the/etc/ssh/sshd_config file on the RemoteServer machine and add the following:
Add the Gatewayports yes content, bind the listening port 3000 to the 0.0.0.0 address so that all external machines can access the listening port and then save the exit. and restart the SSH service. When finished, other machines can enter http://remoteserver:3000 in the browser to access the webserver.
First edit a file, such as Bannertest.txt, the file content is defined by itself. Then open the/etc/ssh/sshd_config file and look for a line such as the following:
Linux command: SSH command telnet