Linux Cloud Automation Operations Basics 9 (Openssh-server)

Source: Internet
Author: User

########################
# # # #9. openssh-server####
########################

# # # #1. openssh-server####

Function: Allow remote host to access sshd service over the network, start a secure shell

# # # #2. Client Connection Method # # #
SSH remote host user @ remote host IP
[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes # #连接陌生主机时需要建立认证关系
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: # #远程用户密码
Last Login:mon Oct 3 03:13:47 2016
[Email protected] ~]# # #登陆成功

SSH remote host user @ remote host Ip-x # #调用远程主机图形工具
SSH remote host user @ Remote host IP Command # #直接在远程主机运行某条命令

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/9C/FE/wKiom1l4kxvwcKzsAABywwsSs1A352.png "title=" Screenshot from 2017-07-26 21-01-46.png "alt=" Wkiom1l4kxvwckzsaabywwsss1a352.png "/>



# # # #3. Sshkey Encryption # # #
1. Generating the public key private key
[Email protected] ~]# Ssh-keygen # #生成公钥私钥工具
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] # #加密字符保存文件 (default is recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase): [Enter] # #密钥密码, must be >4 characters
Enter same passphrase again: [Enter] # #确认密码
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =.  .        . |
|o. oo.+. |
| ..        o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Id_rsa id_rsa.pub
Id_rsa # #私钥 is the key
Id_rsa.pub # #公钥 is the lock

2. Add key authentication method
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id # #添加key认证方式的工具
-I # #指定加密key文件
/root/.ssh/id_rsa.pub # #加密key
Root # #加密用户为root
172.25.0.11 # #被加密主机ip

3. Distribute the key to the client host
[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9C/FE/wKioL1l4kRezNpdqAABanK7RJZ4901.png "title=" Screenshot from 2017-07-26 14-59-34.png "alt=" Wkiol1l4kreznpdqaabank7rjz4901.png "/>4. Test

[[email protected] ~]# ssh [email protected] # #通过id_rsa直接连接不需要输入用户密码
Last Login:mon Oct 3 03:58:10 from 172.25.0.250
[Email protected] ~]#
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9C/FE/wKiom1l4kXORf2vjAADCMSmshHg561.png "title=" Screenshot from 2017-07-26 14-58-58.png "alt=" Wkiom1l4kxorf2vjaadcmsmshhg561.png "/>### #4. Raising the security level of OpenSSH # # # #
1.openssh-server configuration file
/etc/ssh/sshd_config
Passwordauthentication Yes|no # #是否开启用户密码认证, yes to support no for off
Permitrootlogin Yes|no # #是否允许超级用户登陆
Allowusers Student Westos # #用户白名单, only users appearing on the list can use sshd to build the shell
Denyusers Westos # #用户黑名单

This article is from the "13122425" blog, please be sure to keep this source http://13132425.blog.51cto.com/13122425/1951237

Linux Cloud Automation Operations Basics 9 (Openssh-server)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.