Linux Remote access and control

First, SSH remote management

1. Features of SSH

SSH (Secure Shell) is a secure channel protocol, which is mainly used to realize remote login of character interface, and so on.

The SSH protocol encrypts the data transmitted by both parties, including the user password entered when the user logs in. The SSH protocol provides better security compared to applications such as early telnet (telnet), rsh (remote Shell, remotely execute command), RCP (remote file copy).

1. Configuring the OpenSSH service side

Service Listening options

The default port number used by the SSHD service is 22 if necessary, it is recommended to modify the secondary port number and specify the specific IP address of the listening service to improve the concealment in the network. In addition, the version of the SSH protocol is better than the V2 of V1, and disabling DNS reverse resolution can improve the responsiveness of the server.

[[Email protected]~]# vim/etc/ssh/sshd_config

port22//Listening Port is 22

protocol2//using the SSHV2 protocol

listenaddress192.168.4.254//Listener Address is 192.168.4.254

usednsno//Disabling DNS reverse resolution

...//Omit part of the content

[[Email protected]~]# service sshd Reload

Reload sshd:[OK]

User Login Control

The sshd service allows the root user to log on by default

[[Email protected]~]# vim/etc/ssh/sshd_config

permitrootloginno//Disabling root User Login

permitemptypasswordsno//disallow null password user login

logingracetime2m//Login Verification time is 2 minutes

maxauthtries6//Maximum retry count of 6

...//Omit part of the content

Allowusersjerry [email protected] //Allow user Jerry and admin to log in, and

Where the Admin user can only be from the IP address

192.168.1.1 host Telnet, multiple

Users are separated by a space

[[email protected]~]# service sshd Reload

Login authentication Method

SSHD Service supports two authentication methods, password authentication, key pair verification

• Password Authentication: Authenticate with the login name and password of the local system user in the server. Vulnerable to brute force attacks.
• Key pair validation: A matching key information is required to pass validation.

When password authentication and key pair validation are enabled, the server takes precedence over key pair validation.

[[email protected]~] #vim/etc/ssh/sshd_config

passwordauthenticationyes//Enable password verification

pubkeyauthentiactionyes//enabling key pair validation

Authorizedkeysfile.ssh/authorized_keys//specifying a public key library data file

...//Omit part of the content

[[email protected]~] #servicesshdreload 3) using the SSH client program

In the RHEL5 system, the OpenSSH client is provided by the Openssh-clients package (installed by default)

Command program SSH, SCP, SFTP

• SSH Telnet

Basic format: SSH user name @ remote Host

Cases:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/7C/wKioL1TUbkTz4eQyAACtmrhUlno330.jpg "/>

When a user logs on to an SSH server for the first time, they must accept the RSA key from the server (enter Yes as prompted) before continuing the verification. The key information that is received is saved to the ~/.ssh/known_hosts file.

Check the current login status and confirm the current host address

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/7F/wKiom1TUbVfx9PeYAABTvgcbsjc284.jpg "/>

If the SSHD server uses a non-default port number (for example: 2345), the port number must be specified at login with the "-P" option

Example: Access the host 192.168.1.254 2345 port to the other side of the Zhangsan user authentication login

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/7C/wKioL1TUbkTQip9QAAC9c_aSGaE714.jpg "/>

• SCP Remote Replication

  Basic format:

  To replicate remote host content:

  SCP "Remote host user name" @ "Host IP": "Copy Directory" "Copy to local directory"

  Copy Local to remote host:

  Scp-r "Local Directory" "Remote host User name" @ "Host IP": "Remote directory copied to"

  Note: If you are not using the default port, use the "-P" parameter (uppercase) to specify the port number

  Example 1: Copy the remote host's/etc/passwd file to the native

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/7F/wKiom1TUbVfhH-1qAABprmdT42Y967.jpg "/>

Example 2: Copying a native/etc/vsftpd/directory to a remote host

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/59/7C/wKioL1TUbkWRE-L_AACBYP2XnGg744.jpg "/>

• SFTP Secure FTP

The SFTP command allows you to upload and download files using SSH secure connections with remote hosts, using FTP-like logon processes and interactive environments to facilitate directory resource management.

Example: basic operation of SFTP login, browse, file upload

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/59/7F/wKiom1TUbVjyPIObAACcs_teQQc526.jpg "/>

Graphical Tools PUTTYCN, WinSCP

First, specify the IP of the remote host and the corresponding port number

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/7C/wKioL1TUbkbzwRH-AAGxd70szXI213.jpg "/>

Then, enter the remote account password, log in successfully can see the current IP authentication is correct

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/59/7F/wKiom1TUbVmhdbdcAAEW5rHDfYI440.jpg "/>

4) Constructing the SSH system of key pair authentication

Basic idea: The first step to create a key pair (private key file: Id_rsa, public key file: id_rsa.pub)

The second step is to upload the public key file Id_rsa.pub

The third step is to import the public key information (database file: ~/.ssh/authorized_keys)

Fourth step using key pair authentication method

Create a key pair on the client

In a Linux client, the Ssh-keygen tool for the current user

Linux Remote access and control