Linux implementation with SSH Telnet Server detailed

Source: Internet
Author: User
Tags auth ssh shell account

Remote Login method has telnet and ssh two way, because Telnet uses the clear text transmission, the transmission process System account password and so on important information is easy to intercept, the security is inferior to SSH (secure shell), therefore now generally uses SSH as the remote login tool.

In fact, many Linux versions such as Ubuntu have built-in ssh-agent, this is a remote connection tool, through the ssh-agent can initiate remote connection, but if you want to achieve in other computers telnet to their own computer, you must install OpenSSH, you can use the following command
Ubuntu

The code is as follows Copy Code
sudo apt-get install OpenSSH

ArchLinux

The code is as follows Copy Code
sudo pacman-s openssh

The system will automatically download and complete the installation, and when you are done, you can see if the SSH service is started with the following command

The code is as follows Copy Code
Ps-ef | grep sshd

If this process is not sshd, start manually
Ubuntu

The code is as follows Copy Code
Sudo/etc/init.d/ssh start

ArchLinux

The code is as follows Copy Code
Sudo/etc/rc.d/sshd start

ArchLinux add sshd to daemons array boot up

daemons= (Syslog-ng network crond dbus alsa @openntpd sshd)
If the sshd process appears, indicating that the SSH service has started, it is not an accident that you can connect to your computer via SSH on other computers. About the SSH connection tool, the Windows platform recommended SECURE-CRT software, this is a very popular software, the use is relatively simple. Can also choose Putty, but the proposal to download the official English version, some time ago the Chinese version of the Putty has a back door in the internet speculation. The Linux system is convenient because it has its own ssh-agent, enter the following command directly inside the terminal

SSH Username@ip
Username is your login account, IP is the IP address, of course, you can also use the domain name

SSH username@domain
The system will require you to enter a password for verification, verify that you can log on to the remote host. For security reasons, some simple configuration is required, otherwise a large number of IP logon failure information will be found when viewing the SSH log files later. In fact, someone else through the port scanning software scan the open (SSH default) port host, and then through the exhaustive method for password guessing, if you are using a weak password, the probability of being guessed is very high.

Configuration file path

Ubuntu

The code is as follows Copy Code
/etc/ssh/ssh.conf

ArchLinux

The code is as follows Copy Code
/etc/ssh/sshd.config

We can configure this file by editing it. When you try to log on to someone else's host, what identity will you log in to? Root, of course, because root is a user of every Linux system. So we should disable the root user login and find

The code is as follows Copy Code
Permitrootlogin Yes

Change the yes to No.

The port scan software defaults to scan Port 22, so we can also change the port to another port and find the following statement

Port 22
Change the 22 to your other ports, like 1022.

Limit the maximum number of password errors, 3 times, their own login basic will not be a continuous error 3 times, password errors more than 3 times refused to log in

Maxauthtries 3
Save exit after modification, reboot SSH service

Ubuntu

The code is as follows Copy Code
Sudo/etc/init.d/ssh restart

ArchLinux

The code is as follows Copy Code
Sudo/etc/rc.d/sshd restart

Note that you need to declare a port after you modify the port and log on in CLI mode

The code is as follows Copy Code
Ssh-p 1022 Username@ip

With a simple configuration you will find a significant reduction in failed logins from unknown IP. Forgot to say that the SSH login log was saved in this file

The code is as follows Copy Code
/var/log/auth.log

Under ArchLinux, the owner of this file is root, the group is log, the permission is 640, in order to facilitate ordinary users to view the log, the user to join the log group (not recommended others plus permissions)

The code is as follows Copy Code
sudo gpasswd-a song log

Usually can cat this file to see login record, of course, sometimes the file will be longer, especially before the root user is not disabled, often from the same IP login failed to reach thousands of, if you see a line of time, so we only output root login failed record ( Although root logging is disabled, the system will still log when someone attempts to log in as root

The code is as follows Copy Code
grep "Failed password for root"/var/log/auth.log | awk {' Print $11 '} | uniq-c | Sort-rn

The system lists the IP that failed to log in and counts the number of failures from top to bottom, but you can also enter a record of successful login

The code is as follows Copy Code
grep "Accepted password for"/var/log/auth.log

The system will list the records that have been logged on to the host, including time, IP address, etc.

In addition, I use the Android mobile phone, using the Linux kernel, so I hope to also remotely log on to their own computer. First, the mobile phone to support the installation of SSH software, CYANOGENMOD7 version of the system with a terminal, is simply a micro-Linux terminal, basically a lot of basic instructions can be implemented, such as: Ls,cd,mount,cat,nano and so on. Next there is a problem, I use telecommunications adsl, through the Tp-link router PPPoE dial-up Internet, each dial-up access to the IP is not the same, this is not SSH login, because you do not know the next time to get the IP address is how much. So think of windows under the Peanut Shell client, can dynamically resolve domain name, hurriedly to Peanut Shell website application for a free domain name, but did not release Linux client (now has source code installation), vaguely seem to remember tp-link have dynamic DNS function, log up to Sure, In the dynamic DNS service provider selected peanut shell, account password on the Peanut shell site to fill the account password, after login will be the peanut Shell account binding domain name resolution to the local, but when you through the domain name SSH connection is found to be not connected, because dial-up Internet is the router, peanut shell will be the domain name resolution to your router, Instead of your computer, you need to make further settings. In the Tp-link router set the forwarding rules of the page select the DMZ host, the DMZ state settings enabled, DMZ host IP address to fill you from the router DHCP server to obtain IP, if your router is more than a person on the Internet may each time from DHCP to obtain the IP is not the same, So to put your host MAC address and a certain IP address binding, that is, a certain IP address reserved to your network card, so that each time you get the same IP, the IP address to fill in the DMZ host IP address inside. And then use the domain name to SSH connection found that the normal link is available.

Finally, put on a few cell phones telnet host success after the screenshot

Welcome to Ubuntu

root directory

ll view file properties

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.