Linux Learning Notes (ii)

About the sign-in thing.

After the host power on, we think about how to do is to log in using this host, to what kind of identity to use the host.

1.root (root user) it has the highest permissions for the entire file system, and it can make changes to all of the system's files and manipulate them.

As a result, we need to be extremely cautious when using root user operations, as well as the need to protect the root password exceptionally.

2. When it comes to root password,/etc/passwd,/etc/shadow, these two files save all the user information on the host, including passwords, attributes, and home directories, as well as the groups they belong to.

cat/etc/passwd

Take root as an example, refers to-user name: Password: uid:gid: Explanation (here can be empty): User home directory: Shell

Root:x:0:0:root:/root:/bin/bash

If the shell specifies/sbin/nologin, or/bin/false, the user is not allowed to log on

Cat/etc/shadow

In addition, regarding the user group, the root user default uid:gid is 0, but generally we manually add the user is starting from 500 (in the case of not specifying a user group)

The user's password information is mainly stored in the shadow file. User name: Encrypted password: The last time the password was changed (the default is the number of days after January 1, 1970): How many geniuses can change the password (0 means no limit): Password life cycle 99999 (default): The number of days before the password expires warning: Account expiration Date: The lifetime of the account: reserved. Where the encrypted password part of the content: * indicates that has been locked,!! It means no password

Similarly, take root as an example: root:$6$lygchspl8tyj1lck$tgtdeumrsgmd9wfk4ephapxvrxjvprlwmctj1o6t9m1ookl/ 9d8lcubiox9xgoto6uhhdp9lwcb6akdsau4ru1:16833:0:99999:7:::

Where the CentOS shadow file has an encryption algorithm of SHA-512 (86-bit)

Similar to/etc/group is the group information, and the group password file exists in the/etc/gshadown

3. In order to ensure security, we can use the secret key login mode to log in, this way does not use the user password login, so there is no hidden danger of password disclosure.

The settings are as follows:

First, generate the public key with Putty_gen, and you can modify the description of the public key, and then set the password for the key pair.

Then you save the private key, and when you save the private key, note that the character '. ' does not appear in the file name because it will let putty not recognize the PPK file.

Then it is set on Linux, mkdir ~/.ssh

CD. SSH

Vi/root/.ssh/authorized_keys; Save the public key to the file

chmod 700/root/.ssh
chmod Authorized_keys
Setenforce 0; Turn SELinux off
Vim/etc/selinux/config; selinux=disabled in the configuration file
iptables-f; Clear firewall rules

After that, the setting of the private key in the Putty login session is set successfully.

Here we introduce the encryption algorithm:
Symmetric key Algorithm (DES,3DES,AES)
Use the same key and algorithm to encrypt.
Cons: Shared keys need to be exchanged by both parties, too many keys, digital signatures and non-repudiation are not supported.
Advantages: Fast, safe, compact, length less than or equal to 8 bytes

Asymmetric key algorithm (Rsa,dhkipsec Vpn,ec)
1. Each user enters a cryptographic system that requires a pair of public and private cryptographic keys.
2. The public key is shared to everyone, the private key is strictly confidential and the public key cannot eject the private key.
3. Public key encrypted files require the private key to decrypt (the encrypted process).
4. A private key encrypted file requires a public key to decrypt (the signing process).
Pros: Security, encryption and decryption both parties do not need to exchange keys, without worrying about the key being intercepted.
Cons: Very slow, ciphertext will grow
Key authentication under Linux is a typical asymmetric encryption algorithm

Linux Learning Notes (ii)