Linux Learning Unit 9

Unit9.openssh-server

1.openssh-server

function: Allow remote host to access SSHD service over the network, start a secure shell

2. Client Connection mode

SSH Remote Host user @ remote host IP

[[email protected] ~]# ssh [email protected]

The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Is you sure want to continue connecting (yes/no)? Yes # #连接陌生主机时需要建立认证关系

warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.

[email protected] ' s password: # #远程用户密码

Last Login:mon Oct 3 03:13:47 2016

[[email protected] ~] # # #登陆成功

SSH remote host user @ remote host ip-x # #调用远程主机图形工具

SSH remote host user @ remote host IP Command # #直接在远程主机运行某条命令

• Set up virtual machines

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M00/8F/CB/wKiom1jspIDSCTmWAACEksfrv8c982.jpg "style=" float : none; "title=" 36020170411173856005.jpg "alt=" Wkiom1jspidsctmwaaceksfrv8c982.jpg "/>

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/8F/C9/wKioL1jspIiTXoRMAABTkiP6GsE896.jpg "style=" float : none; "title=" 36020170411173903372.jpg "alt=" Wkiol1jspiitxormaabtkip6gse896.jpg "/>

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/8F/C9/wKioL1jspIiAIqk0AAB2HL63NuU921.jpg "style=" float : none; "title=" 36020170411173913620.jpg "alt=" Wkiol1jspiiaiqk0aab2hl63nuu921.jpg "/>

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M02/8F/CB/wKiom1jspIjjbKtyAABwOmJJrYY942.jpg "style=" float : none; "title=" 36020170411173922204.jpg "alt=" Wkiom1jspijjbktyaabwomjjryy942.jpg "/>

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M02/8F/C9/wKioL1jspInTte9JAACZT7_yVx0443.jpg "style=" float : none; "title=" 36020170411173933716.jpg "alt=" Wkiol1jspintte9jaaczt7_yvx0443.jpg "/>

• Connect to a remote host

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M01/8F/CB/wKiom1jspbTzzjKcAACw2lwrDv4385.jpg "style=" float : none; "title=" 36020170411174305413.jpg "alt=" Wkiom1jspbtzzjkcaacw2lwrdv4385.jpg "/>

• Create a file on a remote host

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M01/8F/CA/wKioL1jspbXDJvvDAAArdURxrYM675.jpg "style=" float : none; "title=" 36020170411174507316.jpg "alt=" Wkiol1jspbxdjvvdaaardurxrym675.jpg "/>

3.sshkey encryption

1. Generating the public key private key

[email protected] ~]# Ssh-keygen # #生成公钥私钥工具

Generating public/private RSA key pair.

enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] # #加密字符保存文件 (default recommended)

Created directory '/root/.ssh '.

Enter Passphrase (empty for no passphrase): [Enter] # #密钥密码, must >4 characters

Enter same passphrase again: [Enter] # #确认密码

Your identification has been saved In/root/.ssh/id_rsa.

Your public key has been saved in/root/.ssh/id_rsa.pub.

The key fingerprint is:

ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]

The key ' s Randomart image is:

+--[RSA 2048]----+

|o |

| E. |

|.. |

|. . o |

|. O. *. S |

|OO.O O. |

|+ =.  .        . |

|o. oo.+. |

| ..        o*. |

+-----------------+

[Email protected] ~]# ls/root/.ssh/

Id_rsa id_rsa.pub

Id_rsa # #私钥, it's the key

id_rsa.pub # #公钥 is the lock

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/8F/CA/wKioL1jsplOxxfFEAADE7Arglv8874.jpg "title=" 36020170411174752413.jpg "alt=" Wkiol1jsploxxffeaade7arglv8874.jpg "/>

2. Add key authentication method

[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]

Ssh-copy-id # #添加key认证方式的工具

- I. # #指定加密key文件

/root/.ssh/id_rsa.pub # #加密key

Root # #加密用户为root

172.25.0.11 # #被加密主机ip

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/8F/CB/wKiom1jspp_xoDDwAADW06U4HfE708.jpg "title=" 36020170411174910262.jpg "alt=" Wkiom1jspp_xoddwaadw06u4hfe708.jpg "/>

3. Distribute the key to the client host

[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/8F/CB/wKiom1jspsfD3HyFAACd7yGK2GA518.jpg "title=" 36020170411174948830.jpg "alt=" Wkiom1jspsfd3hyfaacd7ygk2ga518.jpg "/>

4. Testing

[ [email protected] ~]# ssh [email protected] # #通过id_rsa直接连接不需要输入用户密码

Last Login:mon Oct 3 03:58:10 from 172.25.0.250

[Email protected] ~]#

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/8F/CA/wKioL1jsp0vBiFQnAABI0uX-dfY853.jpg "title=" 36020170411175200453.jpg "alt=" Wkiol1jsp0vbifqnaabi0ux-dfy853.jpg "/>

4. Improve the OpenSSH security level

1.openssh-server configuration file

/etc/ssh/sshd_config

passwordauthentication Yes|no # #是否开启用户密码认证, yes to support no for off

Permitrootlogin Yes|no # #是否允许超级用户登陆

allowusers Student Westos # #用户白名单, only users who appear on the list can use sshd to build the shell

denyusers Westos # #用户黑名单

650) this.width=650; "src=" https://s3.51cto.com/wyfs02/M01/8F/CA/wKioL1jsp6aQMvmoAACTBhiQqPo501.jpg "style=" float : none; "title=" 36020170411175254242.jpg "alt=" Wkiol1jsp6aqmvmoaactbhiqqpo501.jpg "/>

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/8F/CB/wKiom1jsp6extMz6AABVHwSFikM771.jpg "style=" float : none; "title=" 36020170411175311701.jpg "alt=" Wkiom1jsp6extmz6aabvhwsfikm771.jpg "/>

Linux Learning Unit 9