Ssh:secure Shell, Prototol, 22/tcp, secure telnet
Open source implementation of the OPENSSH:SSH protocol
SSH protocol version
V1: Based on CRC-32 do mac, unsafe: Man-in-middle
V2: The host protocol chooses the safe Mac way, makes the key exchange based on the DH algorithm, realizes the identity authentication based on the RSA or the DSA algorithm;
User login authentication in two ways: based on password & based on key
openssh:c/s
Client:ssh, SCP, SFTP,
Server:sshd
remark: Windows Clinet:xshell, Putty, SECURECRT, sshsecureshellclient
Client components: sshd
SSH, config file:/etc/ssh/ssh_config
Format: SSH [[email protected]]host [command] ssh [–l user] host [command]-P port: remote server listening ports;
Server-side components: sshd
sshd, config file:/etc/ssh/sshd_config
Example: Simulated environment
CentOS 7, ip:192.168.0.111
CentOS 6.7,ip:192.168.0.113
You can use the following command to view the system version information (for use with Redhat, CentOS)
[Email protected] ~]# cat/etc/redhat-release CentOS release 6.7 (Final)
Do not specify a user telnet to the host CentOS 6.7
[[Email protected] ~]# cat /etc/redhat-release centos linux release 7.1.1503 (Core) [[email protected] ~]# ssh 192.168.0.113 The authenticity of host ' 192.168.0.113 (192.168.0.113) ' can ' t be established. rsa key Fingerprint is a8:16:d9:15:8a:01:e5:d3:fb:26:bd:94:13:3e:50:6e. are you sure you want to continue connecting (yes/no)? yes #第一次授权密钥确认 Warning: Permanently added ' 192.168.0.113 ' (RSA) to the list of known hosts. [email protected] ' s password: #输入root管理密码Last login: Fri Feb 19 22:14:48 2016 from 192.168.0.109 #成功登录远程主机 [[email protected] ~]# cat / etc/redhat-release centos release 6.7 (Final)
To exit Telnet using the Exit command
[Email protected] ~]# exit logout Connection to 192.168.0.113 closed.
Specify user centos6.7 telnet host CentOS 6.7
[Email protected] ~]# ssh [email protected] [email protected] ' s password: [[email protected] ~]$ Cat/etc/redhat-r Elease CentOS Release 6.7 (Final)
Production environment, from a security point of view, the default host access port needs to be modified, the following will demonstrate the host remote access method after modifying the port
Step one, modify the configuration file/etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm exp $# this is the sshd server system-wide Configuration file. see # sshd_config (5) for more Information.# this sshd was compiled with path=/usr/local/bin:/usr/bin# the strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with Their default value where # possible, but leave them commented. Uncommented options override the # default value.# if you want to change the port on a selinux system, you have to tell # selinux about this change. # semanage port -a -t ssh_port_t -p tcp # portnumber # port 2223 # addressfamily any listenaddress 0.0.0.0 # listenaddress ::
Restarting the SSHD service
[Email protected] ssh]# systemctl restart Sshd.service
Shutting down the firewall
CentOS 6 #service sshd restartcentos 7 #systemctl stop firewalld.servicexsheel:\>ssh 2223 #IP地址后紧跟着新端口号
650) this.width=650; "title=" capture. PNG "src=" Http://s2.51cto.com/wyfs02/M02/7B/42/wKiom1bJa7-jhVlkAAB8xY23gW4871.png "alt=" Wkiom1bja7-jhvlkaab8xy23gw4871.png "/>
Last Login:sat Feb 22:49:35 from 192.168.0.109 [[email protected] ~]# cat/etc/redhat-release CentOS Linu X release 7.1.1503 (Core)
Key-based SSH telnet
[[email protected] .ssh]# ssh-keygen -t rsa # Generate Key Command Generating public/private rsa key pair. enter file in which to save the key (/ROOT/.SSH/ID_RSA): Enter passphrase (empty for no passphrase): enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. your public key has been saved in /root/.ssh/id_rsa.pub. the key Fingerprint is: 9d:fc:93:7d:9a:00:01:47:23:69:9e:08:0c:cf:ca:bd [email protected] the key ' s randomart image is: +--[ rsa 2048]----+ | .o oo+ | | oo o+ .   |     |    O. +&NBSP, .... | | . o . oo o | | o . s = | | . o o | | e = . .| | o + | | o | +-----------------+ [[email protected] .ssh]# ls #密钥存储的位置为/root/.ssh/id_ rsa id_rsa.pub known_hosts [[email protected] . ssh]# ssh-copy-id -i /root/.ssh/id_rsa [email protected] #复制密钥到远程主机 /usr/bin/ssh-copy-id: INFO: attempting to log in with the New key (s), to filter out any that are already installed /usr/bin/ssh-copy-id: info: 1 key (s) remain to be installed -- if you are prompted now it is to install The new keys [email protected] ' s password: # Enter the root login password Number of key (s) added: 1Now try logging into the machine, with: " ssh ' [email protected] ' " and check to make sure that only the key (s) you wanted were added. [[email protected] .ssh]# ssh [email protected] #访问登录远程主机时, No need to provide account and password Authentication login last login: sat feb 20 01:53:08 2016
Run a command for the remote host directly:
[[email protected] .ssh]# ssh [email protected] ' Ifconfig '   ETH0      LINK ENCAP:ETHERNET  HWADDR 00:0C:29: f0:55:67 inet addr:192.168.0.113 bcast:192.168.0.255 mask :255.255.255.0 inet6 addr: fe80::20c:29ff:fef0:5567/64 scope:link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 rx packets:6116 errors:0 dropped:0 overruns:0 frame:0 TX packets:1449 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:526598 (514.2 kib) tx bytes:181464 (177.2 kib) Lo link encap:local loopback inet addr:127.0.0.1 mask:255.0.0.0                INET6 ADDR: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 rx packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:628 (628.0 b) TX bytes:628 (628.0  B) [[email protected] .ssh]#
This article is from the "WE become whatwepractice" blog, please be sure to keep this source http://nearlv.blog.51cto.com/2432295/1743797
Linux OpenSSL: Remote logins based on passwords and keys