Linux OpenSSL: Remote logins based on passwords and keys

Ssh:secure Shell, Prototol, 22/tcp, secure telnet

Open source implementation of the OPENSSH:SSH protocol

SSH protocol version

V1: Based on CRC-32 do mac, unsafe: Man-in-middle

V2: The host protocol chooses the safe Mac way, makes the key exchange based on the DH algorithm, realizes the identity authentication based on the RSA or the DSA algorithm;

User login authentication in two ways: based on password & based on key

openssh:c/s

Client:ssh, SCP, SFTP,

Server:sshd

remark: Windows Clinet:xshell, Putty, SECURECRT, sshsecureshellclient

Client components: sshd

SSH, config file:/etc/ssh/ssh_config

Format: SSH [[email protected]]host [command] ssh [–l user] host [command]-P port: remote server listening ports;

Server-side components: sshd

sshd, config file:/etc/ssh/sshd_config

Example: Simulated environment

CentOS 7, ip:192.168.0.111

CentOS 6.7,ip:192.168.0.113

You can use the following command to view the system version information (for use with Redhat, CentOS)

[Email protected] ~]# cat/etc/redhat-release CentOS release 6.7 (Final)

Do not specify a user telnet to the host CentOS 6.7

[[Email protected] ~]# cat /etc/redhat-release    centos linux  release 7.1.1503  (Core)      [[email protected] ~]# ssh  192.168.0.113     The authenticity of host  ' 192.168.0.113   (192.168.0.113) '  can ' t be established.     rsa key  Fingerprint is a8:16:d9:15:8a:01:e5:d3:fb:26:bd:94:13:3e:50:6e.     are  you sure you want to continue connecting  (yes/no)? yes     #第一次授权密钥确认   Warning: Permanently added  ' 192.168.0.113 '   (RSA)  to  the list of known hosts.     [email protected] ' s  password:        #输入root管理密码Last  login: Fri Feb 19  22:14:48 2016 from 192.168.0.109      #成功登录远程主机 [[email protected] ~]# cat / etc/redhat-release     centos release 6.7  (Final)

To exit Telnet using the Exit command

[Email protected] ~]# exit logout Connection to 192.168.0.113 closed.

Specify user centos6.7 telnet host CentOS 6.7

[Email protected] ~]# ssh [email protected] [email protected] ' s password: [[email protected] ~]$ Cat/etc/redhat-r Elease CentOS Release 6.7 (Final)

Production environment, from a security point of view, the default host access port needs to be modified, the following will demonstrate the host remote access method after modifying the port

Step one, modify the configuration file/etc/ssh/sshd_config

#        $OpenBSD: sshd_config,v 1.93 2014/01/10  05:59:19 djm exp $# this is the sshd server system-wide  Configuration file.  see    # sshd_config (5)  for more  Information.# this sshd was compiled with path=/usr/local/bin:/usr/bin# the  strategy used for options in the default sshd_config shipped  with    # OpenSSH is to specify options with  Their default value where     # possible, but leave  them commented.  Uncommented options override the      # default value.# if you want to change the port on  a selinux system, you have to tell    # selinux about this change.      # semanage port -a -t ssh_port_t -p tcp # portnumber     #     port 2223    # addressfamily any     listenaddress 0.0.0.0     # listenaddress ::

Restarting the SSHD service

[Email protected] ssh]# systemctl restart Sshd.service

Shutting down the firewall

CentOS 6 #service sshd restartcentos 7 #systemctl stop firewalld.servicexsheel:\>ssh 2223 #IP地址后紧跟着新端口号

650) this.width=650; "title=" capture. PNG "src=" Http://s2.51cto.com/wyfs02/M02/7B/42/wKiom1bJa7-jhVlkAAB8xY23gW4871.png "alt=" Wkiom1bja7-jhvlkaab8xy23gw4871.png "/>

Last Login:sat Feb 22:49:35 from 192.168.0.109 [[email protected] ~]# cat/etc/redhat-release CentOS Linu X release 7.1.1503 (Core)

Key-based SSH telnet

[[email protected] .ssh]# ssh-keygen -t rsa     # Generate Key Command Generating public/private rsa key pair.     enter file  in which to save the key  (/ROOT/.SSH/ID_RSA):      Enter passphrase  (empty for no passphrase):      enter  same passphrase again:     Your identification has  been saved in /root/.ssh/id_rsa.     your public key  has been saved in /root/.ssh/id_rsa.pub.     the key  Fingerprint is:     9d:fc:93:7d:9a:00:01:47:23:69:9e:08:0c:cf:ca:bd [email  protected]     the key ' s randomart image is:      +--[ rsa 2048]----+     |  .o    oo+       |     |   oo   o+ .      |     |    O. +&NBSP, ....       |     | . o  . oo o      |     |  o .   s =       |     |     .      o o   |     |    e        = . .|      |             o  + |     |              o  |     +-----------------+      [[email protected] .ssh]# ls      #密钥存储的位置为/root/.ssh/id_ rsa  id_rsa.pub  known_hosts     [[email protected] . ssh]# ssh-copy-id -i /root/.ssh/id_rsa [email protected]  #复制密钥到远程主机      /usr/bin/ssh-copy-id: INFO: attempting to log in with the  New key (s), to filter out any that are already installed      /usr/bin/ssh-copy-id: info: 1 key (s)  remain to be  installed -- if you are prompted now it is to install  The new keys     [email protected] ' s password: # Enter the root login password Number of key (s)  added: 1Now try logging into the machine, with:    " ssh  ' [email protected] ' "    and check to make sure that  only the key (s)  you wanted were added. [[email protected] .ssh]# ssh [email protected]     #访问登录远程主机时, No need to provide account and password Authentication login last login: sat feb 20 01:53:08 2016

Run a command for the remote host directly:

[[email protected] .ssh]# ssh [email protected]  ' Ifconfig '       ETH0      LINK ENCAP:ETHERNET  HWADDR 00:0C:29: f0:55:67                       inet addr:192.168.0.113  bcast:192.168.0.255  mask :255.255.255.0                          inet6 addr: fe80::20c:29ff:fef0:5567/64  scope:link                          UP BROADCAST RUNNING MULTICAST   MTU:1500  Metric:1                          rx packets:6116 errors:0 dropped:0 overruns:0  frame:0                          TX packets:1449 errors:0 dropped:0  overruns:0 carrier:0                          collisions:0 txqueuelen:1000                           RX bytes:526598  (514.2 kib)   tx bytes:181464   (177.2 kib) Lo        link encap:local loopback                        inet addr:127.0.0.1  mask:255.0.0.0                          INET6 ADDR:  ::1/128 Scope:Host                          UP LOOPBACK RUNNING   MTU:65536  Metric:1                          rx packets:8 errors:0  dropped:0 overruns:0 frame:0                          TX packets:8  errors:0 dropped:0 overruns:0 carrier:0                          collisions:0 txqueuelen:0                           RX bytes:628  (628.0 b)   TX bytes:628  (628.0  B) [[email protected] .ssh]#

This article is from the "WE become whatwepractice" blog, please be sure to keep this source http://nearlv.blog.51cto.com/2432295/1743797

Linux OpenSSL: Remote logins based on passwords and keys