1. Introduction of SSH service function
1. Remote Login Management
Provides services such as Telnet remote online server, the above mentioned SSH service;
2. Remotely transfer files
is a sftp-server like FTP service that transmits data via the SSH protocol, providing a more secure SFTP service (VSFTP,PROFTP)
3. SSH Service Connection Tool
CRT, Xshell, VNC support remote connection graphical interface, Xmanger support remote Connection graphical interface (simple configuration)
2. SSH Remote service features
1, SSH service port information is 22
2, SSH to use the ciphertext method to transfer data
3, SSH service by default to support the root user remote login
3. SSH configuration file Description:/etc/ssh/sshd_config
a -->ssh default Port 22, work in order to be safe to modify, the value range 1024-655340.0. 0.0 -- set SSH to listen to the local network card address, the default listener all the network card #permitrootlogin Yes-> whether to allow root user login Usedns no -- > Whether to reverse resolve the host name of the IP address gssapiauthentication no --> optimize SSH connection rate, default off /etc/init.d/ sshd Restart If you modify the configuration file, you need to restart the SSH service
Important parameters: -o stricthostkeychecking=no (skip remote connection Select yes/no, direct to enter password)
[[email protected] ~]# SSH172.16.1.41The authenticity of host'172.16.1.41 (172.16.1.41)'Can't be established.RSA Key Fingerprint is7c: Geneva: 6c:7e:c8: to:d 3:Wuyi: 4e:d8:7f:0f: One: B6:ad:a6. is you sure-want toContinueConnecting (yes/no)?[[Email protected]~]# Ssh-o Stricthostkeychecking=no172.16.1.41Warning:permanently added'172.16.1.41'(RSA) to the list of known hosts. [Email protected]172.16.1.41's Password:
4. SSH Remote Service security guard
First, using key login to improve security
Second, the use of Mang cattle zhenfa improve safety
① Security Appliance Policy blocks access, only a small number of required service ports are released
② Open the SSH listening address function, only listen to the intranet network card address
Third, the server does not configure the external network IP to engage in security
Iv. Licensing and system installation minimization
Five, fingerprint information to the system important files encrypted processing
Six, the use of System Key file lock function to improve security
5, SSH based on the key authentication process
6. SSH remote copy function-SCP Knowledge summary
①SCP is an encrypted remote copy, and CP is a local copy only
② can push or pull data from one server to another server
③ is a full-volume full copy every time, not high efficiency, suitable for the first copy, if you need incremental copy, with rsync
Linux operations and Architecture-SSH Remote Management Services