Linux operations and Architecture-SSH Remote Management Services

1. Introduction of SSH service function

1. Remote Login Management

Provides services such as Telnet remote online server, the above mentioned SSH service;

2. Remotely transfer files

is a sftp-server like FTP service that transmits data via the SSH protocol, providing a more secure SFTP service (VSFTP,PROFTP)

3. SSH Service Connection Tool

CRT, Xshell, VNC support remote connection graphical interface, Xmanger support remote Connection graphical interface (simple configuration)

2. SSH Remote service features

1, SSH service port information is 22

2, SSH to use the ciphertext method to transfer data

3, SSH service by default to support the root user remote login

3. SSH configuration file Description:/etc/ssh/sshd_config

a                  -->ssh default Port 22, work in order to be safe to modify, the value range 1024-655340.0. 0.0     -- set SSH to listen to the local network card address, the default listener all      the network card #permitrootlogin Yes-> whether to allow root user login Usedns no                 -- > Whether to reverse resolve the host name of the IP address gssapiauthentication no   --> optimize SSH connection rate, default off /etc/init.d/ sshd Restart If you modify the configuration file, you need to restart the SSH service

Important parameters: -o stricthostkeychecking=no (skip remote connection Select yes/no, direct to enter password)

[[email protected] ~]# SSH172.16.1.41The authenticity of host'172.16.1.41 (172.16.1.41)'Can't be established.RSA Key Fingerprint is7c: Geneva: 6c:7e:c8: to:d 3:Wuyi: 4e:d8:7f:0f: One: B6:ad:a6. is you sure-want toContinueConnecting (yes/no)?[[Email protected]~]# Ssh-o Stricthostkeychecking=no172.16.1.41Warning:permanently added'172.16.1.41'(RSA) to the list of known hosts. [Email protected]172.16.1.41's Password:

4. SSH Remote Service security guard

First, using key login to improve security

Second, the use of Mang cattle zhenfa improve safety

① Security Appliance Policy blocks access, only a small number of required service ports are released

② Open the SSH listening address function, only listen to the intranet network card address

Third, the server does not configure the external network IP to engage in security

Iv. Licensing and system installation minimization

Five, fingerprint information to the system important files encrypted processing

Six, the use of System Key file lock function to improve security

5, SSH based on the key authentication process

6. SSH remote copy function-SCP Knowledge summary

①SCP is an encrypted remote copy, and CP is a local copy only

② can push or pull data from one server to another server

③ is a full-volume full copy every time, not high efficiency, suitable for the first copy, if you need incremental copy, with rsync

Linux operations and Architecture-SSH Remote Management Services