SSH file sharing service
1. ssh remote logon [generally, Linux systems are installed and enabled by default]
1. Remote Command Line logon on Linux: ssh username @ Remote Host IP Address
Common options:
-2: SSH2. The second generation of SSH protocol is mandatory. We recommend that you use
-P: Port Number
Example: ssh sam@192.168.139.1
Most SSH logon rules are as follows: 1) Empty Password user logon is prohibited; 2) root User logon is prohibited.
2. SSH configuration file:/etc/ssh/ssh_config
Option 1: PermitRootLogin yes # Add the row, or remove the # Before the row, the root user login is restricted.
Option 2: Port 10022 # Set the SSH Port number to 10022. We recommend that you modify it here.
After the configuration is successful: services shd restart # reload the configuration file to take effect
Log on to: ssh-2-p 10022 sam@192.168.139.1
[Windows client SecureCRT]
Ii. sftp file sharing (similar to ftp)
Linux Command Line Logon: sftp pam@192.168.139.1 # Very similar to ftp after login
[There is SSHSecure Transfer Client on Windows]
Iii. scp file sharing (similar to cp)
1. Copy files from the local machine to the remote host [encrypted transmission]
Scp local file username @ remote host address: target directory of the remote host
Scp-r local directory username @ remote host address: target directory of the remote host
E.g. scp/etc/inittab penny@192.168.139.1:/home/penny
Scp-r/etc penny@192.168.139.1:/home/penny
2. Copy files from the remote host to the Local Machine
Scp username @ remote host address: local directory of the remote host file
Scp-r username @ remote host address: local directory of the remote host directory
3. Common options
-R # copy directory
-P # preserve original file attributes
-P (uppercase) # specify the port number
Iv. encryption and decryption
1. symmetric key encryption
Note: The same key is used for encryption and decryption.
Advantage: fast
Disadvantage: the Key itself needs to be exchanged
2. Asymmetric Key Encryption
Note: It is also known as public key encryption. When used, two keys are generated, one for public storage and the other for private holding. Data Encrypted with one of the keys can only be unlocked with the other key.
Advantage: good security
Disadvantage: slow speed
Therefore, symmetric and asymmetric encryption is usually used in combination.
3. Example
Public key encryption ---> Private Key decryption --- encrypt files
Private Key Encryption ---> Public Key decryption --- digital certificate [Mark with private key, and then test with Public Key]
4. Create a trusted host
HOST 1 (local) |
Host 2 (192.168.16.155) |
Create a key pair |
Obtain the host public key and generate an authentication key |
Ssh-keygen-t rsa # Press enter. By default, this public key is saved under. ssh in the current user's home directory. |
Catid_rsa.pub>. ssh/authorized_keys # The name is fixed. It is best to use the append symbol! |
Generate the Public Key id_rsa.pub |
Chmod 600. ssh/authorized_key |
|
Chmod 700. ssh [these two steps are not required for some systems now] |
Note:
1. At this time, the host will no longer use the password when logging on to the host.
For example: scp-rp penny@192.168.16.155/webadmin/backup
Ssh penny@192.168.16.155 # executing these two Commands will no longer require a password
2. The trust host relationship is related to the user. For example, the key pair generated by root can only be used by the root user. The password is also required when zhansan is used for logon.
3. If there is no. ssh directory on host 2, you need to create it manually.
V. rsync Application
Features:
1) convenient Incremental Backup implementation
2) images can be used to save the entire directory tree and File System
3) Maintain file permissions, time, and soft and hard links.
4) High file transmission efficiency
5) You can use an SSH encrypted channel.
1. Start rsync
Rpm-qf/etc/xinetd. d/rsync # Check whether rsync has been installed. However, most Linux instances are installed by default.
Edit the/etc/xinetd. d/rsync file: Add or modify disable = no
Service xinetd restart # restart the xinetd service
Appendix: sync command: Synchronize memory data to Hard Disk
2. Use rsync
Example 1: rsync-arHz -- progress -- delete webadmin@192.168.16.155:/website/backup
# Back up the web server directory to local/backup
Example 2: rsync-arHz -- progress -- delete/script samlee@192.168.16.155:/home/samlee
# Upload/script directory to the user's home directory of samlee
3. Options
-A # all: Keep file attributes
-R # recursion: subdirectory Recursion
-H # keep the file hard link
-Z # compression during backup file transmission to optimize the backup speed. We recommend that you add
-- Progress # displays the entire transmission process during transmission, and does not need to be added during Automatic execution.
-- Delete # delete files not found in the target backup. Add
-E ssh # Use ssh to encrypt tunnel transmission for encryption
Rsync-arHz -- progress-delete-e ssh/scriptsamlee@192.168.16.155:/home/samlee
6. Comprehensive instance analysis
Server A/webadmin 192.168.16.155 penny ---> Backup Server B (localhost) root
& Trust host relationships need to be established in advance
A) Generate A key on Backup Server B and copy the public key to server.
B) generate an authentication key on server.
1) make a full backup every Sunday: crontab-e
0 2 *** 0/usr/bin/scp-rp webadmin@192.168.16.155:/webadmin/backup/webadmin _ $ (date + % F)
2) Every Monday ~ Perform an incremental backup on Saturday: crontab-e
0 2 ** 1-6/usr/bin/rsync-arHz -- delete penny@192.168.16.155:/website/backup