Linux study note _ 12 _ file sharing service _ 4_SSH

SSH file sharing service

1. ssh remote logon [generally, Linux systems are installed and enabled by default]

1. Remote Command Line logon on Linux: ssh username @ Remote Host IP Address

Common options:

-2: SSH2. The second generation of SSH protocol is mandatory. We recommend that you use

-P: Port Number

Example: ssh sam@192.168.139.1

Most SSH logon rules are as follows: 1) Empty Password user logon is prohibited; 2) root User logon is prohibited.

2. SSH configuration file:/etc/ssh/ssh_config

Option 1: PermitRootLogin yes # Add the row, or remove the # Before the row, the root user login is restricted.

Option 2: Port 10022 # Set the SSH Port number to 10022. We recommend that you modify it here.

After the configuration is successful: services shd restart # reload the configuration file to take effect

Log on to: ssh-2-p 10022 sam@192.168.139.1

[Windows client SecureCRT]

Ii. sftp file sharing (similar to ftp)

Linux Command Line Logon: sftp pam@192.168.139.1 # Very similar to ftp after login

[There is SSHSecure Transfer Client on Windows]

Iii. scp file sharing (similar to cp)

1. Copy files from the local machine to the remote host [encrypted transmission]

Scp local file username @ remote host address: target directory of the remote host

Scp-r local directory username @ remote host address: target directory of the remote host

E.g. scp/etc/inittab penny@192.168.139.1:/home/penny

Scp-r/etc penny@192.168.139.1:/home/penny

2. Copy files from the remote host to the Local Machine

Scp username @ remote host address: local directory of the remote host file

Scp-r username @ remote host address: local directory of the remote host directory

3. Common options

-R # copy directory

-P # preserve original file attributes

-P (uppercase) # specify the port number

Iv. encryption and decryption

1. symmetric key encryption

Note: The same key is used for encryption and decryption.

Advantage: fast

Disadvantage: the Key itself needs to be exchanged

2. Asymmetric Key Encryption

Note: It is also known as public key encryption. When used, two keys are generated, one for public storage and the other for private holding. Data Encrypted with one of the keys can only be unlocked with the other key.

Advantage: good security

Disadvantage: slow speed

Therefore, symmetric and asymmetric encryption is usually used in combination.

3. Example

Public key encryption ---> Private Key decryption --- encrypt files

Private Key Encryption ---> Public Key decryption --- digital certificate [Mark with private key, and then test with Public Key]

4. Create a trusted host

HOST 1 (local)	Host 2 (192.168.16.155)
Create a key pair	Obtain the host public key and generate an authentication key
Ssh-keygen-t rsa # Press enter. By default, this public key is saved under. ssh in the current user's home directory.	Catid_rsa.pub>. ssh/authorized_keys # The name is fixed. It is best to use the append symbol!
Generate the Public Key id_rsa.pub	Chmod 600. ssh/authorized_key
	Chmod 700. ssh [these two steps are not required for some systems now]

Note:

1. At this time, the host will no longer use the password when logging on to the host.

For example: scp-rp penny@192.168.16.155/webadmin/backup

Ssh penny@192.168.16.155 # executing these two Commands will no longer require a password

2. The trust host relationship is related to the user. For example, the key pair generated by root can only be used by the root user. The password is also required when zhansan is used for logon.

3. If there is no. ssh directory on host 2, you need to create it manually.

V. rsync Application

Features:

1) convenient Incremental Backup implementation

2) images can be used to save the entire directory tree and File System

3) Maintain file permissions, time, and soft and hard links.

4) High file transmission efficiency

5) You can use an SSH encrypted channel.

1. Start rsync

Rpm-qf/etc/xinetd. d/rsync # Check whether rsync has been installed. However, most Linux instances are installed by default.

Edit the/etc/xinetd. d/rsync file: Add or modify disable = no

Service xinetd restart # restart the xinetd service

Appendix: sync command: Synchronize memory data to Hard Disk

2. Use rsync

Example 1: rsync-arHz -- progress -- delete webadmin@192.168.16.155:/website/backup

# Back up the web server directory to local/backup

Example 2: rsync-arHz -- progress -- delete/script samlee@192.168.16.155:/home/samlee

# Upload/script directory to the user's home directory of samlee

3. Options

-A # all: Keep file attributes

-R # recursion: subdirectory Recursion

-H # keep the file hard link

-Z # compression during backup file transmission to optimize the backup speed. We recommend that you add

-- Progress # displays the entire transmission process during transmission, and does not need to be added during Automatic execution.

-- Delete # delete files not found in the target backup. Add

-E ssh # Use ssh to encrypt tunnel transmission for encryption

Rsync-arHz -- progress-delete-e ssh/scriptsamlee@192.168.16.155:/home/samlee

6. Comprehensive instance analysis

Server A/webadmin 192.168.16.155 penny ---> Backup Server B (localhost) root

& Trust host relationships need to be established in advance

A) Generate A key on Backup Server B and copy the public key to server.

B) generate an authentication key on server.

1) make a full backup every Sunday: crontab-e

0 2 *** 0/usr/bin/scp-rp webadmin@192.168.16.155:/webadmin/backup/webadmin _ $ (date + % F)

2) Every Monday ~ Perform an incremental backup on Saturday: crontab-e

0 2 ** 1-6/usr/bin/rsync-arHz -- delete penny@192.168.16.155:/website/backup