Linux under SSH client command remote login system detailed

Linux under SSH client command remote login system detailed

1. Remote Login system has two commonly used services telnet and ssh, all belong to the C/s architecture

Telnet: Telnet protocol with Port 23/tcp

Features: Clear text transmission, no encryption

Ssh:secure SHell, Port 22/tcp has v1,v2 two versions

Features: Host encryption authentication

User authentication process Encryption

Data transfer Process Encryption

SSHV1: Due to the security risks such as man-in-the-middle attack, not much now

SSHV2: Relatively sshv1, very secure, there are two authentication processes: password-based authentication and key-based authentication

2.Linux System Program is OpenSSH

Server side: sshd, configuration file/etc/ssh/sshd_config

Client: SSH, config file/etc/ssh/ssh_config

Ssh-keygen: Key Generator

Ssh-copy-id: Transferring the public key to a remote server

SCP: Cross-Host Security Replication tool

The SSH command is used as follows: Log in to the remote host tool

SSH user name @[host name or]IP address

SSH-L user Name [host name or]IP address

SSH user name @[host name or]IP address ' command '

The SCP command uses the same method as the CP command, which is the cross-Host Security Replication tool

SCP source file path destination file path

SCP User name @[remote host name or] remote IP address: File path destination file path

SCP local file path user name @[remote host name or] remote IP address: file path

Ssh-keygen: Key Generator

-T RSA encryption type

~/.ssh/id_rsa the generated private key

~/.ssh/id_rsa.pub generated Public key

-F Key File path

-P ': Specify the password for the encrypted private key

Ssh-copy-id How to: Transfer public keys to a remote server

Ssh-copy-id-i ~/.ssh/id_rsa.pub user name @[remote host name or remote IP address

-I ~/.ssh/id_rsa.pub generated public key

Save the generated public key to a user's home directory of a remote host. Ssh/authorized_keys or. ssh/authorized_keys2 file

3. Host-based authentication: the first remote SSH [email protected] host, ask whether to connect? After you enter Yes,

The. Ssh/know_hosts host authentication file is automatically generated, and the next time the remote connection is not asked again after this successful connection

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/7F/C1/wKiom1crROHC2xRTAAK_cLb9vw8764.jpg "title=" aa.jpg "alt=" Wkiom1crrohc2xrtaak_clb9vw8764.jpg "/> 4. Password-based authentication: SSH [email protected] must enter a password to log in

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7F/C1/wKiom1crRfDSfsLKAACTs0MfUXA701.jpg "title=" Acl1.jpg "alt=" Wkiom1crrfdsfslkaacts0mfuxa701.jpg "/>

5. Key-based authentication, that is, no need to enter a password, directly log in to the remote host

5.1; The first method of implementation: The host IP is 1.1.1.18, the remote host IP is 1.1.1.13

SSH-KEYGEN-T RSA generate public private key in home directory

SCP. ssh/id_rsa.pub [Email protected]:~ transfer the public key to the remote host's home directory: 650) this.width=650; "Src=" http://s5.51cto.com/wyfs02/M02/7F/   Bf/wkiol1crsipz4-afaahw-djbxyc384.jpg "title=" aa.jpg "alt=" wkiol1crsipz4-afaahw-djbxyc384.jpg "/> mkdir. SSH Create the. SSH directory on the remote 1.1.1.13 host

chmod. SSH to change directory permissions to 755

Cat Id_rsa.pub >> Ssh/authorized_keys will just copy over the public key appended to the. Ssh/authorized_keys file

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7F/BF/wKioL1crSSCwTH-mAAIJ2eqDpsI287.jpg "title=" aa.jpg "alt=" Wkiol1crsscwth-maaij2eqdpsi287.jpg "/>

SSH [email protected] Log in to the remote host without entering the password directly into the HA, such as

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/7F/BF/wKioL1crSjDSFvSnAABn5ixoeHg122.jpg "title=" aa.jpg "alt=" Wkiol1crsjdsfvsnaabn5ixoehg122.jpg "/>

5.2. The second method of implementation:

Rm-rf. SSH Delete the local host public private key file, delete the remote host private key file

Ssh-keygen-f. Ssh/id_rsa-p "-times generate public private key file

Ssh-copy-id. ssh/id_rsa.pub [Email protected]

Passing the public key to the remote host home directory automatically creates. ssh/id_rsa.pub files, which is easier than SCP

SSH [email protected] without a password, directly login to the remote host, such as

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/7F/BF/wKioL1crS6SQ8aGBAAJqHaUShlA542.jpg "title=" aa.jpg "alt=" Wkiol1crs6sq8agbaajqhaushla542.jpg "/>

Note: The SELinux must be closed based on key authentication, otherwise you will also be prompted for a password

This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1770573

Linux under SSH client command remote login system detailed