Meng New Linux Learning Path (eight)

First, Openssh-server

Function: Allow remote host to access sshd service over the network, start a secure shell

Second, the Client connection mode

SSH remote host user @ remote host IP

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/90/00/wKiom1juRhDSLDI9AAGJOAZtyvc458.png "title=" Screenshot from 2017-04-09 21-36-30.png "alt=" Wkiom1jurhdsldi9aagjoaztyvc458.png "/>

SSH remote host user @ remote host Ip-x # #调用远程主机图形工具

SSH remote host user @ Remote host IP Command # #直接在远程主机运行某条命令

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/90/00/wKiom1juR0rRtLCnAAElh_7YTf8369.png "title=" Screenshot from 2017-04-09 21-38-54.png "alt=" Wkiom1jur0rrtlcnaaelh_7ytf8369.png "/>

Third, Sshkey encryption

1. Generating the public key private key

Ssh-keygen

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/8F/FF/wKioL1juR6ewgEXVAAGa5FVqR1c410.png "title=" Screenshot from 2017-04-09 21-46-48.png "alt=" Wkiol1jur6ewgexvaaga5fvqr1c410.png "/>

Id_rsa # #钥匙

Id_rsa.pub # #锁

2. Add key authentication method

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/90/02/wKiom1jux3yihbpSAAICQFdbXQU097.png "title=" Screenshot from 2017-04-09 21-56-21.png "alt=" Wkiom1jux3yihbpsaaicqfdbxqu097.png "/>

# #ssh-copy-id-i/root/.ssh/id_rea.pub [email protected]

Ssh-copy-id # #添加key认证方式的工具

-I # #指定加密的key文件

/root/.ssh/id_rsa.pub # #加密key

Root # #加密用户为root

172.25.254.123 # #被加密主机ip

3. Distribute the key to the client host

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/90/02/wKiom1jux5mgsFfdAAB_bAV67Mk899.png "title=" Screenshot from 2017-04-09 21-56-50.png "alt=" Wkiom1jux5mgsffdaab_bav67mk899.png "/>

4. Turn off User password authentication

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/90/01/wKioL1juyGSC_9HNAABzjqZcFHA701.png "style=" float : none; "title=" screenshot from 2017-04-09 21-55-25.png "alt=" Wkiol1juygsc_9hnaabzjqzcfha701.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/90/01/wKioL1juyGSR8j6aAABX6rQcJNM248.png "style=" float : none; "title=" screenshot from 2017-04-09 21-54-55.png "alt=" Wkiol1juygsr8j6aaabx6rqcjnm248.png "/>

5. Testing

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/90/02/wKiom1juyI2A347pAAA95gGuuzc141.png "title=" Screenshot from 2017-04-09 22-49-11.png "alt=" Wkiom1juyi2a347paaa95gguuzc141.png "/>

Iv. enhancing the security level of the OpenSSH

1.openssh-server configuration file

/etc/ssh/sshd_config

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/90/01/wKioL1juyNWg7gXgAAA98QfySKI510.png "title=" Screenshot from 2017-04-09 21-54-39.png "alt=" Wkiol1juynwg7gxgaaa98qfyski510.png "/>

# #是否允许超级用户登陆

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/90/01/wKioL1juyP_R8YmrAABX6rQcJNM843.png "title=" Screenshot from 2017-04-09 21-54-55.png "alt=" Wkiol1juyp_r8ymraabx6rqcjnm843.png "/>

# #是否开启用户密码认证

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/90/01/wKioL1juySbgXE5wAAAsCk0wxqE465.png "title=" Screenshot from 2017-04-10 12-17-11.png "alt=" Wkiol1juysbgxe5waaasck0wxqe465.png "/>

# #用户黑名单 # # #白名单将DenyUsers改为AllowUsers

Meng New Linux Learning Path (eight)