Article Title: New School: Introduction to configuration and management of SolarisSSH. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems and open-source, and other basic categories. SSH is a tool kit used to replace TELNET, FTP, and R commands, it mainly aims to solve the problem of plaintext transmission of passwords on the Internet. To ensure system security and users' own rights and interests, it is necessary to promote SSH. SSH has two versions. We are introducing version 2.
1. Install SSH
The procedure is as follows:
Obtain the SSH software package. (Ftp://ftp.pku.edu.cn:/pub/unix/ssh-2.3.0.tar.gz)
Become a Super User (root ).
# Gunzip? Cd ssh-2.3.0.tar.gz | tar xvf?
# Cd ssh-2.3.0
#./Configure
Note: If you want to use tcp_wrappers to control SSH, you need to add the option "-- with-libwrap =/path/to/libwrap/" in configure to tell SSH about libwrap. a And tcpd. h.
# Make
# Make install
SSH-related programs are stored in/usr/local/bin, including ssh, sftp, sshd2, and ssh-keygen.
Ii. Configuration
The SSH configuration file is under/etc/ssh2, including the host public key and private key of sshd2: hostkey and hostkey. pub. These two files are usually automatically generated during SSH installation. You can use the following command to generate them again:
# Rm/etc/ssh2/hostkey *
# Ssh-keygen2? P/etc/ssh2/hostkey
In general, the ssh2_config file does not need to be modified.
3. Start sshd2
Every system that uses SSH must run sshd2. start it manually in the background:
#/Usr/local/bin/sshd2 &
You can add this command to "/etc/rc2.d/S99local" to enable sshd2.
4. Use tcp_wrappers to control SSH
The site where SSH is installed can use tcp_wrappers to restrict which IP addresses can access themselves through ssh. For example, add
Sshd, sshd2: 10.0.0.1
Only 10.0.0.1 can access the host through ssh.
The above are all done by the system administrator. Let's talk about how common users use SSH.
5. Basic Applications
Each user must complete the following steps before using SSH:
Generate your own ssh public key and private key on the local host (such as local.pku.edu.cn. The command is as follows:
Local # ssh-keygen
Generating 1024-bit dsa key pair
1 oOo. oOo. o
Key generated.
1024-bit dsa, teng @ ns, Fri Oct 20 2000 17:27:05
Passphrase: ************/* enter your password here and use it to access this host later.
Again :************/*
Private key saved to/home1/teng/. ssh2/id_dsa_1024_a
Public key saved to/home1/teng/. ssh2/id_dsa_1024_a.pub |
The generated private key and Public Key (id_dsa_1024_a and id_dsa_1024_a.pub) are stored in ~ /. Ssh2 directory. The SSH configuration files related to the user are ~ /. Ssh2. The private key is stored by the user on the local host, and the Public Key needs to be transferred to your own account on the remote host ~ If you want to access the local host with ssh2 under/. ssh2.
In ~ /. Create the "identification" file under ssh2 to describe the private key for identity authentication. The command is as follows:
Local :~ /. Ssh2 # echo "IdKey id_dsa_1024_a"> identification
3. Similarly, complete the above steps on the remote host (for example, remote.pku.edu.cn.
4. Copy the Public Key (id_dsa_1024_a.pub) of your local machine (local.pku.edu.cn) to your home directory on the remote host (remote.pku.edu.cn. In the ssh2 directory, you can name it "local. pub". Generally, you can use ftp to upload the file.
On the remote host machine, you have your own home directory. Create the "authorization" file under the ssh2 directory, and specify the public key file used for identity authentication. The command is as follows:
Remote :~ /. Ssh2 # echo "Key local. pub"> authorization
Now you can log on to the remote system with ssh2 locally. The command is as follows:
Local # ssh remote.pku.edu.cn
Passphrase for key "/home1/teng/. ssh2/id_dsa_1024_a" with comment "1024-bit dsa,
Teng @ ns, Fri Oct 20 2000 17:27:05 ":*********** |
In this case, you will need to enter your ssh password (Passphrase ). After the verification is passed, log on to the remote host.
