Newbie School: Introduction to configuration and management of SolarisSSH

Source: Internet
Author: User
Article Title: New School: Introduction to configuration and management of SolarisSSH. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems and open-source, and other basic categories. SSH is a tool kit used to replace TELNET, FTP, and R commands, it mainly aims to solve the problem of plaintext transmission of passwords on the Internet. To ensure system security and users' own rights and interests, it is necessary to promote SSH. SSH has two versions. We are introducing version 2.
 
1. Install SSH
 
The procedure is as follows:
 
Obtain the SSH software package. (Ftp://ftp.pku.edu.cn:/pub/unix/ssh-2.3.0.tar.gz)
 
Become a Super User (root ).
 
# Gunzip? Cd ssh-2.3.0.tar.gz | tar xvf?
 
# Cd ssh-2.3.0
 
#./Configure
 
Note: If you want to use tcp_wrappers to control SSH, you need to add the option "-- with-libwrap =/path/to/libwrap/" in configure to tell SSH about libwrap. a And tcpd. h.
 
# Make
 
# Make install
 
SSH-related programs are stored in/usr/local/bin, including ssh, sftp, sshd2, and ssh-keygen.
 
Ii. Configuration
 
The SSH configuration file is under/etc/ssh2, including the host public key and private key of sshd2: hostkey and hostkey. pub. These two files are usually automatically generated during SSH installation. You can use the following command to generate them again:
 
# Rm/etc/ssh2/hostkey *
 
# Ssh-keygen2? P/etc/ssh2/hostkey
 
In general, the ssh2_config file does not need to be modified.
 
3. Start sshd2
 
Every system that uses SSH must run sshd2. start it manually in the background:
 
#/Usr/local/bin/sshd2 &
 
You can add this command to "/etc/rc2.d/S99local" to enable sshd2.
 
4. Use tcp_wrappers to control SSH
 
The site where SSH is installed can use tcp_wrappers to restrict which IP addresses can access themselves through ssh. For example, add
 
Sshd, sshd2: 10.0.0.1
 
Only 10.0.0.1 can access the host through ssh.
 
The above are all done by the system administrator. Let's talk about how common users use SSH.
 
5. Basic Applications
 
Each user must complete the following steps before using SSH:
 
Generate your own ssh public key and private key on the local host (such as local.pku.edu.cn. The command is as follows:
 
  
Local # ssh-keygen

Generating 1024-bit dsa key pair

1 oOo. oOo. o

Key generated.

1024-bit dsa, teng @ ns, Fri Oct 20 2000 17:27:05

Passphrase: ************/* enter your password here and use it to access this host later.

Again :************/*

Private key saved to/home1/teng/. ssh2/id_dsa_1024_a

Public key saved to/home1/teng/. ssh2/id_dsa_1024_a.pub

 
The generated private key and Public Key (id_dsa_1024_a and id_dsa_1024_a.pub) are stored in ~ /. Ssh2 directory. The SSH configuration files related to the user are ~ /. Ssh2. The private key is stored by the user on the local host, and the Public Key needs to be transferred to your own account on the remote host ~ If you want to access the local host with ssh2 under/. ssh2.
 
In ~ /. Create the "identification" file under ssh2 to describe the private key for identity authentication. The command is as follows:
 
Local :~ /. Ssh2 # echo "IdKey id_dsa_1024_a"> identification
 
3. Similarly, complete the above steps on the remote host (for example, remote.pku.edu.cn.
 
4. Copy the Public Key (id_dsa_1024_a.pub) of your local machine (local.pku.edu.cn) to your home directory on the remote host (remote.pku.edu.cn. In the ssh2 directory, you can name it "local. pub". Generally, you can use ftp to upload the file.
 
On the remote host machine, you have your own home directory. Create the "authorization" file under the ssh2 directory, and specify the public key file used for identity authentication. The command is as follows:
 
Remote :~ /. Ssh2 # echo "Key local. pub"> authorization
 
Now you can log on to the remote system with ssh2 locally. The command is as follows:
 
 
Local # ssh remote.pku.edu.cn

Passphrase for key "/home1/teng/. ssh2/id_dsa_1024_a" with comment "1024-bit dsa,

Teng @ ns, Fri Oct 20 2000 17:27:05 ":***********
 
In this case, you will need to enter your ssh password (Passphrase ). After the verification is passed, log on to the remote host.
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.