OpenSSH can automatically manage multiple servers at a time

Source: Internet
Author: User
Tags openssh server perl script windows remote desktop
OpenSSH can automatically manage multiple servers at a time-Linux Enterprise applications-Linux server applications. The following is a detailed description. The Linux System Administrator understands that the Secure Shell protocol is one of the most convenient and critical tools in the software toolkit. This article will introduce how open-source SSH, called OpenSSH, works and its significance to the Linux system environment.

SSH can automatically manage multiple servers at one time through the network management shell or Perl script. Of course, other network shell tools such as RSH appear longer than SSH. However, SSH adds powerful encryption and Data Compression functions to secure file transmission over the network. Most popular SSH even provides SFTP and SCP functions. Among the many SSH projects, the most popular one is the OpenSSH project developed and maintained by the OpenBSD community. OpenSSH can be used on almost all operating system platforms, including Microsoft Windows.

Role of SSH

SSH protects full remote shell threads from hacker and malware intrusion through powerful encryption functions. The end-to-end protection capability can provide complete protection from the beginning to the end of the thread, although the trusted host authentication scheme and the pre-key exchange between systems help improve security, however, OpenSSH does not require certificates or pre-key exchanges to establish an encrypted remote thread.

In addition, SSH can use the SFTP function to enable FTP-like file transmission threads to encrypt, and allow users' passwords and user names to be transmitted encrypted rather than plaintext. SCP also provides secure and convenient transmission capabilities for more situations, such as single file transfer operations, it transfers files over the network using an encrypted file copy command.

Use and configure a Linux Client

Installing OpenSSH on mainstream Linux systems is very simple. You only need a simple package management command. For example, to install OpenSSH In Debian GNU/Linux, you only need to log on as root and enter apt-get install ssh in command line. similarly, in Fedora Core Linux, you only need to log on as root and enter yum install ssh. However, these two command lines are generally not required because OpenSSH is installed by default in Debian and Fedora Core. for any Linux system, if you want to check whether OpenSSH is installed, simply enter ssh. After you press enter, if the system has installed OpenSSH, the system returns the complete Use information about OpenSSH.

To use the OpenSSH client to access the system running the OpenSSH server through the command line, you only need to enter the ssh host. The host here refers to the host name of the target system. If the network does not have DNS resolution, or the host name is not listed in the/etc/hosts file, you need to directly enter the IP address of the host, such as ssh 192.168.0.1.

Configuration files within the OpenSSH system are generally located in the/etc/ssh directory. The main configuration file of the OpenSSH client is/etc/ssh/ssh_config. For most versions of OpenSSH, detailed annotations are provided in the configuration file. In some Linux systems with large circulation, such as Debian, you can use the command line man ssh_config to obtain more configuration information about the OpenSSH client.

A major security configuration item is ForwardX11. setting this option to "no" can prevent the OpenSSH client from automatically sending X Window System information to the network, otherwise, even if X Windows is not used on the SSH link, the information may still be sent. In this option, you can use the-X command line parameter to specify a specific SSH connection to send information about the X Window System. Other configurations in the etc/ssh/ssh_config file can help you implement or enhance network security policies to meet certain security requirements.

Windows-based SSH client

There are quite a few SSH clients in Windows, some of which are commercial software, others are free software or shared software, and of course there are open source software such as OpenSSH. Although some of the software is part of the Unix simulator shell, it is still a command line client, but most of them have developed a graphical interface with the Windows system. Among these free software with graphic interfaces, WinSCP supports SCP and SFTP, and PuTTY supports SSH shell. After reading the usage of the OpenSSH client in Linux, you will find that the WinSCP and PuTTY with graphical interfaces are much easier to understand in terms of configuration and use. OpenSSH in Windows, also known as OpenSSH for Windows, supports port settings.

Use and configure OpenSSH server in Linux

Generally, your Linux system may already have an OpenSSH server running. In the Debian GNU/Linux system, the OpenSSH server can restart through the following command line:/etc/init. d/ssh restart. change "restart" in the command line to "start" or "stop" to start and stop the OpenSSH server. In the Fedora Core Linux system, the command method is the same, except that the above "ssh" is changed to "sshd ".

Similar to the OpenSSH client configuration file, the configuration file on the OpenSSH server is usually/etc/ssh/sshd_config, and its format is basically the same as/etc/ssh/ssh_config, however, the options are different. You can use the man sshd_config command to view the configuration file details. In general, set UsePrivilegeSeparation and IgnoreRhosts to "yes" and PermitRootLogin and PermitEmptyPasswords to "no ". Similar to the OpenSSH client, sending Windows system information over an SSH connection may cause minor security risks. Therefore, you do not need to activate this option unless necessary. Similarly, X11Forwarding should be set to "no" on the server side ".

For Linux users with security awareness, the preceding OpenSSH server options should be correctly set. Common exceptions may include PermitRootLogin and X11Forwarding configuration options.

Use OpenSSH

OpenSSH has a number of features not available in SSH. For example, other network protocols can be used to create "channels" in the OpenSSH protocol to provide enhanced security, as mentioned in this article, using tools such as Window System and SSH-agent on an ssh connection can simplify the management and use of OpenSSH clients; other unrelated tools can also support SSH channels, such as the Subversion version control system.

New Linux users who use multiple computers on the network may not immediately realize the value of SSH. Most of these new users used to be Microsoft Windows. In Windows, system settings are optimized for local users, so remote management is not convenient. Even in terms of server management and Remote technical support, the management functions implemented by tools such as Windows Remote Desktop and Terminal Services for Windows are limited, in addition, it is always not straightforward to access Windows resources through the network.

On the contrary, Linux long-term users will install the application software required for daily work on a separate system, they use a system with low hardware configuration, connect to the independent system through SSH and run the software. In fact, many Linux system administrators sit in front of the computer all day, and their operations, such as sending and receiving emails, computers used for writing work logs or programming are not even in the same building. After learning more about the advantages of SSH, you can use SSH more easily and trust SSH more. those users who have just been familiar with the Linux system cannot quickly understand the improvement brought by SSH in their work efficiency in a short time.

Configuring and using OpenSSH is very helpful for improving work efficiency in the future, although the benefits may not be seen immediately. In a few days, you may doubt whether it will work normally without SSH.

By running a multi-terminal simulator in the Windows environment of the workstation, or using the Screen tool, Linux or other Unix system administrators can easily manage multiple systems at the same time. SSH can automatically manage multiple servers at one time through the network management shell or Perl script.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.