OpenSSH service for linux

I. Principles of asymmetric encryption:

I. Principles of asymmetric encryption:

1. the transmitter uses the Hash algorithm to obtain the message digest and uses its own private key for encryption to obtain a digital signature.

2: The sender uses the receiver's public key to encrypt the plaintext and digital signature, and then sends it to the receiver.

3: The receiver receives the encrypted message and uses its own private key to decrypt the data and digital signature.

4: The receiver decrypts the digital signature with the public key of the sender, obtains the message digest, and uses the public Hash algorithm to calculate the Digest of the packet. if The Digest is the same as that of the sender, otherwise it is tampered.

2. Open SSH uses asymmetric encryption for remote control.

SSH password verification process

1: first, when the client is connected for the first time, the server sends the public key to the client and stores it in ~ /. Ssh/known_hosts file.

2: The client generates a random string, which is encrypted with the server's public key and transmitted to the server.

3: The server decrypts the data with its own private key, obtains the string of the client, and sends it to the client again to verify the authenticity of the server.

4: The client verifies its legitimacy through the user and password.

To verify the SSH public/private key pair, follow these steps:

1: the client uses ssh-genkey to generate a pair of public and private keys. They are ~ /. Ssh/id_rsa (private key )~ /. Ssh/id_rsa.pub (public key ).

2: Use the ssh-copy-id root@172.16.1.1 to send your own public key to the server ~ In the/. ssh/authorized_keys file, the file is automatically generated on the server when the command is used. The file contains a set of public keys of each client.

3. Open SSH configuration file.

1: The client configuration file/etc/ssh/ssh_config does not need to be configured.

2: server configuration file/etc/ssh/sshd_config

A. changing the PermitRootLogin field to no can restrict the administrator from remotely using SSH to improve security.

The B. port field can change the listening port of sshd.

3: run the client command on the/usr/bin/ssh server and run the command on/usr/sbin/sshd.

4: Windows SSH remote management software includes SecureCRT and WinSCP.

5: When SecureCRT is used in Windows, an lrzsz rpm Package is installed on the server. files can be directly dragged from Windows to the terminal and uploaded to the server.