Primary Learning Linux Unit Nineth

First, Openssh-server

Function: Allow remote host to access sshd service over the network, start a secure shell

Second, the Client connection mode

SSH remote host user @ remote host IP
[[email protected] ~]# Ifconfig # #查看本机IP帐号, you can use this command on the host to log in to view

$ $PS: Set IP method
[[email protected] ~]# Nm-connection-editor # #图形界面设置IP, other methods will be detailed in the following modules

Icon: Set IP Step One "click Add to add OK"

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/A7/7C/wKioL1nnPVSD4FXCAABoEttY87I471.png-wh_500x0-wm_ 3-wmp_4-s_4109209152.png "title=" screenshot from 2017-10-16 11-32-50.png "alt=" Wkiol1nnpvsd4fxcaaboetty87i471.png-wh_50 "/>

Figure: Set IP Step two "directory is Ethernet, click Create"

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/08/CD/wKiom1nnQBeg3cpDAAB9Xf78-u4264.png-wh_500x0-wm_ 3-wmp_4-s_350658968.png "title=" screenshot from 2017-10-16 11-33-32.png "alt=" Wkiom1nnqbeg3cpdaab9xf78-u4264.png-wh _50 "/>

Figure: Set IP step three "Connection:ip name itself, here is the" Westos ", Device MAC addresses: The option is the eth0 in parentheses"

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/A7/7C/wKioL1nnPXWgYJwEAACLq1KdRf0571.png-wh_500x0-wm_ 3-wmp_4-s_4187726760.png "title=" screenshot from 2017-10-16 11-34-16.png "alt=" Wkiol1nnpxwgyjweaaclq1kdrf0571.png-wh_50 "/>

Figure: Set IP Step four "select IPv4 Settings,method Choose manual for static IP, that is, set the IP for themselves, click Add,addresses Input set Ip,netmask for 24,gateway Gateway is not filled, but need to select , and then click Save.

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/A7/7C/wKioL1nnPYLzLh5tAADlfyraf1w178.png-wh_500x0-wm_ 3-wmp_4-s_1609055168.png "title=" screenshot from 2017-10-16 11-37-49.png "alt=" Wkiol1nnpylzlh5taadlfyraf1w178.png-wh_50 "/>

Figure: Set IP final result

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/08/CD/wKiom1nnQFKz-GI6AAFeDGkEoD0337.png-wh_500x0-wm_ 3-wmp_4-s_1042098485.png "title=" screenshot from 2017-10-16 11-39-24.png "alt=" Wkiom1nnqfkz-gi6aafedgkeod0337.png-wh_50 "/>

[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.254.244 (172.25.254.244) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes # #连接陌生主机时需要建立认证关系
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: # #远程用户密码
Last Login:mon Oct 3 03:13:47 2016
[Email protected] ~]# # #登陆成功

Diagram: Remote host Login

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/08/CD/wKiom1nnQGDDvIpaAAE2OsUrOg4193.png-wh_500x0-wm_ 3-wmp_4-s_1365975249.png "title=" screenshot from 2017-10-16 11-39-51.png "alt=" Wkiom1nnqgddvipaaae2osurog4193.png-wh_50 "/>

SSH remote host user @ remote host Ip-x # #调用远程主机图形工具

Diagram: Remote host Graphics Login

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/08/CD/wKiom1nnQJ7Axi-9AAE6aEWECW0987.png-wh_500x0-wm_ 3-wmp_4-s_705506493.png "title=" screenshot from 2017-10-16 21-01-21.png "alt=" Wkiom1nnqj7axi-9aae6aewecw0987.png-wh _50 "/>

Diagram: Gedit file created on the landing host

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/08/CD/wKiom1nnQMLQeVbTAAExUlVJTRg189.png-wh_500x0-wm_ 3-wmp_4-s_1978383000.png "title=" screenshot from 2017-10-16 21-00-22.png "alt=" Wkiom1nnqmlqevbtaaexulvjtrg189.png-wh_50 "/>

Third, Ssnkey encryption "is landing host"

1. Generating the public key private key
[[email protected] ~]# Ssh-keygen # #生成公钥私钥工具, press ENTER repeatedly until the command line appears
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] # #加密字符保存文件 (default is recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase): [Enter] # #密钥密码, must be >4 characters
Enter same passphrase again: [Enter] # #确认密码
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =.  .        . |
|o. oo.+. |
| ..        o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Authorized_keys id_rsa.pub
Id_rsa # #私钥 is the key
Id_rsa.pub # #公钥 is the lock
Diagram: Generated public key, private key of login host
650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/08/CD/wKiom1nnQPegwrbKAAD2TEfBmMI026.png-wh_500x0-wm_ 3-wmp_4-s_2508783919.png "title=" screenshot from 2017-10-16 21-10-19.png "alt=" Wkiom1nnqpegwrbkaad2tefbmmi026.png-wh_50 "/> 2. Adding key authentication Methods
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id # #添加key认证方式的工具
-I # #指定加密key文件
/root/.ssh/id_rsa.pub # #加密key
Root # #加密用户为root
172.25.0.11 # #被加密主机ip

Icon: The host was successfully authenticated

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M01/08/CD/wKiom1nnQR-AnuS7AACGcZvC7No349.png-wh_500x0-wm_ 3-wmp_4-s_3281423215.png "title=" screenshot from 2017-10-16 21-14-29.png "alt=" Wkiom1nnqr-anus7aacgczvc7no349.png-wh_50 "/>

3. Distribute the key to the client host
[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/

Diagram: Login host/root/.ssh/initial state

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/A7/7D/wKioL1nnPoCgKQwoAAA-6ol1J2U999.png-wh_500x0-wm_ 3-wmp_4-s_4227389184.png "title=" screenshot from 2017-10-16 21-16-25.png "alt=" Wkiol1nnpocgkqwoaaa-6ol1j2u999.png-wh_50 "/>

Diagram: The landing host was successfully transmitted

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/08/CD/wKiom1nnQUfgv4euAACQrSUepEs176.png-wh_500x0-wm_ 3-wmp_4-s_2242543539.png "title=" screenshot from 2017-10-16 21-19-36.png "alt=" Wkiom1nnqufgv4euaacqrsuepes176.png-wh_50 "/>

Icon: Login Host accepted success

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/A7/7D/wKioL1nnPqaD4tFlAAElvn3MQK4863.png-wh_500x0-wm_ 3-wmp_4-s_936423929.png "title=" screenshot from 2017-10-16 21-27-30.png "alt=" Wkiol1nnpqad4tflaaelvn3mqk4863.png-wh _50 "/>

4. Testing

[[email protected] ~]# ssh [email protected] # #通过id_rsa直接连接不需要输入用户密码
Last Login:mon Oct 3 03:58:10 from 172.25.0.250
[Email protected] ~]#

Icon: successful landing via key

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/08/CD/wKiom1nnQWvyqoBHAACVJzCl7uk408.png-wh_500x0-wm_ 3-wmp_4-s_3422547237.png "title=" screenshot from 2017-10-16 21-28-22.png "alt=" Wkiom1nnqwvyqobhaacvjzcl7uk408.png-wh_50 "/>

Iv. lifting the OpenSSH security level

Openssh-server configuration file:/etc/ssh/sshd_config
[Email protected] ~]# Vim/etc/ssh/sshd_config
Passwordauthentication Yes|no # #是否开启用户密码认证, yes to support no for off

Diagram: Whether to turn on user authentication password

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/08/CD/wKiom1nnQbzBT-tLAAE-OP5rFGo364.png-wh_500x0-wm_ 3-wmp_4-s_3467374319.png "title=" screenshot from 2017-10-16 22-03-05.png "alt=" Wkiom1nnqbzbt-tlaae-op5rfgo364.png-wh_50 "/>

Permitrootlogin Yes|no # #是否允许超级用户登陆
Allowusers Student # #用户白名单, only users appearing on the list can use sshd to build the shell
Denyusers Westos # #用户黑名单

Restart Service: Systemctl restart sshd

This article is from the "13342594" blog, please be sure to keep this source http://13352594.blog.51cto.com/13342594/1973909

Primary Learning Linux Unit Nineth