from: http://blog.csdn.net/neofung/article/details/6574002
install and use SSH on Ubuntu
There are many online articles on the Internet to open the SSH service, but most of the methods introduced are not ideal after testing, can not realize remote login to Ubuntu, the final analysis is not really open Ssh-server services. The ultimate success method is as follows:
Installing OpenSSH Server under Ubuntu is an incredibly easy thing to do, requiring only one command:
sudo apt-get install Openssh-server
(View the returned results, and if there is no error, enter the IP address of your server with the SSH client software, such as Putty, SecureCRT, SSH Secure Shell client, and so on.) If all goes well, wait a moment to connect. And you should be able to log in using your existing username and password. )
Then confirm that the Sshserver is started: (or with "NETSTAT-TLP" command)
Ps-e | grep ssh
If only ssh-agent that Ssh-server has not started, need to/etc/init.d/ssh start, if you see the sshd that shows that Ssh-server has been started.
Ssh-server configuration file is located in/Etc/ssh/sshd_config, where you can define the SSH service port, the default port is 22, you can define yourself as a different port number, such as 222. Then restart the SSH service:
Sudo/etc/init.d/ssh Resart
In fact, if there are no special needs, here OpenSSH Server is installed. But setting it up further can make the OpenSSH logon time shorter and more secure. All of this is done by modifying the OpenSSH configuration file sshd_config.
First of all, when you experiment with remote login, you may find that you will have to wait a long time after entering your username to prompt for a password. In fact this is because sshd needs to reverse the client's DNS information caused. We can greatly increase the speed of login by disabling this feature. First, open the Sshd_config file:
sudo nano/etc/ssh/sshd_config
Find the GSSAPI Options section and comment out the following two lines:
#GSSAPIAuthentication Yes #GSSAPIDelegateCredentials No and then restart the SSH service:
Sudo/etc/init.d/ssh restart
Try again, it should be very fast.
Using PuTTy to log on to the server with certificate authentication
SSH service, all the content is encrypted transmission, security is basically guaranteed. However, if you can use certificate authentication, security will be higher, and after certain settings, but also to achieve the effect of automatic login certificate certification.
First modify the Sshd_config file to turn on the certificate authentication option:
Rsaauthentication Yes Pubkeyauthentication Yes Authorizedkeysfile%h/.ssh/authorized_keys after the modification is complete, restart the SSH service.
Next we need to establish a private key and public key for the SSH user. First of all to login to the account that needs to establish the key, here note the exit root user, need to use the SU command to switch to another user. Then run:
Ssh-keygen
Here, we will store the generated key in the default directory. The establishment of the process will be prompted to enter passphrase, which is equivalent to the certificate to add a password, but also to improve security measures, so that even if the certificate was accidentally copied away is not afraid. Of course, if this is left blank, then you can implement PuTTy through certificate authentication automatic login.
The Ssh-keygen command generates two keys, first we need to rename the public key to the server:
CD ~/.ssh MV Id_rsa.pub Authorized_keys then copy the private key id_rsa from the server and delete the Id_rsa file on the server.
The settings on the server are finished, and the following steps need to be done on the client computer. First, we need to convert the Id_rsa file to the PuTTy supported format. Here we need to use the PuTTyGEN tool:
Click the Load button in the PuTTyGen interface, select the Id_rsa file, enter passphrase (if any), then click the Save privatekey button so that the PuTTy accepted private key is ready.
Open PuTTy, enter the server's IP address in the Session, click the Browse button under Connection->ssh->auth, and select the private key that you just generated. Then go back to the Connection option and enter the user name that the certificate belongs to in Auto-login username. Go back to the Session tab and enter a name to save the session. Click on the bottom of Open should be able to log on to the server through certificate authentication. If there is passphrase, the login process will require input passphrase, otherwise it will be directly logged on to the server, very convenient.
Xming+putty programs that use the graphical interface for remote Linux hosts under Windows
First, the principle
The Linux/unix X window has network transparency. The X window System has a unified server that is responsible for each program's interaction with input such as displays, keyboards, and mice, and each GUI-based application interacts with the server through a network protocol. So for any application, the difference between running locally and running remotely is that the X server has a different address than the other. So running an X Server in Windows makes it easy to run Linux applications with GUIs remotely. At the same time, OpenSSH has the X-forwarding function, which can forward the X program of the Linux host to the client through the SSH pipeline. Thus, through the putty to the host, and then the received host forwarded by the X program's interaction with the local Windows system running under the X server to manage and display, in principle, this can be implemented remotely using Linux GUI program.
Configuration required on the host:
#vi/etc/ssh/sshd_config
Uncomment this line-if you do not have this line, add it manually:
x11forwrding Yes
The purpose of this configuration is to allow the X-forwards of SSH. In essence, this is a certain security risk, SSH does not guarantee the security of your data, but, in general, this is enough.
Second, installation xming
You need to run an X Server on your local windows. There are many options: Cygwin x server is probably the most famous, but for such a small thing to install a "relatively large" cygwin, it seems a bit exaggerated, in addition to Cygwin, there are two famous commercial software can choose, Xwin32 and Xmanager, Last semester IC experiment with is xmanager, feel very smooth very good, however, although Xmanager can try, but after all, still is commercial software; There is also a choice, is here to speak, open source software xming.
Xming is a simple and powerful open source x Server that can run under the m$ Xp/2003/vista operating system.
Xming's homepage: http://www.straightrunning.com/XmingNotes/
Xming's sourceforge page: http://sourceforge.net/projects/xming/
Download Xming-setup.exe from SourceForge (the latest version is 6.9.0.31), installed locally.
The first runtime uses the Xlaunch in the Start menu to start, producing an initial configuration file. For simple use, no special configuration is required, and everything is used by default. The specific configuration and use of xming can refer to Xming's manual.
Remember that the numbers in the "Display number" indicated in, using the default 0
When the boot is complete, an "X" icon appears in the tray area, which means that the xming is already running, hovering over it and seeing the "Display number" currently in use.
Third, configuration putty
Windows has a lot of support ssh/telnet and other remote login protocol clients, such as SECURECRT, Xshell, Putty, and so on, even everyone used to login BBS irrigation with the fterm have SSH features, Just not as Putty software professional and powerful.
I use the famous free putty, I believe many people's choice is also like me. Therefore, we will not repeat the configuration and use of putty. The point here is to add Putty support for x forwarding. Run putty, in the configuration screen, select "Connection-ssh-x11", select "Enable x11forwarding", "X display Location" in the first step of "display number" in the numbers (here is "localhost:0").
Then connect to log in to the remote host and look like everything looks normal.
Iv. Problems and Solutions
So try to run the VBox