"Linux Basics" 26, OpenSSH Foundation

First, remote login protocol

1. Introduction to Telnet

In the past, very few people could afford a computer, not to mention a powerful computer. So then people use a way called Telnet to access the Internet: that is, to connect their low-performance computer to the remote performance of large computers , once connected, their computers are like a terminal on these remote computers, It's like sitting in front of a remote mainframe screen and entering commands to run programs on large machines. The way people connect their computers to remote computers is called "Log in," which is called Telnet (remote login).

2. How Telnet works

When you log in to a remote computer system with Telnet, you actually launch two programs, a Telnet client that runs on your local machine, and the other is a Telnet server program that runs on the remote computer you're logging on to. The client program on the local machine will perform the following functions:

1) Establish a TCP connection to the server

2) receive the characters you entered from the keyboard

3) Turn the string you entered into a standard format and send it to the remote server

4) Receive output information from remote server

5) Display this information on your screen

The remote computer's "service" program listens on the TCP 22 port , and as soon as it receives your request, it immediately gets active and completes the following functions:

1) Notify your computer that the remote computer is ready

2) Waiting for you to enter the command

3) respond to your commands (such as displaying the contents of a directory, or executing a program, etc.).

4) Send the result of the execution of the command back to your computer

5) Wait for your order again

3, the use of Telnet

Install Telnet Server side and client:

[[email protected] ~]# yum install telnet telnetserver #安装telnet客户端和服务端程序 [[email protected] ~]# RPM-QL telnet-server/e Tc/xinetd.d/telnet #telnet是由超级守护进程管理的服务/USR/SBIN/IN.TELNETD/USR/SHARE/MAN/MAN5/ISSUE.N Et.5.gz/usr/share/man/man8/in.telnetd.8.gz/usr/share/man/man8/telnetd.8.gz[[email protected] ~]# rpm-ql TELNET/USR /bin/telnet/usr/share/man/man1/telnet.1.gz

Start Telnet-server:

[[Email protected] ~]# service xinetd start[[email protected] ~]# chkconfig telnet on

Using Client telnet:

telnet [-L user] host-name [port]

[[email protected] ~]# telnet 192.168.10.4trying  192.168.10.4...Connected to 192.168.10.4.Escape character is  ' ^] '. centos release 6.5  (Final) Kernel 2.6.32-431.el6.x86_64 on an x86_64login:  root                                  # Telnet default disables root telnet password: login incorrectlogin: anyfish                                 #要使用远程主机上的用户帐号和密码登录Password: login incorrectlogin:  Xjpassword: last login: sat jan  7 17:33:50 from node3[[email  protected] ~]$ 

Summarize:

Telnet is not a secure communication protocol because it does not use any security mechanism to transmit plaintext-formatted data, including passwords, through the network/Internet, so anyone can sniff the packets to get this important information.

Telnet does not use any authentication policies and data encryption methods, resulting in a huge security threat, which is why Telnet is no longer used to access network devices and servers over a public network.

the best use of Telnet is to check the status of any particular service on the remote host (TCP protocol-based services) .

For example, if we want to check the status of Apache Web services running over port 80 on the local server, you can do this:

[[email protected] ~]# telnet 192.168.10.3 22           #此时不需要远程主机开启了telnet服务Trying  192.168.10.3...Connected to 192.168.10.3.                        #已连接Escape  character is  ' ^] '. ssh-2.0-openssh_5.3                               #此时阻塞在这里, is waiting for us to enter the command, That means Port 22nd is on, the remote host has a service listening on this port, and if the input command does not conform to the other service's protocol, it will be forced to exit Protocol mismatch. Connection closed by foreign host. [[email protected] ~]# [[email protected] ~]# telnet 192.168.10.3 23           #如果是没监听的端口, will explicitly reject trying 192.168.10.3...telnet:  connect to address 192.168.10.3: connection refused[[email protected] ~]# 

OpenSSH Client Components:

Ssh:

SSH [email protected]

Ssh-l USERNAME HOST

-P Port: Specify the port to connect to

SSH authentication mechanism:

Based on Password:

Based on key:

The client generates a pair of keys locally, and the client copies the public key to the home directory of the user to be logged in. sshz in a file named Authorized_keys or Authorized_key2

Configuration process:

1, generate key pair child

# Ssh-keygen [-t RSA]

"Linux Basics" 26, OpenSSH Foundation