Home > Others

Realizing the mutual trust of two machines based on OpenSSH

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. Server-side configuration files :#vim/etc/ssh/sshd_config

Protocol 2 (protocol version V2)

AddressFamily any (service on which type of address, any means support IPv4,IPv6)

ListenAddress 0.0.0.0 (address of service provided, default is all addresses configured on the host)

Keyregenerationinterval 1h(Regenerate key time, default 1 hours)

Serverkeybits 1024x768 (default length of secret key)

Syslogfacility Authpriv (defines the range of log messages)

LogLevel INFO (log level)

Logingracetime 2m (login tolerance period, default is two minutes)

Permitrootlogin Yes (allows administrators to log in directly)

Maxauthtries 6 (maximum number of logon attempts allowed)

Pubkeyauthentication Yes (key-based authentication is allowed)

passwordauthentication Yes (password-based authentication is allowed)

Banner None(whether to display the welcome banner when the user logs in)

2.ssh Client Usage :

a) ssh-l user name remote host name [ command ]

b) ssh user name @ remote Host name

-X can execute graphical commands on the remote host

3. How to implement key-based authentication:

A host is a client (implemented based on a user)

1) generate a pair of secret keys

Ssh-keygen

-t {RSA|DSA} specifies the algorithm

-f/path/to/keyfile specifying a key file

-N ' password ' to specify password

2) transfer the public key to a . Ssh/authorized_keys file in a user's home directory on the server side

Using the File Transfer tool (SSH-COPY-ID,SCP)

Ssh-copy-id-i/path/to/ generated public key user name @ host

3) Test Login

4.SCP: ssh -based remote replication command, can be implemented between the host encrypted transmission data

Usage:SCP [ options ] Source Purpose

-R recursive replication, used when copying directories

-a reserved permission, recursive replication, used when copying directories

5. Experiment: Two-machine mutual trust

1) Premise: two hosts fsy1(192.168.113.128) and fsy2( 192.168.113.129) network connectivity

2) Procedure:

Client:

#ssh-keygen-t RSA (Generate secret key)

Direct carriage return when input is required

#ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected] (copy your own public key to the peer host)

Server:

#ssh-keygen-t RSA

#ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]

Finally, the test can be done.


Realizing the mutual trust of two machines based on OpenSSH

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More