Red Hat 7 SSH

Source: Internet
Author: User

SSH (Secure Shell) is a secure way to provide remote login protocol, you want to use the SSH protocol to remotely manage the Linux system, you need to deploy the configuration sshd service program. SSHD is based on SSH

Protocol development of a remote Management Service program, not only easy to use, but also to provide two types of security authentication methods:
? Password-based authentication-use the account and password to verify the login;

? Key-based authentication-you need to generate a key pair locally and then upload the public key from the key pair to the server.

Compared to the public key in the server, which is more secure.

The configuration information for the SSHD service is saved in the/etc/ssh/sshd_config file. The file that holds the most important configuration information is called the primary profile, (the general configuration file is in the/etc/service name/service name. conf) and the configuration file has many

Note lines at the beginning of the pound sign, to make these configuration parameters effective, you need to modify the parameters and then remove the previous pound sign.

The parameters and functions contained in the SSHD service configuration file

Parameters Role
Port 22 The default sshd service
ListenAddress 0.0.0.0 Set the IP address that the SSHD server listens on
Protocol 2 Version number of the SSH protocol
Hostkey/etc/ssh/ssh_host_key The location of the DES private key is stored in the SSH protocol version 1 O'Clock
Hostkey/etc/ssh/ssh_host_rsa_key Where the RSA private key is stored, the SSH protocol version is 2 o'clock
Hostkey/etc/ssh/ssh_host_dsa_key When the SSH protocol version is 2 o'clock, the location of the DSA private key is stored
Permitrootlogin Yes Set whether to allow root administrator to log in directly
Strictmodes Yes Direct deny connection when remote user's private key is changed
Maxauthtries 6 Maximum number of password attempts
MaxSessions 10 Maximum number of terminals
Passwordauthentication Yes Whether to allow password authentication
Permitemptypasswords No Whether to allow blank password login (very insecure)

In the RHEL 7 system, the SSHD service program has been installed and enabled by default. Next, use the SSH command to connect remotely, in the form of "ssh [parameter] host IP address". To exit the login, execute the exit command.

[root@localhost Desktop]# ssh 192.168.10.10
The authenticity of host ‘192.168.10.10 (192.168.10.10)‘ can’t be established.
ECDSA key fingerprint is 35:01:64:40:4c:22:41:f1:2e:2c:75:76:a3:14:47:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.10.10' (ECDSA) to the list of known hosts.
Root@192.168.10.10‘s password: Enter your password here
Last login: Tue Oct 2 16:26:24 2018
[root@localhost ~]# exit
Logout
Connection to 192.168.10.10 closed.
[root@localhost Desktop]#

Prevent root administrator from logging in

First use the Vim text editor to open the main configuration file of the SSHD service, then remove the pound sign (#) before the 48th line #permitrootlogin Yes parameter, and change the parameter value Yes to No, so it is no longer

Allows the root administrator to log on remotely.


[root@localhost Desktop]# vim /etc/ssh/sshd_config
..................Omit some output information..................47 #LoginGraceTime 2m
  48 PermitRootLogin no
  49 #StrictModes yes
  50 #MaxAuthTries 6
  51 #MaxSessions 10
..................Omit some output information..................



A Generic Service program does not get the latest parameters immediately after the configuration file is modified. If you want the new configuration file to take effect, you will need to manually restart the appropriate service program. It is best to add this service to the boot

Startup item so that the next time the system is started, the service program will run automatically and continue to serve the user.

systemctl Restart sshd Systemctl Enable sshd

When the root administrator attempts to access the SSHD service program, the system will prompt for inaccessible error messages.
[Email protected] desktop]#192.168.  10.10
[email protected]192.168. 10.10 '  try again.

Red Hat 7 SSH

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.