SSH (Secure Shell) is a secure way to provide remote login protocol, you want to use the SSH protocol to remotely manage the Linux system, you need to deploy the configuration sshd service program. SSHD is based on SSH
Protocol development of a remote Management Service program, not only easy to use, but also to provide two types of security authentication methods:
? Password-based authentication-use the account and password to verify the login;
? Key-based authentication-you need to generate a key pair locally and then upload the public key from the key pair to the server.
Compared to the public key in the server, which is more secure.
The configuration information for the SSHD service is saved in the/etc/ssh/sshd_config file. The file that holds the most important configuration information is called the primary profile, (the general configuration file is in the/etc/service name/service name. conf) and the configuration file has many
Note lines at the beginning of the pound sign, to make these configuration parameters effective, you need to modify the parameters and then remove the previous pound sign.
The parameters and functions contained in the SSHD service configuration file
Parameters |
Role |
Port 22 |
The default sshd service |
ListenAddress 0.0.0.0 |
Set the IP address that the SSHD server listens on |
Protocol 2 |
Version number of the SSH protocol |
Hostkey/etc/ssh/ssh_host_key |
The location of the DES private key is stored in the SSH protocol version 1 O'Clock |
Hostkey/etc/ssh/ssh_host_rsa_key |
Where the RSA private key is stored, the SSH protocol version is 2 o'clock |
Hostkey/etc/ssh/ssh_host_dsa_key |
When the SSH protocol version is 2 o'clock, the location of the DSA private key is stored |
Permitrootlogin Yes |
Set whether to allow root administrator to log in directly |
Strictmodes Yes |
Direct deny connection when remote user's private key is changed |
Maxauthtries 6 |
Maximum number of password attempts |
MaxSessions 10 |
Maximum number of terminals |
Passwordauthentication Yes |
Whether to allow password authentication |
Permitemptypasswords No |
Whether to allow blank password login (very insecure) |
In the RHEL 7 system, the SSHD service program has been installed and enabled by default. Next, use the SSH command to connect remotely, in the form of "ssh [parameter] host IP address". To exit the login, execute the exit command.
[root@localhost Desktop]# ssh 192.168.10.10
The authenticity of host ‘192.168.10.10 (192.168.10.10)‘ can’t be established.
ECDSA key fingerprint is 35:01:64:40:4c:22:41:f1:2e:2c:75:76:a3:14:47:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.10.10' (ECDSA) to the list of known hosts.
Root@192.168.10.10‘s password: Enter your password here
Last login: Tue Oct 2 16:26:24 2018
[root@localhost ~]# exit
Logout
Connection to 192.168.10.10 closed.
[root@localhost Desktop]#
Prevent root administrator from logging in
First use the Vim text editor to open the main configuration file of the SSHD service, then remove the pound sign (#) before the 48th line #permitrootlogin Yes parameter, and change the parameter value Yes to No, so it is no longer
Allows the root administrator to log on remotely.
[root@localhost Desktop]# vim /etc/ssh/sshd_config
..................Omit some output information..................47 #LoginGraceTime 2m
48 PermitRootLogin no
49 #StrictModes yes
50 #MaxAuthTries 6
51 #MaxSessions 10
..................Omit some output information..................
A Generic Service program does not get the latest parameters immediately after the configuration file is modified. If you want the new configuration file to take effect, you will need to manually restart the appropriate service program. It is best to add this service to the boot
Startup item so that the next time the system is started, the service program will run automatically and continue to serve the user.
systemctl Restart sshd Systemctl Enable sshd
When the root administrator attempts to access the SSHD service program, the system will prompt for inaccessible error messages.
[Email protected] desktop]#192.168. 10.10
[email protected]192.168. 10.10 ' try again.
Red Hat 7 SSH