Remote Access and control

One, SSH remote management

SSH is a kind of secure channel protocol, which is mainly used to realize the functions of remote login and long-distance copying of character interface. The SSH protocol encrypts the data transfer between the two sides of the communication, in which Au the user password entered when the user logs in. The SSH protocol provides better security than earlier applications such as TELENT,TSH,RCP.

Remote management and security control of Linux servers

1. Configuring the OpenSSH service side

The default port number used by the SSH service is 22. It is recommended to modify this port number if necessary, and specify the specific IP address of the listening service to improve the concealment in the network, in addition, the version of the SSH protocol is better than the security of V1, disable DNS reverse resolution can improve the response speed of the server v2

Vim/etc/ssh/sshd_config

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/78/D7/wKioL1aD6FXik1CpAAAnxoF3r6Y347.png "style=" float: Left; "title=" S.png "alt=" Wkiol1ad6fxik1cpaaanxof3r6y347.png "/>

Listening on Port 22

Address 192.168.1.10

Protocol SSH v2

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/78/D7/wKioL1aD6Mazsj3NAAAGsisXAEI334.png "title=" db.png "Style=" float:left; "alt=" Wkiol1ad6mazsj3naaagsisxaei334.png "/> Disables DBS reverse parsing

Service sshd Reload

2. User-controlled Login

Vim/etc/ssh/sshd_config

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/78/D7/wKioL1aD6kuTBAx3AAAVzCapun0716.png "style=" float: Left; "title=" S1.png "alt=" Wkiol1ad6kutbax3aaavzcapun0716.png "/>

Verify logon time is 2 minutes

Disable root User Login

Maximum Retry count is 6

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/78/D7/wKioL1aD6nayIgjcAAAJ2gE7x2A236.png "title=" s2.png "alt=" wkiol1ad6nayigjcaaaj2ge7x2a236.png "/> prohibit null password user login

3. Login Verification Method

#密码验证: It is easiest to use the login name and password of the local system user in the server to authenticate, but from the client's point of view, the server being connected may be impersonating, from the server point of view, when encountering password brute force attack, the defense ability is weaker

#密钥对验证: Required to provide encryption/decryption association validation,

Vim/etc/ssh/sshd_config

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/78/DA/wKiom1aD7UvCbRR7AAAKudVo6iY847.png "title=" s3.png "alt=" wkiom1ad7uvcbrr7aaakudvo6iy847.png "/> Enable password verification

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/78/DA/wKiom1aD7Wih9cNQAAAV2EpFH0A293.png "title=" s4.png "Style=" float:left; "alt=" wkiom1ad7wih9cnqaaav2epfh0a293.png "/> enable key pair validation

Specifying a public key library data file

Service sshd Reload

Second, use the SSH client program

1) SSH Telnet

SSH [email protected] remote address

2) SCP Remote replication

Example: Copying a/etc/passwd file from a remote host to a native

SCP [Email Protected]:/etc/passwd/root/pwd.txt

Copy the native/ETC/VSFTPD directory to the remote host

Scp-r/etc/vsftpd/[Email protected]:/opt

Remote Access and control