Remote control over SSH in Linux

The network is under attack, which is often caused by the Telnet service provided by the server. Indeed, for UNIX systems, to remotely manage them, you must use a remote terminal. To use a remote terminal, you must start the Telnet service on the server. However, the Telnet service has a fatal weakness-It transfers user names and passwords in plain text, so it is easy for others to steal passwords with ulterior motives. Currently, SSH is a useful tool to effectively replace the Telnet service. When the SSH client communicates with the server, the user name and password are encrypted to effectively prevent password eavesdropping. This article introduces the use of SSH server software packages running on common operating systems.

The SSH software package consists of two parts: the server software package and the customer software package. For UNIX and Linux systems, these two packages are packaged separately in two different files. In Windows 9x/NT/2000, it is also divided into two parts, the difference is that the Server software package can only run in Windows NT and Windows 2000 Server versions, client SSH can run on all Windows systems. In addition, SSH is divided into two versions: SSH1 and SSH2. SSH1 is a completely free software package, and SSH2 is charged for commercial use. It is also known from its naming that SSH1 is the first version. It is not as powerful as SSH2, but is widely used in many websites because it is free of charge.

SSH2 is compatible with SSH1 servers and provides good service support for SSH1 clients. Therefore, if SSH2 is installed in your system, there is no need to install the SSH1 package.

Install SSH2 in UNIX/Linux

1. download the software package www.ssh.com and download the latest software package SSH2. It is best to download the source software package and compile it on your own.

2. Unzip and install:

# tar -zxvf ssh2-2.4.0.tar.gz# cd ssh2-2.4.0# ./configure# make#make install

Installation is complete. In this process, the server software package and the client software are installed together, so you do not have to install the client software package again.
Compiled Binary packages are stored in the ftp://ftp.ssh.com/pub/ssh/rpmdirectory in rpm format. It is a software package for non-commercial users, the package name is: ssh-2.4.0-1.i386.rpm, which contains support for X Window, another software package does not support X Window is ssh-2.4.0-1nox. i386.rpm, which can be directly installed after download. The installer installs the SSH2 package under/usr/local/bin and/usr/local/sbin.

Install SSH on Windows NT

In the NT and Windows 2000 Server environment, you can select the Server software: Vshell, ssh2-2.4.0.win-server. Vshell is a software package provided by Van Dyke to provide SSH2 servers in Windows NT/2000. It is as follows: // www.vandyke.com/download/index.html. Another SSH server running in Windows is SSHWinServer.exe, which can be downloaded directly from the ftp://ftp.ssh.com/pub/sshdirectory.

The installation in Windows environment is very simple and will not be described in this article.

Different from UNIX, server and client software packages must be installed separately in Windows. The client software running in Windows can also be downloaded from the above two sites, the file names are SecureCRT and SSHWin-2.4.0-pl2.

Key preparation

A. The server generates users' own encryption keys and public keys. In UNIX, the key generation method is as follows:

The user is required to enter a long authentication string, which has the same function as password, but is longer, generally within 20 characters. Enter the same string again to confirm that the input is correct. Then, the system generates a pair of keys and public keys. Copy the public key to a local machine to decrypt the information sent by the server. Of course, if you do not copy it, the server will automatically push its public key to the client at the First Login, so that the client can decrypt and identify the information provided by the server.

B. The client generates the user's encryption key and public key. The client generates its own key and public key in the same way as the server. Some client software that supports SSH in Windows use their own methods. The specific situations are different, however, it is certain that all clients that support SSH can and must generate. Take sshWin2.4 as an example:
Choose Edit → Settings → Globe settings → User keys → Generate New keypairs. A New key and public key pair are automatically generated as prompted.

Finally, copy the Public Key generated by the client to the user's directory on the server host (in UNIX, it should be in the/home/usrname/. ssh2 directory ). SSH of different versions has specific requirements on the public key and key file names. For details, see the installation instructions in the software package.

Start the SSH server

In UNIX/Linux, the server program is placed in the/usr/local/sbin directory. the startup method is as follows:

# sshd# ps x

We can see that SSHD has been started. If you do not want to manually start SSHD every time you restart the system, you can write a script and place it in init. d directory. After the system is started, the SSHD service is automatically started. You can also add a/usr/local/sbin/sshd row to rc. local. Start SSH2 Server in Windows NT/2000/, and run start SSH2 Server in the program group.

Use SSH

The client is SSH in UNIX/Linux and is stored in the/usr/local/bin directory. Client tools such as SSH1, SSH2, and scp are provided. You can use SSH to log on to the remote host as follows:

host.ip.of.remote

The difference is that the user is required to enter the authentication string. If the authentication string passes the authentication, the user logs on directly. If the authentication string fails, the user is required to enter the system password. After successful password authentication, you can also log on to the system. In terms of usage, it is no different from Telnet. With the SSH client software, if you want to upload files, you do not have to open another FTP window as before, authenticate the file again, and then upload the file. Using the scp tool provided by the SSH client, you can directly upload files to the remote server. The usage is as follows:

host1:dir/filename host2:/home/abc/filename

In Windows, the following SSH clients are available: SecurCRT, that is, the version of CRT that supports SSH (: // www.vandyke.com /), this is a remote terminal that supports SSH. It also supports SSH1 and SSH2. Users can freely choose based on the server to support the corresponding standards.

Another client provided by ssh.com is available.

In addition, there is an FTP Client tool that supports SSH, with an SSH Secure File Transfer Client in the sshwin-2.4 that can be used to transmit encrypted files between two hosts. That is, the scp function. In combination with SecureCRT, there is also an FTP tool that supports SSH. Its name is SecureFX, which can be downloaded from www.vandyke.com.

For various reasons, some GUI clients that support SSH may not necessarily support the above servers. You can combine the above tools to find a suitable tool. Generally, the client in UNIX provides the best support for various servers. Generally, when selecting the server and client software, it is best to select the product of the same software vendor, so that there will be no incompatibility issues.

If you want to use SSH2 and do not want to pay for it, Openssh is a free software package that complies with the GPL protocol, it also supports the SSH1 and SSH2 standards and is another widely used SSH software package (which can be downloaded from www.openssh.com ).

The latest version of Openssh is Openssh-2.5.1, which provides all source code. However, you should read the instruction file carefully before compiling. The zlib and openssl software packages are used during compilation. You need to download and install them first, and then compile openssh. For detailed procedures, read the install file in the software package.

Related Articles]

• Use ssh for secure connections

• Use SSH to Securely connect to the Site Server

• Set UNIX remote access through OpenSSH