Remote control of the server using the SSH tool

The network is attacked, in many cases due to the Telnet service provided by the server. Indeed, for Unix systems, if you want to manage it remotely, you have to use a remote terminal, and to use a remote terminal, you naturally have to start the Telnet service on the server. But the Telnet service has a fatal weakness-it transmits usernames and passwords in clear text, so it's easy to steal passwords from people with ulterior motives. At present, an effective alternative to the Telnet service is a useful tool for SSH services. When the SSH client communicates with the server, the username and password are encrypted, which effectively prevents eavesdropping on the password. This article describes the use of an SSH server package that runs on a common operating system.

First, the SSH software package consists of two parts, one is the server-side package and the other is the customer package. For UNIX, Linux server operating systems, the two packages are packaged separately in two different files. In Windows 9x/nt/2000, it is also divided into two parts, except that the server package can only run in versions above Windows NT and Windows Server, while client SSH can run on all Windows systems.

　　 First, Unix/linux under SSH2 installation steps

1. Download the package, download the address www.ssh.com, download the latest software package SSH2, it is best to download the source program package itself to compile.

2. Decompression and Installation:

# TAR-ZXVF Ssh2-2.4.0.tar.gz

# CD ssh2-2.4.0

#./configure

# make

#make Install

Installation complete. This process actually installs the server package and the client software, without having to install the client package again.

Compiled binary packages are stored in the RPM format in the ftp://ftp.ssh.com/pub/ssh/rpm directory. It is a software package for non-commercial users with the package name: SSH-2.4.0-1.I386.RPM, which contains support for X window, and another package that does not support X window is ssh- 2.4.0-1NOX.I386.RPM, can be installed directly after downloading. The installer installs the SSH2 package under/usr/local/bin and/usr/local/sbin.

　　 ii. installing SSH on Windows nt/2000/2003 server

In NT and Windows Server environment, you can choose the Server Software: Vshell, Ssh2-2.4.0.win-server. Vshell is a software package provided by Van Dyke that can provide SSH2 servers in Windows nt/2000 environments with the following download addresses://www.vandyke.com/download/index.html. Another SSH server running in the Windows environment is SSHWinServer.exe and can be downloaded directly from the FTP://FTP.SSH.COM/PUB/SSH directory.

The installation in Windows environment is very simple, this article is no longer introduced.

Unlike UNIX, in a Windows environment, you need to install servers and client packages separately. The client software running in Windows environment can also be downloaded from the above two sites, the filename is securecrt and SSHWIN-2.4.0-PL2 respectively.

　　 Iii. preparations for the key

A. The server-side produces the user's own cryptographic key and public public use. In a UNIX environment, the method that produces the key is as follows:

Keygen

Require the user to enter a long authentication string, the function of this string is equivalent to password, but it is longer, generally within 20 characters. Enter the same string again to confirm that the input is correct, and then the system produces a pair of keys and a public key. Copy the public key to the local area so that the client can decrypt the information sent by the server. Of course, if you do not copy, the first time you log in, the server will automatically push its public key to the client, so that the client can decrypt the information provided by the server to identify.

B. The client produces the user's cryptographic key and public key. The client produces its own key and public key in the same way as the server side. In the Windows environment, some of the SSH-enabled client software uses its own generated methods, the specific circumstances are different, but it is certain that all SSH-enabled clients can and must be generated. Take sshWin2.4 as an example to illustrate the following:

Open the menu: Edit→settings→globe settings→user keys→generate New Keypairs, the prompt will automatically generate a fresh key and public key pair.

Finally, the client-generated public key is replicated to the user's directory on the server's host (in the/HOME/USRNAME/.SSH2 directory under Unix). Different versions of SSH have specific requirements for the public key and the file name of the key, please read the installation instructions in the package.

　 Four, start the SSH server

In the Unix/linux environment, the server program is placed under the/usr/local/sbin directory and the Startup method is as follows:

# sshd

# PS X

You can see that the sshd has been started. If you do not want to restart the system each time, you have to manually run the start sshd, you can write a script, placed in the INIT.D directory, so that the system started, automatically perform the SSHD service startup work. Or add a line to the rc.local directly/usr/local/sbin/sshd also. Under Windows nt/2000/, start the SSH2 server and run the start SSH2 server in the program group.

Using SSH

The client is SSH in the unix/linux system and is stored in the/usr/local/bin directory. There are SSH1, SSH2, SCP and other client tools, using SSH login remote host method is as follows:

Host.ip.of.remote

As with Telnet, the difference is to require users to enter the authentication string, if the authentication string passed the authentication, then the user login successfully, if not successful, the user is required to enter the system password. After successful password authentication, users can also successfully log on to the system. In terms of usage, it's no different from Telnet. and have the SSH client software, if you want to upload files, do not have to open an FTP window to the same as before, again authentication, and then upload files. You can upload files directly to the remote server using the SCP tools that are brought in by the SSH client. Use the following methods:

Host1:dir/filename Host2:/home/abc/filename

In Windows systems, the available SSH clients are: SECURCRT, or CRT-supported versions of SSH (download address://www.vandyke.com/), a good remote terminal that supports SSH, which supports both SSH1 and SSH2. Users are free to choose from the server side, allowing it to support the appropriate standards.

Another option is for ssh.com to provide the client, download the address: Ftp://ftp.ssh.com/pub/ssh/SSHWin-2.4.0-pl2.exe, this is the new version of the SSH2 client.

In addition, there are FTP client tools that support SSH, where sshwin-2.4 has an SSH Secure file Transfer client that can be used to transfer encrypted files between two hosts. Also known as the SCP function. With SECURECRT also has a corresponding support for SSH FTP tool, its name is: Securefx, can be downloaded from the www.vandyke.com/use.

The following figure is the SECURECRT landing server schematic:

For a variety of reasons, some support SSH GUI client will not well support the above servers, you can assemble the above tools, find the right tool for their own. In general, clients under UNIX have the best support for a variety of servers. Usually when choosing the server and client software, it is best to choose the same software vendor's product, so there will be no incompatibility problems.

To add, if you want to use both SSH2 and do not want to pay, then a choice of free software is OpenSSH, it is a GPL compliant software package, while supporting the SSH1 and SSH2 standards, is another widely used SSH software package ( Can be downloaded from www.openssh.com). The latest version of OpenSSH is Openssh-2.5.1, providing all the source code. However, before compiling, you should read its documentation carefully. The zlib and OpenSSL two packages are used in the compilation process, and users first need to download and install them before compiling the openssh. Please read the install file in the package for specific procedures.