I. Some nonsense.
When I was in the third year of high school, I had been in touch with Linux and was moved by its handsome terminal. From then on, I began to struggle with Linux. it was bitter, but more happy. At first, I started to get started with Linux because of backtrack and learned some basic operations under Linux. During the recent period, I wanted to systematically learn about Linux security and prepare to record what I learned during this period, so as to provide some reference for Linux users, of course, if you can see it
II. Introduction to ssh.
To put it simply, SSH is a network protocol used for encrypted login between computers.
If a user logs on to another remote computer from a local computer using SSH protocol (mostly between Linux), we can think that such logon is safe, even if it is intercepted midway through, the password will not be disclosed. (Is that true ?)
At the earliest time, the Internet communication was plain text communication. Once intercepted, the content was exposed. In 1995, Finnish scholar Tatu ylonen designed the SSH protocol to encrypt all login information, which became a basic solution for Internet security and was quickly promoted worldwide, it has become a standard configuration for Linux systems.
It should be noted that SSH is only a protocol and there are multiple implementations, both commercial implementation and open-source implementation. The implementation of this article is OpenSSH, which is a free software and widely used.
In addition, this article only discusses the usage of SSH in Linux Shell. If you want to use SSH in windows, another software such as putty or xshell will be used.
3. Easy to use.
1. If you are a Linux User, open the terminal and enter SSH [email protected]. Here, websec is my user name and 192.168.61.132 is the host address. Replace the user name and host address during use. Next, press Enter. At this time, enter the password and then press enter to log on.
2. If you are a Windows user, you need to use something similar to xshell to connect. The specific process is not described in detail. After logon is successful, it is as follows:
3. Ssh configuration.
The SSH configuration file for cenos is in:/etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $# This is the ssh client system-wide configuration file. See# ssh_config(5) for more information. This file provides defaults for# users, and the values can be changed in per-user configuration files# or on the command line.# Configuration data is parsed as follows:# 1. command line options# 2. user-specific file# 3. system-wide file# Any configuration value is only changed the first time it is set.# Thus, host-specific definitions should be at the beginning of the# configuration file, and defaults at the end.# Site-wide defaults for some commonly used options. For a comprehensive# list of available options, their meanings and defaults, please see the# ssh_config(5) man page.# Host *# ForwardAgent no# ForwardX11 no# RhostsRSAAuthentication no# RSAAuthentication yes# PasswordAuthentication yes# HostbasedAuthentication no# GSSAPIAuthentication no# GSSAPIDelegateCredentials no# GSSAPIKeyExchange no# GSSAPITrustDNS no# BatchMode no# CheckHostIP yes# AddressFamily any# ConnectTimeout 0# StrictHostKeyChecking ask# IdentityFile ~/.ssh/identity# IdentityFile ~/.ssh/id_rsa# IdentityFile ~/.ssh/id_dsa# Port 22# Protocol 2,1# Cipher 3des# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc# MACs hmac-md5,hmac-sha1,email@example.com,hmac-ripemd160# EscapeChar ~# Tunnel no# TunnelDevice any:any# PermitLocalCommand no# VisualHostKey noHost * GSSAPIAuthentication yes# If this option is set to yes then remote X11 clients will have full access# to the original X11 display. As virtually no X11 client supports the untrusted# mode correctly we set this to yes. ForwardX11Trusted yes# Send locale-related environment variables SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS
SSH configuration in centos