SSH Remote Access

SSH is the abbreviation for (security shell) and is a secure protocol. The data is encrypted before it is transferred via SSH and then transmitted.

SSH has two kinds of authentication methods: Password Authentication, key pair verification

Password Authentication: Verified by the login name and password of the local login user of the server. From the client's point of view, the server can be impersonating, from the server's point of view the password will be a third party poor (brute force), so through this kind of hair is there will be a certain security risks.

SSH key pair authentication: Generates a pair of public and private keys through the client. The client first passes its public key to the server, the server accepts and saves the secret key, and the client then encrypts it to the server via the private key, and the server decrypts it through the public key.

In Linux, SSH is serviced through Openssh-server, and the client needs to install the Openssh-client package. These two packages are installed by default when the Linux system is installed.

1. Check if the system has the software installed

[Email protected] ~]# Rpm-qa openssh-server
openssh-server-5.3p1-84.1.el6.i686
[Email protected] ~]# Rpm-qa openssh-clients
openssh-clients-5.3p1-84.1.el6.i686

If not installed, it can be installed through the system CD.

2. View the SSH configuration file

[Email protected] ~]# Vi/etc/ssh/ssh_config
# port number of Port//ssh, default is 22
# Protocol 2,1//protocol type, protocol 2 higher security than protocol 1
Authorizedkeysfile. Ssh/authorized_keys//If there is no in the configuration file, you can add it. Generally remain silent

Omitted.........

3. Generate a key pair from the client, only the current user is generated key pair. Therefore, you need to switch to the user before generating the key pair.

[email protected] ~]# Useradd Tom
[Email protected] ~]# echo "abc123" | passwd--stdin Tom
Change the password for the user Tom.
PASSWD: All the authentication tokens have been successfully updated.
[email protected] ~]# Su-tomSwitch users with Su
[[email protected] ~]$ ssh-keygen-t RSAGenerate a user secret key
Generating public/private RSA key pair.
Enter file in which to save the key (/HOME/TOM/.SSH/ID_RSA)://The location where the secret key is saved
Created directory '/home/tom/.ssh '.
Enter passphrase (empty for no passphrase)://The key phrase of the data call
Enter same Passphrase again://confirm the phrase
Your identification has been saved In/home/tom/.ssh/id_rsa.
Your public key has been saved in/home/tom/.ssh/id_rsa.pub.
The key fingerprint is:
cd:01:93:69:83:2f:25:a8:2c:ee:6a:68:95:e5:86:54[email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| . . oo |
| . Eo *o |
| .  ..      = .. |
|. O...     . O. |
|... =  . S O |
| . + O |
|o.            . |
|. +               |
|=                |
+-----------------+
4. View the generated key and pass the public key to the peer-to-peer server through the SCP command.

[Email protected] ~]$ ls-l/home/tom/.ssh/id_rsa*
-RW-------. 1 tom Tom 1743 December 18:10/home/tom/.ssh/id_rsa
-rw-r--r--. 1 tom Tom 394 December 18:10/home/tom/.ssh/id_rsa.pub
[email protected] ~]$ scp-r/home/tom/.ssh/id_rsa.pub [email protected]:/tmp //By passing the user's generic to the server
[email protected]' s password:
Id_rsa.pub

5. The public key is directed to the authentication file on the server

[[email protected] ~]# mkdir/home/liu/.ssh //If there is no need to create the folder

[email protected] ~]# cat/etc/ssh/sshd_config >>/home/liu/.ssh/authorized_keys //The public key is imported into the authentication file of the server.

6. Client set access server via SSH
[[email protected] ~]$ ssh [email protected]
[email protected]' s password://input is the call phrase, if not set the calling phrase can be directly into the
Last login:wed Jul 2 18:52:08 from 20.0.0.4

[Email protected] ~]$

This article from the "Knowledge is the torch of Wisdom" blog, reproduced please contact the author!

SSH Remote Access