SSH remote management under Linux environment

What is SSH?

SSH (Secure Shell) is a secure communication protocol, which is mainly used to realize remote login of character interface and other functions. OpenSSH is an open source project that implements the SSH protocol

Why do you learn ssh, and what is the difference between it and other remote protocols?

The SSH protocol encrypts the data transmitted by both parties, including the user password entered when the user logs in. The SSH protocol provides better security than earlier Telnet, RSH, and PCR remote applications.

Where is SSH suitable for application?

Based on C/s architecture, it is suitable to deploy OPENSSH server and client, and realize remote connection, control, replication and other functions.

How? How do I deploy and implement its capabilities?

First, configure the OpenSSH service side

In the RHEL6 system, the OPENSSH server is provided by packages such as OpenSSH, Openssh-server, and so on, and sshd has been added as a standard system service.

SSHD Service configuration file is/etc/ssh/sshd_config, correctly adjust the related configuration, can improve the security of sshd remote login.

Rpm-q OpenSSH openssh-server//See if the two packages are installed

Service sshd Status//sshd is the default system service for OpenSSH to see if it is running

1, Service monitoring option

The default port number for the sshd service is 22, and it is recommended that you change this port number and develop a specific IP address for the listening service to improve security.

Vim/etc/ssh/sshd_config//default configuration file

Content in the < file >

Port 22//monitored ports

ListenAddress 192.168.100.2//The address of the listener is 192.168.100.2

Protocol 2//Use SSH V2 version for more security

....//Omit part of the content

Usedns No//Disable DNS reverse resolution to increase processing speed

....//Omit part of the content

Contents of the </file >

Service sshd Reload//Reload Services

2, User Login control

The sshd service allows the root user to log on by default and is not secure. It is recommended to log in as a normal user before switching to the root user with the SU command.

Vim/etc/ssh/sshd_config//default configuration file

Content in the < file >

Logingracetime 2m//Login verification time is 2 minutes

Permitrootlogin No//disable root user Login

Maxauthtries 6//maximum number of attempts is 6

Permitemptypasswords No//disable blank password login

Allowusers Zhangsan [email protected]//allow users to log in, multiple users with spaces separated

Denyusers Wangwu [email protected]//deny which users can not log on, multiple users with spaces separated

...//Omit part of the content

Contents of the </file >

Service sshd Reload//Reload Services

！！ Note that allow and deny cannot be used at the same time!!

The above refers to allowing Zhangsan to log in from any location, admin can only log in from 192.168.100.2

The above refers to the refusal of Wangwu to log in from anywhere, Lisi only to deny login from 192.168.100.125 to other places

3, Login authentication method

The SSHD service supports two authentication methods-password authentication, key pair verification. When the password and key pair are enabled at the same time, the key pair is used first.

Vim/etc/ssh/sshd_config

Content in the < file >

Passwordauthentication Yes//enable password verification

Pubkeyauthentication Yes//enable key pair verification

Authorizedkeysfile. Ssh/authorized_keys//Specify the Public key library data file location and the default name

...//Omit part of the content

Contents of the </file >

Service sshd Reload//Reload Services

The public key file is used to hold the public key text uploaded by the client for matching verification with the client's local private key file. And then we'll explain how to create a public key.

Second, using the SSH client terminal program

The OpenSSH client in the RHEL6 system (CENTOS6) has a openssh-client package (installed by default), which includes SSH telnet commands, as well as SCP, SFTP remote copy files, and transfer commands. Virtually any client that supports the SSH protocol can communicate with the OpenSSH service, such as graphical tools such as the Xsheel SECURECRT of the Windows platform.

1, command program SSH, SCP, SFTP

(1.1) SSH Telnet

Command format: SSH login user @ Destination host address

The SSH command allows you to telnet to the sshd service, providing a secure shell environment for the user to manage and maintain the server, specifying the login user and the destination host address as the parameter address when used. Let's use the Linux client to log on to 192.168.100.2 on this Web server with the Admin user.

Use command: SSH [email protected]

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/7D/19/wKiom1bf3brzt8-bAACMz7ByxEs353.jpg "title=" 1.jpg " alt= "Wkiom1bf3brzt8-baacmz7byxes353.jpg"/>

The first time you log in will be prompted to accept the key to enter Yes, after entering the login user's password, the received key information will be saved to the ~/.ssh/known_hosts file (client local)

Then use WhoAmI to see if the current logged-on user is a remote server's system user.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/7D/19/wKiom1bf3v2BYnhKAAAlahGbYl0917.jpg "title=" 2.jpg " alt= "Wkiom1bf3v2bynhkaaalahgbyl0917.jpg"/>

If the port you are listening to is not the default port number 22nd (for example, 2345), you need to specify a port number when logging in

Use command: ssh-p2345 [email protected]

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/7D/18/wKioL1bf4TqAhYAfAABHfBA-7Go750.jpg "title=" 3.jpg " alt= "Wkiol1bf4tqahyafaabhfba-7go750.jpg"/>

(1.2) SCP remote replication

Command format:

SCP User name @ Destination IP: File location local file location//Copy files from remote host to local

SCP local File User name @ Destination IP: File location//Copy local file to remote host

Use command: scp-p2345 [email protected]:/etc/passwd/root

Copy the remote host's/etc/passwd file to the local via port 2345

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/7D/19/wKiom1bf5DvwkFz9AAAxnDEg11s263.jpg "title=" 4.jpg " alt= "Wkiom1bf5dvwkfz9aaaxndeg11s263.jpg"/>

Use command: scp-p2345-r/boot/grub/grub.conf [Email protected]:/opt

Copy local/boot/grub/grub.conf to remote host via port 2345

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/7D/18/wKioL1bf5c3BCKtIAAA8eY5ywCY123.jpg "title=" 5.jpg " alt= "Wkiol1bf5c3bcktiaaa8ey5ywcy123.jpg"/>

2, graphical tools Xshell

Xsheel is a powerful terminal simulation software support Telnet, SSH, SFTP and other protocols, can easily manage the remote host.

in the www.xsheel.com can be downloaded, and after the download and installation is complete, management tasks can be performed.

is the Xshell management interface, support some Chinese.

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M00/7D/19/wKioL1bf6iDSqDKjAADegBFqS7c365.jpg "title=" 6.jpg " alt= "Wkiol1bf6idsqdkjaadegbfqs7c365.jpg"/>

This article is from the "New Start" blog, so be sure to keep this source http://yuanshuai.blog.51cto.com/10539781/1749211

SSH remote management under Linux environment