Telnet: remote Login TCP/23
Remote authentication is clear text; data transmission is plaintext; not practical.
Ssh:secure SHell TCP/22 Protocol v1 v2 V1 basically does not use the implementation of the authentication process encryption
Openssh: SSH is an open-source version of SSH is not only a software, but also a protocol
The mechanism of SSH encryption authentication
Password-based: default is password
Based on the key: in advance on the server side of the user into the client's public key, and then link to the password
netstat-tnl View server-side open a service waiting for others to access listen monitoring
The configuration files for SSH and sshd are
/etc/ssh/ssh_config client-side configuration files
/etc/sshd_config server-side configuration files
Vim Sshd_config # followed by a space is a comment, no space is an option; Remove # is enabled, plus # is off
For example, you can modify the server port number inside
For example: ListenAddress 192.168.9.112 Service only on the 112 machine
Example: Permitrootlogin No does not allow administrators to log in directly
For example: maxauthtries 6 input error password more than 6 times, will be prompted to wait a while to enter
For example: Authorizedkeyfile. Ssh/authorized_keys the client-generated public key is placed under this directory, it can be implemented based on key encryption authentication
Last to service sshd Restart/reload
Client applications:
ssh:ssh-l [email protected] ' ifconfig ' do not log on to the host, only return command execution results
How to implement based on key authentication:
One host for the client (based on a user implementation)
1. Generate a pair of keys
SSH-KEYGEN-T Specifies the encryption algorithm RSA or DSA
2. Transfer the public key to the. ssh/authorized_keys file in the home directory of a user on the server side
Use the file Transfer tool to transfer the public key to the past with Ssh-copy-id or SCP
3. Test Login
SCP: SSH-based remote replication command that allows data to be transferred between hosts
-R replication directories need to be recursive with-R
Example: Copying a remote file to the local current directory: Standing on 1
SCP [email protected]:/etc/fstab./
Example: Copy local file to remote host: stand on 1
SCP fstab [Email protected]:/root
Experiment: Key authentication between two host computers
1, RM-RF. ssh/* 9.1 Delete the original key file
2, ssh-keygen-t rsa-f. Ssh/id_rsa generate key File save under/ssh called Id_rsa
3, even enter two times password automatically generate a pair of passwords
After the second step, add-n ' can specify password '
4. Transfer your public key to another host. Ssh/id_rsa
Method One: ssh-copy-id-i. ssh/id_rsa.pub [email protected] He can automatically append to 9.2. Ssh/authorized_keys's Tail
Automatic login on Next link 9.2
Method Two: SCP first copy the past and then append >> to the tail of. Ssh/authorized_keys
You can also configure two-machine trust
SFTP: Both the client and server side
Example: Downloading files from 9.2 to 9.1
1. SFTP [email protected]
2, get download a file to local mget download multiple files to local
Server Security Summary:
Regular password change
Using non-default ports
Restrict Login Client Address
Prohibit direct login by administrator
Allow only limited users to log on
Using key-based authentication
Do not use Protocol version 1
SSH 192.168.9.1 8092
SSH sshd SCP based on key authentication login dual-Machine mutual trust