SSH remote Management, parameter explanation, Xshell use, scp,sftp,ssh command (SSH Two ways of key authentication party

Source: Internet
Author: User
Tags file copy account security openssh server scp command ssh server

1.SSH Remote Management

SSH (Secure Sheel) is a secure channel protocol, which is mainly used to realize remote login of character interface, and so on. The SSH protocol encrypts the data transmitted by both parties, including the user's password. Applications such as the early Telnet (telnet, tcp23 port), RSH (remote sheel, remotely execute command), RCP (remote file copy, long-range files replication) presumably, the SSH protocol provides better security.

Configure the OpenSSH server (provided by OpenSSH, Openssh-server package, master profile/etc/ssh/sshd_config, service sshd start)

Server listening options: The default port number used by the SSHD server is 22, you can change this port when necessary (using the "ssh-p port number [email protected] address"), and specify the specific IP address of the listening service, in order to improve the concealment in the network; The version of the SSH protocol is more secure than the V1 V2, and DNS reverse resolution is disabled to increase the responsiveness of the server.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image002 "border=" 0 "alt=" clip_ image002 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O0zChxMaAAGbR2pEhy8651.jpg "height=" 312 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image004 "border=" 0 "alt=" clip_ image004 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O0yj6HkZAAEBq1eJqmg138.jpg "height=" 309 "/>

Use "Service sshd reload" to load services after changes are complete

User Login control: sshd Service By default allows the root user to log in, when used in the Internet is less secure, usually the root user is disabled, and then use the SU command for user Switching; For user Login control of the sshd service, root is usually disabled. In addition, you can limit the time of login verification (default 2 minutes) and the maximum number of retries, and disconnect if the limit is exceeded.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image006 "border=" 0 "alt=" clip_ image006 "src=" http://s3.51cto.com/wyfs02/M01/75/87/wKiom1Y7OwyxUF7_AAEsTmp1BcY566.jpg "height=" 314 "/>

Use "Service sshd reload" to load services after changes are complete

When you only want to allow or disallow certain users to log on, you can use the Allowusers or denyusers configuration, which is similar (be careful not to use them at the same time). For example, if you want only Jerry and admin users to log in, and where the Admin user can only telnet from 61.23.24.25 's host, you can refer to the operation.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image008 "border=" 0 "alt=" clip_ image008 "src=" Http://s3.51cto.com/wyfs02/M01/75/84/wKioL1Y7O0yCTzQ1AAEPoVcOjak597.jpg "height=" 308 "/>

Use "Service sshd reload" to load services after changes are complete

Login authentication method: For the remote management of the server, in addition to the user account security control, the way of login verification is also very important. Sshd Two authentication methods _ Password Authentication, key pair authentication. You can use both or one of these methods.

Key pair validation: A matching key information is required to pass validation. Typically, a pair of key files (public/private key) is created in the client set and then copied to the specified server, and the public/private key association is validated when remote login, greatly enhancing the security requirements.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image010 "border=" 0 "alt=" clip_ image010 "src=" http://s3.51cto.com/wyfs02/M02/75/87/wKiom1Y7Owyg7tq9AAE9V6rwmgY048.jpg "height=" "/>"

Password Authentication: Authenticate with the local user of the server. Harm: From the client's point of view, the server may be counterfeit; from the service side, there may be a brute force password.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image012 "border=" 0 "alt=" clip_ image012 "src=" http://s3.51cto.com/wyfs02/M00/75/87/wKiom1Y7OwzzQEcFAAFaxsWoz6E668.jpg "height=" 314 "/>

2. Using the SSH client program

The OpenSSH client has a Openssh-client package (installed by default), which includes SSH telnet commands, as well as SCP, SFTP remote replication, and file transfer commands.

In the Windows platform, you can use tools such as Xshell, Xmanager, SecureCRT, Putty, and so on.

SSH remote login: The SSH command can be used to remotely manage the sshd service, providing a secure shell environment for the user to manage and maintain the server. Use should be made by the login user, the target host address as a parameter. For example, to log on to host 192.168.1.1 to authenticate with the other's WGL user, you can do the following:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image014 "border=" 0 "alt=" clip_ image014 "src=" http://s3.51cto.com/wyfs02/M01/75/87/wKiom1Y7Ow3gs4V1AAF4QH-m4lU016.jpg "height=" 248 "/>

When the user first logs on to the SSH server, the server must accept the RSA key (according to the prompt to enter "yes") to continue to verify, and then enter the WGL user password to verify success, the accepted key is stored in the ~/.ssh/known_hosts file.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image016 "border=" 0 "alt=" clip_ image016 "src=" http://s3.51cto.com/wyfs02/M01/75/87/wKiom1Y7Ow2RiM67AABLi5oBpsA653.jpg "height=" 94 "/>

If the port is not the default 22, log in using the "ssh-p 222 [email protected]" method.

SCP remote replication: Through the SCP command can be remote secure connection with the remote host to copy files with each other, when using the SCP command, in addition to the replication source, target, you should also set up the target host, logged on users, after executing the password can be entered. For example, verify the operation of upstream and downstream replication separately:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image018 "border=" 0 "alt=" clip_ image018 "src=" http://s3.51cto.com/wyfs02/M01/75/84/wKioL1Y7O03R2NM6AADTKAwwGIE263.jpg "height=" 151 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image020 "border=" 0 "alt=" clip_ image020 "src=" http://s3.51cto.com/wyfs02/M02/75/87/wKiom1Y7Ow2hoXxMAABBbXbw6FY469.jpg "height=" 133 "/>

SFTP Secure ftp: You can use the SFTP command to upload and download files with a remote host using SSH secure connection. Using FTP-like login process and interactive environment, easy to manage directory resources. For example, the following actions illustrate the process of SFTP login, browse, file upload, and so on.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image022 "border=" 0 "alt=" clip_ image022 "src=" http://s3.51cto.com/wyfs02/M00/75/87/wKiom1Y7Ow2S--FeAADb7unPSkw649.jpg "height=" 209 "/>

Graphical login in Windows: Supports Telnet, SSH, SFTP and other protocols.

Take Xshell as an example, the installation process is omitted, the default next.

The connection process is as follows

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image024 "border=" 0 "alt=" clip_ image024 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O06BzaKyAAHKSbA3Ajk299.jpg "height=" 436 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image026 "border=" 0 "alt=" clip_ image026 "src=" http://s3.51cto.com/wyfs02/M01/75/87/wKiom1Y7Ow7gt7oTAADSJIO5OfU830.jpg "height=" 334 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image028 "border=" 0 "alt=" clip_ image028 "src=" http://s3.51cto.com/wyfs02/M02/75/87/wKiom1Y7Ow7RJUslAADPjgA9Cyc330.jpg "height=" 251 "/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image030 "border=" 0 "alt=" clip_ image030 "src=" http://s3.51cto.com/wyfs02/M02/75/84/wKioL1Y7O0-D18v5AACI_IKNNqc019.jpg "height="/>

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image032 "border=" 0 "alt=" clip_ image032 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O0-wWiA4AAEkGRb5o9w525.jpg "height=" 381 "/>

After the connection is successful:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image034 "border=" 0 "alt=" clip_ image034 "src=" http://s3.51cto.com/wyfs02/M01/75/84/wKioL1Y7O0-izW65AAED_R4Iun0204.jpg "height=" 396 "/>

Building the SSH system for key pair validation:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image036 "border=" 0 "alt=" clip_ image036 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O0-Q-I9RAAEUVX-ORz8284.jpg "height=" 312 "/>

1) Create a key pair on the client: in a Linux client, a key pair file is created for the current user through the Ssh-keygen tool, and the available key pair algorithm specifies the algorithm type for RSA and DSA (ssh-keygen-t option user). For example: Log in to the client as a Zhangsan user and generate an RSA-based SSH key pair (public key, private key) file with the following operations:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image038 "border=" 0 "alt=" clip_ image038 "src=" http://s3.51cto.com/wyfs02/M01/75/84/wKioL1Y7O1CQA8bbAAFQc904Y9E040.jpg "height=" 297 "/>

During the above operation, when you are prompted to specify the location of the private key file, you typically press the ENTER key directly, and the last generated private key and public key file is stored by default in the hidden folder in the host directory. Under SSH. The private key phrase is used to protect the private key file, and the phrase set here must be provided correctly when you use the private key to authenticate the login, without setting this phrase (for login without password)

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image040 "border=" 0 "alt=" clip_ image040 "src=" http://s3.51cto.com/wyfs02/M02/75/84/wKioL1Y7O1DT2AQlAABaQdPuZzQ282.jpg "height="/>

2) Tell the public key file to upload to the server:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image042 "border=" 0 "alt=" clip_ image042 "src=" http://s3.51cto.com/wyfs02/M00/75/84/wKioL1Y7O1DiTwT8AAC0OywcYg4399.jpg "height=" "/>"

3) Import the public key text in the server:

In the server, the target user (refers to the account used for remote login WGL) Public key data File library is located in the ~/.ssh directory, the default file name is Authorized_keys.

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image044 "border=" 0 "alt=" clip_ image044 "src=" http://s3.51cto.com/wyfs02/M01/75/84/wKioL1Y7O1ChjzrTAAD0K08x0UA368.jpg "height=" 127 "/>

4) Authenticate with the client using the key pair:

650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image046 "border=" 0 "alt=" clip_ image046 "src=" http://s3.51cto.com/wyfs02/M02/75/84/wKioL1Y7O1DB4EwhAABVEpDWd1k101.jpg "height="/>

The second and third steps can be used in another way, using the "Ssh-copy-id-i public key file [email protected]" format, the-I option to specify a public key file.

This article is from the "Wang Gaoli" blog, make sure to keep this source http://wanggaoli.blog.51cto.com/10422005/1710145

SSH remote Management, parameter explanation, Xshell use, scp,sftp,ssh command (SSH Two ways of key authentication party

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.