SSHD Services and Sshkey encryption in Linux

Source: Internet
Author: User
Tags save file

Openssh-server

1.openssh-server

Function: Allow remote host to access sshd service over the network, start a secure shell

2. Client Connection mode
SSH remote host user @ remote host IP
[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes to connect unfamiliar host need to establish authentication relationship
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: remote user password
Last Login:mon Oct 3 03:13:47 2016
[[email protected] ~]# landed successfully

SSH remote host user @ Remote host Ip-x call remote host Graphics tool
SSH remote host user @ Remote host IP command run a command directly on the remote host




Sshkey Encryption
1. Generating the public key private key
[[email protected] ~]# Ssh-keygen generate public key private key tool
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] Encrypt character save file (default recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase): [Enter] key password, must be >4 characters
Enter same passphrase again: [Enter] Confirm password
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =.  .        . |
|o. oo.+. |
| ..        o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Id_rsa id_rsa.pub
Id_rsa The private key is the key
Id_rsa.pub Public key is the lock

2. Add key authentication method
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id tools to add key authentication methods
-I specifies the encryption key file
/root/.ssh/id_rsa.pub encryption Key
Root encrypted user is root
172.25.0.11 Encrypted host IP

3. Distribute the key to the client host
[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/

4. Testing

[[email protected] ~]# ssh [email protected] No need to enter user password via Id_rsa direct connection
Last Login:mon Oct 3 03:58:10 from 172.25.0.250
[Email protected] ~]#

increase the security level of the OpenSSH
1.openssh-server configuration file
/etc/ssh/sshd_config
Passwordauthentication Yes|no whether to turn on user password authentication, yes to support no for off
Permitrootlogin yes|no allow super users to log in
Allowusers student Westos User Whitelist, only users who appear in the list can use sshd to build the shell
Denyusers Westos User blacklist


SSHD Services and Sshkey encryption in Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.