SSHD Services and Sshkey encryption in Linux

Openssh-server

1.openssh-server

Function: Allow remote host to access sshd service over the network, start a secure shell

2. Client Connection mode
SSH remote host user @ remote host IP
[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes to connect unfamiliar host need to establish authentication relationship
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: remote user password
Last Login:mon Oct 3 03:13:47 2016
[[email protected] ~]# landed successfully

SSH remote host user @ Remote host Ip-x call remote host Graphics tool
SSH remote host user @ Remote host IP command run a command directly on the remote host




Sshkey Encryption
1. Generating the public key private key
[[email protected] ~]# Ssh-keygen generate public key private key tool
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] Encrypt character save file (default recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase): [Enter] key password, must be >4 characters
Enter same passphrase again: [Enter] Confirm password
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =.  .        . |
|o. oo.+. |
| ..        o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Id_rsa id_rsa.pub
Id_rsa The private key is the key
Id_rsa.pub Public key is the lock

2. Add key authentication method
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id tools to add key authentication methods
-I specifies the encryption key file
/root/.ssh/id_rsa.pub encryption Key
Root encrypted user is root
172.25.0.11 Encrypted host IP

3. Distribute the key to the client host
[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/

4. Testing

[[email protected] ~]# ssh [email protected] No need to enter user password via Id_rsa direct connection
Last Login:mon Oct 3 03:58:10 from 172.25.0.250
[Email protected] ~]#

increase the security level of the OpenSSH
1.openssh-server configuration file
/etc/ssh/sshd_config
Passwordauthentication Yes|no whether to turn on user password authentication, yes to support no for off
Permitrootlogin yes|no allow super users to log in
Allowusers student Westos User Whitelist, only users who appear in the list can use sshd to build the shell
Denyusers Westos User blacklist

SSHD Services and Sshkey encryption in Linux