After installing the SSH protocol, we need to complete the key work and then start the server. The last step is to use SSH. We will introduce the above three stages in the article.
Key preparation
A. The server generates users' own encryption keys and public keys. In UNIX, the key generation method is as follows:
Keygen
The user is required to enter a long authentication string, which has the same function as password, but is longer, generally within 20 characters. Enter the same string again to confirm that the input is correct. Then, the system generates a pair of keys and public keys. Copy the public key to a local machine to decrypt the information sent by the server. Of course, if you do not copy it, the server will automatically push its public key to the client at the First Login, so that the client can decrypt and identify the information provided by the server.
B. The client generates the user's encryption key and public key. The client generates its own key and public key in the same way as the server. Some client software that supports SSH in Windows use their own methods. The specific situations are different, however, it is certain that all clients that support SSH can and must generate. Take sshWin2.4 as an example:
Choose Edit → Settings → Globe settings → User keys → Generate New keypairs. A New key and public key pair are automatically generated as prompted.
Finally, copy the Public Key generated by the client to the user's directory on the server host (in UNIX, it should be in the/home/usrname/. ssh2 directory ). SSH of different versions has specific requirements on the public key and key file names. For details, see the installation instructions in the software package.
Start the SSH protocol server
In UNIX/Linux, the server program is placed in the/usr/local/sbin directory. the startup method is as follows:
- # sshd
- # ps x
We can see that SSHD has been started. If you do not want to manually start SSHD every time you restart the system, you can write a script and place it in init. d directory. After the system is started, the SSHD service is automatically started. You can also add a/usr/local/sbin/sshd row to rc. local. Start SSH2 Server in Windows NT/2000/, and run start SSH2 Server in the program group.
Use SSH protocol
The client is SSH in UNIX/Linux and is stored in the/usr/local/bin directory. Client tools such as SSH1, SSH2, and scp are provided. You can use SSH to log on to the remote host as follows:
Host. ip. of. remote
The difference is that the user is required to enter the authentication string. If the authentication string passes the authentication, the user logs on directly. If the authentication string fails, the user is required to enter the system password. After successful password authentication, you can also log on to the system. In terms of usage, it is no different from Telnet. With the SSH client software, if you want to upload files, you do not have to open another FTP window as before, authenticate the file again, and then upload the file. Using the scp tool provided by the SSH client, you can directly upload files to the remote server. The usage is as follows:
Host1: dir/filename host2:/home/abc/filename
In Windows, the following SSH clients are available: SecurCRT, that is, the version of CRT that supports SSH (: // www.vandyke.com /), this is a remote terminal that supports SSH. It also supports SSH1 and SSH2. Users can freely choose based on the server to support the corresponding standards.
Another client provided by ssh.com is available.
In addition, there is an FTP Client tool that supports the SSH protocol, with an SSH Secure File Transfer Client in the sshwin-2.4 that can be used to transmit encrypted files between two hosts. That is, the scp function. In combination with SecureCRT, there is also an FTP tool that supports SSH. Its name is SecureFX, which can be downloaded from www.vandyke.com.
For various reasons, some GUI clients that support SSH may not necessarily support the above servers. You can combine the above tools to find a suitable tool. Generally, the client in UNIX provides the best support for various servers. Generally, when selecting the server and client software, it is best to select the product of the same software vendor, so that there will be no incompatibility issues.
If you want to use SSH2 and do not want to pay for it, Openssh is a free software package that complies with the GPL protocol, it also supports the SSH1 and SSH2 standards and is another widely used SSH software package (which can be downloaded from www.openssh.com ). The latest version of Openssh is Openssh-2.5.1, which provides all source code. However, you should read the instruction file carefully before compiling. The zlib and openssl software packages are used during compilation. You need to download and install them first, and then compile openssh. For detailed procedures, read the install file in the software package.