Study Notes on setting up an SSH server

Document directory

• 4.2.1. Principles
• 4.2.2. Communication Process
• 4.2.3. configuration method
• 4.2.4. No Password required for Public Key Authentication

1. Background:

The Secure Shell protocol (SSH) is a network security protocol widely used. It provides security services such as confidentiality, integrity, and authentication for data transmitted over the network.

Recently I have been studying the GIT server. To use the SSH protocol, I need to build an SSH server. This is the first time I have taken a note. Here is my application environment:

C/S	Operating System	Software	IP address
SSH Server	Linux (Debian)	OpenSSH	192.168.1.101
SSH client	Windows XP	Copssh	192.168.1.100

 

There are many options for the SSH client, so you can look at it here:

Http://en.wikipedia.org/wiki/Comparison_of_SSH_clients

2. install OpenSSH on Linux

◆ If you want to download the source code for installation, you can download it at the following links:

Official Website: http://www.openssh.com/

Download: http://www.openssh.com/openbsd.html

◆ I choose to install directly from the software package:

# Apt-Get Install SSH

The above commands install both openssh-server and openssh-client. You can also install them selectively:

# Apt-Get install OpenSSH-Server

# Apt-Get install OpenSSH-Client

The SSH service should be automatically run after installation. You can run the following command to confirm:

# Ps aux | grep SSH

 

3. Install copssh on Windows XP

Official Website: https://www.itefix.no/i2/copssh

The installation process is very simple. Just keep "Next.

4. SSH Login

SSH provides two authentication methods: password authentication and key authentication. After installing copssh in Windows XP, go to the Start Menu> copssh> 03. Start a Unix bash shell to start the shell window. Here you can use the SSH command.

4.1. Password Authentication

Log on as the root user on the server:

When you log on for the first time, you will be prompted that the/home/Administrator/. Ssh directory cannot be created. You can use the following command to create the directory:

$ Mkdir-P/home/Administrator/. SSH

At the same time, when you log on to a remote host for the first time, a message indicating that the remote host key is not found appears. After "yes" is entered, the system will add the remote host key to the/home/Administrator/. Ssh/known_hosts file in your home directory. After logon, you will not be prompted again. Simply enter the root password of the server account to log on.

After logging in, you can remotely operate the server. to log out, run the exit or logout command.

4.2. Key Authentication

Password-based authentication requires you to enter the user name and password each time you log on, which is troublesome. For public key-based authentication, you only need to enter the key password for the first time, and you do not need to enter the key again. After one key is distributed, the verification will be automatically performed by the program, it is more secure than password-based.

4.2.1. Principles

Both parties verify the key pair in the id_rsa, id_rsa.pub, and server authorized_keys files by using the client key in the. Ssh directory under the main directory of the corresponding account.

Id_rsa	Your own RSA private key
Id_rsa_pub	Your own RSA public key
Authorized_keys	Store the public key of the RSA Client

4.2.2. Communication Process

◆ The client sends a connection request to the SSH server and uses the key for security verification. The request includes the requested account and its own public key.

◆ After receiving the request, the SSH server first searches for your public key (such as/root/) in the account directory under the user directory of the server /. SSH/authorized_keys file). If the Public Key found is the same as the public key sent from the client, start the next "question ".

◆ The server uses this public key to encrypt the challenge information and send the challenge client.

◆ After receiving the encrypted question information, the client decrypts it with its own key and sends the decrypted information back to the server.

◆ After the server verifies that the question returned by the client is correct, the verification ends and both parties start to communicate.

4.2.3. configuration method

Use the following command on the client to generate the key pair file (Supplement: Later, we found that it is best to use SSH-keygen-t rsa, once I run ssh-keygen ON THE centos system, the key pair generated is not RSA ):

Then, append the generated id_rsa.pub file to the end of the authorized_keys file under the corresponding account of the server. If the file does not exist, create a new one, for example,/root/. Ssh/authorized_keys. You can use either of the following methods:

◆ Remote Operation

$ Ssh-copy-ID-I ~ /. Ssh/id_rsa.pub root@192.168.1.101

You cannot use the ssh-copy-I command in the copssh shell. If the client is installed in Linux, you can use this command.

◆ Copy files to the server

First, use the SCP command on the client to copy the file to the remote server:

Log on to the server, operate on the server, and append the file id_rsa.pub to the authorized_keys file. The procedure is as follows:

4.2.4. No Password required for Public Key Authentication

Use any of the above methods to configure the password, as shown in:

 

 

4.3. Set the host alias

In practice, multiple public/private key pairs may be required at the same time. When using the ssh-keygen command, you must use the-F parameter to specify different private key names. The usage is as follows:

$ Ssh-keygen-f ~ /. Ssh/<FILENAME>

Specify a meaningful <FILENAME> name. After the command is executed ~ /. Create the specified public/private key pair in the SSH Directory: The file <FILENAME> is the private key, and the file <FILENAME. Pub> is the public key.

Append the new Public Key to the server host and log on to the user's main directory. in the ssh/authorized_keys file, you can use the newly created public key to create a password-less logon to the <user> account of the remote host <Server>.

Currently, the client has multiple public/private key pairs. Which public key is used when the following SSH logon command is executed?

$ SSH <user >@< Server>

Of course, it is the default public key ~ /. Ssh/id_rsa.pub. So how to connect to the server with the new Public Key?

SSH client configuration file ~ /. Ssh/config you can create a host alias and select a specific public key when connecting to the host. Example ~ The following configurations in the/. Ssh/config file:

Host HR User Root Hostname 192.168.1.101 Port 22 Identityfile ~ /. Ssh/id_rsa   Host HJ User Root Hostname 192.168.1.101 Port 22 Identityfile ~ /. Ssh/Jiajia

You can use the following SSH logon command,

$ Ssh hr // equivalent to logging in to the root@192.168.1.101 server with the private key id_rsa File $ Ssh hj // equivalent to logging into the root@192.168.1.101 server with the private key Jiajia File