The remote control system in Linux

Linux remote access and control

1. Service Monitoring Option

Vim/etc/ssh/sshd_config ( note the color section to be modified )

Service sshd Reload Reload services to take effect

1. User Login Control

It is generally forbidden to log in as a root user or a user with a password that is empty, and you can limit the time of login verification (by default , 2 minutes) and the maximum number of retries .

Disconnect if you are not logged in after the limit is exceeded.

Vim/etc/ssh/sshd_config

in the Permitrootlogin Yes allows root login, if yes is not allowed to change to No

1. Login Verification Method

in the Pubkeyauthentication Yes is enabled for key pair validation, the next line is to specify the public key database file

1, If you want to allow or prohibit certain users to log in, you can use allowusers or denyusers,

If only certain users are allowed, such as:

1. using the SSH client program

1) SSH telnet to another LINUX Server

1) SSH port default is , not secure, can modify port

After modifying the configuration file, don't forget to restart the sshd service

Add port when connecting to client

1) After remote connection to the server, you can use the SCP remote replication method to pass files between the server and the client.

For example: Copy the/etc/passwd file from the remote host to the local computer and copy the native/etc/vsftpd directory to the remote host.

execute the following command on the client 192.168.1.2:

then on the 192.168.1.1 to see if/opt under /etc/vsftpd

1) through the SFTP command can be used SSH secure connection with the remote host upload, download files, using a similar FTP -like way.

then go to the root host directory on the SSH server to view

6. use graphical tools Xshell to connect to the server on the Windows client

After installation, create a new session, enter a user name and password to connect, such as:

6 . Build the SSH system of key pair authentication (This method is more secure)

altogether two Linux, an ssh client 192.168.1.2,

another linux server 192.168.1.1

1) Create a key pair on the client

Enter after executing the command

1) upload the public key to the server

1) Import the public key text in the server

1) authenticate with the client using a key pair

(do not forget to allow Xiaohong in the sshd master configuration file before verifying)

8. Configuring TCP Wrappers access control

The TCP wrappers mechanism accesses the client address of the service to access control, corresponding to two policy files /etc/hosts.allow and /etc/hosts.deny,

Used to set the Allow and deny policies respectively.

Policy Application order: first check the/etc/hosts.allow file, if a matching policy is found, then allow access, otherwise continue to check the/etc/hosts.deny file,

If a match is found, it is denied, and access is allowed if none of the above two files can find a matching policy.

For example: Allow 192.168.1.2 host or 192.168.2.0 network segment to access sshd, other addresses are denied, do the following.

1) Vim/etc/hosts.allow

1) Vim/etc/hosts.deny

1) Modify IP to 192.168.1.200 on the client , test connection failed

put the client's IP Change back to 192.168.1.2 after that, the successful connection

The remote control system in Linux