Tutorial on setting up and configuring an SSH server to ensure data security

Source: Internet
Author: User
Tags net command ssh server

The full name of SSH is Secure SHell, which can be divided into two parts: server and client. When the SSH client communicates with the server, the user name and password are encrypted, which effectively prevents others from stealing the password. In addition, all data packets transmitted in the communication are in the "non-plaintext" mode. Because SSH uses an encrypted transmission mode, decryption of the data is not easy even if the data is stolen. Therefore, it is very safe to use the SSH service to remotely maintain the server.

1. Install and start the SSH server

The following uses Windows 2000 Server as an example to describe how to install an SSH Server. You can use the "F-Secure SSH Server" software on the SSH Server. It is very simple to install, it is no different from general software installation. After the installation is complete, you need to start the "SSH Server" service. This process is complicated. Here are three methods to start "SSH Server.

1. Use batch files

There are two batch files start-ssh.bat and stop-ssh.bat under the server-side installation directory ". Run the start-ssh.bat file to start the SSH service. To stop the service, you just need to execute the stop-ssh.bat file.

2. Use the SSH service configuration program

Run the “fsshconf.exe program in the installation directory. Although it is the configuration program of the SSH server, it can also be used to start and stop the SSH service. In the pop-up "F-Secure SSH Server Configuration" window, click "Server Settings" in the list box on the left, and the Server status button is displayed in the "Service status" column on the right, if the server is stopped, the button is displayed as "Start service". Click this button to Start the SSH service and click again to stop the SSH service.

3. Use the NET command

In the "command prompt" window on the Server side, enter the "net start" F-secure SSH Server "command to start the SSH service. To stop the service, enter the "net stop" F-Secure SSH Server "command. "F-Secure SSH Server" is the name of the SSH Server, and "net start" and "net stop" are the commands used to start and stop system services in Windows.

Tip: after starting the SSH service, you must disable the Telnet service so that the server is in a secure environment and you do not have to worry about data theft.

Ii. Reasonably set SSH server Parameters

After the SSH service is started, the network administrator can remotely log on to the server for maintenance. However, each lan has different requirements for using the SSH service. Therefore, the default service parameters may not meet the requirements, so we can set these parameters on our own.

1. Basic parameter settings

Run the “fsshconf.exe service Configuration program. in the left column of the pop-up "F-Secure SSH Server Configuration" window, select "Server Settings> General ", then, you can set the parameters in the "General" box on the right.

Enter the appropriate value in the "Maximum number of connections" column to limit the Maximum number of users connected to the SSH server. Here we can set the value as needed, for example, enter "50 ", only 50 users are allowed to connect to the SSH server at the same time. The "Event log filter" Multi-choice box is used to define the information recorded in system logs. We can use the default settings, and select "Errors" and "Warnings, we recommend that you do not select "Information". Otherwise, system resources will be wasted. "Idle timeout" is the time-out setting for remote logon. The default value is "0", which means no logon timeout limit is imposed.

You may still remember the personalized login information of the FTP server, and the SSH server can do the same. First, write a text file for Logon Information and save it in the folder. Then, click the Browse button in the "Banner message file" column to specify the prepared text file, in this way, you can see the personalized information during Remote logon. Finally, you must remember to click "Apply" to save the parameter settings.

2. Network parameter settings

In the left column of the "F-Secure SSH Server Configuration" window, click the "Network" option. The SSH Server uses port 22 by default. You can also customize the port number, the port number used by the SSH server must not conflict with the port number of other programs on the server ). Enter the Port number you want to use in the "Port" column. We recommend that you use the default value for other parameter settings.

Click the "Identity" option. In the right column, we can re-generate a new user encryption key and public key for external use on the server, they are stored in the "hostkey" and "hostkey" of the installation folder respectively. in the pub file, click Generate to regenerate the two files.

Tip: the SSH server generates a pair of keys and public keys. The client uses the public key to decrypt the information sent by the SSH server. When a user logs on to the SSH server for the first time, the server sends its public key to the client so that the client can decrypt the information sent by the server.

3. Host restriction parameter settings

Click the "Host Restrictions" option. In the right column, you can set limits for remote logon computers. For example, if a client with the IP address "192.168.0.2" is not allowed to remotely log on to the SSH server, enter "192.168.0.2" in the "Deny login from hosts" input box, and then click "Apply.
Tip: there are still many parameters on the SSH server. You can use the default values for most parameters. The parameters of the SSH server are stored in the "sshd2_config" file. You can open the parameter in notepad and edit it directly. However, this method is troublesome and is not recommended.

Iii. Use of SSH client software

1. Connect to the SSH server

The Client uses the "F-Secure SSH Client" program, which is easy to install. After the installation is complete, run the Client program on the desktop. The main window "F-Secure SSH Client" is displayed. Click "Connect" in the toolbar to bring up the "Connect to Remote Host" dialog box.

First, enter the address of the SSH server in the "Host name or IP address" column, for example, enter its IP address "218.22.123.26 ". In the "User Name" column, enter the Administrator Account Name of the SSH server and the Port number used by the SSH server in the "Port" column. Finally, click Connect to the SSH server.

At this time, if the user is remotely logging on to the SSH server for the first time, the prompt box "whether to save the SSH server Public Key in the local database" is displayed. Click "yes, the "Enter Password" dialog box is displayed. Enter the Administrator account and password and click "OK" to log on to the SSH server and perform remote maintenance on the server.

Tip: the SSH client will also generate the user's encryption key and public key. When the client logs on for the first time, it will copy the generated public key to the user directory on the SSH server, the server can decrypt the information sent by the client. The storage path of the user directory on the server is "C \ Documents ents and Settings \ USERNAME \". Assume that the operating system is installed on drive C ).

2. File Transfer

The SSH server not only supports remote logon, but also supports file transfer. Click the file transfer button in the main window of "F-Secure SSH Client" to bring up the file transfer window for file transmission. In the "Local Folders" column, select a Local file and drag it to the user's home directory on the SSH server in the "Remote Folders" column, the file transmission status is displayed in the status bar at the bottom of the window.

Tip: when the client connects to the SSH server, the SSH server provides two levels of security authentication. The first level is security verification based on the user account and password. You only need to know the account and password to log on to the SSH server. The second level is key-based security verification. The client must create a key pair for itself, and transmit the public key to the SSH server, which effectively ensures secure data transmission between the client and the server.

Related Articles]

  • Video/movie Server SETUP tutorial
  • Tutorial on setting up a DNS server in Linux
  • RedHat Linux 9 DHCP server configuration tutorial

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.