SSH is the abbreviation for secure Shell, which is developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer and the transport layer. SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process.
SSH is divided into client and server. The server is a daemon, typically an sshd process that runs in the background and responds to requests from the client. Provides processing of remote requests, typically including public key authentication, key exchange, symmetric key encryption, and unsecured connections.
Environment: win7_64 bit +vmware11+ubuntu1204
1, download and install
sudo apt-get install openssh-server openssh-client
2, configuration
sudo vi/etc/ssh/sshd_config
Generally only modify the Permitrootlogin value to No, the root login is not allowed, others remain the default.
Detailed configuration file:
Port 22
"Port" sets the port number of the sshd listener.
ListenAddress 192.168.1.1
"ListenAddress" sets the IP address of the SSHD server binding.
Hostkey/etc/ssh/ssh_host_key
"Hostkey" Sets the file that contains the computer's private key. Keyregenerationinterval 3600
"Keyregenerationinterval" sets the number of seconds after which the server's key is automatically regenerated (if the key is used). The rekey is regenerated to prevent the intercepted information from being decrypted with the stolen key.
Serverkeybits 768
"Serverkeybits" defines the number of bits of the server key.
Syslogfacility AUTH
"Syslogfacility" sets whether "facility code" is given when recording messages from Sshd.
LogLevel INFO
The "LogLevel" setting records the level of the SSHD log message. Info is a good choice. See the man help page for sshd for more information. Logingracetime 120
"Logingracetime" Sets the time, in seconds, that the server waits before disconnecting the connection if the user cannot log on successfully.
Permitrootlogin No
"Permitrootlogin" setting root can be logged in with SSH. This option must not be set to "yes". Strictmodes Yes
"Strictmodes" Sets whether SSH checks the permissions and ownership of the user home directory and the rhosts file before receiving the logon request. This is usually necessary because novices often set their own directories and files to anyone with write access.
Clientaliveinterval 300 (default = 0)
This parameter means that every 5 minutes, the server sends a message to the client to keep the connection
Ignorerhosts Yes
The "ignorerhosts" setting verifies whether the "rhosts" and "shosts" files are used.
Ignoreuserknownhosts Yes
"Ignoreuserknownhosts" sets whether SSH daemon ignores the user's "$HOME/.ssh/known_hosts" when Rhostsrsaauthentication security authentication is performed
X11forwarding No
The "x11forwarding" setting allows X11 forwarding.
PRINTMOTD Yes
"PRINTMOTD" Sets whether sshd displays the information in "/ETC/MOTD" when the user logs in.
Rhostsauthentication No
The "rhostsauthentication" setting is sufficient for security verification only with rhosts or "/etc/hosts.equiv".
Rhostsrsaauthentication No
The "Rhostsrsa" setting allows for security verification with RSA or "/etc/hosts.equiv" with rhosts.
Rsaauthentication Yes
The "rsaauthentication" setting allows only RSA security authentication.
Passwordauthentication Yes
The "passwordauthentication" setting allows password validation.
Permitemptypasswords No
The "Permitemptypasswords" setting allows you to log in with an account with a blank password.
Allowusers Admin
"Allowusers" can be followed by any number of user name matching string (patterns) or [email protected] Such a matching string, these strings are separated by a space. The host name can be a DNS name or an IP address.
3, start the service
Sudo/etc/init.d/ssh restart
Or
sudo service ssh restart
4, Application
Linux:
Ssh-l <user> <IP>
SSH <user>@<IP>
SSH <IP>
Windows: ssh telnet using putty
Note: SSH includes SCP, SFTP and other network services, can be file management.
Ubuntu Configuration SSH Server