Ubuntu remote management and OpenSSHServer construction

OpenSSH: openSecureShell, which is generally used to manage remote hosts. its server process is sshd and its configuration file is etc.

OpenSSH: open Secure Shell, which is generally used to manage remote hosts:

Its server process is sshd, and the configuration file is/etc/ssh/sshd_config.

Install the service suite on the server: # apt-get install openssh-server

(Remote) install the client Suite: # apt-get install openssh-client (optional. if the remote machine is linux, it is installed. putty and xshell can be used as the ssh client in windows)

Configuration:

Back up first

# Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.original

# Chmod a-w/etc/ssh/sshd_config

Common changes:

Modify the listening Port 22 to Port 2222 or the Port you want to prevent brute-force cracking.

Modify logon duration:

Change LoginGraceTime 120 to LoginGraceTime 20 to prevent brute-force cracking

Further enhanced security:

Password logon is prohibited, but public key logon is prohibited:

# PasswordAuthentication yes

Change to: PasswordAuthentication no

Allow or deny user and user group logon:

AllowUsers 'jhenrix svaughanc'

DenyUsers 'wgates sballmer'

AllowGroups sshlogin

Unauthorized warning before logon modification:

Uncomment # Banner/etc/issue.net. edit the/etc/issue.net file to add unauthorized warning information.

Restart the service to make the changes take effect: service ssh restart

Generate password-free logon:

Ssh-keygen-t dsa

It can be divided into DSA and RSA keys. you can also specify the key length: 2048 by default.

Ssh-keygen-t rsa-B 4096

This will generate the key pair :~ /. Ssh/id_dsa.pub, and ~ /. Ssh/id_dsa is the private

Key.

Then we need to send the public key to the remote client.

The remote client adds the content in id_dsa.pub :~ /. Ssh/authorized_keys.

We can use this command to complete step by step: ssh-copy-id username @ remotehost

You can also do this manually.

Cp authorized_keys authorized_keys_Backup

Cat id_rsa.pub> authorized_keys

Then we need to ensure that the permissions are correct:

Chmod 600. ssh/authorized_keys

Note: The sshd_config file contains the following content:

HostKeys for protocol version 2

HostKey/etc/ssh/ssh_host_rsa_key

HostKey/etc/ssh/ssh_host_rsa_key.pub

...

So what is ssh_host_rsa_key and ssh_host_rsa_key.pub?

In fact, it is a host key pair used to identify the host, which is automatically generated when openssh-server is installed. Generally, we do not need to modify it.

But after that, do we still need the user's own key pair? Of course, we need to generate our own key pair according to the above steps.

Client logon:

For linux:

Apt-get install openssh-client

Ssh @

Ssh mike@192.168.1.1

For windows:

1. use Putty

2. use cygwin: