OpenSSH: openSecureShell, which is generally used to manage remote hosts. its server process is sshd and its configuration file is etc.
OpenSSH: open Secure Shell, which is generally used to manage remote hosts:
Its server process is sshd, and the configuration file is/etc/ssh/sshd_config.
Install the service suite on the server: # apt-get install openssh-server
(Remote) install the client Suite: # apt-get install openssh-client (optional. if the remote machine is linux, it is installed. putty and xshell can be used as the ssh client in windows)
Configuration:
Back up first
# Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.original
# Chmod a-w/etc/ssh/sshd_config
Common changes:
Modify the listening Port 22 to Port 2222 or the Port you want to prevent brute-force cracking.
Modify logon duration:
Change LoginGraceTime 120 to LoginGraceTime 20 to prevent brute-force cracking
Further enhanced security:
Password logon is prohibited, but public key logon is prohibited:
# PasswordAuthentication yes
Change to: PasswordAuthentication no
Allow or deny user and user group logon:
AllowUsers 'jhenrix svaughanc'
DenyUsers 'wgates sballmer'
AllowGroups sshlogin
Unauthorized warning before logon modification:
Uncomment # Banner/etc/issue.net. edit the/etc/issue.net file to add unauthorized warning information.
Restart the service to make the changes take effect: service ssh restart
Generate password-free logon:
Ssh-keygen-t dsa
It can be divided into DSA and RSA keys. you can also specify the key length: 2048 by default.
Ssh-keygen-t rsa-B 4096
This will generate the key pair :~ /. Ssh/id_dsa.pub, and ~ /. Ssh/id_dsa is the private
Key.
Then we need to send the public key to the remote client.
The remote client adds the content in id_dsa.pub :~ /. Ssh/authorized_keys.
We can use this command to complete step by step: ssh-copy-id username @ remotehost
You can also do this manually.
Cp authorized_keys authorized_keys_Backup
Cat id_rsa.pub> authorized_keys
Then we need to ensure that the permissions are correct:
Chmod 600. ssh/authorized_keys
Note: The sshd_config file contains the following content:
HostKeys for protocol version 2
HostKey/etc/ssh/ssh_host_rsa_key
HostKey/etc/ssh/ssh_host_rsa_key.pub
...
So what is ssh_host_rsa_key and ssh_host_rsa_key.pub?
In fact, it is a host key pair used to identify the host, which is automatically generated when openssh-server is installed. Generally, we do not need to modify it.
But after that, do we still need the user's own key pair? Of course, we need to generate our own key pair according to the above steps.
Client logon:
For linux:
Apt-get install openssh-client
Ssh @
Ssh mike@192.168.1.1
For windows:
1. use Putty
2. use cygwin: