Use SSH (Secure SHell)

Source: Internet
Author: User
Tags ssh server

    • Use SSH (Secure SHell)
      • 1. What is SSH?
      • 2. How does SSH work?
      • 3. Why do I need to log on using the second method?
      • 4. experiment between Windows 7 and ubuntu Virtual Machine
        • 4.1 ssh password connection
        • 4.2 ssh key connection-create a key under Win 7
          • 4.2.1 use puttygen to create a key
          • 4.2.2 modify openssh configuration in ubuntu
          • 4.2.3 copy the public key information to a specific ubuntu File
          • 4.2.4 use putty for key Login
        • 4.3 ssh key connection-create a key in Ubuntu
          • 4.3.1 generate a key in Linux
          • 4.3.2 write the public key to the authorized_keys File
          • 4.3.3 generate putty Private Key
          • 4.3.4 use putty for key Login
SSH (Secure SHell) 1. What is SSH?

Traditional network service programs, such as ftp, pop, and telnet, are inherently insecure because they use plain text to transmit passwords and data, and can easily be impersonated as middlemen of a Real Server to modify communication data, affects your normal communication. SSH can encrypt your data, so it can prevent "man-in-the-middle" attacks, DNS and IP spoofing. Another benefit is that it compresses the transmitted data and speeds up transmission. Currently, OpenSSH 2.xis generally used, which is free of charge and supports both 1.x and 2.x versions. 2. How does SSH work? From the client perspective, SSH provides two levels of security verification: 1. password-based security verification, as long as you know your account and password, you can log on to the remote host, data is encrypted, however, it cannot be determined whether the Connected Server is the server you want to log on to, or may be attacked by man-in-the-middle (mitm. for security verification based on keys, you need to create a pair of keys and place the public keys on the server. If you need to connect to the SSH server, the client will send a request to the server to use your key for security verification. After receiving the request, the server first finds the public key on the server and compares it with the one you sent. If the two keys are the same, the server uses the public key to encrypt the challenge and send it to the client. After receiving the question, the client software decrypts it with your private key and sends it to the server. The second method is safer and data is encrypted, but the logon time can be relatively long. 3. Why do I need to log on using the second method? Disadvantages of Logon with a password: a) the user cannot set a blank password (even if the system allows a blank password, it is very dangerous) B) the password is easy to peek or guess c) if an account on the server is to be used by multiple users, all users must know the password, which leads to easy password leakage. when changing the password, you must notify everyone and use the public key to solve the above problems: a) Public Key Authentication allows the use of a null password, saving the trouble of entering a password for each login. B. Multiple users can log on to the same user on the system using their respective keys. c) even if the password of the corresponding user is modified, login will not be affected. d. If password authentication is disabled at the same time, as long as the private key is secure, it will not be threatened by brute force cracking. 4. experiment 4.1 between Windows 7 and Virtual box Virtual Machine ubuntu on the local machine is used for ssh password connection 1. you need to change the connection mode from NAT to Bridge 2 in VB. use "sudo apt-get install openssh-server" to help Ubuntu install the ssh server and use "sudo service ssh start "To start the ssh service, run the command ps-e | grep ssh to check whether the service is successfully started. If not, run the command sudo/etc/init. d/ssh start service 3. log on to Ubuntu using Putty on a Windows host and enter the IP address of Ubuntu. Putty: http://www.chiark.greenend.org.uk /~ Sgtatham/putty/download.html 4. enter the user name and password to remotely log on to ubuntu 4.2 for ssh key connection-create a key in Win 7 4.2.1 use puttygen to make the key, including the private key and public key.
: Http://www.chiark.greenend.org.uk /~ Start puttygen in sgtatham/putty/download.html. to be compatible with the openssh key, select "SSH2 RSA", click Generate, and move the mouse in the blank area of the window to obtain random data of the generated key, until the progress bar ends. The result is: Enter the key passphrase and confirm passphrase, similar to the private key password, and click "Save private key ". The public key information must be copied to a specific file in the ubuntu System in the preceding text box. You can see that the private key contains the public key and private key. 4.2.2 modify openssh configuration in ubuntu system/etc/ssh/sshd_config: PermitRootLogin no # prohibit root users from logging on to StrictModes yes # Check whether the key users and permissions are correct, the authorized_keys file must have 644 permissions. By default, RSAAuthentication yes is enabled. # enable RSA Authentication AuthorizedKeysFile. ssh/authorized_keys # verify the public key storage path PubkeyAuthentication yes # enable public key authentication PasswordAuthentication no # Disable password authentication. Only key connections are allowed. It is enabled by default. ChallengeResponseAuthentication no # disable the challenge response method UsePAM no # The preceding parameters without PAM Authentication can be adjusted as needed. Restart the sshd service: sudo/etc/init. d/ssh stopsudo/etc/init. d/ssh start or directly: sudo/etc/init. d/ssh restart4.2.3 copy the public key information to a specific ubuntu file. In the previous window, copy the public key content and write ~ If the. ssh directory and the authroized_keys file do not exist in the/. ssh/authroized_keys file, you must create the file by yourself and modify the Directory and file permissions> mkdir ~ /. Ssh> chmod 700 ~ /. Ssh> emacs ~ /. Ssh/authorized_keys> chmod 644 ~ /. Ssh/authorized_keys 644 permission indicates that others cannot write the file, which is used to protect others from writing their public keys at will. 4.2.4 use putty for key login. In Connection-> SSH-> Auth, select the private key file: in Connection-> Data, write the username you used for logon to the IP address of the ubuntu system at Session, and then click the open button. In this case, enter the passphrase password, that is, the private key password. This password protects private key files. Even if someone else obtains your private key file, you cannot log on without this password. 4.3 ssh key connection-create a key 4.3.1 in Ubuntu and generate a key in Linux. Run the following command on the command line:> ssh-keygen-t rsaGenerating public/private rsa key pair. enter file in which to save the key (/home/compilers /. ssh/id_rsa): # Enter the private key storage address Enter passphrase (empty for no passphrase): # Enter the private key Password Enter same passphrase again: # confirm the password Your identification has been saved in/home/compilers /. ssh/id_rsa.Your public key has been saved in/home/compilers /. ssh/id_rsa.pu B. the key fingerprint is: e7: f6: 98: 57: f0: d9: 93: 54: 30: 76: 9f: 10: 09: c0: f8: b9 compilers @ compilers-vmThe key's randomart image is: + -- [RSA 2048] ---- + | o .... o *.. | .. o. o + |... o | o .. | S o. o. | E + o. | o .. |. +. | o .. | + --------------- + 4.3.2 write the public key to the authorized_keys File> cd ~ /. Ssh> cat id_rsa.pub> quthorized_keys # Add new content to the line feed 4.3.3 generate putty private key 1. Upload id_rsa to windows. 2. Use puttygen's "Load private key" to read the id_rsa file and enter the private key password. The content in the text box should be consistent with that in id_rsa.pub. Click "Save private key" to Save the private key. 4.3.4 using putty for key login is the same operation as before:

Publish by note

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.