Use of SSH-keygen and SSH-copy-ID and modification of port 22

Source: Internet
Author: User

Use of SSH-copy-ID

Ssh-copy-ID is a preset command in the SSH client suite. Simply put, it is just a script, when you have produced an RSA or DSA on your computer
Authentication. You can send the authentication token to the local host using the ssh-copy-id command.

How to Establish RSA or DSA authentication?

$ Ssh-keygen-t dsa (ssh-keygen-t rsa)
Generating public/private DSA key pair.
Enter file in which to save the key (/root/. Ssh/id_dsa)
Difference between RSA and DSA

Ssh-keygen can create RSA keys for use by SSH protocol version 1 and

RSA or DSA keys for use by SSH Protocol Version 2

 

Simply put, if you only use SSH protocol version 2, it is recommended that you use DSA to establish authentication.

========================================================== ========================================================== ================

Use SSH-copy-ID

$ Ssh-copy-id.orig-I ~ /. Ssh/id_dsa.pub Wawa @ remotehost

Wawa @ remotehost's password: (you need to encrypt the password once)
Now try logging into the machine, with "ssh 'wawa @ remotehost'", and check
In:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

Simple administrative line ssh-copy-id.orig-I authentication example @ host

 

Then, the authentication can be completed, and then SSH authentication can be directly sent to the terminal host without password hitting.

 

========================================================== ========================================================== ==============

 

Basically, for external server hosts, ssh listen port will change the 22 port set by the attacker. In this way, the attacker can change the SSH listen host's intrusion mechanism.
Port is the most basic first anti-DDOS service. Please change port 22 in the hosts and re-activate the SSH service.

But when you get rid of SSH listen
After the port, the ssh-copy-id command will not work. Isn't that a pity? We can modify the ssh-copy-ID script so that it can
Supports specifying different service ports.

Change ssh-copy-ID

$ CP/usr/bin/ssh-copy-ID/usr/bin/ssh-copy-id.orig
$ VI/usr/bin/ssh-copy-ID

#! /Bin/sh

# Shell script to install your identity. Pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# Or one of the other keys in your ssh-agent, for this to work.

Id_file = "$ {home}/. Ssh/identity. Pub"

While getopts ': I: P: H' Option
Do
Case $ option in
I)
If [-n "$ optarg"]; then
If expr "$ optarg": ". *. Pub">/dev/NULL; then
Id_file = "$ optarg"
Else
Id_file = "$ optarg. Pub"
Fi
Fi
;;
P | P)
Port = $ optarg;
;;
H)
Echo "Usage: $0 [-I [identity_file] [user @] Machine"> & 2
Exit 1
;;
Esac;
Done;

Shift $ ($ optind-1 ))

If [$ #-LT 1] & [x $ ssh_auth_sock! = X]; then
Get_id = "$ get_id ssh-add-l"
Fi

If [-z "'eval $ get_id '"] & [-R "$ {id_file}"]; then
Get_id = "cat $ {id_file }"
Fi

If [-z "'eval $ get_id '"]; then
Echo "$0: Error: no identities found"> & 2
Exit 1
Fi

If [-Z $ port]; then
Portoption = ""
Else
Portoption = "-p $ port"
FI;

{Eval "$ get_id" ;}| SSH $ portoption $1 "umask 077; test-D. Ssh |
Mkdir. Ssh; CAT>. Ssh/authorized_keys "| Exit 1

Cat <EOF
Now try logging into the machine, with "ssh $ portoption '$ 1'", and check
In:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

EOF

It mainly adds the port settings. It is recommended that you directly replace them on the slave database.
The above script taken from the source: http://blog.vieth.biz/2009/03/23/ssh-copy-id-with-port/

Use SSH-copy-ID with port

$ Ssh-copy-ID-I ~ /. Ssh/id_dsa.pub-P 1234 Wawa @ remotehost
Wawa @ remotehost's password: (you need to encrypt the password once)
Now try logging into the machine, with "ssh-P 1234 'wawa @ remotehost '",
And check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

The SSH-copy-ID with port authentication is complete!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.