Chen: Configuring and managing an SSH server under RHEL5

"Silicon Valley network October 8," according to "Science and Technology and Life" magazine 2012 15th, SSH is the current network of remote login tools, it can be built between the server and host encryption tunnels to protect all aspects of communication security, including the password from eavesdropping. Designed to start with SSH's primary configuration, allows beginners to quickly configure a simple and efficient SSH server.


keywords ssh; remote login; Linux; key


1 Proxy Server Overview


in the current network, remote logins are very common, but when using Telnet for network connection, the use of plaintext transmission network data (including user accounts and passwords), security is not high. SSH (Secureshell), is a protocol to provide secure communication in the application, through SSH to secure access to the server, because SSH based on a mature public key encryption system, the transmission of all data encrypted to ensure that the data in the transmission without malicious damage, tampering. The protocol transmits network data in ciphertext mode, so that data can be safely and quickly transmitted to each other. is a trusted security connection tool.


SSH Access server requires key authentication. The client creates a pair of keys. The user then places the public key on the remote Management Server. When a user's computer is connected to an SSH server, a request is made to the server to use the client's key for security authentication. When the SSH server receives a request from the client, it uses the public key that has been sent to it for comparison. If two keys are the same, the server uses the public key to encrypt the challenge and send it to the client software. After the client software receives a challenge from the server, it can decrypt the private key and send the results to the server. This approach can effectively avoid "man-in-the-middle" attacks.


　　

The primary task of the
private key is to verify the identity of the user in an outward-emitting SSH connection. When a user runs an SSH client to access a server through a user on a server, the program requests a connection to the SSH server, and the client then uses the user's private key to authenticate the user to the server.

The main task of the
public key is to identify your identity in connection to your account. When the SSH client requests access to your account, will use a private key as its identity, the SSH server will check the corresponding public key, if based on some kind of encryption test, the key is matched, then authentication passed, will continue to connect, the public key does not need to be confidential, the attacker can not use the public key to breach an account.


　　


2SSH Server Installation and startup


1 RHEL5 SSH Service installation


RHEL5 System By default, OpenSSH services and clients are already installed on the system and can be checked by using the following command:


#rpm-qopenssh-server


If the RHEL5 system is not installed, you can find the RPM installation package of OpenSSH service on the RHEL5 installation disk, the installation commands are as follows:


#rpm-ivhopenssh-server-4.3p2-16.el5.i386.rpm


2 Open the server's port

The port number used by the
SSH service is 22 ports of the TCP protocol, and if the RHEL5 server has firewall enabled, set the port that allows the TCP protocol to pass or turn off the firewall function, check that the SSH service port is open, if it is not open, You can set the security level Open port in the system's Start menu. You can also configure firewalls using the iptables command:


#iptables –iinput–ptcp–dport22–jaccept


3) Start SSH


start SSH service: #servicesshdstart


Stop SSH service: #servicesshdstop


SSH service: #servicesshdrestart


3SSH Server Basic configuration and management


the configuration file for SSH in the RHEL5 environment is located in/etc/ssh/sshd_config, the main contents of the configuration file are described below:


1 Port22 This option to set the port number that the service listens on.


2 ListenAddress192.168.1.100 This option to set the IP address of the SSH server binding, and the default binding server for all available IP addresses.


3) Permitrootloginno This option to set root can not use SSH login, the default allows the administrator to log on, in order to improve the security of Linux servers, you can prevent the root user ssh login.


4 Passwordauthenticationyes This option defines whether password authentication is allowed and can be set to No if you are ready to use the public key authentication method.


5 Rsaauthenticationyes This option defines whether the RSA algorithm is used for security authentication.


6) Permitemptypasswordsno This option setting defines whether the password-empty account is allowed to log on, which should be prohibited in order to secure the server.


you need to set up the SSH key, first create a private and public key for the local server, the user executes the command ssh-keygen1, copy the local generated public key to the remote host/HOME/USERNAME/.SSH directory.


4SSH Client Access


1 Linux clients, you can use SSH login to connect to a Linux server.


Client Linux installs openssh-clients and OpenSSH packages and can telnet to the Linux server using SSH commands: #ssh用户名 @ host IP address


For example: #sshtom @192.168.1.100


2 Windows Client, launches the downloaded Putty.exe file, displays the Putty program main interface, enters the server's IP address or domain name in "HostName", selects the SSH option in the "Connecttype" area, Finally, click the Open button to start the connection. Putty successfully connect to the SSH server, enter a username and password to log on to the system remotely.


　　.


Author Profile


Chen (1975-), female, Hubei Wuhan, Wuhan Vocational and Technical College, associate professor of computer science, research direction: Computer network Engineering, intelligent building and system integration technology.