Keywordsssh connect to serverhow to connect to server using sshhow to connect to server ssh
Recently saw the relevant commands for remote connection to
the server, let's summarize the relevant content of SSH first
SSH connection process
Open SSH service
SSH commands
Server public key record file
Make an ssh user who can log in immediately without a password
SSH connection process
Step 1:
The server opens the SSH service for the first time, and <br> will automatically create the /etc/ssh/ssh_host* public key file and private key file
<br>The second step: the client actively links to the SSH server
<br>Step 3: The server transmits its public key file to the client (clear text)
<br>Step 4: If the client connects to the server for the first time
The difference will be compared if it has been recorded. Reject if different.
If you accept this public key, then calculate your own public and private keys for this link
Step 5: The client sends its public key to
the server
Step 6: Start two-way encryption and decryption
Open SSH service
`/etc/init.d/ssh restart`
SSH commands
`ssh [-f] [-o] [-p] account@IP [command]`
|Parameter|Meaning|
|:||
|-f|Do not log in, execute the "back command" directly on the remote
server|
|-o|Additional parameters|
|-p|Use other port, default 22|
Examples:
A: Log in to the account msdoge of the remote host 192.168.0.115
`1, ssh msdoge@192.168.0.155
2. Enter the password`
B: Turn off 192.168.0.115 without logging in
`1, ssh -f msdoge@192.168.0.115 shutdown -h now
2. Enter the password`
Server public key record file
When ssh connects to the fourth step, the client compares the data of the server's public key in the local ~/.ssh/known_hosts file with the server's public key for this connection. If there is a difference, it will refuse the connection to prevent connecting to the disguised server.
If SSH is reinstalled on the server and the /etc/ssh/ssh_host* public key file is recalculated in the first step, the public key may be different from the previous one, but the IP is the same. At this time, the client will avoid connecting Go to the disguised server and refuse the connection.
At this time, the client can delete the corresponding server public key data by vim to ~/.ssh/knoen_hosts
Make an ssh user who can log in immediately without a password
Step 1: Use the ssh-keygen command to make a public key private key file
ssh-keygen [-t rsa|dsa]
-t: select the password algorithm, default rsa
Step 2: Upload the generated public key file to the server
scp ~/.ssh/id_rsa.pub msdoge@192.168.0.115:~
Step 3: Configure on the server
#Log in to the remote host and enter the password
ssh msdoge@192.168.0.115
#According to the configuration file /etc/ssh/sshd_config
#AuthorizedKeysFile settings
#Place the public key file in ~/.ssh/authorized_keys
#If the server is not used for the first time, you need to build it yourself
#Permission must be 700!
mkdir ~/.ssh
chmod 700 ~/.ssh
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
#authorized_keys permissions must be 644!
chmod 644 ~/.ssh/authorized_keys
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
