Shulou(Shulou.com)06/01 Report--

Telnet plaintext transmission tcp23 temporary service for remote management

Ssh Secret Information Transmission tcp22 system Service Security

Ssh-> openssh

Yum-y install openssh

Service sshd restart

Chkconfig sshd on

When the remote management host is slow, modify the server configuration file / etc/ssh/sshd_config

GSSAPIAUthentication no

Such as: ssh-X root@192.168.4.111

When the port (192.168.4.254) is changed to 2000

Vim / etc/ssh/sshd _ config

13 port 2000

Real machine ssh-p 2000 root@192.168.4.254 (Xiao P)

Scp-rP 2000 / boot root@192.168.4.254:/root (this big P)

Manage SSH service 22 port number

/ etc/init.d/sshd start; chkconfig sshd on

1. All addresses receive connection requests by default (that is, both ip on one station can be used)

two。 All local accounts are allowed to connect by default.

/ etc/ssh/sshd_config

13 Port 2222

16 ListenAddress 192.168.4.6 (when the server has more than one ip, only this ip is allowed for remote management)

43 PermitRootLogin no (do not allow others to connect to root users)

42 # LoginGraceTime 2m

45 # MaxAuthTries 6 (enter the password wrong at most, how many times do you have to wait? use these two together)

66 PasswordAuthentication no (if you do this, you will not be allowed to enter your own password, but those who have made key pairs before can avoid the password even if you want to change it to yes.)

Blacklist and whitelist / etc/ssh/sshd_config

Users on the blacklist are not allowed to log in

DenyUsers yaya@192.168.4.7 jing

DenyGroups dbadmin webadmin

Whitelist can only be found in command / etc/ssh/sshd_config

AllowUsers root@172.40.50.117 jerry (only root users are allowed to connect in this 117, jerry any user can connect)

AloowGroups mywebgrp

Configure key pair login (/ root/.ssh/)

Client creation: [root@svr7 ~] # rm-fr / root/.ssh/

[root@svr7 ~] # ssh-keygen

[root@svr7 ~] # ls / root/.ssh

Id_rsa id_rsa.pub

[root@svr7 ~] # ssh-copy-id root@192.168.4.6

Server: vim / etc/ssh/sshd_config (after modifying the configuration file, only key pairs are allowed, not passwords)

49 PubkeyAuthentication yes

50 AuthorizedKeysFile .ssh / authorized_keys (open key connection)

66 PermitEmptyPasswords no (password connection is not allowed)

For now, you can only use the key, not the password for the remote.

Client (if an ordinary user wants to manage remotely, you can copy the private key to the ordinary user's home directory and give permission)

After copying the public key to an ordinary user, you can remotely.

[root@svr7 ~] # useradd dc

[root@svr7 ~] # echo 123456 | passwd-- stdin dc

[root@svr7 ~] # su-dc

[dc@svr7 ~] $mkdir / home/dc/.ssh

[dc@svr7 ~] $ls-ld / home/dc/.ssh

Drwxrwxr-x. 2 dc dc 4096 March 6 10:46 / home/dc/.ssh

[dc@svr7 ~] $exit

Logout

[root@svr7 ~] # cp / root/.ssh/id_rsa / home/dc/.ssh/

[root@svr7 ~] # chown dc:dc / home/dc/.ssh/id_rsa

[root@svr7 ~] # su-dc

[dc@svr7 ~] $ssh root@192.168.4.254

Last login: Mon Mar 6 18:43:24 2017 from 192.168.4.7

[root@room1pc01 ~] #

Sometimes when you change the sshd port and restart the error message, you need to turn off the selinux.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.