Shulou(Shulou.com)06/02 Report--

An overview of SSH

SSH is developed by IETF's Network Group (Network Working Group); SSH is a security protocol based on the application layer. SSH is currently a reliable protocol designed to provide security for remote login sessions and other network services. The use of SSH protocol can effectively prevent information leakage in the process of remote management. SSH was originally a program on the UNIX system, and then rapidly expanded to other operating platforms. When used correctly, SSH can make up for loopholes in the network. The SSH client is suitable for a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and others-can run SSH.

Two ssh functions

Traditional network service programs, such as ftp, pop and telnet, are inherently insecure because they transmit passwords and data in clear text on the network, which can be easily intercepted by people with ulterior motives. Moreover, the security verification method of these service programs also has its weakness, that is, it is easy to be treated by "man-in-the-middle". The so-called "middleman" is treated by pretending to be a real server to receive the data you send to the server, and then pretending to be you to send the data to the real server. After the data transfer between the server and you is tampered with by the "middleman", there will be serious problems. By using SSH, you can encrypt all transmitted data, so that the "middleman" treatment is not possible, and can also prevent DNS spoofing and IP spoofing. An added benefit of using SSH is that the data transferred is compressed, so the transfer can be accelerated. SSH has many functions. It can not only replace Telnet, but also provide a secure "channel" for FTP, PoP, and even PPP.

Three SSH remote management

Ssh command file location / usr/sbin/sshd

Ssh server profile location / etc/ssh/sshd_config

Ssh client profile location / etc/ssh/sshd_config

Login permissions settin

Enter the server configuration file and view the configuration file

Remove the comment permitrootlogin, allow root users to log in, and restart the service

Create folder validation

If you do not want users to log in as root, just change permitrootlogin yes to no, but there is also a problem. The login party can use another user as a springboard to log in to root.

If you want to solve this problem, you can enable the pam module validation mentioned earlier

Set number of validations

Verification shows that you only typed the wrong password three times and then exited the login attempt interface, not the six times set in the configuration file. If you want to take effect six times in the configuration file, you need the following command

Black and white list

AllowUsers whitelist

DenyUsers blacklist

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.