Shulou(Shulou.com)06/02 Report--

I. remote connection

1. Windows è Linux

Tools: ssh, vnc

Connection method: ssh target host IP

Ssh root@ target host IP

Login with ssh key + password

Ssh secret key (disable password)

Connect ssh-p (lowercase) 10123 root@ target host IP

Upload scp-P (uppercase) 10123 root@ target host IP: / tmp

Upload and download sftp-oPort=10123 root@ target host IP

Ssh connection method:

A, ssh target host IP

B, ssh root@ target host IP

(generally, other ordinary users are used in practice, and root cannot be used.)

Vnc connection method:

Two rpm packages need to be installed on the Linux client: tigervnc, tigervnc-server

Install mount / dev/sr0 / mnt

Yum-y install tigervnc tigervnc-server

Configure password vncpasswd

Open the service vncserver and check whether the corresponding ports are open for 5901 and 6001

Use VNC-64 bit connection on Win

Note: only port 5901 can be used to connect here, but port 6001 cannot be connected.

Enter the password of the previously set vncpasswd

Successfully display the desktop of the Linux system

2. Linux è windows (desktop system must be installed in Linux at this time)

Note: Linux è windows connection is very difficult to connect successfully in win10. Here, take winserver 08 as an example.

Install the rpm package rdesktop

Use the command: rdesktop-f-u username-p password-a 16

-f full screen after connecting to win

-u user name of the win system

The corresponding password of-p win system

-a screen color is divided into 16 colors

Connect

Rdesktop-f-u bcl-p password-a 16 192.168.115.192

After connection (the desktop is not displayed, it is related to the system hardware configuration and the resolution of the original desktop)

2. Secret key connection

Use two virtual machines 192.168.10.8 192.168.10.100

When connecting to 100 using 192.168.10.8, it appears as follows:

RAS key shows the encryption key

Password-free key login-step:

2. Upload the public key to the server

Enter the client key save directory / root/.ssh,id_rsa is the private key and id_rsa.pub is the public key

Upload the public key to / tmp on the server side 192.168.10.100, here use the command scp to upload the file

Format: scp uploaded file login user @ server IP: server directory

On the server side 100, create a .ssh directory under the user's home directory, rename the public key to: authorized_keys and save it to the corresponding directory ~ / .ssh (user's home directory)

Finally, restart the sshd service service sshd restart

3. Login verification on client 10.8

Note:

1. The format of the secret key generation command is ssh-keygen-t rsa (can also be dsa)

2. The public key is saved on the server side, and the location is under .ssh in the user's home directory.

3. The public key must be renamed to: authorized_keys

4. If you want to use the secret key and password at the same time, enter the login password of the server when establishing the key

4. Windows also logs in with the secret key

Use the third-party tool Xshell è tool è New user key Generation Wizard è to generate the secret key (do not write a password)

The password can be written or not written here.

Copy and paste the public key into / root/.ssh/authorized_keys on the server

Restart the service profile service sshd restart

Note: after the configuration is complete, select the secret key to log in when connecting to the server using xshell

Third, only secret key connection, no password login

Location of the secret key: / root/.ssh/authorizer.keys (the name must be written correctly)

Edit configuration file / etc/ssh/sshd_config

1. Make sure RSAAuthentication yes

PubkeyAuthentication yes

2. Make sure PasswordAuthentication no

ChallengeResponseAuthentication no

3. Login verification

Ssh root@192.168.10.100. The password is grayed out, and the password is prohibited.

IV. Control documents

Configuration file: / etc/hosts.allow whitelist

/ etc/hosts.deny blacklist

Format-list of services: list of client addresses

Reject network segments (only in the following two formats)

Wrong sshd:192.168.115.0/24

Sshd:192.168.115.0/255.255.255.0

Sshd:192.168.115.

Reject domain name

Sshd:www.xdl.com a host

All domain names of sshd:.xdl.com are hosts of xdl.com

Fifth, Sftp file transfer command

Upload file: put download file: get

The command used on the server side is: ls cd pwd

The commands used on the client side are: all commands are preceded by l such as: lls lpwd lcd

Simplified version of Firewall tcp wrappers

1. View the location of the service command which sshd

2. Check whether the command is called by the library file libwrap

Ldd / usr/sbin/sshd | grep libwrap

3. If called, you can use the rules in tcpwrappers.

/ etc/hosts.allow whitelist

/ etc/hosts.deny blacklist

4. Format service name: related IP (related network segment, related domain name)

A 、 sshd:192.168.115.200 IP

B 、 sshd:192.168.115. Network segment

C, sshd:www.xdl.com domain name

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.