Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to connect to SSH Secure Shell in the SSH client. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

1. Operating environment

Install the SSH client under WINDOWS, named SSHSecureShellClient-3.2.9.exe, and you can download it from http://www.ssh.com/. Of course, we can also install Openssh on the SERVER side, but this article focuses on the technology of ssh, so we are using the SERVER side of http://www.ssh.com/ for UNIX/LINUX, and the latest version is ssh-3.2.9-1.i386.rpm (if you are AIX or SOLARIS To get a different version, take RHCE3 as an example. Make sure to uninstall all the default Openssh for UNIX hosts and install ssh-3.2.9-1.i386.rpm.

2. Why do you want the public and private key authentication method (connect to the host without entering a password)

We need to know that Publick Key refers to the public key and private key refers to the private key. The authentication process is like this: public key encrypts the data and can only be used for encryption, and private key can only decrypt the data encrypted by the matching public key. We put the public key in the right place on the remote system, and then start the ssh connection locally. At this point, the remote sshd will generate a random number and encrypt it with our generated public key and send it to the local. The local will decrypt it with private key and send the random number back to the remote system. Finally, the sshd of the remote system will conclude that we have a matching private key that allows us to log in. It's that simple!

3. The process of generating a key locally

Look for the ssh-keygen2.exe file under WINDOWS, which is the file that generated the key. Mine, in C:\ Program Files\ SSH Communications Security\ SSH Secure Shell, execute this file under DOS by

C:\ Program Files\ SSH Communications Security\ SSH Secure Shell > ssh-keygen2-t rsa

I use the rsa key, which defaults to 2048 bits, which is enough for us to use, and we can also use the dsa key. I'm not here to explain.

The system automatically generates a key pair, which is placed by default in the C:\ Documents and Settings\ XXX\ Application Data\ SSH\ UserKeys directory, where XXX is the account under which you execute the program, and the default names are id_rsa_2048_a and id_rsa_2048_a.pub, which is the public key we want to transfer to the server. When generating a key pair, you are asked to enter a password, because we want to log in to the server without entering the password, so we enter the car directly, but if you want to be more secure, it is recommended that you enter the password here as well. )

4. Log in to the remote UNIX server from the local computer with the SSH client

We also log in to the remote UNIX server as before, so that after logging in, we will PWD under the user directory, and you can see your user directory path, for example, mine is / home/test. OK, let's create a .ssh3 folder and create a file, authorization, with the following contents:

Key id_rsa_2048_a.pub

Then upload the id_rsa_2048_a.pub on your WINDOWS client to the .ssh3 folder you just created on the UNIX server, and close the SSH client.

5. Log in with SSH client public key authentication status

Restart the SSH client, select Public Key in the login authentication status bar, log in to the server where you just put id_rsa_2048_a.pub, and you will find that you are logged in immediately, and there is no password limit. At this time, both public and private key authentication and password authentication exist at the same time, which does not meet our requirements, so we will modify the / etc/ssh3/sshd2_config file on the UNIX server.

Delete the following three lines of password, which are modified

AllowedAuthentications publickey

AllowedAuthentications hostbased,publickey

RequiredAuthentications publickey

In this way, the following dialog box appears when you log in with your password again!

Chapter II Putty connection method of SSH client

1. Operating environment

The SSH client installed under WINDOWS, named putty-0.56-installer.exe, can be downloaded from the following address:

Http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html, this installation package is a collection of all the tools, in fact, if it is only used as a connection, you can only download putty0.56.exe. But we have to do the key pair here, so let's install the whole package.

2. The process of generating a key locally

Use the puttygen of the putty suite to generate the key. The type of key is SSH2 RSA. Select 2048 digits of the key, then click "Generator", and of course there are several options for key generation. If you have more than one key, you can comment on "Key comment" to distinguish between other key. "Key passphrase" and "Confirm passphrase" are used to encrypt the key on your hard disk, and you can leave them empty if you feel safe and secure on your own machine. Then save the two key, save by default, then you can specify the file name for the public key, and the default file extension for the private key is .ppk. Here we name it test.ppk, and the public key we save as test.pub, it should be noted that if you connect with putty, the extension of the private key must be .ppk, and you can also save the .ppk private key to the SSH Secure Shell format and Openssh format recognition of the private key, which is of great help to the communication between the two UNIX hosts. (we will talk about the public and private key authentication methods of two UNIX hosts in the future.)

4. Log in locally to a remote UNIX server using Putty

We also log in to the remote UNIX server according to the previous method, so that after logging in, we will PWD under the user directory, and you can see your user directory path, for example, mine is / home/test. OK, let's create a .ssh3 folder and create a file, authorization, with the following contents:

Key test.pub

Then upload the test.pub on your WINDOWS client to the .ssh3 folder you just created on the UNIX server, and close Putty. You can use put for this upload command and get for download. Your channel can be built with PSFTP, which is also in the component of PUTTY.

5. Log in with SSH client public key authentication status

Restart Putty, create a session named test, set the remote ip you want to log in to, set the protocol to ssh,Connection, set the auth option in ssh, and select the private key file as the key test.ppk that we just generated by puttygen. Click Open to enter username. After we enter the user name, the remote system starts public key authentication. If the key has passphrase, you need to enter it, otherwise you will log in directly. At this time, both public and private key authentication and password authentication exist at the same time, which does not meet our requirements, so we will modify the / etc/ssh3/sshd2_config file on the UNIX server.

Delete the following three lines of password, which are modified

AllowedAuthentications publickey

AllowedAuthentications hostbased,publickey

RequiredAuthentications publickey

In this way, the following dialog box appears when you log in with your password again!

Chapter 3

Ssh server-side installation

1. Environment:

Because the SSH server we chose is a SSH Secure Shell for unix product of http://www.ssh.com, we will mainly introduce the installation process of this kind of Ssh server. (there are two versions of SSH, but we will not introduce it now. If you are interested, please refer to the online article.)

2. Compile and install

As we mentioned earlier, the latest version of the Ssh server for unix class is ssh-3.2.9-1. I suggest you use the official TAR package. Of course, if you are not familiar with the compilation process, you can also use installation methods such as RPM. If you install with RPM, please download ssh-3.2.9-1.i386.rpm first. You can download it at the following address:

Http://ftp.ssh.com/priv/secureshell/329wks+srv-lt49ldrk/linux/ssh-3.2.9-1.i386.rpm

Please use administrator privileges when installing

# rpm-ivh ssh-3.2.9-1.i386.rpm if it is an upgrade installation, then use-Uvh.

The TAR package of 3.2.9-1 can be downloaded from http://downloads.planetmirror.com/pub/ssh/ssh-3.2.9.1.tar.gz. Administrator privileges are also used during installation:

# tar xzvf ssh-3.2.9.1.tar.gz

# cd ssh-3.2.9.1

#. / configure (here we want to explain that some documents say that if you want to use tcp_wrappers to control SSH, then you need to add the option "--with-libwrap=/path/to/libwrap/" in configure to tell SSH about the location of libwrap.an and tcpd.h, but SSH above 3.2.0 doesn't need to be so troublesome, they already have built-in functions to control access. )

# make; make install; make clean

This ends the installation.

3. Simple configuration of Ssh server

Whether you are using RPM or TAR package to install ssh server, its configuration file is in / etc/ssh3/sshd2_config, after installation, you generally do not need to configure it, but if your port 22 is already occupied by other programs before installing ssh server, then you need to simply configure this file, execute vi / etc/ssh3/sshd2_config, find line 27, Port 22, and change 22 to another port.

4. Start Ssh server

The default startup file for Ssh server is / usr/local/sbin/sshd2, and the installer automatically makes a file connected to this file with the name sshd, we just need to execute. / sshd & in the / usr/local/sbin/ directory to simply enable Ssh server, and then we execute # netstat-na to see that port 22 is already listening (yours may be another port, depending on your settings in the sshd2_config file. But we don't want to start Ssh server manually every time, so we can modify the / etc/rc.d/rc.local file and add the following at the end of the file:

# start ssh

/ usr/local/sbin/sshd &

The first behavior comments the content, and the second behavior starts the SSH server and runs as a background daemon.

This is good, when the system restarts, the SSH service can be started automatically, but after startup, if you plug in the monitor on the server side, you will see a line when it is time to log in, meaning that the Ssh server service is started, I am more picky, do not want to see this prompt, and I want to put the Ssh service into the LINUX service startup process, so it is more beautiful. Then we cannot modify the / etc/rc.d/rc.local file. We need to go to / etc/init.d/ to create a SHELL file called sshd. The contents are as follows:

#! / bin/bash

Cd / usr/local/sbin

. / sshd &

Then add executable permissions to the file

# chmod + x sshd

Then go to / etc/rc3.d and make a soft link file.

# cd / etc/rc3.d

# ln-s.. / init.d/sshd S13sshd

This is the end of the article on "how to connect SSH Secure Shell in the SSH client". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.