Shulou(Shulou.com)06/02 Report--

Brief introduction

SSH is developed by IETF's Network Group (Network Working Group); SSH is a security protocol based on the application layer. SSH is currently a reliable protocol designed to provide security for remote login sessions and other network services. The use of SSH protocol can effectively prevent information leakage in the process of remote management. SSH was originally a program on the UNIX system, and then rapidly expanded to other operating platforms. When used correctly, SSH can make up for loopholes in the network. The SSH client is suitable for a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and others-can run SSH.

Sshd service, its default port number is: 22

Server profile: / etc/ssh/sshd_confi

Server main program: / usr/sbin/sg

After opening the configuration file, as shown below:

Next, try to experiment with some of the main features here. The first is to restrict root users from logging in from remote terminals. Just change the frame below to no.

Then enter the "systemctl restart sshd" command to restart the service.

Next, use the "ifconfig" command to look at the native IP and get the IP address of 192.168.220.129.

Then try to log in to this server with a root account on another Linux and find that you can't log in.

Next, test the attempt login time. Save the exit and restart the service after the modification is completed according to the following figure.

The previous option to restrict the functionality of the root account has been annotated, and then continue to try to log in with the root account. The picture below shows more than 5 seconds, and you can't log in even if you enter the correct password.

The last time I logged on to the server with quick eyes and hands, there was a record of three failed attempts.

Next, test the number of times you log in, because the Linux system defaults to three times. It will automatically log out after arriving three times, allowing you to log in again. Here, first turn off the time-limited login function, and then set the maximum number of login attempts to 5 times. Save the exit and restart the service.

Then continue to try to log in with your root account on another Linux. After reaching the default of the system three times, it automatically pops up. How to test the settings just now 5 times, here to add a command option. The whole command goes like this:

Ssh-o NumberOfPasswordPrompts=8 root@ destination IP address.

In addition to the above common functions, there is also a whitelist and blacklist function. AllowUsers (whitelist) and DenyUsers (blacklist) functions. First, add a whitelist function to allow only remote hosts with an IP of 192.168.220.146 to log in with the zhangsan account.

Due to the restart of the computer, the first Linux host here has re-obtained the new IP address: 192.168.220.142.

The IP address of my second Linux system is 192.168.220.146, and now I'm trying to see if I can log in with a root account using this IP host.

It is found that neither root users nor lisi users can log in.

Next, try to log in with the zhangsan user.

Next, try to use another IP host to log in with zhangsan.

This side also confirms that the whitelist has become effective, and IP addresses and accounts outside the whitelist cannot be logged in. Items added to the blacklist cannot be logged in.

As before, only the first whitelist function has been replaced with a blacklist, which means that 192.168.220.146 cannot be logged in as a zhangsan user. Save the exit and restart the service.

Here, use root users to test that you can log in.

And zhangsan users cannot log in normally if they are replaced here.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.