Shulou(Shulou.com)06/02 Report--

SSH remote access and control

SSH is a secure channel protocol, which is mainly used to realize remote login and remote replication of character interface. SSH protocol encrypts the data transmission between the two sides of the communication, including the user password entered when the user logs in. The SSH protocol provides better security.

One: the basic configuration of sshd

1. Log in to the xshell terminal to prove that the sshd port has been opened. Check to see if sshd is open:

2. View the command file and configuration file.

3. After the configuration is completed, you need to enable sshd-systemctl restart sshd.

Then access it in another virtual machine, log in to the first one remotely, access it with ssh protocol, and enter the user name and IP address of the first one. You can create files and directories in it, and then go back to the first station to check, all the new files are in it.

Check the first virtual machine to see if this file is available.

For security reasons, some modifications are needed. Enter the configuration file in the first console-vim / etc/ssh/sshd_config

Wheel module authentication is also required. Only users in the whell group can switch root users, as well as other users, as long as they know each other's password. Enter-vim / etc/pam.d/su and remove the "#" in front of the sixth line to indicate that it is on.

4. User login control of sshd service. You can set the number of times you are allowed to enter a password, enter the configuration file of sshd, and turn it on. The default number of times to enter a password is 6 times.

If you want to log in to a zhangsan user, you can see that the login password is only 6 times, the default number of times. It will exit automatically after 6 times of typing.

5. When you want to allow only users to log in, you can add it to the whitelist (AllowUsers) and add a command to the configuration file

Allow zhangsan to log in

Two: scp remote replication

The scp command allows you to copy files to and from a remote host using a SSH secure connection. When using the scp command, in addition to specifying the replication source and destination, you should also specify the destination host address, login user, and prompt to verify the password after execution.

1. Enter the configuration file of the hostname and add two pieces of information (hostname, network)

2. Modify the address of DNS

3. Want to add a message

4. Mapping file of local host-/ etc/hosts file

Enter this file:

Want to synchronize what has been written above to other servers

Go to the other party's server to see if it has been synchronized.

Three: login of sshd key pair

​ key pair authentication can provide better security for remote login and create a key file for the current user through the ssh_keygen tool.

1. To use the key pair for authentication, first enter the configuration file-vim / etc/ssh/shhd_config, and open PubKeyAuthentication

2. Use another server to generate a key, first create a new user, and then switch to this user

Then upload the public key file generated in the previous step to the server and deploy it to the server-side user's public key database.

Go to the client to view the public key pushed in the previous step

3. If you want to avoid interactive passwords, you need to enter a password to avoid logging in to each server.

When logging in using key pair authentication, you do not need to know the password of the target user, but instead verify the private key phrase of the client user and check whether the private key and public key files of both parties are matched, so the security is better.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.