Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what are the common problems when connecting to SSH services in Linux?" the content is simple and clear. I hope it can help you solve your doubts. Let me lead you to study and learn what are the common problems when connecting to SSH services in Linux.

What is SSH?

The English full name of SSH is Secure SHell. By using SSH, you can encrypt all transmitted data, making man-in-the-middle attacks impossible and preventing DNS and IP spoofing. Another extra benefit is that the transmitted data is compressed, so the speed of transmission can be accelerated. SSH has many functions. It can not only replace telnet, but also provide a secure "channel" for ftp, pop, and even ppp. When the SSH client communicates with the server, the user name and password are encrypted, which effectively prevents the eavesdropping of the password. SSH was originally developed by a Finnish company. However, due to the limitations of copyright and encryption algorithms, many people now switch to OpenSSH. OpenSSH is an alternative to SSH and is free, and it can be expected that more and more people will use it instead of SSH in the future. SSH is composed of client-side and server-side software. SSH is easy to install, easy to use, and relatively common. General Unix systems, Linux systems, and FreeBSD systems all come with application packages that support SSH.

How does SSH's security verification work?

From the client side, SSH provides two levels of security authentication.

The first level (password-based security authentication) allows you to log in to the remote host as long as you know your account number and password. All transmitted data will be encrypted, but there is no guarantee that the server you are connecting to is the server you want to connect to. There may be other servers pretending to be real servers, that is, being attacked by "middlemen".

The second level (key-based security authentication) relies on keys, that is, you must create a pair of keys for yourself and place the public keys on the server you need to access. If you want to connect to the SSH server, the client software will send a request to the server for security authentication with your key. After the server receives the request, first look for your public key in the server's home directory, and then compare it with the public key you sent. If the two keys match, the server encrypts the "challenge" with the public key and sends it to the client software. After receiving the challenge, the client software can decrypt it with your private key and send it to the server.

In this way, you must know the password of your key. However, compared with the first level, the second level does not need to transmit passwords on the network.

The second level not only encrypts all transmitted data, but also the "man in the middle" attack is impossible (because he doesn't have your private key). But the entire login process may take 10 seconds.

Format of the command

First, make sure that the ssh service on the server side is on (service shhd start)

Then enter: ssh usrname@serverip (remote login) on the client side

Scp filename usrname@serverip:/URL (remote transmission)

Common problems:

Question one

Failed to link port when ssh logged in

Tip (1):

# ssh 172.16.81.221

Ssh: connect to host 172.16.81.221 port 22: No route to host

This is because the server is not powered on or the network is not connected (there are many reasons, the simplest one is that the network cable is not plugged in. In addition, it may be the network card down, etc.)

Tip (2):

# ssh work@172.16.81.221

Ssh: connect to host 172.16.81.221 port 22: Connection refused

This is because the ssh service of the other party's server is not turned on. Just start the service on this server.

Question 2.

The password is correct when ssh goes to server, but the following information is reported:

# ssh 172.16.81.221

Root@172.16.81.221's password:

Permission denied, please try again.

This is because if the user name is not entered, the default is the root user, but the ssh service does not have the ssh permission of the root user by default during the security period.

Solution:

To modify the ssh permissions of root, that is, to modify the / etc/ssh/sshd_config file

Change PermitRootLogin no to PermitRootLogin yes

Question three

The following prompt appears when logging in:

Ssh root@172.16.81.221

@ @ @

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@ @ @

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

76:fb:b3:70:14:48:19:d6:29:f9:ba:42:46:be:fb:77.

Please contact your system administrator.

Add correct host key in / home/fante/.ssh/known_hosts to get rid of this

Message.

Offending key in / home/fante/.ssh/known_hosts:68

RSA host key for 172.16.81.221 has changed and you have requested strict checking.

Host key verification failed.

When the server password or other changes occur. Generally speaking, the solution is to delete the corresponding line of ~ / .ssh/known_hosts, and then log in.

These are all the contents of the article "what are the common problems when connecting to SSH services in Linux?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.