Shulou(Shulou.com)06/02 Report--

1. SSH is a secure encryption protocol (secure shell protocol) that is used to remotely connect to liunx servers.

2. The default port of SSH is 22, and the security protocol version is SSH2. Besides 2, there is also SSH1 (loopholes are useless).

3. SSH server mainly includes two service functions: SSH remote connection and SFTP service.

4. The Linux SSH client contains ssh remote connection commands, remote copy scp commands, and so on.

Encryption principle:

1.X principle

When the client sends a request, the server sends the public key, and the private key of the client and the public key of the server are sent to the server through the algorithm, and then online is established. During this period, the server does not verify this value, so it is possible for other clients to fake communication.

2.X principle

In order to correct the shortcomings of 1.x, version 2 adds an additional Diffie-Hellman mechanism to confirm the correctness of the online, in each data transfer, Server will use this mechanism to check whether the source of the data is correct.

Security verification based on key

A bunch of secret key pairs (locks and keys)

Connection process:

The client has a public key and a private key, and some authentication methods only require the client to have a private key.

1. Cli sends the public key to ser

2. Cli sends connection request

3. Ser uses private key and public key to encrypt the string and send it to cli

4. Cli uses the private key to decrypt the string to ser.

5. Ser verification passed and connection established

Password-based security authentication:

Log in using the ssh client:

Ssh-p22 root@192.168..1.1 (the port of ssh is specified by-p parameter. If default is 22, you don't have to write it)

I just want to go over and follow orders and come back: ssh root@192.168.1.1 / sbin/ifconfig

/. Ssh/known_hosts stores known host key information

Ssh is an encrypted remote connection protocol, and the related software is openssh,openssl.

Default port 22

Protocol versions 1.x and 2.x _ 2.x are more secure.

Server ssh remote connection service, sftp service. The Sshd daemon should be self-started when booting.

The Ssh client contains the ssh,scp,sftp command.

Ssh security authentication: password and key, both of which are based on password, the principle of SSH key login

Ssh service security optimization: modify the default port 22, disable root remote connection, and prohibit dns,SSH from listening only to private network IP.

Ssh key pair, the public key (public key) is on the server side, the metaphor is the lock, and the private key (private key) on the client side is the key.

SCP transport protocol

Secure remote file copying program

Example:

-p port-r recursion (transferred with directories)-p does not modify properties

Scp-P22-r-p. Root@192.168.24.32:/tmp/

The same effect can be used:

Rsync-avz / etc-e'ssh-p 22' root@192.168.24.21:/tmp/1

Summary of scp:

1. Scp is an encrypted remote copy, while cp is only a local copy

two。 You can push data from one machine to another, or you can pull data from other servers back to the local server that executes commands.

3. It is a full and complete copy each time, so it is inefficient and suitable for the first copy. If incremental copy is needed, use rsync.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.