Shulou(Shulou.com)06/02 Report--

1. Introduction to the concept of remote connection service

SSH: system default configuration 22 you can use root users to encrypt login data by default

TELNET: network devices are enabled by default 23 by default, you can only use ordinary users to display login data and information in clear text.

Grab the package with wireshark: grab the SSH protocol login package and Telnet package respectively (one ciphertext, one plaintext)

2the principle of SSH protocol key login:

1) the server generates a key pair (public and private keys, that is, locks and keys)

2) the server initiates a public key file or locks this / root/.ssh/authorized_keys to other hosts

3) the server logs in to other hosts through the private key

3, operation

Create a key pair

Ssh-keygen

2. Send the public key or lock to another host

Secret-free login

4. Solve the yes/no problem when the public key is sent for the first time

1) find StrictHostKeyChecking through man ssh

Command: ssh-copy-id-I / root/.ssh/id_rsa.pub 10.0.0.41-o StrictHostKeyChecking=no

Solve the problem of whether to send a public key or enter a password for the first time

1) install a sshpass tool first

Yum-y install sshpass

Sshpass-proot123 ssh-copy-id-I / root/.ssh/id_rsa.pub 10.0.0.41-o StrictHostKeyChecking=no

5. Batch distribution of public keys to multiple hosts

For i in {41200} do sshpass-proot123 ssh-copy-id-I / root/.ssh/id_rsa.pub 10.0.0.$ {I}-o StrictHostKeyChecking=no [$?-eq 0] & & echo "ok" done

6. Even if there are 5-step operations, you still have to enter manually to generate the key pairs. if the production key pairs do not have to interact with each other, then we can manage the whole step in batch.

Come on, write a more perfect step.

#! / bin/bash if [- f / root/.ssh/id_rsa] Then echo-key pair file already exists-else echo-generating key pair file-ssh-keygen-f / root/.ssh/id/id_rsa-N''fi

(the first part of generating the key pair to enter manually is to specify the file location, we specify the-f parameter first, and the second is to confirm the password. our-N parameter specifies the new password''means it is empty, that is, there is no new password. The operation of generating a key pair in this way

It is also interaction-free)

For i in {41} do sshpass-proot123 ssh-copy-id-I / root/.ssh/id_rsa.pub 10.0.0.$ {I}-o StrictHostKeyChecking=no > / dev/null 2 > & 1 [$?-eq 0] & & echo "ok" done

7, optimize SSH

Modify on all other hosts

1) listening port 22

Change it to 9999

2) listen to ip0.0.0.0 (all here means that all hosts have their own ip, and a host can have multiple ip. Write my own ip when you connect me. It does not mean that the ip,ssh that connects to my host does not restrict access by restricting the ip of the client. Unlike rysnc,nfs,nginx, don't get confused.

Change it to monitor a network segment or ip,172.16.1.0 to allow listening to a network segment or ip,ssh remote

3) password authentication PasswordAuthentication yes

I can't log in with a PasswordAuthentication no password. If other hosts want to log in to this host, they cannot log in by entering the account password. At this time, only the administrative side can log in through the key pair.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.