Shulou(Shulou.com)06/03 Report--

This article mainly discusses the method of generating the key pair locally and uploading the public key to the server. There is a certain reference value, friends in need can refer to, follow the editor to see the solution.

1. Knowledge points

The firewall policy of the TCP Wrappers service is controlled by two control list files (/ etc/hosts.allow and / etc/hosts.deny). Users can edit the allow control list file to release request traffic to the service, or edit the deny control list file to block request traffic to the service.

(1) the control list file will take effect immediately after modification.

(2) the system will first check the allowed control list file (/ etc/hosts.allow), and release the traffic if it matches the corresponding allowed policy.

(3) if there is no match, further match the reject control list file (/ etc/hosts.deny), and reject the traffic if a match is found.

(4) if neither of the two files matches, the traffic is released by default.

Linux, everything is a file.

To configure a service is to modify the configuration file of a file

If the configuration is to take effect, you need to restart the service.

You need to add the service to the service to ensure that the service can still be provided after restart.

Remote control service: ssh

Password-based authentication-use account and password to verify login

Key-based authentication-the key pair needs to be generated locally, and then the public key in the key pair is uploaded to the server and compared with the public key in the server; this method is more secure.

[root@linuxprobe ~] # ssh 192.168.10.10

The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established.

ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f.

Are you sure you want to continue connecting (yes/no)? Yes

Warning: Permanently added '192.168.10.10' (ECDSA) to the list of known hosts.

Root@192.168.10.10's password: enter the password of the remote host root administrator here

Last login: Wed Apr 15 15:54:21 2017 from 192.168.10.10

[root@linuxprobe ~] #

[root@linuxprobe ~] # exit

Logout

Connection to 192.168.10.10 closed.

3. Secret key generation

[root@linuxprobe ~] # ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/ root/.ssh/id_rsa): press enter or set the storage path of the key

Created directory'/ root/.ssh'.

Enter passphrase (empty for no passphrase): press enter directly or set the password of the key

Enter same passphrase again: press enter again or set the password of the key Your identification has been saved in / root/.ssh/id_rsa.Your public key has been saved in / root/.ssh/id_rsa.pub.Your identification has been saved in / root/.ssh/id_rsa.Your public key has been saved in / root/.ssh/id_rsa.pub.The key fingerprint is:40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a: A8:b5:22 root@linuxprobe.comThe key's randomart image is:+-- [RSA 2048]-+ | + *.. o. | | *. O + | | o *. | | +. . | | o.. S | |. + | |. = | | E +. | | + .o |

+-+

Photo! [] (https://cache.yisu.com/upload/information/20200316/28/1127.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

The above description is the details of the method of generating a key pair locally and uploading the public key to the server, and the specific usage needs to be used by everyone through hands-on experiments. If you want to know more about it, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.