Shulou(Shulou.com)06/03 Report--

1. Introduction to SSH remote connection

The most commonly used tool for Linux to provide remote connection service is SSH software. SSH is divided into two parts: SSH client and SSH server. Among them, the SSH server contains mainly openssl and openssh software programs. In the Linux system, you can query the installation of SSH server tools according to the following methods.

# rpm-qa openssl openssh

Among them, openssh is the program that provides SSH services, and openssl is the program that provides connection encryption for SSH.

2. SSH server introduction

When you start a Linux system, by default, the SSH server program starts with the system, and the SSH service is a daemon (demon) that runs permanently in the system background and responds to connection requests from all SSH clients at all times. The process on the SSH server is called sshd, which is responsible for real-time monitoring and processing of connection requests from remote SSH clients, including public key authentication, key exchange, symmetric key encryption and non-secure connections. SSH service is one of the services that need to be kept self-starting when the system is optimized.

3. Introduction of SSH client

The most commonly used tool for SSH clients is SecureCRT on the Windows platform, which is easy to install, follow the prompts to operate step by step, and then open the registration software to run it. In addition to SecureCRT software, there are xshell, putty and other common software and ssh client under Linux.

4. SSH is a security protocol specially provided for remote login sessions and other network services, port number 22

5. There are two incompatible versions of SSH: SSHv1 SSHv2, just like win7 and xp of windows

6. Telnet protocol, port number 23

=

Troubleshooting ideas:

1. Ping ip address first-t: check whether the physical link is connected

2. Telnet ip address port: check whether the service is connected

If not, check:

A) Server firewall

B) whether the ssh service is enabled

C) whether the client and server are in the same network segment

The way to turn off the Linux firewall is: # / etc/init.d/iptables stop-- > it is best to execute it twice in a row

# / etc/init.d/iptables stop is equivalent to # service iptables stop

=

Change the configuration of remote login on the SSH server

The default remote management port for the windows server is 3389, the administrator is administrator, and the normal user is guest. The administrative user of Linux is root, and the remote management port is 22. There are many ordinary users by default.

Ssh service, whose startup file is sshd.

In Linux, how do we control a service and control the operation of a software? By changing its configuration

Then the ssh service, its corresponding configuration file is cd / etc/ssh/sshd_config.

Back up # cp / etc/ssh/sshd_config / etc/ssh/sshd_config.oldboy.20160903 before modifying the configuration file

# vim sshd_config

: set nu-> enter the line number gg-> then skip to the specified line number eg:98gg

The configuration file is modified as follows:

13-line Port 52113-> range is: 065535

Line 122 UseDNS no-> uncomment and change to no.

This is when you visit the Baidu website, it resolves I into an IP address, this resolution is very slow, our own connections are IP connections, so we do not need to parse, so the connection is faster.

Line 42 PermitRootLogin no-> We do not allow root to connect through ssh.

It is no problem to switch roles locally and cut with trees, but remote connections are not allowed and administrators are not allowed to connect remotely.

Line 15 ListenAddress 192.168.186.134-- > change the listening IP address to the IP address of your server's intranet

That is to say, your future server may have an eth0 network card, which can be accessed by all people outside. If it can hook you, it may connect to you ssh;. You may have two network cards on your machine, and a piece of eth2. This is an internal network card, so you have to limit that this ssh service will respond to this request only if you visit your internal network card. If you access the external network, you can't connect to my ssh service at all.

80 lines GSSAPIAuthentication no-- > when we connect remotely in the future, especially when one machine manages a bunch of machines, its ssh connection will be slow. To solve the problem of slow connection between the two machines, we need to set this parameter to no.

Linux basically keeps all its configuration files in memory, so the configuration file you are changing now is only on disk. This file has not yet taken effect, so restart the service and let it read the configuration into memory before it takes effect:

# / etc/init.d/sshd restart or

# / etc/init.d/sshd reload-> reload is a smooth restart mode

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.