Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is the method of Linux remote management and sshd service verification". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the method of Linux remote management and sshd service verification".

I. SSH remote management

SSH definition

SSH (Secure Shell) is a secure channel protocol, which is mainly used to realize remote login and remote replication of character interface.

SSH protocol encrypts the data transmission between the two sides of the communication, including the user password entered when the user logs in. Therefore, SSH protocol has good security.

Advantages of SSH

Data transmission is encrypted to prevent information leakage

Data transmission is compressed, which can improve the transmission speed.

SSH profile

The default configuration file for the sshd service is / etc/ssh/sshd_config

Ssh_config and sshd_config are both configuration files for the ssh server

The difference between the two is that ssh_config is a configuration file for the client and sshd_config is a configuration file for the server.

SSH client and server

SSH clients: Putty, Xshell, CRT

SSH server: OpenSSH

OpenSSH is an open source software project that implements SSH protocol, which is suitable for all kinds of UNIX and Linux operating systems.

The CentOS 7 system has openssh-related software packages installed by default, and the sshd service has been added as self-booting.

2. Configure OpenSSH server

1. Common options settings for shd_config configuration files

Vim / etc/ssh/sshd_configPort 22 # listening port is 22ListenAddress 0.0.0.0 # listening address is any network segment You can also specify that the specific IPLoginGraceTime 2m # login authentication time of the OpenSSH server is 2 minutes PermitRootLogin no # forbids root users to log on to MaxAuthTries 6 # the maximum number of retries is 6PermitEmptyPasswords no # prohibit empty password users from logging in to UseDNS no # disable DNS reverse parsing To improve the response speed of the server # only zhangsan, lisi and wangwu users are allowed to log in, and wangwu users can only log in remotely from the host with IP address 61.23.24.25 AllowUsers zhangsan lisi wangwu@61.23.24.25 # multiple users are separated by spaces # prohibit some users from logging in, the usage is similar to AllowUsers (do not use at the same time) DenyUsers zhangsan

2. Allowusers and Denyusers

Allowusers... # only so-and-so users are allowed to log in to Denyusers. # prohibit some users from logging in, similar to AllowUsers (be careful not to use it at the same time)

3. Remote replication

Scp root@192.168.86.10:/etc/passwd / root/passwd10.txt

4. Sftp secure FTP

Due to the use of encryption / decryption technology, the transmission efficiency is lower than the ordinary FTP, but the security is higher. The operation syntax sftp is almost the same as ftp.

Sftp root@192.168.184.20sftp > lssftp > get file name # download file to ftp directory sftp > put file name # upload file to ftp directory sftp > quit # exit 3. Sshd service supports verification

Password authentication

Verify the login name and password of the local system user in the server. Simple, but may be cracked by violence, violence cracking can be seen before the blog has a detailed description of the system weak password detection

Key pair verification

Matching key information is required to pass verification. Typically, a pair of key files (public key, private key) are created in the client, and then the public key file is placed in a specified location on the server. When logging in remotely, the system will use the public key and private key for encryption / decryption association verification. Can enhance security, and can avoid mutual login.

When both password authentication and key pair authentication are enabled, the server gives priority to key pair authentication. The verification method can be set according to the actual situation.

Vim / etc/ssh/sshd_config # Edit server master profile PasswordAuthentication yes # enable password authentication PubkeyAuthentication yes # enable key pair authentication AuthorizedKeysFile .ssh / authorized_keys # specify public key store file

Create a key pair on the client

Create a key pair file for the current user through the ssh-keygen tool. The available encryption algorithms are RSA, ECDSA, or DSA (the "- t" option of the ssh-keygen command is used to specify the type of algorithm).

Useradd adminecho "123123" | passwd-- stdin adminsu-adminssh-keygen-t ecdsaGenerating public/private ecdsa key pair.Enter file in which to save the key (/ home/admin/.ssh/id_ecdsa): # specify the location of the private key. Enter directly and use the default location Created directory'/ home/admin/.ssh'. # the generated private key and public key files are stored by default in the hidden directory under the host directory .ssh / Enter passphrase (empty for no passphrase): # set the password for the private key Enter same passphrase again: # confirm that entering ls-l. SSH / id_ecdsa*#id_ecdsa is the private key file, and the permission defaults to 600 itinerecdsa.pub, which is used to provide the private key file to the SSH server

Import the public key text in the / home/zhangsan/.ssh/ directory of the server

Cd ~ / .ssh/ssh-copy-id-I id_ecdsa.pub zhangsan@192.168.80.10

Use key pair authentication on the client side

Ssh zhangsan@192.168.86.10lisi@192.168.86.10's password: # enter the password of the private key

Set up the ssh proxy function in the client to achieve interactive login-free

Ssh-agent bashssh-addEnter passphrase for / home/admin/.ssh/id_ecdsa: # enter the password ssh zhangsan@192.168.80.10 of the private key

* supplement

Scp ~ / .ssh/id_ecdsa.pub root@192.168.80.10:/opt # upload the public key under the local ~ / .ssh directory to the server's / opt directory mkdir / home/zhangsan/.ssh/ # create a .ssh directory cat / opt/id_ecdsa.pub > > / home/zhangsan/. under the server / home/zhangsan/ directory Ssh/authorized_keys # append the public key file in the / opt directory to the authorzed_keys file in the / home/zhangsan/.ssh/ directory cat / home/zhangsan/.ssh/authorized_keys # View the / home/zhangsan/.ssh/authorized_keys file on the server. Thank you for reading. The above is the content of "what is the method of Linux remote management and sshd service verification". After the study of this article, I believe you have a deeper understanding of what the method of Linux remote management and sshd service verification is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.