In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/02 Report--
This article mainly explains "what is the method of Linux remote management and sshd service verification". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the method of Linux remote management and sshd service verification".
I. SSH remote management
SSH definition
SSH (Secure Shell) is a secure channel protocol, which is mainly used to realize remote login and remote replication of character interface.
SSH protocol encrypts the data transmission between the two sides of the communication, including the user password entered when the user logs in. Therefore, SSH protocol has good security.
Advantages of SSH
Data transmission is encrypted to prevent information leakage
Data transmission is compressed, which can improve the transmission speed.
SSH profile
The default configuration file for the sshd service is / etc/ssh/sshd_config
Ssh_config and sshd_config are both configuration files for the ssh server
The difference between the two is that ssh_config is a configuration file for the client and sshd_config is a configuration file for the server.
SSH client and server
SSH clients: Putty, Xshell, CRT
SSH server: OpenSSH
OpenSSH is an open source software project that implements SSH protocol, which is suitable for all kinds of UNIX and Linux operating systems.
The CentOS 7 system has openssh-related software packages installed by default, and the sshd service has been added as self-booting.
2. Configure OpenSSH server
1. Common options settings for shd_config configuration files
Vim / etc/ssh/sshd_configPort 22 # listening port is 22ListenAddress 0.0.0.0 # listening address is any network segment You can also specify that the specific IPLoginGraceTime 2m # login authentication time of the OpenSSH server is 2 minutes PermitRootLogin no # forbids root users to log on to MaxAuthTries 6 # the maximum number of retries is 6PermitEmptyPasswords no # prohibit empty password users from logging in to UseDNS no # disable DNS reverse parsing To improve the response speed of the server # only zhangsan, lisi and wangwu users are allowed to log in, and wangwu users can only log in remotely from the host with IP address 61.23.24.25 AllowUsers zhangsan lisi wangwu@61.23.24.25 # multiple users are separated by spaces # prohibit some users from logging in, the usage is similar to AllowUsers (do not use at the same time) DenyUsers zhangsan
2. Allowusers and Denyusers
Allowusers... # only so-and-so users are allowed to log in to Denyusers. # prohibit some users from logging in, similar to AllowUsers (be careful not to use it at the same time)
3. Remote replication
Scp root@192.168.86.10:/etc/passwd / root/passwd10.txt
4. Sftp secure FTP
Due to the use of encryption / decryption technology, the transmission efficiency is lower than the ordinary FTP, but the security is higher. The operation syntax sftp is almost the same as ftp.
Sftp root@192.168.184.20sftp > lssftp > get file name # download file to ftp directory sftp > put file name # upload file to ftp directory sftp > quit # exit 3. Sshd service supports verification
Password authentication
Verify the login name and password of the local system user in the server. Simple, but may be cracked by violence, violence cracking can be seen before the blog has a detailed description of the system weak password detection
Key pair verification
Matching key information is required to pass verification. Typically, a pair of key files (public key, private key) are created in the client, and then the public key file is placed in a specified location on the server. When logging in remotely, the system will use the public key and private key for encryption / decryption association verification. Can enhance security, and can avoid mutual login.
When both password authentication and key pair authentication are enabled, the server gives priority to key pair authentication. The verification method can be set according to the actual situation.
Vim / etc/ssh/sshd_config # Edit server master profile PasswordAuthentication yes # enable password authentication PubkeyAuthentication yes # enable key pair authentication AuthorizedKeysFile .ssh / authorized_keys # specify public key store file
Create a key pair on the client
Create a key pair file for the current user through the ssh-keygen tool. The available encryption algorithms are RSA, ECDSA, or DSA (the "- t" option of the ssh-keygen command is used to specify the type of algorithm).
Useradd adminecho "123123" | passwd-- stdin adminsu-adminssh-keygen-t ecdsaGenerating public/private ecdsa key pair.Enter file in which to save the key (/ home/admin/.ssh/id_ecdsa): # specify the location of the private key. Enter directly and use the default location Created directory'/ home/admin/.ssh'. # the generated private key and public key files are stored by default in the hidden directory under the host directory .ssh / Enter passphrase (empty for no passphrase): # set the password for the private key Enter same passphrase again: # confirm that entering ls-l. SSH / id_ecdsa*#id_ecdsa is the private key file, and the permission defaults to 600 itinerecdsa.pub, which is used to provide the private key file to the SSH server
Import the public key text in the / home/zhangsan/.ssh/ directory of the server
Cd ~ / .ssh/ssh-copy-id-I id_ecdsa.pub zhangsan@192.168.80.10
Use key pair authentication on the client side
Ssh zhangsan@192.168.86.10lisi@192.168.86.10's password: # enter the password of the private key
Set up the ssh proxy function in the client to achieve interactive login-free
Ssh-agent bashssh-addEnter passphrase for / home/admin/.ssh/id_ecdsa: # enter the password ssh zhangsan@192.168.80.10 of the private key
* supplement
Scp ~ / .ssh/id_ecdsa.pub root@192.168.80.10:/opt # upload the public key under the local ~ / .ssh directory to the server's / opt directory mkdir / home/zhangsan/.ssh/ # create a .ssh directory cat / opt/id_ecdsa.pub > > / home/zhangsan/. under the server / home/zhangsan/ directory Ssh/authorized_keys # append the public key file in the / opt directory to the authorzed_keys file in the / home/zhangsan/.ssh/ directory cat / home/zhangsan/.ssh/authorized_keys # View the / home/zhangsan/.ssh/authorized_keys file on the server. Thank you for reading. The above is the content of "what is the method of Linux remote management and sshd service verification". After the study of this article, I believe you have a deeper understanding of what the method of Linux remote management and sshd service verification is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 278
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.