Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to use ssh". In daily operation, I believe many people have doubts about how to use ssh. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use ssh". Next, please follow the editor to study!

What is ssh?

Ssh is a remote encrypted transport protocol, not the so-called secret-free login function, that is only a small part of it, you can understand that it is an encryption protocol like https, which helps to improve security, isn't it better to understand?

In addition, ssh is built into many systems, such as window, linux, mac.

What's the use of ssh?

Ssh strengthens remote applications, replacing the traditional remote protocols ftp, pop and telnet, because these protocols are inherently insecure. They all transmit data in clear text and are easily stolen by middlemen. Ssh protocol can solve these problems. It gives these data a layer of encryption protection during remote transmission, which makes it difficult for attackers to crack, which is why protocols such as sftp / scp / winscp came out later. They are all created based on ssh, such as sftp, which is the secure version of the traditional remote file protocol ftp.

How to use ssh

Individuals prefer to call it a remote tool, that is, log in to the remote server through the ssh command, and then help pass and encrypt the data between the local host and the server host.

First, password login

The command is as follows

/ / format ssh user@host// case ssh root@111.222.333.333

After entering the above command, ssh will prompt you to enter the remote server password, after entering the correct password, you can enter the remote server to start interaction, in addition, because the password login every time you need to enter the server password, so basically use the second way: public key login.

TIp: password login actually solves the problem of the previous man-in-the-middle attack, because the previous ssh login can enter the server directly by entering the password, but because the middleman can impersonate the server to interact with the client to obtain the password, and then use this password to interact with the real server, this is the so-called man-in-the-middle attack. Later, in order to solve this problem, the password login appeared. It will actively send a fingerprint on the first remote host, which belongs to the server. At this time, you can find out whether the fingerprint of the server is consistent with this fingerprint. If so, you can enter yes directly. That is to say, the password login gives you an option to identify whether it is a real server.

II. Public key login

The function of public key login is the so-called secret-free login, and the way to use it is very simple, that is, put the public key in the server ~ /. Ssh/authorized_keys file, the next time you log in, you will save the password verification and go directly to the server.

1. If you have a public key, you must have a private key, which is also called a secret key. It will be placed in the .ssh / directory by default. The command to generate the key is as follows.

Ssh-keygen-t rsa-C "your mailbox"

The generation process will prompt you to enter a password, which can prevent an extra layer of protection when your key is stolen by someone else. If you don't need this password, you can enter all the way.

Enter passphrase (empty for no passphrase):

After that, two files are automatically generated in ~ / .ssh: id_rsa private key / id_rsa.pub public key

2. Give the private key id_rsa to ssh-agent management

Ssh-agent / .ssh/id_rsa

Ssh-agent function: when your secret key is set to passhrase, you need to enter this password every time you log in, which will be very troublesome, and ssh-agent is to solve this problem. If this command prompts you to report an error, maybe you haven't started it. You can enter the following command in git / linux to start ssh-agent.

Eval `ssh- agent`

3. Upload id_rsa.pub content to the server ~ / .ssh/authorized_keys

Upload method 1: with the help of ssh-copy-id tool

Ssh-copy-id-I id_rsa user@host

Upload method 2: manually command upload

$cat ~ / .ssh/id_rsa.pub | ssh user@host "mkdir-p ~ / .ssh & & cat > > ~ / .ssh/authorized_keys"

The above command will replace your user@host, and now you can log in to the server without secret login.

Ssh rectification

Ssh is not designed to implement secret-free login, that is just the tip of the iceberg, ssh is more used for remote operation. Ssh interacts with the remote server according to the commands it provides, and during this interaction it will help you encrypt the transmission. This is called the remote encrypted transfer protocol, which you can understand as similar to https, but with one more command interaction than https.

All right, that's it. If you have any questions, you are welcome to leave a message below.

At this point, the study of "how to use ssh" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.