Shulou(Shulou.com)06/03 Report--

SSH is an acronym for Secure Shell, by IETF's network team (Network Working Group)

SSH is a network protocol used to encrypt logins between computers. If a user logs in to another remote computer from the local computer using the SSH protocol, we can assume that the login is secure and that the password will not be disclosed even if intercepted halfway. In the earliest days, Internet communications were all plaintext communications, and once intercepted, the content was undoubtedly exposed. In 1995, Finnish scholar Tatu Ylonen designed SSH protocol, which encrypts all login information, which has become a basic solution of Internet security. It has been rapidly promoted all over the world, and has become the standard configuration of Linux system. SSH is just a protocol, it is free software, and it is widely used.

Prepare two linux virtual machines: server: 192.168.100.101 client: 192.168.100.1021: client # ssh root@192.168.100.101 / / remote access to the 192.168.100.101 sshd service in linux allows root users to log in by default, but this is a very insecure common practice: log in first ordinary users use su to switch root users according to actual needs

2: the settings below the server prohibit root users from logging in to vim / etc/ssh/sshd_config / / (ssh main profile) PermitRootLogin no / / deny root users to log in to Allowusers zzz zkc / / only allow zzz zkc users to log in to service sshd restart / / restart the service

3: the server creates a user zzz (there is a zkc user in my system), but at this time all zzz zkc users can use su to switch to root users, so it is not very secure, so the following configuration: forbid ordinary users to switch between root users and only give zzz users the right to switch root # gpasswd-a zzz wheel / / add zzz to wheel # vi / etc/pam.d/su / recognition Certificate configuration auth required pam_wheel.so use_uid / / remove the # sign at the beginning of this line

4: go to the client to test the success of ssh @ root192.168.100.101 can not log in ssh @ zkc192.168.100.101 can log in can not switch root ssh @ zzz192.168.100.101 can log in can switch

5: switch to the ssh server to configure the SSH key # vi / etc/ssh/sshd_config / / Edit sshd_config PubkeyAuthentication yes / / enable key pair authentication AuthorizedKeysFile .ssh / authorized_keys / / specify the public key data file service sshd restart / / restart the sshd service

6: go back to the client useradd benent / / create the user benet passwd benet/ / set the benet user password su-benet/ / switch the user to benet ssh-keygen-t rsa / / create a key pair (set the private key phrase to confirm the private key phrase) ls-a / home/benet/.ssh / / view the private key location (the key file is hidden with-a) Cd / home/benet/.ssh / / to the private key storage directory

7:ssh-copy-id-I id_rsa.pub zhangsan@192.168.100.101 / / upload the public key to the server (the public key is under / home/zzz/.ssh of the server) ssh zzz@192.168.100.101 / / use ssh to log in to the zzz user on the server (at this point, you can log in as long as you enter the private key phrase) / / you do not need to set the ssh proxy function on the client The password can access / / ssh-agent bash ssh-add

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.