This blog will describe the two security verification methods provided by the sshd service, and use these two methods to perform remote login between two Linux virtual machines.
Ready to work:
(1) Prepare two virtual machines with Linux system installed, and the virtual machine software adopts VMware;
(2) Set the two virtual machines under the same network segment, and they can ping each other. You can use the nmtui command to set;
(3) Install the sshd service on the two virtual machines. I use the local yum warehouse to install here. The steps are as follows:
The first step: execute yum install sshd*
Step 2: Start the sshd service, command: systemctl start sshd
Step 3: Check if there is port 22, command: netstat -an|more, the screenshot is as follows
At this point, the preparations are complete,
Before starting the introduction, first explain the virtual machine, yum local warehouse name and IP address used in this blog as follows:
CPU name |
IP |
hbza |
192.168.0.100 |
hbza-brother |
192.168.0.111 |
yum |
192.168.0.10 |
the first method:
Password-based security verification: After verifying the account and password, you can log in to the remote host.
This method is relatively simple. We use hbza as the server and hbza-brother as the client. We use the ssh service program to connect to the server remotely on the client.
Open the terminal on hbza-brother and directly execute the command: ssh 192.168.0.100
Wait a moment, the following interface appears, we enter the password of hbza
The following interface appears, which means that we have successfully logged in remotely, and we can perform a series of operations on hbza. For example: file creation and modification.
Execute the exit command to log out and perform the following experiment.
The second method (difficulty): Key-based security verification: It is necessary to generate a "key pair" locally and then transmit the public key to the server for comparison of public keys.
Step 1: Generate a "key pair" on the local host hbza-brother, command: ssh-keygen
note:
Enter file in which to save the key (/root/.ssh/id_rsa): press Enter here or set the storage path of the key
Enter passphrase (empty for no passphrase): Enter here or set the key password
Step 2: Transfer the generated key to the remote host hbza, command: ssh-copy-id 192.168.0.100
The following interface appears, enter the remote host hbza password in the second red box.
Wait for a while, the following interface appears, indicating that the transfer was successful
Step 3: Modify the sshd configuration file in the remote host hbza, command: vi /etc/ssh/sshd_config
File storage location: /etc/ssh/sshd_config
After opening the configuration file,
(1) Set the parameter that allows password verification to no
(2) Set the parameter that allows key verification to yes
(3) Save and exit
Step 4: Restart the ssh service program to take effect
Step 5: Try to log in remotely without a password
The following page appears and we show that the login is successful.