SSH server configuration
When doing this experiment, we must distinguish whether the command is executed on the server side or on the client side. Don't be confused! ! !
Experiment process and purpose:
create a new user zhangsan on the server, and create a new user lisi on the client. By configuring the SSH server on the server, zhangsan users can log in to the lisi user
experimental environment without a secret key (this experiment uses VmwareWorkstation software)
| Host type | CPU name | operating system | IP address |
|---|---|---|---|
| SSH server | server | CentOS7 | 192.168.11.38 |
| SSH client | client | CentOS7 | 192.168.11.2 |
1. Experimental environment preparation-configure the virtual machine network type (both hosts must be configured to be the same)
2. Experimental environment ready - to modify the host name (we have here is a temporary force, to permanent use hostnamectl set-hostname+主机名commands such as: hostnamectl set-hostname server)
server
[root@localhost ~]# hostname server
Reopen the terminal to see the effect
. Successfully modify the host name.
Client
[root@localhost ~]# hostname client
Re-open the terminal, you can see the effect of
modifying the host name successfully
3. Experimental environment preparation-configure the IP addresses of the two hosts Configure
in the network settings (take the server as an example) After
configuring the IP address, remember to restart the network card, and then Check whether the configuration is successful.
Server
[root@server ~]# ifdown ens33
[root@server ~]# ifup ens33
[root@server ~]# ifconfig
Client
[root@client ~]# ifdown ens33
[root@client ~]# ifup ens33
[root@client ~]# ifconfig
Start experiment
1. Start the SSH service ( server)
1. Check whether the SSH software package has been installed on the server
[root@server ~]# rpm -qa | grep ssh
If not, use the [root@server ~]# yum -y install openssh-servercommand to install
2. Turn on the SSH service
[root@server ~]# systemctl start sshd.service
Check whether the TCP port 22 is open ( 22 is the listening port of the SSH server)
[root@server ~]# netstat -ntpl | grep 22
2. SSH client connects to the server (password authentication)
Use the other party's host account to log in to
SSH, the other party's host account@the other party's host IP
[root@client ~]# ssh root@192.168.11.38
Three, SSH client connects to the server (private key authentication)
1) Use the ssh-keygen command to generate public and private keys. The generated private key is by default in the current operating user's home directory/ .ssh/ folder
2) using ssh-copy-id command sends the generated public key to the other party's host up automatically saved in the remote login user name to be used in other host next home directory /.ssh/authorized_ keys to file ( .ssh hidden table of Contents)
No password is required to log in again
1. Create a zhangsan user on the server and change the password
[root@server ~]# useradd zhangsan
[root@server ~]# passwd zhangsan
Default server zhangsan user home directory
2. The client creates a lisi user and changes the password
[root@client ~]# useradd lisi
[root@client ~]# passwd lisi
The default client lisi user home directory
3. Use the command to generate the key pair on the server sidessh-keygen
[zhangsan@server root]$ ssh-keygen
Generate .ssh hidden directory
4. The server uses the ssh-copy-idcommand to copy the generated public key to the target host (client), and log in with the lisi on the other host
[zhangsan@server root]$ ssh-copy-id lisi@192.168.11.2
5. Check whether the public key generated by zhangsan on the server side is successfully saved under the client lisi user
[lisi@client ~]$ cd /home/lisi/.ssh
6. Verification
(1)
[zhangsan@server root]$ ssh lisi@192.168.11.2
Server-side zhangsan users can log in to lisi users on the client without password (log in without entering a login password)
(2)
[root@server ~]# ssh lisi@192.168.11.2
The root user of the server cannot use lisi to log in to the client without secret ssh, and requires a password to log in. This is
equivalent to that on the client, the four user authorizes the server-side server to trust the user Zhang San to log in without secret
. The public key of Li Si encrypts Li Si's password to establish this trusted connection.
That's all for today's sharing. There may be many shortcomings, and I hope you will actively point out. If you have any questions, you can directly private message or comment, and the blogger will definitely reply. Everyone must distinguish whether the command is executed on the server side or on the client side. Don't be confused! ! !