1.SSH (secure shell): The character interface remote login is more secure than TELNET (port 23) because of the encryption process. tcp22 port
*
TELNET: LAN routers, switches, etc.
*
SSH: Cloud host, remote connection to the public network (install open ssh installation package)
*
Server configuration file: /etc/ssh/sshd_config
*
Client configuration file: /etc/ssh /ssh_config
*
Server main program: /usr/sbin/shd
*
Service name: sshd
2. ssh service settings
cd /etc/ssh
cp -p sshd_config sshd_config. KaTeX parse error: Expected'}', got'EOF' at end of input:… sshd_config{,. (date “+%F-%T”) }
vim sshd_config
*
AuthorizedKeysFile .ssh/autorized_key key pair login file
*
PasswordAuthentication NO Only allows key pair login
*
PermitEmptyPasswords NO does not allow users with empty passwords to log in
*
UseDNS NO does not use DNS for reverse analysis
手动添加黑白名单
*
AllowUsers amber [email protected] Only these logins are allowed
*
DenyUsers lisi does not allow lisi logins
systemctl reload sshd smooth restart
ssh -P 22 [email protected] connection test
3. scp command (remote secure copy)
format 1: scp user@host:file1 file2
format 2: scp file1 user@host:file2
1>copy files from the server to the client
Options:
-P 22 specify port -p reserved permissions ( Ownership group, timestamp, etc.)
-r Recursive copy
Example: scp [email protected]:/aaa/* /bbb/ #Server→Client
2>Client to server
Example: scp client.txt tom@ 192.168.42.131:/home/jerry/client1.txt
4. sftp command (port 22, login required)
example:
sftp [email protected]
mget /aaa/*
exit
ls
And get put command
5. Build an ssh system for key pair verification
1). Linux
ssh-keygen command uses RSA and DSA encryption algorithms
su-XXX
ssh-keygen #Generate key pair
ls .ssh/
ssh-copy-id -i /home/XXX /.ssh/id-rsa.pub [email protected] #Send the public key to the host
(if the port number changes, add the port number option -P 22, and then enter the password to log in to the host)
ssh -P 22 tom@ 192.168.42.128
#Login At this time, there are more .ssh/authorized_keys public key files for the tom host. If you add a login machine, the content will be added to this file
2) New user key wizard in windows
*
xshell tool, created and saved.
*
Login who is under whom cd .ssh/
*
Public key is dragged into the host, id_rsa_2048.pub appears
*
cat /home/tom/, ssh to view the name, change id_rsa_2048.pub name to authorized_keys
*
If you want to log in to other things such as tom cat .ssh/authorized_key >> /home/tom/.ssh/authorized_key
*
ll authorized_keys,ll /home/tom/.ssh/authorized_keys to see if the permissions are the same
*
chmod 600 authorized_keys
*
Select the public key option in xshell when connecting
6. TCP Wrappers protection (similar to a firewall)
* The
tcpd main program wraps other services and uses the function library libwrap.so.o
*
Condition: For services using the tcp protocol, the function library must include libwrapso.o (view by ldd command)
*
/ etc/hosts.allow and /etc/hosts.deny two file control (allow has high priority)
7. Source of yum software package
*
local
*in the
local area network (company yum server)
*
public network
8. Build a local yum server based on ftp
The yum library is usually released through the HTTP or FTP protocol, and provides software packages and dependencies.
Host: Install vsftpd, start the service
mkdir -p /var/ftp/Centos7
mount /dev/sr0 /var/ftp/Centos7
Client:
cd /etc/yum.repos.d
mkdir bak/
mv *o bak/
vim ftp. repo
yum clean all
yum makecache
Host:
mkdir bak
mv *o bak/
vim local.repo
yum makecache
The new client takes the configuration file directly from the host
Client:
scp /etc/yum.reppos.d/ftp.repo 129.168.42.128:/var/ftp
Another client:
wget -o /etc/yum.repos.d /ftp.repo ftp://192.168.42.128/ftp.repo
9. Custom yum source
Install Ali yum and epel source, find the method by
yourself to solve 10. NFS sharing service (TCP UDP111 port) has
no user authentication mechanism, for internal use Net plaintext sharing
Host:
Install the nfs-utils rpcbind software package. Pay attention to start the rpcbind software first.
system start rpcbind
systemctl start nfs
systemctl enable nfs
mkdir /www/
useradd admin
grep admin /etc/passwd
chown admin:admin /www/
vim /etc/exports
Join
/www 192.168.80.0/24 (rw,all_squash,anonuid=1000,anongid=1000)
exprots -ar
Client:
Install two software and start the service.
Function: Can be used for web page synchronization update
Highly available load balancing
11. Common port
SMTP TCP25 port Simple mail transfer protocol
POP TCP110 port receiving mail
IMAP TCP143 port Internet access protocol