SSH remote management-scp and sftp transfer files

SSH remote management

Introduction to SSH

SSH (Secure Shell) is a secure channel protocol, which is mainly used to implement remote login and remote copy functions of a character interface.

SSH work

The SSH protocol encrypts the data transmission between the communicating parties, including the user password entered when the user logs in. Therefore, the SSH protocol has very good security.

Process

							网络
SSH客户端<--------------------------------------->SSH服务端
			数据传输是加密的，可以防止信息泄漏
			数据传输是压缩的，可以提高传输速度

Commonly used software

SSH client: Putty, Xshell, CRT
SSH server: OpenSSH

OpenSSH

Service name: sshd
server main program: /usr/sbin/sshd
server configuration file: /etc/ssh/sshd_config

SSHD service

OpenSSH is an open source software project that implements the SSH protocol, applicable to various UNIX and Linux operating systems

The CentOS 7 system has installed openssh related software packages by default, and the sshd service has been added as a boot-up auto-start.

Execute the "systemctl start sshd" command to start the sshd service. The
sshd service uses TCP port 22
by default. The default configuration file of the sshd service is /etc/ssh/sshd_config

Both ssh_config and sshd_config are configuration files of the ssh server. The difference between the two is that the former is a configuration file for the client, and the latter is a configuration file for the server.

Configure OpenSSH server

sshd_config配置文件的常用选项设置
vim /etc/ssh/sshd_config
Port 22 								#监听端口为 22
ListenAddress 0.0.0.0 					#监听地址为任意网段，也可以指定OpenSSH服务器的具体IP

LoginGraceTime 2m 						#登录验证时间为 2 分钟
PermitRootLogin no 						#禁止 root 用户登录
MaxAuthTries 6 							#最大重试次数为 6

PermitEmptyPasswords no 				#禁止空密码用户登录
UseDNS no 								#禁用 DNS 反向解析，以提高服务器的响应速度

#只允许zhangsan、lisi、wangwu用户登录，且其中wangwu用户仅能够从IP地址为61.23.24.25 的主机远程登录
AllowUsers zhangsan lisi wangwu@61.23.24.25 					#多个用户以空格分隔
#禁止某些用户登录，用法于AllowUsers 类似（注意不要同时使用）
DenyUsers zhangsan

Use SSH client program

1.ssh remote login

ssh [选项] zhangsan@192.168.80.10
当用户第一次登录SSH服务器时，必须接受服务器发来的ECDSA密钥（根据提示输入“yes”）后才能继续验证。接收的密钥信息将保存到～/.ssh/known_hosts 文件中。密码验证成功以后，即可登录目标服务器的命令行环境中了。

-p：指定非默认的端口号，缺省时默认使用 22端口
ssh -p 2345 zhangsan@192.168.80.10

2.scp remote replication

#下行复制
scp root@192.168.80.11:/etc/passwd /root/passwd10.txt		#将远程主机中的/etc/passwd文件复制到本机

#上行复制
scp -r /etc/ssh/ root@192.168.80.10:/opt					#将本机的/etc/ssh 目录复制到远程主机

3.sftp secure FTP

由于使用了加密/解密技术，所以传输效率比普通的FTP要低，但安全性更高。操作语法sftp与ftp几乎一样。
sftp root@192.168.80.10
Connecting to 192.168.80.10...
tsengyia@172.16.16.22's password:			#输入密码
sftp> ls
sftp> get 文件名		#下载文件到ftp目录
sftp> put 文件名		#上传文件到ftp目录
sftp> quit				#退出