Linux: ssh and management of services in Linux

 1.openssh
1.openssh: When the openssh service is enabled in the host, the remote connection interface is opened.
The server side of the openssh service: sshd

Client of openssh service: ssh


2. The way to connect to sshd on the client side: ssh server user@server ip address
For example

       ssh [email protected]   Use the ssh command on the client to connect to the root user of the 172.25.254.119 host


[root@localhost ~]# ssh [email protected]

The authenticity of host '172.25.254.200 (172.25.254.200)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d: bc:b0:08.
Are you sure you want to continue connecting (yes/no)?       When the current host connects to an unfamiliar host for the first time, it
                                              will be automatically established. ssh/know_hosts
                                              This article records the connected host information

[email protected] .254.219's password:                       Enter the password to connect successfully
Last login: Fri Mar 30 02:05:52 2018 from 172.25.254.119
[root@localhost ~]# exit                              means to exit the current connection
logout
Connection to 172.25.254.219 closed.

"Note: the above The connection method cannot open the graphics function of the remote host. If you need to open the graphics function of the remote host, you need to enter -X"
ssh -X [email protected]

cheese


2. Add a new authentication method KEY authentication to the ssh service
1. Generate locks and keys
[root@localhost ~]# ssh-keygen                           command to generate keys
Generating public/private rsa key pair.
Enter file in which to save the key ( /root/.ssh/id_rsa):   The file that saves encrypted characters uses the default 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):           can be empty, if you want to be empty, it must be more than 4 digits
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
00:4f:b0:72: 40:9f:a6:fb:91:86:d2:69:bc:7c:75:5f root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| .o o.. |
| o * |
| . * o |
| = . |
| . S |
| o + .. . E |
|. B +. . . . |
| + +.. . |
| o .. |
+-----------------+

2. The authentication of encrypted ssh users is
  on the server side
Example : ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
ssh-copy-id                       encryption command
-i                               specify key
/root/.ssh/id_rsa.pub                       key
root                               encryption user
172.25.254.219                               host ip

3. Verify

 Decrypted file transfer to client: scp /root/.ssh/id_rsa [email protected]:/root/.ssh/


 On client side: ssh [email protected]                                             connect without password


 On the server side: rm -fr /root/.ssh/authorized_keys                                When this file is deleted, the decryption file on the client side is invalid

 On the server side: cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys        to regenerate the lock file and restore the decryption file function


 
4. sshd security configuration

1. Prohibit the original authentication method


78 PasswordAuthentication no|yes      Enable or disable the default authentication method of ssh


48 PermitRootLogin no|yes      Enable or disable the root user's login permission


79 AllowUsers westos      user whitelist, the current setting is to only allow westos to log in
80 DenyUsers linux              user blacklist, the current setting is to only allow linux to log in


6. Service management in linux

systemctl action                         service
systemctl start      sshd              start service
systemctl stop      sshd              stop service
systemctl status      sshd              view service status
systemctl restart      sshd              restart service
systemctl reload      sshd              make service reload configuration
systemctl enable      sshd              set service start start
systemctl disable      sshd              set service start do not start
systemctl list-unit-files                      View the startup status of all services in the system
systemctl list-units                      View all enabled services in the system
systemctl set-default graphical.target      turn on graphics when booting
systemctl set-default multi-user.target      do not turn on graphics when booting

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325403363&siteId=291194637