1.openssh: When the openssh service is enabled in the host, the remote connection interface is opened.
The server side of the openssh service: sshd
Client of openssh service: ssh
For example
ssh [email protected] Use the ssh command on the client to connect to the root user of the 172.25.254.119 host
[root@localhost ~]# ssh [email protected]
The authenticity of host '172.25.254.200 (172.25.254.200)' can't be established.ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d: bc:b0:08.
Are you sure you want to continue connecting (yes/no)? When the current host connects to an unfamiliar host for the first time, it
will be automatically established. ssh/know_hosts
This article records the connected host information
[email protected] .254.219's password: Enter the password to connect successfully
Last login: Fri Mar 30 02:05:52 2018 from 172.25.254.119
[root@localhost ~]# exit means to exit the current connection
logout
Connection to 172.25.254.219 closed.
"Note: the above The connection method cannot open the graphics function of the remote host. If you need to open the graphics function of the remote host, you need to enter -X"
ssh -X [email protected]
cheese
1. Generate locks and keys
[root@localhost ~]# ssh-keygen command to generate keys
Generating public/private rsa key pair.
Enter file in which to save the key ( /root/.ssh/id_rsa): The file that saves encrypted characters uses the default
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): can be empty, if you want to be empty, it must be more than 4 digits
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
00:4f:b0:72: 40:9f:a6:fb:91:86:d2:69:bc:7c:75:5f root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| .o o.. |
| o * |
| . * o |
| = . |
| . S |
| o + .. . E |
|. B +. . . . |
| + +.. . |
| o .. |
+-----------------+
2. The authentication of encrypted ssh users is
on the server side
Example : ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
ssh-copy-id encryption command
-i specify key
/root/.ssh/id_rsa.pub key
root encryption user
172.25.254.219 host ip
3. Verify
Decrypted file transfer to client: scp /root/.ssh/id_rsa [email protected]:/root/.ssh/
On client side: ssh [email protected] connect without password
On the server side: cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys to regenerate the lock file and restore the decryption file function
4. sshd security configuration
1. Prohibit the original authentication method
78 PasswordAuthentication no|yes Enable or disable the default authentication method of ssh
48 PermitRootLogin no|yes Enable or disable the root user's login permission
80 DenyUsers linux user blacklist, the current setting is to only allow linux to log in
6. Service management in linux
systemctl action servicesystemctl start sshd start service
systemctl stop sshd stop service
systemctl status sshd view service status
systemctl restart sshd restart service
systemctl reload sshd make service reload configuration
systemctl enable sshd set service start start
systemctl disable sshd set service start do not start
systemctl list-unit-files View the startup status of all services in the system
systemctl list-units View all enabled services in the system
systemctl set-default graphical.target turn on graphics when booting
systemctl set-default multi-user.target do not turn on graphics when booting