#######redhat 7.0 environment########
what is ssh? ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. (Translate yourself)
Before talking about the usage of the ssh service, you need to know whether the service is enabled
The command to check whether the ssh service is enabled: systemctl status sshd. After entering this command, you will get the following prompt
The last word disabled in the second line means that the sshd service does not start automatically
The third line inactive (dead) indicates that the sshd service is currently closed
Now let's start the sshd service, enter systemctl start sshd, and then enter systemctl status sshd to view the results
Now we can see that the third line is active (running), which means that the sshd service is currently enabled, but it still does not start at boot. However, this does not affect our use of sshd, and how to manage these services is beyond the scope of our discussion in this section.
What can ssh do? For example, I have a friend who has some problems with his computer, but now he is in Beijing and I am in Xi'an. In order to repair a computer for him, I am not worth going to Beijing, what should I do? with ssh.
First you have to know his ip address, then log in to his root user, use the command: ssh root@***.***.*.*** The asterisk represents ip
After entering the command, there will be a prompt asking if you are sure about the connection? Enter yes, and then enter his root password to enter his computer. But there is a downside to this. I know his root password, and then I can do whatever I want on his computer, so he is definitely unwilling. If I accidentally delete the seeds that he has treasured for many years , he will definitely kill me.
######I am his identity now######
So what should he do in this situation? (ps: I'm doing it as him now) You can put a lock on your computer first, and then the person who needs to enter your computer has a key. You can delete the lock when you don't want others to enter. How to do it?
Step 1: Delete everything under /root/.ssh/, if there is no .shh folder, create one.
Step 2: In the .ssh folder, create a key and use the command ssh-keygen
After entering the command, the first prompt asks you where it exists, the default is fine, just press Enter. The second question asks you to enter a password, which is the password that others will need to enter your host in the future when they have the private key. After entering it, enter it again, and a key and a lock will be generated.
id_rsa is called the private key, that is, the key, and id_rsa.pub is called the public key.
Step 3: Use the lock to lock the user of the local machine. Taking root as an example, the command is ssh-copy-id root@***.***.*.*** id is the id of the local machine. After pressing Enter, you will be prompted whether to connect? Answer yes, then you will be prompted to enter the password to lock the user, and now to lock root, just enter the root password.
Step 4: Anyone who wants to connect to this computer can send the private key to whoever. For example, I send it to a user called playsand. The command is:
scp id_rsa playsand@***.***.*.***:/home/playsand/.ssh This asterisk represents the id of the playsand user, and the latter represents the storage path. Be sure to create one under playsand .ssh directory, if there is one, clear the contents inside.
##### Now I am a playsand user #####
In your own .ssh directory, enter ssh root@***.***.*.*** id is the id of root, and you will be prompted to connect after pressing Enter? Answer yes, and then you will be prompted to enter a password. This password is the password set in the second step above. After entering it, you will enter. If you enter the wrong password, the system will prompt you to enter the root password. Similarly, you can enter the root password to enter, which is the same as the beginning.
##### Now I am root ####
There are a few small settings here:
1. It is very dangerous to let others log in to your root user. How can you let others not be able to log in to your root user?
编辑ssh_config文件(vim /etc/ssh/ssh_config),将#PermitRootLogin yes改成PermitRootLogin no(大约在48行),推出保存之后,重启以下ssh服务(systemctl reload sshd)
2.要是不认识的人或者有恶意的人不小心得到了私钥和密码,对于本机来说很危险,可以设置白名单,让指定的人可以登录;
同样vim /etc/ssh/ssh_config,找一个空行写下:allowusers 指定用户名,这样只有指定的用户可以登录本机。e.g:allowusers playsand 就是允许playsand用户登录,其他用户都登录不了,同理,重启下ssh服务。
3.让别人知道登录自己的root密码或者用户密码总是不安全的,怎样让别人只能通过私钥密码登录?
同样vim /etc/ssh/ssh_config,将passwordAuthentication yes 改成passwordAuthentication no ,这样,别人只能通过私钥密码登录本机。修改完重启ssh服务。