set ip

As shown below

Set the desktop ip to the real machine ip plus 100, which is 192.168.122.101

In the same way, set the server to the real machine ip plus 200, which is 192.168.122.201

After setting, you can view it separately

sshd.service service

1.open sshd.service

systemctl status sshd.service View the status of sshd-service on the server side

systemctl start sshd.service opens the server-side sshd.service service

Function: Let the remote host access the sshd service over the network and start a secure shell

Client connection method

ssh remote host user @ remote host ip

    When the current host connects to an unfamiliar host for the first time, it
    will automatically establish .ssh/know_hosts
    This article records the connected host information
                           #
[email protected]'s password: #Enter password to connect successfully

exit exit the connection

ssh remote host user @ remote host ip -X call remote host graphics tool

As shown above, when connected directly (without -X), gedit does not display, when -X is added, the graphics function of the remote host is invoked, and gedit is displayed.

ssh      remote host user @ remote host IP

command     run a command directly on the remote host

For example, use the desktop side to create a file file{1..3} on the server side desktop

Use the desktop side to delete the file file{1..3} on the server side desktop

Display connection information on the server side

w -f

ps aux |grep pts/0 Display specific information of pts/0

Add a new authentication method KEY authentication to the ssh service

1. Generate locks and keys on the server side

[root@localhost ~]# ssh-keygen ##
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #Save the encrypted character file with Default
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #Can be empty, if you want to be empty, it must be more than 4 digits
Enter same passphrase again:
Your identification has been saved in /root/.ssh/ id_rsa. ##Private key
Your public key has been saved in /root/.ssh/id_rsa.pub. ##Public key

View the file ls /root/.ssh in this directory

Note: id_rsa in the above picture: private key (that is, the key) id_rsa.pub: public key (that is, the lock).
2. Add key authentication method

[root@server0 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.122.201

ssh-copy-id    tool for adding key authentication methods

-i specifies the encryption key file

/root/.ssh/id_rsa.pub encryption key

root encrypted user is root

192.168.122.201    encrypted host ip

Note: To confirm the password of the encrypted host.

Test : Change the user password authentication status in the ssh-server configuration file, yes to support no to close

① vim  /etc/ssh/sshd_config

② Change the status to no on line 78

③Save and exit (wq)

④Restart the service (systemctl restart sshd.service) otherwise it will not take effect

⑤The server side host cannot be connected

Proof: When the user password authentication status is changed to no, after the remote host (server-side host) is locked, the desktop-side host cannot be connected.

.Distribute the key to the desktop (client) host Note: first change the user password authentication status to yes

[root@server0 ~]# scp /root/.ssh/id_rsa root@IP:/root/.ssh/

scp copy as superuser

/root/.ssh/id_rsa copy the file (key)

root@ client ip ip address is the client 's host ( desktop host) as root

: /root/.ssh/ will copy the file to the address of the specified host

After the host key is distributed to the client side, the id_rsa file can be found in the /root/.ssh/ directory. At this time, when the user authentication status is no, the server side host can also be accessed.

#On the client
ssh [email protected] #Connection does not require a password

#On the server side
rm -fr /root/.ssh/authorized_keys ##When this file is deleted, the client decryption file will be invalid

A password is required when connecting