SSH installation or setup under Ubuntu

　It is extremely easy to install OpenSSH Server under Ubuntu. There is only one command required:

　　sudo apt-get install openssh-server

(check the returned result, if there is no error, use putty, SecureCRT, SSH Secure Shell Client and other SSH clients client software, enter the IP address of your server. If all is well, wait a while and you should be able to connect. And you should be able to log in using your existing username and password.)

　　Then confirm that sshserver is up: (or use "netstat -tlp" command)

　　ps -e | grep ssh

　　If there is only ssh-agent, then ssh-server has not been started, you need /etc/init.d/ssh start, if you see sshd, it means ssh-server has been started.

　　The ssh-server configuration file is located in /etc/ssh/sshd_config, where you can define the SSH service port, the default port is 22, you can define other port numbers, such as 222. Then restart the SSH service:

　　sudo /etc/init.d/ssh resart

　　In fact, if there is no special requirement, OpenSSH Server is installed here. But with a little more setup, you can make OpenSSH login times shorter and more secure. All this is achieved by modifying the openssh configuration file sshd_config.

　　First of all, when you experimented with remote login just now, you may find that it takes a long time to enter the password after entering the user name. In fact, this is because sshd needs to check the dns information of the client. We can drastically improve the login speed by disabling this feature. First, open the sshd_config file:

　　sudo nano /etc/ssh/sshd_config

　　find the GSSAPI options section, comment out the following two lines:

　　#GSSAPIAuthentication yes #GSSAPIDelegateCredentials no Then restart the ssh service:

　　sudo /etc/init.d/ssh restart

　　and try to log in again , it should be very fast.

　　Using PuTTy to log

　　in to the server SSH service through certificate authentication, all content is encrypted and transmitted, and the security is basically guaranteed. However, if certificate authentication can be used, the security will be improved to a higher level, and after certain settings, the effect of certificate authentication and automatic login can be achieved.

　　First modify the sshd_config file and enable the certificate authentication option:

　　RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys After the modification is complete, restart the ssh service.

　　Next we need to establish the private and public keys for the SSH user. First, log in to the account where the key needs to be established. Here, pay attention to exit the root user. If necessary, use the su command to switch to another user. Then run:

　　ssh-keygen

　　Here, we can store the generated key in the default directory. During the establishment process, you will be prompted to enter passphrase, which is equivalent to adding a password to the certificate, and is also a measure to improve security, so that even if the certificate is accidentally copied, you will not be afraid. Of course, if this is left blank, the automatic login of PuTTy through certificate authentication can be realized later.

　　The ssh-keygen command will generate two keys. First, we need to rename the public key and leave it on the server:

　　cd ~/.ssh mv id_rsa.pub authorized_keys Then copy the private key id_rsa from the server and delete the id_rsa file.

　　The settings on the server are completed, and the following steps need to be done on the client computer. First, we need to convert the id_rsa file to a format supported by PuTTy. Here we need to use the PuTTyGEN tool:

　　click the Load button in the PuTTyGen interface, select the id_rsa file, enter the passphrase (if any), and then click the Save PrivateKey button, so that the private key accepted by PuTTy is ready.

　　Open PuTTy, enter the IP address of the server in Session, click the Browse button under Connection->SSH->Auth, and select the private key that was just generated. Then go back to the Connection option and enter the username to which the certificate belongs in the Auto-login username. Go back to the Session tab, enter a name and click Save to save the session. Click Open at the bottom and you should be able to log in to the server through certificate authentication. If there is a passphrase, you will be asked to enter the passphrase during the login process, otherwise it will log in directly to the server, which is very convenient. [size=large] [/size]