ssh remote service connection control

[root@localhost ~]# ps aux | grep ssh
root 937 0.0 0.4 112900 4324 ? Ss 17:56 0:00 /usr/sbin/sshd -D
root 1196 0.0 0.6 161512 6084 ? Ss 17:57 0:00sshd: root@pts/0
root 1237 0.0 0.0 112812 964 pts/0 S+ 18:20 0:00 grep --color=auto ssh
[root@localhost ~]# ps -elf |grep ssh
4 S root 937 1 0 80 0 - 28225 poll_s 17:56 ? 00:00:00 /usr/sbin/sshd -D
4 S root 1196 937 0 80 0 - 40378 poll_s 17:57 ? 00:00:00 sshd: root@pts/0
0 S root 1240 1198 0 80 0 - 28202 pipe_w 18:20 pts/0 00:00:00 grep --color=auto ssh

对应服务端软件

[ root@localhost ~]# rpm -qf /usr/sbin/sshd
openssh-server-7.4p1-21.el7.x86_64

4. Client software

Windows

XShell

SecureCRT

Putty

Linux

ssh command

[root@localhost ~]# which ssh
/usr/bin/ssh
[root@localhost ~]# rpm -qf /usr/bin/ssh
openssh-clients-7.4p1-21.el7.x86_64

Two, ssh main command

1. ssh remote login command

ssh root@The host ip address that needs to be logged in

2. scp remote copy command

scp root@host address to be copied: file path to be copied/pasted file path

scp -rP 10022@host ip address: /address to be pasted

Specify the port number (-P) and remotely copy the entire directory (-r) to the specified local directory

3.sftp: encrypted remote copy command

sftp is based on ssh service and encrypts the process of ssh service. Although the transmission efficiency is lower than ssh, the security is higher. The downloaded file can only be saved to the current directory, and the directory cannot be specified, but the uploaded file can specify the directory
sftp -P specifies the port number

4. openssh service

Client configuration file location: /etc/ssh_conf
Server configuration file location: /etc/sshd_conf (generally modify this configuration file)
Whether it is ssh, scp or sftp, the default port number is 22 based on the openssh service

3. Build an ssh system for key pair verification (password-free login)

1. Implementation process

2. Key principle

In ssh, it is a parameter, the parameter in the input of the algorithm that converts the file into ciphertext or converts ciphertext into plaintext
There are three algorithms, rsa, ECDSA, and DSA represent three encryption methods
2.1 Symmetric key
2.2 Asymmetric key
sshc: 1. User account login password
2. Key login
The location of the configuration file: /etc/ssh/sshd_config

3. Create a key pair

Since the above key pair functions are enabled by default, you can directly operate

ssh-keygen -t ## Create a key pair and specify the encryption method (algorithm type)
Go to home directory and check
ssh-copy-id -i id_ecdsa.pub [email protected]
## After the client is created, pass the specified key file (-i) public key file to the server
ssh-agent bash ##Interactive login free
ssh-add ##Refresh the environment to generate a key pair
Password-free login is suitable for production environments with long passwords and frequent switching between multiple users. Quick login