Linux: ssh configuration

Enterprise 2023-07-12 11:27:04 views: null

environment

 

Intranet win10 192.168.25.1

Server centos inside-192.168.25.11 outside-192.168.254.11

Extranet server 192.168.254.10

The service name is: sshd The default port number is: 22

rpm -qc openssh-server.x86_64

# View the configuration file

 

*Server main program: /usr/sbin/sshd
*Server configuration file: /etc/ssh/sshd_config

 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

# backup it first 

 Modify the main configuration file

vim /etc/ssh/sshd_config
# modify the configuration file

 line 17

Port 22 # can change the port

Default 22 can also be changed to other

systemctl restart sshd 

line 18

Protocol 2 #Version 2 is more secure than version 1, if not, add it yourself

systemctl restart sshd

# Restart the service to take effect

 line 20

ListenAddress 192.168.254.254.11

#Listening address, the meaning above is to allow 192.168.254.1, which means that the external network connection cannot be connected to the internal network

192.168.25.11 intranet ssh software connection failed --- because there is no monitoring 192.168.25.11 network card

 192.168.254.11 connected successfully

If you want to monitor two or more

can continue writing

ListenAddress 192.168.254.25.11

Can connect normally again 

116 lines up and down

UseDNS no  

#Disable reverse parsing, improve server response speed (add)

 systemctl restart sshd

# Any configuration made will only take effect after restarting the service

User Login Control

Create two experiment subjects

useradd a1

useradd a2

 useradd a1

useradd a2

#Set passwords for both of them

vim /etc/ssh/sshd_config 

# enter the main configuration file

 line 40

PermitRootLogin no    

# ban root user

66 lines

PermitEmptyPasswords no  

# Disable empty password users

39 lines

LoginGraceTime 2m        

#Login verification time 2 minutes 

42 lines

MaxAuthTries 6

#Maximum number of retries 

 Add at the end:

AllowUsers  a1  [email protected]

#Allow a1 to log in freely; allow a2 to only log in at this address    

25.1 Intranet win10 login successful

a2 is rejected

 

 192.168.254.10 successfully logged in a1

 192.168.254.10 successfully logged in a2

Use of ssh && scp && sftp

cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config

Since it has little to do with the above environment, first restore the configuration and then restart the service

systemctl restart sshd

ssh remote login

ssh [email protected]

ssh target server user@target server ip address

Enter to connect

 login successful

 ssh uses commands remotely and outputs return values

ssh [email protected] ls

ssh target server user@target server ip address command

 scp download

First create an a1.txt under the a1 user on the server 192.168.254.11

 Then go to the tom user on 192.168.254.10 (if you don’t have one, create one, any user can be downloaded. I did this to tell everyone that there are many ways to download this)

Now download a1.txt from user a1 at 192.168.254.11 to user tom at 192.168.254.10, and download the downloaded a1.txt to tom. The file name is a1—tom.txt

scp [email protected]:a1.txt a1-tom.txt

It's okay if you don't want to change your name

scp [email protected]:a1.txt a1.txt

 

scp upload

Now there is a file a1-tom.txt in tom and then send this file back to a1

scp a1-tom.txt [email protected]:a1-tom.txt 

 The name is also changed at will.

scp a1-tom.txt [email protected]:tom-a1.txt 

 

sftp

sftp [email protected]

sftp target user@connection target ip address

successfully entered

 type ls

is to look at the files in the target server

Enter lls to see what files are on this machine

download 

get

get + filename

upload

put

put + local filename

key login

Logging in with a key means that you often log in to the server as a user on a machine, but you have to enter a password every time you log in

Generate a key directly under the user of the machine, import it to the target server, and next time you ssh to log in to the server, you will not need to enter the password again, including ssh, scp, sftp

  Private key file: id_rsa
  Public key file: id_rsa.pub

sudo vim /etc/ssh/sshd_config 

43 lines

PubkeyAuthentication yes
 47行

AuthorizedKeysFile      .ssh/authorized_keys

systemctl restart sshd

 ssh-keygen -t ecdsa

# Then all default (Enter)

 

 Generated a .ssh file

scp .ssh/id_ecdsa.pub [email protected]:tom.key 

 ssh [email protected]

Log in to a1 first

mkdir .ssh

touch .ssh/authorized_keys

chmod 700 .ssh

# Modify permissions for security

chmod 644 .ssh/authorized_keys

cat tom.key  >> .ssh/authorized_keys 

Now you don't need a password to log in to a1

 

 

 Login successfully without password

Guess you like

Origin blog.csdn.net/w14768855/article/details/131520745
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com