table of Contents
A, Openssh function
- OpenSSH: is free and open source software SSH (Secure SHell) protocol.
- Software installation Name: Openssh-server
- Configuration file: / etc / ssh / sshd_conf
- The default port: 22
- Client command: ssh
Two, ssh command
ssh remoteUSER@remoteIP
-l 指定登录用户
-i 指定密钥
-x 开启图形
-p 指定端口
-f 后台运行
-o 指定连接参数
-t 指定连接跳板
(1) ssh login
(2) -l login user specified
(3) -x opening pattern
(4) -p specified port
(5) -f background
(6) -o connection parameters specified
(7) -t specified connection springboard
Three, key certification services Openssh
1, Openssh authentication method
(1) password authentication
• at least six characters
• contain numbers, letters, underscores the special symbols
• leakiness
• can be brute
• Passwords are easily lost
(2) Key Authentication
• New authentication methods, divided into public and private keys
• Upload the public key server
• private key pair authentication is not misappropriated
• attackers generally can not log in through key server
2、Openssh KEY
Openssh KEY: support rsa and dsa encryption
encryption methods:
生成密钥 ssh-keygen
上传密钥 ssh-copy-id –i keyfile remoteUSER@remoteIP
(1) generating a secret key-keygen SSH
(2) uploading the key ssh-copy-id -i keyfile remoteUSER @ remoteIP
3, the document on Openssh
file | Features |
---|---|
~/.ssh/authorized_keys | To save the user's public key file |
~/.ssh/known_hosts | Unique hash code to identify the server |
~/.ssh/id_dsa | User's private key file |
~/.ssh/id_rsa.pub | User's public key file |
Fourth, the security services to optimize Openssh
Common service sshd configuration parameters:
the configuration file:
• / etc / SSH / sshd_config
configuration parameters:
parameter | meaning |
---|---|
Port 22 | Listening port |
Protocol 2 | Specify a protocol version |
ListenAddress | Binding IP |
HostKey | Key Path set HostKey |
PermitRootLogin | Whether to set a super user can log |
PubkeyAuthentication | Public key authentication switch |
PasswordAuthentication | Password authentication switch |
AllowUsers | User white list |
DenyUsers | Users blacklist |