Introduce

SSH（Secure Shell） It is a protocol that can provide remote login in a safe way , It is also the current remote management Linux Preferred method of system . Before that , In general use FTP or Telnet To log in remotely . But because they transmit account passwords and data information over the network in plain text , So it's not safe , It's very vulnerable to man in the middle attacks by hackers , At least tamper with the transmitted data information , Then directly grab the server's account password .
Want to use SSH Protocol to remotely manage Linux System , You need to configure the deployment sshd Service program .sshd Is based on SSH Protocol development of a remote management service , Not only is it easy to use , And it can provide two methods of security verification ：

Password based authentication — Verify login with account and password ;
Key based authentication — You need to generate key pairs locally , Then upload the public key in the key pair to the server , And compare with the public key in the server ; It's safer than that .

ssh-keygen
 Generate... In the client host “ Key pair ”, Remember the client .
ssh-copy-id
 Transfer the public key file generated in the client host to the remote server .
scp

 Parameters 	 effect 
-v	 Show detailed connection progress 
-P	 Specify the... Of the remote host sshd Port number 
-r	 Used to transfer folders 
-6	 Use IPv6 agreement 

Profile function

Port 22	 default sshd Service port 
ListenAddress 0.0.0.0	 Set up sshd Server listening IP Address 
Protocol 2	SSH Version number of the protocol 
HostKey /tc/ssh/ssh_host_key	SSH The version of the agreement is 1 when ,DES Where the private key is stored 
HostKey /etc/ssh/ssh_host_rsa_key	SSH The version of the agreement is 2 when ,RSA Where the private key is stored 
HostKey /etc/ssh/ssh_host_dsa_key	SSH The version of the agreement is 2 when ,DSA Where the private key is stored 
PermitRootLogin yes	 Set whether to allow root Administrators log in directly 
StrictModes yes	 When the private key of the remote user changes, the connection is directly refused 
MaxAuthTries 6	 Maximum password attempts 
MaxSessions 10	 Maximum number of terminals 
PasswordAuthentication yes	 Allow password verification 
PermitEmptyPasswords no	 Allow empty password to log in （ Very unsafe ）

/etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).

# Logging
#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no


# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no

#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

UseDNS no
AddressFamily inet
SyslogFacility AUTHPRIV
PermitRootLogin yes
PasswordAuthentication yes

Interview questions

1、Windows and LINUX What are the common remote connection tools

xshell、serureCRT