当前位置:网站首页>SSH command and instructions
SSH command and instructions
2022-06-29 20:02:00 【Full stack programmer webmaster】
ssh What is a ?
SSH It's a network protocol , For encrypted logins between computers . If a user is from a local computer , Use SSH Protocol log on to another remote computer , We can think of , This login is secure , Even if intercepted halfway , The password will not leak . In the earliest days , Internet communication is plaintext communication , Once intercepted , There's no doubt about the content .1995 year , Finnish scholars Tatu Ylonen Designed SSH agreement , Encrypt all login information , Become a basic solution for Internet Security , Quickly spread around the world , It has become Linux Standard configuration of the system . SSH It's just an agreement , There are many implementations , Existing business realization , There are also open source implementations .
SSH Why is it safe ?
Is that it uses Public key encryption , The whole process is like this :
- The remote host receives a login request from the user , Send your public key to the user .
- The user uses this public key , After encrypting the login password , Send it back .
- The remote host uses its own private key , Decrypt login password , If the password is correct , Just allow the user to log in .
SSH Can't help what ?
The process itself is safe , But there is a risk in the implementation : If someone intercepts a login request , And then impersonate the remote host , Send the fake public key to the user , So it's hard for users to tell the truth from the false . Because they don't like https agreement ,SSH The public key of the protocol is no certificate authority (CA) Notarized , in other words , They're all self signed .
You can imagine , If the attacker is between the user and the remote host ( For example, in the public wifi Area ), With a fake public key , Get the user's login password . Use this password to log in to the remote host , that SSH The security mechanism of the system is gone . This kind of risk is famous ” Man-in-the-middle attack “(Man-in-the-middle attack).
How to install SSH?
Linux The default is installed
SSH How to use it ?
paraphrase : user name user, Log on to the remote host host,(ssh The default port is 22, No port number is the default port login ) Add the port number :
ssh -p 10000 [email protected]
paraphrase : user name user, Through the port 10000, Log on to the remote host host
SSH Use shortcuts : Public key login
Log in with password , You have to enter the password every time , Very trouble . Fortunately SSH Public key login is also provided , It can save the steps of entering the password . So-called ” Public key login ”, That is, the user stores his public key on the remote host . When logging in , The remote host sends a random string to the user , After the user encrypts with his private key , Send it back . The remote host decrypts with the stored public key , If it works , Prove that the user is trustworthy , Allow login directly shell, No more passwords . use ssh-keygen Generate a command :
ssh-keygen
After running the above command , A series of prompts will appear , You can go all the way back . One of the problems is , Do you want to set a password for the private key (passphrase), If you worry about the security of the private key , Here you can set up a . After running , stay $HOME/.ssh/ Under the table of contents , Two new files will be generated :id_rsa.pub and id_rsa. The former is your public key , The latter is your private key . Then enter the following command , Send the public key to the remote host host above :
ssh-copy-id [email protected]
Okay , Log in from , There is no need to enter the password . If it doesn't work , Turn on the remote host /etc/ssh/sshd_config This file , Check the front of the next few lines ”#” Is the comment removed .
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keysthen , Restart the remote host ssh service .
systemctl restart sshd.service
Publisher : Full stack programmer stack length , Reprint please indicate the source :https://javaforall.cn/101311.html Link to the original text :https://javaforall.cn
边栏推荐
- ETCD数据库源码分析——服务端PUT流程
- Linux Installation mysql8
- 2022年深圳市福田区支持招商引资若干政策
- Sword finger offer 41 Median in data stream
- Configuration du Flume 4 - source personnalisée + sink
- 【剑指Offer】51. 数组中的逆序对
- Detailed description of gaussdb (DWS) complex and diverse resource load management methods
- 剑指 Offer 66. 构建乘积数组
- JVM (2) garbage collection
- 社区访谈丨一个IT新人眼中的JumpServer开源堡垒机
猜你喜欢
【Try to Hack】vulnhub narak
Creators foundation highlights in June
JVM(4) 字节码技术+运行期优化
畫虎國手孟祥順數字藏品限量發售,隨贈虎年茅臺
Classic illustration of K-line diagram (Collection Edition)
【精品】pinia详解
Game maker Foundation presents: Valley of belonging
JMeter BeanShell explanation and thread calling
如何设置 Pod 到指定节点运行
软件测试逻辑覆盖相关理解
随机推荐
网站压力测试工具——Webbench
How important is it to make a silver K-line chart?
Configuration du Flume 4 - source personnalisée + sink
Is it safe to open a new bond Online
画虎国手孟祥顺数字藏品限量发售,随赠虎年茅台
Software engineering - principles, methods and Applications
Flume配置1——基础案例
一个mysql里有3306端口下,一个mysql有20多个数据库,怎么一键备份20多个数据库,做系统备份,防止数据误删除?
thinkphp5中的配置如何使用
Dynamics CRM: 本地部署的服务器中, Sandbox, Unzip, VSS, Asynchronous还有Monitor服务的作用
How to set a pod to run on a specified node
Connaissance générale des paramètres de sécurité du serveur Cloud
JVM(3) 类加载
A great open source image watermarking solution
Understanding of software test logic coverage
A keepalived high availability accident made me learn it again!
1404萬!四川省人社廳關系型數據庫及中間件軟件系統昇級采購招標!
How to solve the problem of insufficient memory space in Apple iPhone upgrade system?
2022年理财利率都降了,那该如何选择理财产品?
Regular expression series of mobile phone numbers