当前位置:网站首页>SSH service
SSH service
2022-07-28 14:51:00 【Laughter addiction】
ssh service
One 、ssh Introduction to
1、ssh Definition :ssh(secure shell) Understanding is an agreement , Use in linux/unix In the system , Remote control server
2、centos6/7/8 Install the system inside , Default installation openssh
ubuntu The default is not to install , You need to specify the installation by yourself
[[email protected] ~]# rpm -qa |grep openssh
openssh-clients-8.0p1-5.el8.x86_64 # Client program
openssh-server-8.0p1-5.el8.x86_64 # Server side
openssh-8.0p1-5.el8.x86_64 # Version number
rpm yes linux There is a software management command
stay redhat/centos Used in ,
rpm -qa Query all the software installed on this machine
q query
a all
Install the client software openssh
Often need to give openssh upgrade , guarantee linux Security of the system :
yum update openssh openssh-clients openssh-server -y
3、ssh The default listening port is :22
The protocol used is :tcp
4、 How to view sshd Whether the service starts
1. Look at the process -->ps aux|grep sshd
2. Look at the port -->lsof -i:22
3. Direct access
4. Log
Two 、ssh principle
1、 Data encryption : When used to transmit data , Encrypting data
2、 Algorithm :
1. Common encryption algorithms
RSA、Elgamal、 Knapsack algorithm 、Rabin、D-H、ECC( Elliptic curve encryption algorithm )、 ECDSA
2. Classification of encryption algorithms :
Symmetric encryption
Asymmetric encryption ( Public key and key )
3、 digital signature :
1. effect : Used for identification
2. principle : By generating random strings
3. Specific flow chart :
4、 authentication :
1、 Password authentication : adopt /etc/passwd and /etc/shadow file
2、 Key authentication
3、 ... and 、ssh Related configuration 、 file 、 Faults and commands
1、ssh Related configuration
1、 Configure the directory of storage :/etc/ssh
2、 Related configuration files : Pass parameters to the process
[[email protected] ssh]# cd /etc/ssh/
sshd_config --》 Configuration files on the server side server --》 process :sshd
ssh_config --》ssh The configuration file used by the command client --》 process :ssh
ssh_host_ecdsa_key.pub --》ecdsa The public key of the encryption algorithm
ssh_host_ecdsa_key --》ecdsa The private key of the encryption algorithm
2、ssh Related documents
1、 Log files :/var/log/secure
2、know_hosts file :
2.1、 produce : The client uses ssh The first time you connect to the server , On the server sshd The public key of the daemon is copied locally
Store it locally ~/.ssh/known_hosts In file , Each line stores the public key of a server to verify the identity of the server
2.2、 effect : Data encryption + Server and client identification ( digital signature )
2.3、 Storage path : stay ~/.ssh
3、authorized_keys file :
3.1、 route : stay ~/.ssh
3.2、 effect : Used for legal authentication , Prove that you are linux Legal users of the system , land linux Use
3、ssh Related faults
1、 It is recommended to turn off the firewall , And set the boot not to start
systemctl stop firewalld
systemctl disable firewalld
2、 Proposed closure selinux, And set the boot not to start
2.1、selinux yes linux A set of security mechanism in the system , To protect linux Security of the system ,
It will restrict the process to do something that threatens security .
2.2、 Temporary adjustment selinux state
[[email protected] ssh]# getenforce see selinux The state of
Enforcing
[[email protected] ssh]# setenforce 0 Temporary adjustment selinux Our strategy is tolerance mode
[[email protected] ssh]# getenforce
Permissive
2.3、 Permanent modification selinux The strategy for disabled
[[email protected] ssh]# vim /etc/selinux/config
SELINUX=disabled
4、ssh Relevant command
1、ssh command :
1.1、ssh [email protected]192.168.243.132 # Use root User remote connection 192.168.243.132 This server
1.2、ssh 192.168.243.132 # Do not specify login user , By default, the current user name is used for remote connection
1.3、 Enter exit You can exit
1.4、 You can run scripts or commands on remote machines
1.5、 If it changes ssh Port of the configuration file , Connection options are required when connecting :-p
To specify the port number
2、sftp command :
2.1、 be based on ssh Protocol implementation ftp function , Used at the bottom ssh agreement
2.2、 Provide file upload and download
3、scp command :
Remote copy , Through the bottom layer ssh The protocol connects to other machines remotely , Copy file
3.1、 Transfer files locally to the server
scp【 Path to local file 】【 Server user name 】@【 Server address 】:【 The path where the file is stored on the server 】
Example :
scp /lianxi/random.sh [email protected]192.168.243.132:/lianxi
3.2、 Transfer folders locally to the server
scp -r【 Path to local file 】【 Server user name 】@【 Server address 】:【 The path where the file is stored on the server 】
Example :
scp -r /lianxi/python_test [email protected]192.168.243.132:/lianxi
3.3、 Transfer files from the server to the local
scp 【 Server user name 】@【 Server address 】:【 The path where the file is stored on the server 】【 Path to local file 】
Example :
scp [email protected]192.168.243.132:/lianxi/liuhj.ttt /lianxi
3.4、 Transfer the folders on the server to the local folder
scp -r 【 Server user name 】@【 Server address 】:【 The path where the file is stored on the server 】【 Path to local file 】
Example :
scp -r [email protected]192.168.243.132:/lianxi/lhj /lianxi
Four 、 strengthening ssh service , Improve safety
1、 stay /etc/ssh/sshd_config Modify the port in
2、 Disable users
Also by modifying this configuration file /etc/ssh/sshd_config, To disable root user .
3、 Why? ssh You can't use root? After logging in, you can use root?
Because he didn't go through the bottom ssh Detection of , But in linux A process is started inside the system , Switch to root user
4、 upgrade openssh
yum update openssh openssh-clients openssh-server -y
5、 Key authentication
First, modify the configuration file /etc/ssh/sshd_config, Turn on key authentication , Then configure key authentication
6、 Password authentication
Change your password more , Increase password complexity
5、 ... and 、 Establish a secret free channel
1. Generate key pair , stay 192.168.243.128 Upper use root User generated key pair , The key pair will be in the user's home directory
[[email protected] ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ecds9x/kXGpjN1lXDtudEerhZyCFAJ4ugGRThdehBsM [email protected].localdomain
The key's randomart image is:
+---[RSA 2048]----+
| +o+o..o++o ...o+|
|o oEo.o..o+.o .*B|
| . ..o o.. o ==oO|
| o . . + O*.|
| . .S = *o|
| . o .|
| |
| |
| |
+----[SHA256]-----+
2. Go to the user's home directory , Look at the public and private keys
[[email protected] ssh]# cd /root/.ssh/
[[email protected] .ssh]# ls
id_rsa Private key
id_rsa.pub Public key
known_hosts
[[email protected] .ssh]# ll It is not recommended to modify the permissions of the key file , Otherwise, the key will be invalid
Total usage 12
-rw-------. 1 root root 1679 7 month 27 16:46 id_rsa
-rw-r--r--. 1 root root 408 7 month 27 16:46 id_rsa.pub
-rw-r--r--. 1 root root 182 7 month 27 16:34 known_hosts
3. Upload the public key to the other party's server , Ask the server of the other party to run root The user login
[[email protected] .ssh]# ssh-copy-id -p 2222 -i id_rsa.pub [email protected]192.168.243.132
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]192.168.243.132's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '2222' '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
4. Verify whether a password is required for login
[[email protected] .ssh]# ssh -p '2222' '[email protected]'
Last failed login: Wed Jul 27 16:53:28 CST 2022 from 192.168.243.128 on ssh:notty
There were 30 failed login attempts since the last successful login.
Last login: Wed Jul 27 11:55:11 2022
[[email protected]-kafka01 ~]#
[[email protected] .ssh]# scp -P 2222 '[email protected]':/etc/passwd .
passwd 100% 1217 561.0KB/s 00:00
[[email protected] .ssh]#
[[email protected] .ssh]# ssh -p ‘2222’ '[email protected]' mkdir /wangshuai
5. Related flow chart 
边栏推荐
- 企鹅一面:为什么不建议使用SELECT * ?
- 9、 Uni popup usage popup effect at the bottom of the drop-down box
- I am using a blog creation tool
- 八、picker用法 下拉框选择效果
- How to reduce the resolution of only 3D camera but not UI camera
- 2022年熔化焊接与热切割考题及在线模拟考试
- 为 @CloudStorage 添加了类 @Published 的能力
- OKR and grad
- @DS('slave') 多数据源兼容事务问题解决方案
- 58 sub station Anju, broker marketing management platform login interface encryption reverse
猜你喜欢
@DS('slave') 多数据源兼容事务问题解决方案
2022高处安装、维护、拆除考试题库及在线模拟考试
八、picker用法 下拉框选择效果
linux安装redis
看了就会的 Rainbond 入门教程
UI开发中所遇到的各种坑
Redis-配置文件讲解
MQTT入门级简单介绍与使用
When Xcode writes swiftui code, it is a small trap that compiles successfully but causes the preview to crash
2022 high altitude installation, maintenance, removal of examination question bank and online simulated examination
随机推荐
为什么jq的匿名函数 外部可以访问到里面的方法
基于 MinIO 对象存储保障 Rancher 数据
Redis-持久化
Switch the cloud synchronization status of core data in real time
&0xffffffff(0x08)
AFNetworking速成教程
【LeetCode】 贴纸拼词(动态规划)
复制excel行到指定行
SwiftUI 布局 —— 尺寸( 上 )
ssh服务
On July 29, apachecon | apachepulsar's exploration and practice in vivo will be broadcast soon
1st pre class exercise
Node file operation
Qt中QTableView设置分页显示的三种方法[通俗易懂]
Redis configuration file explanation
How to perform batch operations in core data
Getting started with scottplot tutorial: getting and displaying values at the mouse
Many "double first-class" universities have launched the research guarantee and prediction name!
Node文件操作
58子站安居,经纪人营销管理平台登录接口加密逆向