当前位置：网站首页>SSH service configuration

SSH The client and server transmit data files through the network , Data transmission is encrypted , Can prevent information leakage ,（ Is not safe ） Data transmission is compressed , Can improve transmission speed .

SHH client ：

Putty、 Xshell、CRT

SHH The server ：

OpenSSH

OpenSSH It's the realization of SSH Open source software agreement for the project , Applicable to all kinds of UNIX、Linux operating system .
Centos 7 The system is installed by default openssh Related packages , And will sshd Service added as bootstrap .
perform "systemctl start sshd" Command to start sshd service

sshd By default, the service uses TCP Of 22 port , Security protocol version sshv2, come out 2 Besides 1( There are loopholes )
sshd The default configuration file for the service is /etc/ssh/sshd_ config

ssh_ config and sshd_ config（ There are many servers ） All are ssh The configuration file for the server , The difference between the two is that the former is a configuration file for the client , The latter is for the configuration file of the server .

ssh The server mainly includes two service functions ssh Remote links and sftp service

effect ：

SSHD Service usage SSH Protocol can be used for remote control , Or transfer files between computers .
Compared with before Telnet It's much safer to transfer files in this way , because Telnet Use clear text transmission ,SSH It's encrypted transmission .

Two 、 To configure OpenSSH Server side

1、sshd_config Configuration file common options settings

a key

vim /etc/ssh/sshd_config
Port 22 ### The listening port is 22
ListenAddress 0.0.0.0 ### The listening address is any network segment , You can also specify OpenSSH The details of the server IP

UseDNS no ### Ban DNS Reverse DNS , To improve the response speed of the server

3、 ... and 、sshd Two authentication methods supported by services

1、 Password authentication

Login name of the local system user in the server 、 Password verification . Simple and convenient , But it could be brutally cracked

2、 Key pair validation

Matching key information is required to pass the verification , Usually create a pair of key files in the client first （ Public key 、 Private key ）, Then put the public key file in the specified location in the server . When logging in remotely , The system will use the public key 、 The private key is encrypted / Decryption Association verification . Can enhance security , And you can log in without exchange .
Equivalent to the relationship between key and lock

There are two kinds of keys

Symmetric key

Asymmetric key

Asymmetric ：RSA, Create a public key , A private key , If it's verified , The private key must match the public key , To log in 、 Interaction 、 Otherwise, refuse .

PS： Public and private , It's actually two files

When password verification 、 When key pair verification is enabled , The server will take precedence over key pair Authentication .

Use SSH Client program

1、ssh Remote login format

ssh [ Options ] [email protected]

When a user logs in for the first time SSH Server time , Must accept the server from ECDSA secret key （ Enter... At the prompt “yes”） Before you can continue to verify . The accepted key information will be saved to ~/.ssh/know_host In file . After successful password verification , You can log in to the command line environment of the target server .
-p： Specify a non default port number , By default, it is used by default 22 port
ssh -p 1234 [email protected]