Deploy SSH application on Linux operating system

Remote management is a must for system administrators. It would be a headache if the system administrator had to go to the front of the server to fix it every time the server went down. Normally, Telnet or SSH can implement remote connections. But these two protocols are very different.

Although the Telnet service is also a client/server model service, its greater significance is to implement remote login based on Telnet protocol, ie remote interactive computing. Remote login refers to the process in which a user uses a Telnet command to temporarily make his or her computer a simulated terminal of a remote host. The emulation terminal is equivalent to a non-intelligent machine, which is only responsible for passing each character input by the user to the host, and then echoing each information output by the host to the screen. However, this protocol has a weakness, that is, its data transmission on the Internet is transmitted in clear text, that is, the transmitted data (including accounts and passwords) will not be encrypted. In this case, an illegal attacker can easily intercept the account name and password as long as there is a network interception tool to prepare for the next attack. Therefore, traditional network service programs such as Telnet are inherently insecure because they transmit passwords and data in clear text over the network. It is very easy for an illegal attacker to intercept these passwords and data. In addition, the security verification methods of these service programs have relatively large defects and are vulnerable to attacks. Such as the middleman attack in this way. The so-called middleman attack method is that the middleman pretends to be a real server to receive your data transmitted to the server, and then pretends that you pass the data to the real server. After the data transfer between the server and you has been hand-footed by the middleman, serious security problems will arise.

The SSH protocol is really an alternative to Telnet, an insecure remote login program. The SSH protocol uses a strong encryption algorithm to encrypt the data that needs to be transmitted, including accounts, passwords, command codes, etc., to ensure the security of data transmission. Therefore, it is more secure than the remote login programs such as Telnet. In addition, if you want to further improve the security of the SSH protocol, you can configure the Linux operating system to TCP-Wrappers mode to obtain additional security. TCP-Wrappers provide enhanced security for services generated by inetd. TCP Wrappers are an alternative to using /etc/inetd.sec. TCP-Wrappers provide protection against hostname and host address spoofing. Spoofing is a method of disguising as a valid user or host to gain unauthorized access to the system. At the same time TCP-Wrappers use access control lists to prevent spoofing. The access control list is a list of systems in a Linux file. TCP Wrappers provide some protection against IP spoofing when configured to verify hostname to IP address mapping and to reject packages that are routed using IP sources. However, TCP Wrappers do not provide password verification or data encryption. Similar to inetd, information is delivered in clear text. And when combined with SSH, it can complement each other. Because SSH can provide encrypted transmissions, TCP-Wrappers can solve the problem of spoofing. Therefore, this can make remote login and remote maintenance more secure.

First, the installation of SSH protocol.

By default, the SSH protocol is installed during the installation of Linxu. However, sometimes the SSH protocol may be corrupted and needs to be reinstalled. Or you can manually install the SSH protocol when you have not installed the SSH protocol during system installation and later use it.

System administrators can download SSH packages directly from http://www.ssh.fi/or download them from other websites. Then you can install it. The installation of this package is not difficult, I will not repeat the instructions. However, the author should emphasize that for the convenience of subsequent maintenance, it is best to do a list of all the files in the system before the package is compiled and installed, and then use the diff command to compare their differences. In other words, use the find /*>test1 command to make a list of all the files in the system before the package is compiled and installed. Then after the package is installed and compiled, use this command (find /*>gt2) to create a list of all the files in the system. Then use the diff test1 test2>test3 command to let the system query the changes of the system files before and after the package is compiled and installed. The system administrator masters this change and is beneficial to the maintenance of the operating system behind it.