First, remote login method
SSH is a secure channel protocol, mainly used for remote login. The RHEL 5 system uses the OpenSSH server provided by packages such as openssh , openssh-server (which is installed by default) and adds sshd as a standard system service. The usage is as follows:
The code of the code is as follows: $ ssh host $ ssh <a href="mailto:username@host">username@host</a> $ ssh -p 222 <a Href="mailto:username@host">username@host</a>
-p: Specify the access port; if omitted, the default port 22 of the SSH service is accessed by default; Once you log in to the other host, the system will prompt you:
The code is as follows: The authenticity of host 'host(192.168.0.21)' can't be established. RSA key fingerprint is 98:2e: D7:e0:de:9f:ac:67:28:c2:42:2d:37:16:58:4d. Are you sure you want to continue connecting (yes/no)?
That is to say, the authenticity of the host host cannot be confirmed. Only the public key fingerprint of the host is known. Do you still want to continue connecting? After typing yes, a prompt will appear stating that the host has been approved.
Copy the code as follows: Warning: Permanently added 'host, 192.168.0.21 ' (RSA) to the list of known hosts.
Then ask for the password:
Copy The code is as follows: $ Password: (enter password) At this point, if the secret is correct, you can log in.
Second, no password login method
In the trust environment, if you have to enter the password every time you log in remotely, it feels too time consuming, especially the server with complicated password and maintenance. More cases. So there is a normal need: remote login without password. The implementation steps are as follows:
1. Generate a pair of secret key files (public and private keys) locally;
The code of the code is as follows: $ ssh-keygen # The above command is equivalent to ssh- Keygen -t rsa #-t: Specifies the type of the key. The default is rsa type of SSH-2.
After running the above command, the system will display a series of prompts, you can press Enter all the way. In particular, one of the questions is whether you want to set a password (passphrase) for the private key. If you are concerned about the security of the private key, you can set one. After the run ends, two new files are generated in the ~/.ssh/directory: id_rsa.pub and id_rsa . The former public key, the latter is the private key. 2. Transfer the public key to the remote host host;
The code is as follows: $ ssh-copy-id <a href="mailto:user@host">user@host</a> ;
After the above two steps, you can implement passwordless remote login (the remote host saves the user's public key in the ~/.ssh/authorized_keys file).
Third, the common problem:
1, after generating the key and uploading to the remote host, still can not achieve passwordless login? Open the remote host's /etc/ssh/sshd_config file and uncomment the following lines.
The code is as follows: #RSAAuthentication=yes #PubkeyAuthentication=yes #AuthorizedKeysFile=.ssh/authorized_keys
Then, restart the remote host's ssh service.
The code of the code is as follows: #ubuntu system $ service ssh restart #debian system $ /etc/init.d/ssh restart
2, when executing the ssh-copy-id command, the remote server The SSH service port is not 22, as follows:
The code is as follows: $ ssh-copy-id <a href="mailto:nameB@machineB">nameB@machineB</a> ssh: Connect to host machineB port 22: Connection refused
Then use the following command:
The code is as follows: $ ssh-copy-id "-p 22000 <a href="mailto :nameB@machineB">nameB@machineB</a>"
IV. Supplement:
The code is as follows: $ ssh-copy-id -i ~/.ssh /id_rsa.pub <a href="mailto:[email protected]">[email protected]</a> $ ssh-copy-id -u eucalyptus -i /home/eucalyptus/.ssh /id_rsa.pub <a href="mailto:eucalyptus@remote_host">eucalyptus@remote_host</a> #-u : Set up passwordless login for eucalyptus users # -i : When no value is passed or ~/. Ssh/identity.pub The file is inaccessible (doesn't exist), ssh-copy-id will display the following error /usr/bin/ssh-copy-id: ERROR: No identities found
SSH provides two ways to verify the login: 1 Password verification: Verify by the login name and password of the local system user on the server. 2, the key pair verification: requires matching key information to pass the verification. Usually a pair of secret key files (public and private keys) are created in the client, and then the public key file is placed in the specified location on the server. Note: When both password authentication and private key authentication are enabled, the server will use key authentication first.
V. SSH service configuration file:
The sshd service configuration file is in /etc/ssh/sshd_config by default. Correctly adjust related configuration items to further improve the security of sshd remote login.
The contents of the configuration file can be divided into the following three parts:
The code of the copy code is as follows: #SSH server listening options #listening port Port 22 #using SSH V2 protocol Protocol 2 #listening The address is all addresses ListenAdderss 0.0.0.0 #//Disable DNS reverse resolution UseDNS no</p> <p>#User login control option #Allow root user login PermitRootLogin no #Do you allow null password user login PermitEmptyPasswords no # Login verification time (2 minutes) LoginGraceTime 2m #Maximum number of retries MaxAuthTries 6 # Only allow user users to log in, contrary to DenyUsers option AllowUsers user</p> <p>#Login authentication method #Enable password verification PasswordAuthentication yes #使秘Key Authentication PubkeyAuthentication yes #Specify the public key database file AuthorsizedKeysFile .ssh/authorized_keys
View the SSH service status command: /etc/init.d/sshd status Restart the SSH service command: /etc/init.d/sshd Restart View the version number command for the ssh software: $ ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 # Indicate The system is using OpenSSH ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu # indicates that the system is using SSH2. When the remote host's public key is accepted, it will be saved in the file. In $HOME/.ssh/known_hosts. The next time you connect to this host, the system will recognize that its public key has been saved locally, thus skipping the warning section and prompting for the password. Each SSH user has its own known_hosts file, and the system also has one such file, usually /etc/ssh/ssh_known_hosts , which holds some public keys for remote hosts that all users can trust.
In general, there are three main ways to install software under Linux: one is source install
Today, I will share 11 cool Linux terminal commands compiled by Linux for ten years. Through
ubuntu gedit Chinese garbled looks very annoying, this article provides two solutions, terminal comm
Basic minimalist directory file after successful production First, the basic boot process of the s
Several Linux commands for understanding the performance of Linux systems
Ubuntu13.04 Use plymouth to modify the splash screen
Linux copy and paste shortcuts
Log Management in Linux System
Character encoding and conversion tool for files under GnuLinux
Ubuntu under the bower report EACCES: permissiondenied solution
Vim common commands and configurations
Ubuntu14.04 forgot the root password solution
Linux common directory detailed map
Linux system unzip decompression Chinese name garbled solution
Win7 system can not open the Apple itunes software how to do?
Foreign media exposure Win10 mobile phone Surface Mobile configuration
How to improve the network speed of Win8 system
How to delete the C disk log log file in batches in Win7 system?
Thunder 7 to advertising method: completely remove Thunder 7 software
How to join a Linux server to an AD domain
The simplest way to access XP in Windows 7 in LAN