Linux build SSH server basic tutorial

· SSH is a standard network protocol that can be used in most UNIX operating systems
. It can implement remote login management of character interface. It uses port 22 by default and uses cipher text in the network. Transmitting data is more secure than Telnet over plaintext.

· SSH provides both password and key user authentication methods, both of which transfer data via cipher text.

· The difference is that the password user authentication method transmits the user's account name and password, which requires the input password to be sufficiently complex to have higher security.

· and key-based security verification must create a pair of keys for the user and place the shared key on the server that needs to be accessed. When it is necessary to connect to the SSH server, the client software will make a request to the server to request secure verification using the client's key. After the server receives the request, it looks for the common key in the root directory of the user and compares it with the public key sent. If the two keys match, the server encrypts “question" with the public key and sends it to the client software. After the client receives the challenge, it can decrypt it with the local private key and send it to the server. This way is quite safe.

Building ssh server under Linux

I experiment platform is Fedora14 2.6.35.6

< Br>

First, install ssh

ssh software consists of two parts: ssh server and ssh client.

ssh configuration file is in /etc/ssh/directory, where The configuration file of the server is sshd_config, the configuration file of the client is ssh_config.

Install ssh, here only the method of installing via yum (provided that your yum source is configured correctly, and Can be used):

# yum install openssh-* -y

//yum will automatically install all openssh related packages

Second, configure ssh server

According to the two authentication methods of ssh, configure two login modes that cannot be security level.

·Login via password authentication

1.Open the sshd_config configuration file with the vim editor

# vim /etc/ssh/sshd_config< Br>

2. Modify the configuration file as follows (can be adjusted according to its actual situation):

Port 22 //The default is 22 ports, you can also modify it to Other ports, but you need to type the port number when logging in.

#ListenAddress //Specify the IP that provides the ssh service, here I commented out.

PermitRootLogin //Disable remote login as root

PasswordAuthentication yes //Enable password authentication method

PermitEmptyPassword //Prohibit login with blank password

LoginGraceTime 1m //Repeat verification time is 1 minute

MaxAuthTimes 3 //Maximum test number

Save the modified configuration and exit.

3. Restart sshd service

# service sshd restart

·Login by key pair authentication method

1. Generate a key pair on the client

Note: Before generating a key pair, you need to switch the user identity . For example, when user1 needs to log in to the server, user1 must generate its own key file on the client. The same is true for other users.

# su - user1

# ssh-keygen -t rsa //Generate key file

Generating public/private rsa key pair.

Enter File in which to save the key (/root/.ssh/id_rsa): //Press Enter

Enter passphrase (empty for no passphrase): //Set the password to protect the private key file, ie the key. Password when logging in

Enter same passphrase again: //Enter the password to protect the private key file again

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

33:ee:01:7d:c3:74:83:13 :ef:67:ee:d7:60:2d:e1:16 root@localhost

# ll -a .ssh/

Total 24

drwxrwxrwx 2 root root 4096 10-08 19:29 .

drwxr-x--- 21 root root 4096 10-08 19:25 ..

-rw------- 1 root root 1743 10-08 19:29 id_rsa //created private key

-rw-r--r-- 1 root root 396 10-08 19:29 id_rsa.pub //created public key

-rw-r--r-- 1 root root 790 2015-11-04 known_hosts

2. Upload the public key file to the server or use a USB flash drive Copy to server

# scp .ssh/id_rsa.pub [email protected]:/home/user1/

3. On the server side, put the public key Add the file to the corresponding user's keystore

# mkdir -p /home/user1/.ssh///Note that the .ssh directory permissions created here must be read-only for other users except themselves. , that is, the permission bit is set to 644, the owner and the owner group are their users

# mv /home/user1/id_rsa.pub /home/user1/,ssh/authorized_keys //due to the generated public The key name does not match the specified public key name, so you need to replace the generated file name with authorized_keys.

4. Modify the sshd_config configuration file:

# vim /etc/ssh/sshd_config

PasswordAuthentication no //Disable password authentication, can't The original PasswordAuthentication yes is commented out. After the comment, even if there is no public key, the password can be logged in. This is not safe and loses the meaning of key verification.

RSAAuthentication yes //Enable RSA Authentication

PubkeyAuthentication yes //Enable Public Key Verification

AuthorizedKeysFile .ssh/authorized_keys //Enable public key file location, the following path is Set the location of the public key to store the file

Save the modified configuration and exit.

5. Restart sshd service

# service sshd restart

Three, login server

1.Linux client

# ssh 192.168.1.100 //Enter server IP login, no username By default, log in as root

or

# ssh [email protected] //Log in as server1

2. Login client login

The most popular one is putty this login software, no need to install, download it can be used, simple, convenient and safe!

· When the server uses password authentication, just enter the username and password.

·When the server uses the key authentication method, you need to do the following: A few steps:

1. Download puttygen software, this software is used to generate key pair

2. Open puttygen, click on the "generated key type" column ;SSH-2 RSA”

3. Click on "Generate", the software automatically generates the key

4. Enter the key password, click “Save Private Key”. This private key is the key information that must be loaded as a putty login in the future. Be careful not to lose it

5. Copy the public key information and create a new notepad in windows to save

6. It will be saved. The notepad file with the public key information is uploaded to the server, and then the information in the vim check is all lined up (note that the public key information must be one line, the information must be complete)

7. The file is named authorized_keys and copied to the .ssh/directory in the corresponding user's home directory