Linux Command Tips: SFTP, SCP, SSH

xiaoxiao2021-03-19  222

The center of this article is a very useful program in the SSH package such as: SFTP, SCP, SSH-Agent, and SSH-Add. Here we assume that the SSHD2 daemon is well set well and has fun.

SFTP and SCP Overview

Let us focus on SFTP and SCP. The first (SFTP security file transfer) is a class FTP client program that can be used to transfer files in the network. It does not use the FTP daemon (FTPD or WU-FTPD) to connect, but a meaningful enhancement of the security of the system. In fact, by monitoring log files in some systems, we can notice that 80% of attacks in the last month are for the FTPD daemon. SFTP avoids these attacks to stop potentially dangerous at WU-ftpd. The second (SCP security replication) is used to secure copy files on the network. It replaces an unsafe RCP command. SFTP and SCP do not require any dedicated daemon from connecting to the SSHD server. In order to use SFTP and SCP you must insert the following two rows in the configuration file / etc / ssh2 / sshd2_config: Subsystem-sftp sftp-server After these modifications, you must restart SSHD. Then you can use SFTP and SCP to run Sshd's host.

SFTP

SFTP uses SSH2 on a data connection, so the transfer is as safe as possible. Two main reasons for using SFTP instead of FTP is: 1. Password does not use clear text to prevent attacks from Sniffer. 2. Data is encrypted when transmitting, which is very difficult to use sprouts and modification. It is very simple to use SFTP2. Let us assume that you use your account: MyName presses the host Host1 via SFTP. You can use the command: SFTP MyName @ Host1 Some options can be specified in the command line (see sftp manul) When SFTP2 is ready to accept the connection, it will display a status prompt sftp>. There is a list of commands that have a complete user can use in the SFTP manual; where quit: exits from this application. · CD Directory: Change the current remote work directory. · LCD Directory: Change the current local working directory. · LS [-r] [-l] [file ...]: Lists the file name on the remote server. If it is a directory, the contents of the directory are listed. When -r is specified in the command line, the directory tree is recursively displayed. (By default, subdirectory is not accessed). The owner, size, and modification time are listed when the authority of the -L, files and directories is specified in the command line. When there is no parameter being specified, the contents of the current directory) are listed. In normal cases, option -R and -L are incompatible with each other. · LLS [-r] [-l] [file ...]: Like LS, it is for local file operations. · Get ​​[file ...]: Sends the specified file from the remote side to the local end. The contents of the directory are replicated. · PUT [File ...]: Sends the specified file from the local end to the remote end. The contents of the directory are replicated. · MKDir Dir (RMDir Dir): Try to establish or delete the directory specified in the parameter. Wildcards are supported for LS, LLS, GET, and PUT. The format is described in the SSHREGEX manual. Since the use of encryption technology from SFTP: Slow connection speed (2-3 times my experience), but this can only be placed on one side for very good security. In a test, the SNIFFER on our local area can catch 4 password on the FTP connection in an hour. The use of SFTP can transmit files from the network and remove these security issues. SCP

SCP2 (Security Replication) is used to securely copy files from the network. It uses SSH2 to perform data transfer: it uses the confirmation mode and the provided security is the same as SSH2. This may be a simpler way to copy files from the remote machine. Let us assume that you want to use your account MMYNAME, copy the filename file in the local_dir directory to the remote_dir directory on the remote host Host1. Using SCP You can enter: scp local_dir / filename myname @ host1: remove_dir In this manner, file filename is copied to the same name. Wildcards can be used (read an SSHREGEX manual). Command line: scp local_dir / * myname @ host1: remove_dir Copy all files from the directory local_dir Remote_dir command: scp myname @ host1: remote_dir / filename. Copy file filename Remote_Dir from Host1 directory Remote_Dir to the local directory. SCP supports many options and allows copy files between two remote systems: scp myname @ host1: remote_dir / filename myname @ host2: another_dir details, please refer to the manual, use SCP, you must know the exact directory of the remote machine, so In fact, SFTP is often used as preferred. SSH key management

The SSH package contains two very useful programs to manage confirm keys, allowing users to connect to a remote system without specifying Password. These programs are SSH-Agent and SSH-Add.

SSH-Agent

From SSH-Agent we can read: "SSH-Agent2 is a program that holds confirmation private key. Ssh-agent2 is started at the beginning of the X dialog or login conversation, and all other windows or programs are SSH-Agent2 programs The subroutine is started. The program is activated when the agent inherits a connection from another agent, and when logging in to other machines When using SSH, this agent is automatically used in public key confirmation. "Depending on you use XDM No, there are two ways to use SSH-Agent. If you use XDM, you need to edit the .xSession file, in the $ home directory. There are two possible processes: copy .XSESSION to .xSession-stuff and modify .XESSION: EXEC SSH-Agent ./.xsession-stuff or you need to edit .xSession files and search for each line expression contains "Exec Program". Modified into Exec SSH-Agent Program. Then exit and restart. SSH-Agent will start X-session as a child process and wait for the SSH key inserting into its database. If XDM is not used, the use of SSH-Agent is very simple because you can start your x using the following command: SSH-Agent StartX can run SSH-Agent.

SSH-Add

Whenever the SSH-Agent is running normally, you can join new identity information in its database using the command SSH-AddD. You can only join the identity information of the child process of certain ancestors SSH-Agent, otherwise it will be wrong: Failed to connection authentication agent - agent not running? Using SSH-Add is very simple: Enter from the command line:

SSH-Add

SSH-Add Scan file $ home / .ssh2 / identity information, which contains private key. If this file does not exist, set the private information file in general (such as $ home / .ssh2 / id_dsa_1024_a). If a public key file requires a secret number, SSH-ADD will ask this code: adding identity: /Home_1024_a.pub need passphrase for /Home/matt/.ssh2/ID_DSA_1024_A (..) ENTER Passphrase : You can get all your account from the Agent through the command ssh-add -l: Listing Identities. The Authorization Agent Has One Key: ID_DSA_1024_A: 1024-Bit DSA, (...) Conclusion and Some useful links

Many Telnet, Rlogin, FTP users can not realize that their Password is not encrypted during the network transfer, however, using some secure protocols guarantee that the transmission security on an unsafe network. SSH, which has been added to all transmissions, effectively preventing stealing, robbery connection, and other cyber attacks. These articles are only introduced to the SSH package, and more useful things can be found in SSH, SSHD, and SFTP manuals. You can get the SSH package from http://www.ssh.com/products/ssh/, you can get more SSH's technical content and encryption technology from http://www.sssh.com/tech/. You can also get the OpenSSH SSH protocol complaint from http://www.openssh.com/. The lightweight version is at http://www.openssh.com/portable.html. You can also get the SSH FAQ from http://www.openssh.com/faq.html.

转载请注明原文地址:https://www.9cbs.com/read-130260.html

New Post(0)