SSH User Guide
Introduction SSH
What is SSH? Traditional web services, such as: FTP, POP and Telnet are inherently unsafe because they use clear text to transfer passwords and data on the network, and those who have careless people can intercept these passwords and data. Moreover, the security verification method of these servles has its weakness, which is very susceptible to attacks of "man-in-middle). The so-called "middleman" attack is the "middleman" posing as a real server to receive the data of your pass, and then pretend that you will pass the data to the real server. The server and the data transfer between you are made after the "intermediary" turned hands and feet, and there will be a serious problem. The full name of SSH is Secure Shell. By using SSH, you can encrypt all transferred data, which is impossible to achieve this kind of attack mode, and also prevent DNS and IP spoofing. There is also an additional advantage that the data transmitted is compressed, so the speed of the transmission can be accelerated. SSH has a lot of features that can be used in place of Telnet, but also providing a secure "channel" for FTP, POP, and even PPP. The initial SSH was developed by a company in Finland. But because of the restrictions of copyright and encryption algorithms, many people now turn to use OpenSSH. OpenSSH is an alternative software for SSH, free, which is expected to have more and more people in the future instead of SSH. SSH is software from the client and server? E. The whole name of SSH is a second shell. By using SSH, you can encrypt all transferred data, which is impossible to achieve this kind of attack mode, and also prevent DNS and IP spoofing. There is also an additional advantage that the data transmitted is compressed, so the speed of the transmission can be accelerated. SSH has a lot of features that can be used in place of Telnet, but also providing a secure "channel" for FTP, POP, and even PPP. The initial SSH was developed by a company in Finland. But because of the restrictions of copyright and encryption algorithms, many people now turn to use OpenSSH. OpenSSH is an alternative software for SSH, free, which is expected to have more and more people in the future instead of SSH. SSH is composed of software from the client and the server, two incompatible versions are: 1.x and 2.x. Use SSH 2.x clients that cannot be connected to a service program that is SSH 1.x. OpenSSH 2.x supports SSH 1.x and 2.x.x. SSH security verification is how to work from the client, and SSH provides two levels of security verification. The first level (skewer-based security verification) As long as you know your account and password, you can log in to the remote host. All transferred data will be encrypted, but you cannot guarantee that the server you are connecting is the server you want to connect. There may be other servers in pretending to be real servers, which are attacked by the "middleman". The second level (key-based security verification) needs to rely on the key, that is, you must create a hook for yourself, Sin's 霾 嫒莸 嫒莸 姹 姹 鹗 鹗? ?X and 2.x. Use SSH 2.x clients that cannot be connected to a service program that is SSH 1.x. OpenSSH 2.x supports SSH 1.x and 2.x.x. SSH security verification is how to work from the client, and SSH provides two levels of security verification. The first level (skewer-based security verification) As long as you know your account and password, you can log in to the remote host. All transferred data will be encrypted, but you cannot guarantee that the server you are connecting is the server you want to connect. There may be other servers in pretending to be real servers, which are attacked by the "middleman".
The second level (key-based security verification) requires relying on the key, that is, you must create a pair of keys for yourself and put the utility key on the server that needs to be accessed. If you want to connect to the SSH server, the client software will send a request to the server, requiring safety verification with your key. After the server receives the request, first look for your public key in your home directory, then compare it with the public key you sent. If the two keys are consistent, the server encrypts "challenge" with a common key and sends it to the client software. After the client software receives "challenge", you can use your private key to decrypt and send it to the server. In this way, you must know the password of your own key. However, compared to the first level, the second level does not need to transmit passwords on the network. 6 Yue Yu, I wish the sister, the picture, the singer, the singer, the singer, the client software, the client software will send a request to the server, request your key Safety verification. After the server receives the request, first look for your public key in your home directory, then compare it with the public key you sent. If the two keys are consistent, the server encrypts "challenge" with a common key and sends it to the client software. After the client software receives "challenge", you can use your private key to decrypt and send it to the server. In this way, you must know the password of your own key. However, compared to the first level, the second level does not need to transmit passwords on the network. The second level not only encrypts all transmitted data, but the "intermediary" is impossible (because he doesn't have your private key). But the entire login process may take 10 seconds. Installing and tested OpenSSH because of the restrictions of US law, there is no OpenSSH in many Linux issues. However, you can download and install OpenSS on the network (please refer to the installation and configuration of OpenSSH: http://www.linuxaid.com.cn/Engineer/brimmer/html/openssh.htm). After installing OpenSS, test it with the following command: ssh -l [Your Accountname on the remote host] [address of the remote host] If OpenSSH is working properly, you will see the following prompt information: The Authenticity of Host [Hostname] CAN / 'T Be Established. Key FingerPrint IS 1024 5F: A0: 0B: 65: D3: 82: DF: AB: 44: 62: 6D: 98: 9C: Fe: E9: 52. Are you have you want to Contin The second level not only encrypts all transmitted data, but the "intermediary" is impossible (because he doesn't have your private key). But the entire login process may take 10 seconds. Installing and tested OpenSSH because of the restrictions of US law, there is no OpenSSH in many Linux issues. However, you can download and install OpenSS on the network (please refer to the installation and configuration of OpenSSH: http://www.linuxaid.com.cn/Engineer/brimmer/html/openssh.htm).
After installing OpenSS, test it with the following command: ssh -l [Your Accountname on the remote host] [address of the remote host] If OpenSSH is working properly, you will see the following prompt information: The Authenticity of Host [Hostname] CAN / 'T Be Established. Key FingerPrint IS 1024 5F: A0: 0B: 65: D3: 82: DF: AB: 44: 62: 6D: 98: 9C: Fe: E9: 52. Are you have you want to contact Continue Connecting (YES / NO)? OpenSSH tells you that it doesn't know this host, but you don't have to worry about this problem, because you are the first time you log in. Type "Yes". This will add this "identification tag" to the "~ / .ssh / know_hosts" file. This prompt information will not be displayed when I have access to this host. Then, SSH prompts you to enter your account on your account. After entering the port, the SSH connection is created. After this, you can tell you if you use Telnet to tell you that it doesn't know this host, but you don't have to worry about this problem, because you are the first Log in this host. Type "Yes". This will add this "identification tag" to the "~ / .ssh / know_hosts" file. This prompt information will not be displayed when I have access to this host. Then, SSH prompts you to enter your account on your account. After entering the port, the SSH connection is created. After this, you can use SSH like Telnet. SSH's key Generates your own key to generate and distribute your own key: 1) You can prevent this attack 2) You can log in to all you want to log in with only one password. The server can generate a key with the following command: SSH-Keygen If the remote host uses SSH 2.x, use this command: SSH-KEYGEN -D, with SSH1 and SSH2, the same host, does not Problem, because the key is made of different files. The following information will be displayed after the SSH-Keygen command runs: Generating RSA Keys: ............................ ooooooo ..... . ENTER File in which to save the key (/Home/[user]/.ssh/identity): [Press ENTER] CREATED DIRECTORY /'/Home/[user]/.ssh/ ' ENTER Passphrase (Emptya 肧 SH. SSH's key Generates your own key to generate and distribute your own key: 1) Can prevent "Intermediar" attack 2) can only A password is logged in to all the servers you want to log in with the following command can generate a key: SSH-Keygen If the remote host uses SSH 2.x to use this command: SSH-KEYGEN -D is on the same host At the same time, there is no problem with SSH1 and SSH2, because the key is different.
The following information will be displayed after the SSH-Keygen command runs: Generating RSA Keys: ............................ ooooooo ..... . ENTER File in which to save the key (/Home/[user]/.ssh/identity): [Press ENTER] CREATED DIRECTORY /'/Home/[user]/.ssh/ ' ENTER Passphrase: [Enter the password is not displayed on the screen] Enter Same Passphrase Again: [Re-enter a password, if you forget the password, you can only regenerate the key] Your Identification Has Been Saved in /Home/[user]/.ssh/identity. [This is your private key] Your public key haas been saved in /Home/[user]/.ssh/identity.pub. The key fingerprint is: 2A : DC: 71: 2F: 27: 84: A2: E4: A1: 1E: A9: 63: E2: FA: A5: 89 [user] @ [local machine] "ssh-keygen -d" is almost the same Things, but put a pair of keyry (by default) "/ home / [user] /. Ssh / id_dsa" and "/Home/[user]/.ssh/id_dsa.pub" (Common key). Now you have a pair of keys: public key to distribute to all the remote hosts you want to log in with SSH; private privacy should keep others from knowing your private key. Use "LS% for no passphrase]: [Enter the password is not displayed on the screen] Enter Same Passphrase Again: [Re-enter a password, if you forget the password, you can only regenerate the key] Your Identification Has Been Saved In /Home/[user]/.ssh/identity. [This is your private key] Your public key has been saved in /Home/[user]/.ssh/identity.pub. The key fingerprint is: 2a: DC: 71: 2F: 27: 84: A2: E4: A1: 1E: A9: 63: E2: FA: A5: 89 [USER] @ [local machine] "ssh-keygen -d" is almost the same Things, but put a pair of key storage as (default) "/ home / [user] /. Ssh / id_dsa" and "/ home / [user] /. Ssh / id_dsa.pub" Public key). Now you have a pair of keys: public key to distribute to all the remote hosts you want to log in with ssh; private key should be kept well to prevent others from knowing your private key. Use "ls - The access rights of the files displayed by L ~ / .ssh / identity "or" ls -l ~ / .ssh / id_dsa "must be" -rw ------- ". If you suspect that your key has been Others know, don't hesitate to generate a new key immediately. Of course, you will also re-distribute a public key. Distribute the utility macker in each remote server that you need to connect with SSH, you have to be in your own home Create a ".sssh" subdirectory in the directory, copy your utility "Identity.pub to this directory and rename it" Authorized_Keys ".
Then perform: chmod 644 .ssh / authorized_keys is essential. If someone else has written permissions from the "Authorized_Keys" file, SSH will not work. If you want to log in from different computers to remote host, -l ~ / .ssh / identity "or" ls -l ~ / .ssh / id_dsa "files displayed" -rw ----- - "If you suspect that your key is already known by others, don't hesitate to generate a new key immediately. Of course, you have to re-distribute a public key. Distribute utility mobility in every one you need to use On the remote server connected to the SSH, you have to create a ".sssh" subdirectory in your own directory, copy your utility "Identity.pub" to this directory and rename it "Authorized_Keys" Then execute: chmod 644 .ssh / authorized_keys This step is essential. If someone else has written permissions from the "Authorized_Keys" file, SSH will not work. If you want to log in from different computers to the remote The host, "authorized_keys" file can also have multiple common keys. In this case, you must regenerate a pair of keys on a new computer, then copy the generated "Identify.pub" file and paste to the remote host. "Authorized_keys" file. Of course, on your new computer you have to have an account, and the key is protected with password. One thing is very important, that is, when you cancel this account, don't forget to put this pair of secrets. Spoon Deleting. Configure SSH Configuration Client's software OpenSS has three configurations: command line parameters, user profiles, and system-level profiles ("/ etc / ssh / ssh_config"). Command line parameters take precedence over profiles, user configuration The file is preferred in the system configuration file. All parameters of all command lines can be set in the configuration file. Because 1 addicts uThorized_keys "files can also have multiple common keys. In this case, a pair of keys must be regenerated on a new computer, then copy the generated "Identify.pub" file and paste into the "Authorized_Keys" file of the remote host. Of course, on the new computer you must have an account, and the key is protected by password. One thing is very important, that is, when you cancel this account, don't forget to delete this pair of keys. Configuring SSH Configuration Client's software OpenSS has three configurations: command line parameters, user profiles, and system-level profiles ("/ etc / ssh / ssh_config"). The command line parameter takes precedence over the configuration file, the user profile takes precedence over the system configuration file. All parameters of all command lines can be set in the configuration file. Because there is no default user profile when installing, you have to copy the "/ etc / ssh / ssh_config" and rename "~ / .ssh / config". The standard profile is probably like this: [LOTS of Explanations and Possible Options listed] # be paraanoid by Default Host * Forwardagent No Forwardx11 No FallbackTorsh no also has a lot of options to view "Configuration Files" with "MAN SSH" chapter. The profile is read in order. First set the option to effect first. Assume that you have an account called "Bilbo" on www.foobar.com. And you have to combine "SSH-Agent" and "SSH-Add" and use data compression to speed up the transmission speed. Because the host name is too long, you are too lazy to enter such a long name, using "FBC" as a "www.foobar.com" abbreviation.
Your profile can be this% A does not have the default user profile when installing, so copy "/ etc / ssh / ssh_config" to copy and rename "~ / .ssh / config". The standard profile is probably like this: [LOTS of Explanations and Possible Options listed] # be paraanoid by Default Host * Forwardagent No Forwardx11 No FallbackTorsh no also has a lot of options to view "Configuration Files" with "MAN SSH" chapter. The profile is read in order. First set the option to effect first. Assume that you have an account called "Bilbo" on www.foobar.com. And you have to combine "SSH-Agent" and "SSH-Add" and use data compression to speed up the transmission speed. Because the host name is too long, you are too lazy to enter such a long name, using "FBC" as a "www.foobar.com" abbreviation. Your profile can be like this: Host * fbc hostname www.foobar.com User Bilbo Forwardagent Yes compression yes # Be Paranoid by Default Host * Forwardagent No Forwardx11 No FallBackTorsh No You Enter "SSH FBC", SSH will automatically Find the full name of the host in the configuration file, log in with your username and use the "SSH-Agent" management key to perform security verification. This is convenient! Use SSH to connect to other remote computers or "ParaNOID" default settings. If some options do not set, difficult to set up in the configuration file or command line? Host * fbc hostname www.foobar.com User Bilbo Forwardagent Yes Compression Yes # Be Paranoid by Default Host * Forwardagent No Forwardx11 No FallbackTorsh NO You Enter "SSH FBC "After, SSH will automatically find the full name of the host from the configuration file, log in with your username and securely verified with the" SSH-Agent "management. This is convenient! Use SSH to connect to other remote computers or "ParaNOID" default settings. If some options are set in the configuration file or command line, then the default "paraNid" setting is used. In the example we mentioned above, for the SSH connection to www.foobar.com: "ForwardAgent" and "Compression" are set to "YES"; other setting options (if you do not use a command line parameter) "Forwardx11" and "FallbackTorsh" is set to "no". Others have some settings that need to be taken carefully, which is: l checkhostip yes This option is used to check the IP address to prevent DNS spoof. l CompressionLevel Compressed level From "1" (fastest) to "9" (the compression ratio). The default is "6". l Forwardx11 YES To set this option in order to run a remote X program locally. loglevel Debug When SSH has problems, this option is useful. The default is "info". 7 or use the default "paraanoid" setting.
In the example we mentioned above, for the SSH connection to www.foobar.com: "ForwardAgent" and "Compression" are set to "YES"; other setting options (if you do not use a command line parameter) "Forwardx11" and "FallbackTorsh" is set to "no". Others have some settings that need to be taken carefully, which is: l checkhostip yes This option is used to check the IP address to prevent DNS spoof. l CompressionLevel Compressed level From "1" (fastest) to "9" (the compression ratio). The default is "6". l Forwardx11 YES To set this option in order to run a remote X program locally. loglevel Debug When SSH has problems, this option is useful. The default is "info". Configuring the server's software SSH server configuration uses "/ etc / ssh / sshd_config" configuration file, the settings of these options have some instructions in the configuration file and use "Man SSHD" to view help. Note that OpenSSH has no different profiles for SSH 1.x and 2.x. Need to note in the default setting option: l PermitRootLogin YES is best to set this option to "PermitRootlogin without-password", so "root" users cannot log in from a computer without a key. Set this option to "no" will prohibit "root" users from logging in, and can only transfer from ordinary users to "root" with the "su" command. l X11Forwarding No Set this option to "YES" to allow the user to run the X program on the remote host. Even if this option does not increase the server's% D configuration server's software SSH server configuration uses the "/ etc / ssh / sshd_config" configuration file, the settings of these options have some instructions in the configuration file and use "Man SSHD can also view help. Note that OpenSSH has no different profiles for SSH 1.x and 2.x. Need to note in the default setting option: l PermitRootLogin YES is best to set this option to "PermitRootlogin without-password", so "root" users cannot log in from a computer without a key. Set this option to "no" will prohibit "root" users from logging in, and can only transfer from ordinary users to "root" with the "su" command. l X11Forwarding No Set this option to "YES" to allow the user to run the X program on the remote host. Even if this option does not increase the security of the server because users can install their own forwarders (Forwarder), please see "Man SSHD". l PasswordAuthentication Yes Set this option to "no" only allows the user to log in with a key-based manner. This will of course bring trouble to users who often log in from different hosts, but this can greatly improve the security of the system. There is a big weakness based on the password. L # subs / sftpd removes the front ## and set the path name to "/ usr / bin / sftpserv", users can use "SFTP" (secure FTP) (SFTPSERV in SFTP) Package in the package. Because many users are more familiar with FTP and "SCP" is used up, "SFTP" is still very useful. Moreover, the 2.0.7 version of the graphical FTP tool "GB0 stepped into the vermicelli, no tip, the garden, the eight, respectful, drought, 2, 鳎orwarder, please see" man sshd ". L passwordAuthentication Yes Set this option settings Only the user is allowed to log in with a key-based manner.
This will of course bring trouble to users who often log in from different hosts, but this can greatly improve the security of the system. There is a big weakness based on the password. L # subs / sftpd removes the front ## and set the path name to "/ usr / bin / sftpserv", users can use "SFTP" (secure FTP) (SFTPSERV in SFTP) Package in the package. Because many users are more familiar with FTP and "SCP" is used up, "SFTP" is still very useful. And the graphical FTP tool "GFTP" after version 2.0.7 also supports "SFTP". Copy files provide some commands and shells to log in to the remote server with the "SCP" copy file SSH. It is not allowed to copy files by default, but it is still a "scp" command. Assume that you want to copy a file named "DUMB" in the current directory of the local computer to your home directory on your home directory at www.foobar.com. And your account name on the remote server is "bilbo". You can use this command: scp dumb bilbo@www.foobar.com :. Copy the file back to use this command: SCP bilbo@www.foobar.com: Dumb. "SCP" calls SSH to log in, then copy the file, finally call SSH Close this connection. If you have made this configuration for www.foobar.com in your "~ / .ssh / config" file: Host * FBC HofTP "also supports" sftp ". Copy file provides some SSH with" SCP "copy file SSH Command and shell are used to log in to the remote server. It is not allowed to copy files by default, but it is also a "scp" command. Assume that you want to copy a file name "Dumb" in the current directory of the local computer. The remote server www.foobar.com is on your home directory. And your account name "Bilbo" on the remote server. You can use this command: scp dumb bilbo@www.foobar.com :. Copy the file back to this Command: SCP BILBO@www.foobar.com: Dumb. "SCP" calls SSH to log in, then copy the file, and finally call SSH to close this connection. If you have www in your "~ / .ssh / config" file. Foobar.com made this configuration: Host * fbc hostname www.foobar.com User Bilbo Forwardagent Yes You can use "FBC" to replace "bilbo@www.foobar.com", the command is simplified to "SCP DUMB FBC :. "" SCP "assumes that your home directory on the remote host is your work directory. If you use the relative directory, you will be relatively directories. Use the" -r "parameters of the" SCP "command to copy the directory "SCP" can also copy files between two different remote hosts. Sometimes you may try to do this: After logging in to www.foobar.com, enter the command "SCAL Machine]: "Want to use it to copy local" DUMB "files on the remote server you are currently logged in. At this time you will see the following error message: ssh: secure connection to [local machine] refused, this The error message is a TNAME www.foobar.com user bilbo forwardagent yes. Then you can use "FBC" to replace "bilbo@www.foobar.com", the command is simplified to "SCP DUMB FBC:". "SCP" assumes Your home directory on the remote host is your work directory. If you use the relative directory, you will be relatively directories. Use the "-r" parameter of the "SCP" command to allow recursive copying directory.
"SCP" can also be copied between two different remote hosts. Sometimes you can try to make such a thing: After logging in to www.foobar.com, enter the command "SCL Machine]: Dumb." Want to use it to copy the local "DUMB" file to your current login Remote server. At this time, you will see the following error message: ssh: secure connection to [local machine] REFUSED This error message is because you run a remote "SCP" command, it tries to log in to your local computer The SSH service program running ... so it is best to run "SCP" locally unless your local computer runs the SSH service. Use "SFTP" copy file If you are used to copy files using FTP, you can try "SFTP". "SFTP" establishes a secure FTP connection channel with SSH encryption, allowing the standard FTP command. There is also an advantage that "sftp" allows you to run remote% of the remote% of the remote% of the "EXEC" command, it tries to log in to the SSH service program running on your local computer ... so It is best to run "SCP" locally unless your local computer also runs the SSH service. Use "SFTP" copy file If you are used to copy files in the way, you can use "sftp". "SFTP" to establish SSH encryption A secure FTP connection channel allows you to use standard ftp commands. There is also a good thing to "sftp" allows you to run remote programs through the "EXEC" command. From version 2.0.7, the graphical FTP client software "GFTP" Support "sftp". If the remote server does not install SFTP server software "sftpserv", you can copy "sftpserv" to your remote home directory (or set the path to the $ PATH environment variable in the remote computer. "SFTP" will automatically activate this service software, you don't have to have any special permissions on the remote server. Use "rsync" copy file "rsync" is a useful for copying, updating, and moving remote and local files. The tool is easy to use "-e ssh" parameters and SSH. One advantage of "Rsync" is that all files will not be copied, and only the local directory and the remote directory are different files. And it After changing 5 auxin 4 ?.0.7, the graphical FTP customer software "GFTP" supports "sftp". If the remote server does not install the SFTP server software "sftpserv", you can copy "sftpserv" to copy "SFTPSERV". Go to your remote home directory (or the path set in the $ PATH environment variable of the remote computer). "SFTP" will automatically activate this service software, you don't have to have any special permissions on the remote server. Use "rsync "Copy file" RSYNC "is a useful tool for copying, updating, and moving remote and local files, easy to use" -e ssh "parameters and SSH. One advantage of" rsync "is that Will copy all files, only copy files in the local directory and remote directory. And it also uses a very efficient compression algorithm, so the speed is very fast. Use "Encrypted Channel" FTP copy file If you insist To use traditional FTP client software .SSH can provide "secure channels" for almost all protocols. FTP is a strange protocol (such as two ports) and different service programs and service programs, customer programs and There are still some differences between the client program. The method of implementing "encrypted channel" is to use "port forwarding". You can put a local port that is not used (usually greater than 1000) ) Set to forward to a remote server, then just connect this port on the local computer. Is it a little complex? In fact, a basic idea is to forward a port, let SSH use a very efficient compression algorithm in 9, so the speed is very fast. Use "Encrypted Channel" FTP Copy File If you insist on using traditional FTP client software.
SSH can provide "secure channels" for almost all protocols. FTP is a little strange agreement (such as two ports) and there are some differences between client programs and client programs between different service programs and servers. The method of implementing "encrypted channel" is to use "port forwarding". You can set an unused local port (usually greater than 1000) to forward to a remote server, then just connect this port on the local computer. Is it a little complex? In fact, a basic idea is to forward a port, let SS have run in the background, with the following command: ssh [user @ remote host] -f -1 1234: [Remote Host]: 21 TAIL -F / ETC / MOTD followed FTP customers, set it to the specified port: LFTP -U [username] -p 1234 localhost, of course, use this method is very troublesome and it is easy to make mistakes. So it is best to use the first three methods. Setting the "Encrypted Channel" "Encrypted Channel" "Encrypted Channel" The "Encrypted Channel" of the "Encrypted Channel" is implemented by "Port Forward". You can establish a "encrypted channel" between a local port (not used) and ports of a service running on the remote server. Then connect to the local port. All requests for local ports are encrypted by SSH and forward to the port of the remote server. Of course, when only the SSH server software is running on the remote server? The background is running, with the following command: ssh [user @ remote host] -f -1 1234: [Remote Host]: 21 TAIL -F / ETC / MOTD then runs FTP customers , Set it to the specified port: LFTP -U [username] -p 1234 localhost, of course, use this method is very troublesome and it is easy to make mistakes. So it is best to use the first three methods. Setting the "Encrypted Channel" "Encrypted Channel" "Encrypted Channel" The "Encrypted Channel" of the "Encrypted Channel" is implemented by "Port Forward". You can establish a "encrypted channel" between a local port (not used) and ports of a service running on the remote server. Then connect to the local port. All requests for local ports are encrypted by SSH and forward to the port of the remote server. Of course, only "Encrypted Channel" can work when running the SSH server software on the remote server. You can use the following command to check if some remote servers run SSH service: telnet [Full Name of Remote Host] 22 If you receive this error message: telnet: unable to connect to remove host: connection refuse, indicating that there is no SSH service on the remote server software. Port Forward use such command syntax: ssh -f [username @ remote host] -l [local port]: [Full Name of Remote Host]: [Remote Port] [some command] You can not only forward multiple ports and can "~ / .Ssh / config" file is used to use some forwarded ports that are often used in "LocalWard". Plus "Encrypted Channel" for POP You can use the POP protocol to take Email from the server. Plus "Encrypted Channel" for POP can prevent POP from being listened by the Network Listener (Sniffer). Another benefit is SSH? "Encrypted Channel" to work. You can use the following command to check if some remote servers run SSH service: telnet [Full Name of Remote Host] 22 If you receive this error message: telnet: unable to connect to remove host: connection refuse, indicating that there is no SSH service on the remote server software.
Port Forward use such command syntax: ssh -f [username @ remote host] -l [local port]: [Full Name of Remote Host]: [Remote Port] [some command] You can not only forward multiple ports and can "~ / .Ssh / config" file is used to use some forwarded ports that are often used in "LocalWard". Plus "Encrypted Channel" for POP You can use the POP protocol to take Email from the server. Plus "Encrypted Channel" for POP can prevent POP from being listened by the Network Listener (Sniffer). Another advantage is that the compression method of SSH can make the email faster. Assume that you have a POP account on pop.foobar.com, your username is "Bilbo" your POP password is "TOPSecret". The command used to establish SSH "encrypted channel" is: ssh -f -c bilbo@pop.foobar.com -l 1234: pop.foobar.com: 110 SLEEP 5 (if you want to test, you can add "Sleep" To 500). After running this command, you will prompt you to enter the POP password: bilbo@pop.foobar.com/'s password: Enter the password to connect to the local forwarding port. Telnet Localhost 1234 You will receive a "Ready" message from the remote mail server. Of course, this method requires you to manually enter all POP commands, which is very inconvenient. You can use Fetchmail (refer to How To Configure Fetchmail). Secure Pop Via Ssh Mini-HOWTO, Man Fetchmail and in "/ usr / doc / fetchmail- [...]" Total 5 difficult to take a hanket 匀 匀 涞 臁 臁 臁 臁 臁 臁 臁 臁 There is a POP account, your username is "Bilbo" your POP password is "TOPSecret". The command used to establish SSH "encrypted channel" is: ssh -f -c bilbo@pop.foobar.com -l 1234: pop.foobar.com: 110 SLEEP 5 (if you want to test, you can add "Sleep" To 500). After running this command, you will prompt you to enter the POP password: bilbo@pop.foobar.com/'s password: Enter the password to connect to the local forwarding port. Telnet Localhost 1234 You will receive a "Ready" message from the remote mail server. Of course, this method requires you to manually enter all POP commands, which is very inconvenient. You can use Fetchmail (refer to How To Configure Fetchmail). Secure Pop Via SSH Mini-HOWTO, Man Fetchmail and FAQ in Fetchmail under the "/ usr / doc / fetchmail- [...] directory provide some specific examples. Note that the IMAP protocol is used by different ports: the port number of the IMAP V2 is 143 and the port number of the IMAP V3 is 220. Plus "Encrypted Channel" If you intend to run the X program on the remote SSH server on your local computer, log in to the remote computer, create a file called "~ / .ssh / environment" and add this One line: xauthority = / home / [remote user name] /. XAUTHORITY (if the FETCHMAIL's FAQ in your home is not available in the remote host, Fetchmail FAQ provides some specific examples.
