First, the SSH client SSH Secure Shell connection method 1, the operating environment Windows Install the SSH client, the name is SSHSecureShellClient-3.2.9.exe, you can go to http://www.ssh.com/ download, of course, In Server, we do not recommend that you use a lot of OpenSsh, we use http://www.ssh.com/ for UNIX / Linux Server end, now the latest version is SSH-3.2.9-1.i386. RPM (if you are AIX or Solaris, you have different versions, here is RHCE3 as an example). Determine that all the default OpenSSH of the UNIX class host uninstalls the SSH-3.2.9-1.i386.rpm. 2, why do you want a public private key authentication method (connected to the host does not enter your password) We need to know that the publick key refers to the public key, and the private key refers to a private key. The process of authentication is such that public key encrypts data and can only be used for encryption, and Private Key can only decrypt data encrypted by the matching public key. We put the public key in the appropriate location of the remote system and then start SSH connections from the local. At this time, the remote SSHD generates a random number and is encrypted with the public key we generate, and the local key will be decrypted with the private key and send this random number back to the remote system. Finally, the SSHD of the remote system will conclude - we have matching private keys allow us to log in. It's that simple! 3. Look for the SSH-KeyGen2.exe file under this unit, which is a file that generates a key, my in C: / Program Files / SSH Communications Security / SSH Secure Shell, execute this file under DOS Method is C: / Program Files / SSH Communications Security / SSH Secure Shell> SSH-KEYGEN2 -T RSA I use the RSA key, the default is 2048 bits, enough for us, you can also use the DSA mode key. I will not explain the system automatically generate key pairs, default in the c: / documents and settings / xxx / application data / ssh / userkeys directory, where xxx is the account used when you execute the program, the default name is ID_RSA_2048_A and ID_RSA_2048_A.pub, and the latter is the public key we want to transmit to the server. (Generate the key pair, let you enter a password, because we don't enter the password directly to log in to the server, so you will enter the bus directly, but if you want more secure, it is recommended that you also enter your password here.) 4, Use the SSH client to log in from this machine to the remote UNIX class server. We also log in to the remote Unix server according to the previous method. After logging in, we will be in the user directory, you can see your user directory path. For example, I / Home / Test, so well, we build a .ssh2 folder, build a file inside, authorization, the content is as follows: key id_rsa_2048_a.pub then upload the ID_RSA_2048_A.PUB on your Windows client Go to the SSH client under the Unix server. SSH2 folder, turn off the SSH client.
5, use the SSH client key authentication status to log in to restart the SSH client, select the public key method in the login authentication status bar, log in to the server you just put in iD_rsa_2048_a.pub, you will find that you will go back soon, No password is limited. At this time, use public-private key certification and password certification, there is no need to reach our request, then we will modify the / etc / ssh2 / sshd2_config file on the UNIX class server to delete the following three lines, the following three lines are Modifying the readyDAuthentications Publickey AllowedAuthentications HostBased, Publickey RequiredAuthentications Publickey This is the following dialog box when you use a password to log in again! !
Chapter 2 SSH Client PuTTY connection method 1, running the SSH client installed under Windows, the name is PUTTY-0.56-Installer.exe, you can download: http://www.chiark.greenend.org .uk / ~ sgtatham / putty / download.html, this installation package is a collection of all tools, in fact, if you only use it as a connection, you can only put on Putty0.56.exe. But we must install the entire package because of your key pair. 2. Generate the key to generate a key with the PUTTY set of the key process in this unit. The type of the key selection SSH2 RSA. The number of bits of the key is selected 2048, then click "Generator", and the key generation is of course several options. If you have more than a key, you can comment on the "Key Comment" to distinguish other Key. "Key Passphrase" and "Confirm Passphrase" are used to encrypt KEY on the hard disk. If you use your own machine, you can feel safe and secure, you can make them empty. Then save two keys, save it by default, then the public key you can specify the file name, the private key default file extension is .ppk. Here we name it is Test.ppk, and the public key We save to Test.pub, you need to pay attention, if you use the PUTTY connection, the private key extension must be .ppk, and you can also put this .ppk's private The key is saved as the private key for the SSH Secure Shell format and the OpenSSH format cognitive, which provides a great help between the two UNIX class hosts. (Let's give you two UNIX class hosts through public private key authentication methods) 4. Log in to the remote UNIX class server with PUTTY. We also log in to the remote UNIX class server on the remote UNIX server. After landing, we will be in the user directory, you can see your user directory path, such as mine is / home / test, so well, we build a .ssh2 folder, build a file inside, Authorization, the content is as follows: Key Test.pub then uploading the Test.pub on your Windows client to you just established on the UNIX class server, turn off the PUTTY. This upload command you can use PUT and download it with GET. Your channel can be created with PSFTP, which is also in the PUTTY component. 5, use the SSH client key authentication status to log in to restart the PUTTY, create a session named TEST, set the remote IP you want to log in, the protocol is set to SSH, the Connection is set in the auth option of SSH, will Private Key The file is selected for the key TEST.PPK generated by PUTTYGEN. Click Open, ask for username, we entered the user name Remote system start public key authentication, if the key has PASSPHRASE, you need to enter, otherwise you will log in.
At this time, use public-private key certification and password certification, there is no need to reach our request, then we will modify the / etc / ssh2 / sshd2_config file on the UNIX class server to delete the following three lines, the following three lines are Modifying the readyDAuthentications Publickey AllowedAuthentications HostBased, Publickey RequiredAuthentications Publickey This is the following dialog box when you use a password to log in again! ! Chapter III SSH Server Directions 1, Environment: Because we choose the SSH server is http://www.ssh.com's SSH Secure Shell for UNIX product, so we mainly introduce the installation process of this type of SSH server. (SSH has two versions, we now introduce version 2; OpenSSH does not introduce, everyone is interested, you can refer to the online article) 2, compile and install our previous introduction, the latest version of the SSH Server For UNIX class Is SSH-3.2.9-1, I suggest that everyone can use the official TAR package, of course, if you are not familiar with the compilation process, it is also possible to use RPM. If you install with RPM, please download SSH-3.2.9-1.i386.rpm first, you can go to the following address: http://ftp.ssh.com/priv/secureShell/329wks srv-lt49ldrk/linux/ssh -3.2.9-1.I386.RPM Please use administrator privilege when installing # rpm -ivh ssh-3.2.9-1.i386.rpm If it is the upgrade installation that parameter uses -UVH and 3.2.9-1 TAR The package can be downloaded by http://downloads.planetmirror.com/pub/ssh/ssh-3.2.9.1.tar.gz. Administrator privileges are also used: # tar xzvf ssh-3.2.9.1.tar.gz # cd ssh-3.2.9.1 # ./configure (here we want to explain, some documents write If you want to use TCP_WrapPers to control SSH Then add option "--with-libwrap = / path / to / libwrap /" when configure, is used to tell SSH about libwrap.a and tcpd.h, but SSH above 3.2.0 has no need So troublesome, they have built-in control of access to access rights.) # Make; make install; make clean ends the installation. 3, simple configuration SSH Server Whether you are installing SSH Server installed with rpm or tar, its configuration file is in / etc / ssh2 / sshd2_config, do not need to configure it after installation, but if your 22-port is installed SSH Server Before you have been occupied by other programs, you need to simply configure this file, perform VI / ETC / SSH2 / SSHD2_CONFIG, find 27 lines, port 22, and change 22 to other ports.
