SSH Introduction and Configuration Using SSH Landing Remote Host
SSH Introduction and Configuration Use SSH Landing Remote Host Original: Harbon Rain September 6, 2004 1. What is SSH traditional web service procedures, such as: FTP, POP and Telnet are inherently unsafe, because they are in the network Use a clear text to transfer passwords and data, and those who have careless people can intercept these passwords and data. Moreover, the security verification method of these servles has its weakness, which is very susceptible to attacks of "man-in-middle). The so-called "middleman" attack is the "middleman" posing as a real server to receive data you pass to the server, and then pretend that you will pass the data to the real server. The server and the data transfer between you are made after the "intermediary" turned hands and feet, and there will be a serious problem. Once upon a time, a Finnish programmer named TATU YL? NEN has developed a network protocol and service software called SSH (SECURE SHELL abbreviation). By using SSH, you can encrypt all transferred data, which is impossible to achieve this kind of attack mode, and also prevent DNS and IP spoofing. There is also an additional advantage that the data transmitted is compressed, so the speed of the transmission can be accelerated. SSH has a lot of features, although many people use the Secure Shell as a telnet alternative, but you can use it to protect your network connection. You can forward other network communications, such as POP, X, PPP, and FTP via Secure Shell on a local or remote system, such as POP, X, PPP, and FTP. You can also forward other types of network communications, including CVS and any other TCP communication. In addition, you can use the Secure Shell with TCP to enhance the security of the connection. In addition, the Secure Shell also has some other convenient functions that can be used in applications such as Oracle, or it can be used for remote backups and additional authentication like a Securid card. 2.SSH's working mechanism SSH is divided into two parts: the client part and the server part. The server is a daemon (Demon) that runs in the background and responds to the connection request from the client. The server is generally the SSHD process, providing processing for remote connections, generally including public key authentication, key exchange, symmetric key encryption, and non-secure connections. The client contains SSH programs and other applications such as SCP (remote copy), Slogin, SFTP (secure file transfer). Their working mechanism is roughly a local client sends a connection request to the remote server, the server checks the package and the IP address to send the key to the client of SSH, and send the key back to the server, Established since this connection. The rough process of just SSH connections just now, SSH 1.x and SSH 2.x have some differences in the connection protocol. SSH is designed to be based on your own basis, which is unfavorable with the super server (inetd), although it can run the SSH process through TCPD on inetd, but this is not necessary. After starting the SSH server, SSHD runs and listens on the default 22 port (you can use # ps -waux | grep sshd to see if SSHD has been properly running) If you are not started through inetd, then SSH will Always wait for the connection request. When the request arrives, the SSH daemon generates a child process, the child process performs this connection process. But because of the restrictions of copyright and encryption algorithms, many people now turn to use OpenSSH. OpenSSH is an alternative software for SSH, free, SSH is composed of software and server software, and two incompatible versions are: 1.x and 2.x.
Use SSH 2.x clients that cannot be connected to a service program that is SSH 1.x. OpenSSH 2.x supports SSH 1.x and 2.x.x. 3. Installation Use OpenSSH Here, it is primarily based on FreeBSD-based OpenSSH configuration, other UNIX and derived systems use OpenSSH approximately the same FreeBSD integrated OpenSsh, and there is no OpenSsh in many Linux issues. However, you can download and install OpenSsh from the network, he is completely free. (You can access the home page of OpenSS http://www.openssh.org) Generating a key to generate a key pair using SSH-KEYGEN, such as using a DSA encryption algorithm to generate a 4096bit key pair You can enter the following command (specific parameters) See Man SSH-KEYGEN:
# ssh-keygen -b 4096 -t dsa% ssh-keygen -b 4096 -t dsagenerating public / private dsa key pair.enter file in which to save the key (/Home/fdy84/.ssh/id_dsa): (Key For the path to the path, the brackets are default) CREATED DIRECTORY '/HOME/FDY84/.SSH'.Ter Passphrase (input password) ENTER SAME PASSPHRASE AGAIN: (enter the password again, don't forget Otherwise, only from the newly generated key) Your Identification Has Been Saved IN /HOME/fdy84/.ssh/id_dsa. (Your private key) Your public key HAS been saved in /Home/fdy84/.ssh/id_dsa.pub. (Your public key) The key fingerprint IS: BB: 1B: F5: 1C: 77: 62: 90: 21: 59: 7E: C6: 65: E5: 24: C6: E5 fdy84 @ FreeBSD key distribution Just A pair of keys, put the private key in the ~ / .ssh / directory of the private key and guarantee access to "-rw ------" (ie 600). Then put the generated public key in the ~ / .ssh / directory of the remote host to be connected and renamed Authorized_Keys, and guarantee that the file is not modified by the owner. 4. Configuring the SSH Configuration Services Start SSH Services is simple to run
# sshd is OK. Or add SSHD_ENABLE = "YES" in /etc/rc.conf to automatically run the SSH server at each startup. The configuration file used by the SSH server is "/ etc / ssh / sshd_config", and the OpenSSH1.x and 2.x server configuration files are this file. Configuring client clients to connect to remote servers only need to enter #sssh domain names (or IP), such as a remote server that you want to connect to the IP address of 192.168.0.6 as FDY84 users.
