Installation and use of SSH in Ubuntu environment

Installation and use of SSH in Ubuntu environment

SSH refers to Secure Shell, which is a secure transmission protocol. Ubuntu clients can access remote servers through SSH. The introduction and working mechanism of SSH can be found in the previous article [Introduction and working mechanism of SSH] (http://blog.csdn.net/netwalk/article/details/12951031).

SSH is divided into client openssh-client and openssh-server

If you just want to log in to the SSH of another machine, you only need to install openssh-client (ubuntu has a default installation, if not, sudoapt-get install openssh-client), if you want to open the SSH service on this machine, you need to install openssh-server.

1. Install Client

Ubuntu has installed ssh client by default.

sudo apt-get install ssh or sudo apt-get installopenssh-client

ssh-keygen

( Press Enter to set the default value)

Generate id_rsa and id_rsa.pub files by default, which are the private key and public key respectively.

Note: If there is an error in sudo apt-get insall ssh, you can use sudo apt-get install openssh-client to install.

Assume that the server IP is 192.168.1.1, the port number of the ssh service is 22, and a user on the server is root;

The command to log in to the server with ssh is:

ssh –p 22 [email protected]

Enter the password of the root user

**Two, install the server **

Ubuntu does not install SSH Server by default, use the following command to install:

sudo apt-get install openssh-server

Then confirm whether sshserver is started: (or use the "netstat -tlp" command)

ps -e|grep ssh

If there is only ssh-agent, then ssh-server has not been started, you need /etc/init.d/ssh start, if you see sshd, then ssh-server has been started.

If not, you can start it like this:

sudo/etc/init.d/ssh start

In fact, if there is no special requirement, OpenSSH Server is installed here. But further settings can make OpenSSH login time shorter and more secure. All this is achieved by modifying the configuration file sshd_config of openssh.

Three, SSH configuration

The ssh-server configuration file is located in /etc/ssh/sshd_config, where you can define the service port of SSH. The default port is 22. You can define other port numbers, such as 222. Then restart the SSH service:

sudo /etc/init.d/sshresart

By modifying the configuration file /etc/ssh/sshd_config, you can change the ssh login port and prohibit root login. Changing the port can prevent port scanning.

  sudo cp/etc/ssh/sshd_config /etc/ssh/sshd_config.original
  sudochmod a-w /etc/ssh/sshd_config.original

Edit the configuration file:

gedit /etc/ssh/sshd_config

Find #Port 22, remove the comment, and modify it to a five-digit port:

Port 22333

Find #PermitRootLogin yes, remove the comment and modify it to:

PermitRootLogin no

Restart after configuration:

 sudo/etc/init.d/ssh restart

**Four, SSH service command **

Stop the service: sudo /etc/init.d/ssh stop

Start the service: sudo /etc/init.d/ssh start

Restart the service: sudo /etc/init.d/sshresart

Disconnect: exit

Login: ssh[email protected]

Root is the user on the 192.168.0.100 machine and needs to enter a password.

**Five, SSH login command **

Common format: ssh [-llogin_name] [-p port] [user@]hostname

More detailed information can be viewed with ssh -h.

Example

No user specified:

ssh 192.168.0.1

Designated users:

ssh -l root 192.168.0.1
ssh [email protected]

If you have modified the ssh login port, you can:

ssh -p 22333192.168.0.111
ssh -l root -p 22333216.230.230.105
ssh -p 22333 [email protected]

Six, improve the login speed

When logging in remotely, you may find that you need to wait a long time before you are prompted to enter the password after entering the user name. In fact, this is because sshd needs to check the client's dns information. You can greatly increase the speed of login by disabling this feature. First, open the sshd_config file:

  sudo nano /etc/ssh/sshd_config

Find the section GSSAPI options and comment out the following two lines:

#GSSAPIAuthentication yes #GSSAPIDelegateCredentials no Then restart the ssh service:

  sudo /etc/init.d/ssh restart

Try logging in again, it should be very fast

Seven, use PuTTy to log in to the server through certificate authentication#

In the SSH service, all content is encrypted and transmitted, and the security is basically guaranteed. But if certificate authentication can be used, the security will be even higher, and after certain settings, the effect of automatic login by certificate authentication can also be realized.

First modify the sshd_config file and enable the certificate authentication option:

RSAAuthentication yes PubkeyAuthentication yesAuthorizedKeysFile %h/.ssh/authorized_keys After the modification is complete, restart the ssh service.

In the next step, we need to establish private and public keys for SSH users. First, log in to the account that needs to establish a key. Here, please log out of the root user. If necessary, use the su command to switch to another user. Then run:

  ssh-keygen

Here, we can store the generated key in the default directory. During the establishment process, you will be prompted to enter the passphrase, which is equivalent to adding a password to the certificate, which is also a measure to improve security, so that you are not afraid even if the certificate is accidentally copied. Of course, if this is left blank, PuTTy can automatically log in through certificate authentication later.

The ssh-keygen command will generate two keys. First, we need to rename the public key and leave it on the server:

  cd ~/.ssh mv id_rsa.pub authorized_keys

Then copy the private key id_rsa from the server and delete the id_rsa file on the server.

The settings on the server are finished, the following steps need to be done on the client computer. First, we need to convert the id_rsa file into a format supported by PuTTy. Here we need to use PuTTyGEN this tool:

Click the Load button in the PuTTyGen interface, select the id_rsa file, enter the passphrase (if any), and then click the Save PrivateKey button, so that the private key accepted by PuTTy is ready.

Open PuTTy, enter the IP address of the server in the Session, click the Browse button under Connection->SSH->Auth, and select the private key just generated. Then go back to the Connection option and enter the username of the certificate in Auto-login username. Go back to the Session tab, enter a name and click Save to save the Session. Click Open at the bottom and you should be able to log in to the server through certificate authentication. If there is a passphrase, you will be asked to enter the passphrase during the login process, otherwise you will log in directly to the server, which is very convenient.

Recommended Posts

Installation and use of SSH in Ubuntu environment
Installation and use of GDAL in Python under Ubuntu
Installation and deployment of Nginx in Ubuntu
Installation and use of Win10 subsystem Ubuntu
Installation, configuration and uninstallation of GitLab in Ubuntu19.1
Use of Anaconda in Ubuntu
Happy installation of Jenkins in ubuntu
Ubuntu 19.1 installation and configuration Chinese environment
Installation and use of Mysql under CentOS
Centos-6.5 installation and deployment of LNMP environment
Installation and uninstallation of CUDA under Ubuntu 16.04
Ubuntu18.04 Server version installation and use (graphic)
Common exceptions and solutions in the use and development of Ubuntu system
Ubuntu basic settings: introduction to the installation and use of openssh-server
Installation and configuration of JDK in CentOS 7 system
How to configure TensorFlow use environment in Ubuntu
Installation of pulseaudio and API usage under Ubuntu 12.04
Use supervisor in ubuntu
Ubuntu introduction and installation
Use Ubuntu and windows system in virtual machine
Installation and configuration of CentOS 7 in VMware Workstation
Introduction to the use of Hanlp in ubuntu
Installation and usage instructions of rz/sz command under ubuntu
Python introduction and environment installation
Ubuntu16.04 installation and simple configuration
GitLab installation and basic use
centos7 kvm installation and use
Use of mediawiki under ubuntu
CentOS7 postgresql installation and use
CentOS environment installation of Docker
Ubuntu PostgreSQL installation and configuration
ubuntu offline installation python environment
Centos7 elk7.1.1 installation and use
How to install memcache and start it in ubuntu environment
Encountered in the process of building a virtual environment in ubuntu
How to compile and install PHP and Nginx in Ubuntu environment
Ubuntu 18.04.1 build Java environment and HelloWorld
Centos7 installation and configuration of Jenkins
Use of Pandas in Python development
How to use hanlp in ubuntu
Ubuntu environment variables and ADB configuration
Use disk quota in ubuntu multi-user
Centos6.5 installation and deployment of KVM
Installation of deb package under Ubuntu
Detailed use of nmcli in CentOS8
CentOS7 installation and maintenance of Gitlab
Install and configure Docker in Ubuntu
Use of numpy in Python development
Ubuntu16.04 configuration OpenCV3.4.2 and basic use
Redis installation under ubuntu and windows
Installation instructions for gitlab in Ubuntu
Installation of Docker CE under Ubuntu
Configuration and beautification after Ubuntu installation (1)
Nginx installation and configuration load (ubuntu12.04)
Ubuntu18.04 installation Anaconda3 and VSCode guide
Coexistence of CUDA8.0 and CUDA9.0 under Ubuntu 16.04
Windows Ubuntu subsystem ssh and ftp
Detailed explanation of quick installation and configuration of Subversion (SVN) under Ubuntu
[Daily] Win10 open and install ubuntu subsystem
Installation and use of Win10 subsystem Ubuntu
Talk about | Install and use Linux system Ubuntu under Win10
Windows Ubuntu subsystem ssh and ftp
About installing node environment in Ubuntu server
Windows 10 subsystem linux install pagoda panel Ubuntu
FreeFileSync: Compare and synchronize files in Ubuntu
Ubuntu installation and deployment Redash operation notes (2020.08)