sshd service
1. Introduction to sshd
sshd= secure shell
A service that can boot the shell in the host through the network
Client software < c-f9 >
sshd
Connection mode:
ssh username@ip ##Links to text patterns ssh -X username@ip ##You can turn on the graphics after the link is successful
Note:
The first time to link a strange host is to establish an authentication file
So you will be asked if you want to establish it. You need to tree it into yes
When you link this host, you do not need to enter yes again because the ~ /. SSH / know_hostsfile has been generated
Remote replication:
scp file root@ip:dir ##upload scp root@ip:file dir ##download
2. key authentication of sshd
1. Generate authentication KEY
# ssh-keygen ##Command to generate key Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): ##Specifies the file to save encrypted characters (use default) Enter passphrase (empty for no passphrase): ##Set password (use empty password) Enter same passphrase again: ##Confirm password Your identification has been saved in "/root/.ssh/id_rsa". ##Private key (key) Your public key has been saved in "/root/.ssh/id_rsa.pub". ##Public key (lock) The key fingerprint is: 86:61:e4:f1:6e:51:3a:4b:d7:3c:1b:2f:e8:3f:b0:5d root@server.example.com The key's randomart image is: +--[ RSA 2048]----+ | o . | | o o o o | | + * . = | | . = = . = | | . S . o . | | o .. .E | | .+ . | | ..o | | .. | +-----------------+
2. Encryption service
#ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.200 ##Encrypted sshd service The authenticity of host '172.25.254.200 (172.25.254.200)' can't be established. ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@172.25.254.200's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@172.25.254.200'" and check to make sure that only the key(s) you wanted were added.
ls open the folder of encryption configuration
authorized_keys id_rsa id_rsa.pub known_hosts
^
This file appears to indicate encryption is complete3. Distribute the key
scp /root/.ssh/id_rsa root@172.25.254.100:/root/.ssh/
4. Test
In the client host (172.25.254.100)
ssh root@172.25.254.200 ##When connecting, it is found that direct login does not require password authentication of root login system. Here ip is the ip of the virtual machine you set
3. Security setting of sshd
78 PasswordAuthentication yes|no ##Whether to allow users to authenticate sshd through the password of login system 48 PermitRootLogin yes|no ##Whether to allow root user to pass the authentication of sshd service 52 Allowusers student westos ##Set the user whitelist. By default, users in the whitelist will not be able to use sshd 53 Denyusers westos ##Set the user blacklist. The users in the blacklist can use sshd by default
4. Add sshd login information
vim /etc/motd ##File content is the information displayed after login
5. Login audit of users
1. View the users who are using the current system. You can use w
w -f ##View source of use w -i ##Show IP
The configuration file for this command is in / var/run/utmp (
2. View the used and exited user information using last
The configuration file of the command is in / var/log/wtmp
3. View the users who tried to log in but failed to use lastb
The configuration file is in / var/log/btmp