当前位置：网站首页>Introduction of SSH

Introduction of SSH

2022-08-06 05:14:00 【Dynamic shuang, refactoring crematorium】

Installation and basic usage

The installation client can be installed by the following command

# ubuntu debianapt-get install openssh-client#centos fedoradnf install openssh-clients

General connection usage is ssh [email protected]

-p port : specify the ssh port, the default is 22-N : Indicates that the SSH established by port forwarding is only used for port forwarding, and cannot execute remote commands

Connection Process

For the first connection, the remote server public key hash value will be stored on the client side
Specifically stored in the ~/.ssh/known_hosts file
If the server public key hash changes, it will be inconsistent with the storage.In this case, you can delete the public key corresponding to the hostname through ssh-keygen -R hostname, of course, you can also delete it manually in the file

Configuration

Configuration file location

~/.ssh/id_rsa: RSA private key for SSH protocol version 2.
~/.ssh/id_rsa.pub: RSA public key for SSH protocol version 2.
~/.ssh/config: User's personal ssh configuration file
/etc/ssh/ssh_config: global ssh configuration file
~/.ssh/identity: RSA private key for SSH protocol version 1.
~/.ssh/identity.pub: RSA public key for SSH protocol version 1.
~/.ssh/known_hosts: Contains the public key fingerprint of the SSH server.
~/.ssh/id_ecdsa: user's ECDSA private key
~/.ssh/id_ecdsa.pub: user's ECDSA public key

SSH configuration

The
syntax is a configuration command followed by a value.It can be followed by a space or equal to

# Configure username and password# For example, for host remoter.comHost remoteSSHHostName remoter.comUser rootPort 2222# Then ssh remote SSH is equivalent to ssh -p 2222 [email protected]

Key login

The ssh key login process is as follows

The client generates public and private keys through ssh-keygen
Put the client public key into the ~/.ssh/authorized_keys
The client initiates an SSH login request to the server
After the server receives the request, it will send random data to the user, asking for proof of identity
The client receives the data from the server, signs the data with the private key, and sends it to the server
After the server receives the encrypted signature, it decrypts it with the public key, and if it is consistent, the user is allowed to log in

ssh-keygen

# Generatessh-keygen# removessh-keygen -R example.com

Port Forwarding

Native port forwarding

Forward the access request to the designated port X of local machine A to the Y port of host B

ssh -L [access address] local port X: remote host B: remote host B port

Remote Port Forwarding

After establishing a local-to-remote SSH tunnel, enable the remote server to access the local machine

ssh -R remote port: remote server IP: remote server port

For example, if host A runs a virtual machine, then host B under the same local area network can execute the following command on host A to achieve port 1234 through host B

ssh -R host A port: virtual machine a IP: virtual machine a port host B [email protected] B IP

Dynamic forwarding

The local machine has established an encrypted connection with the remote SSH server, and the access to a certain port of the local machine is forwarded through this encrypted connection

ssh -D localhost A port X remote SSH server

For example, if the local port 2121 is connected to the remote SSH server remoteSSHHost, the dynamic forwarding command is as follows

ssh -D 2121 remoteSSHHost# User access request.Specify the local port 2121 of the sock5 protocol to access www.example.comcurl -x sock5://localhost:2121 http://www.example.com

Server

The ssh server can be installed with the following command

# Debian$ sudo aptitude install openssh-server#Red Hat$ sudo yum install openssh-server

The configuration file of sshd is in the /etc/ssh directory, the main configuration file is sshd_config, and there are also some keys generated during installation.

/etc/ssh/sshd_config: Configuration file
/etc/ssh/ssh_host_ecdsa_key: ECDSA private key.
/etc/ssh/ssh_host_ecdsa_key.pub: ECDSA public key.
/etc/ssh/ssh_host_key: RSA private key for SSH 1 protocol version.
/etc/ssh/ssh_host_key.pub: RSA public key for SSH 1 protocol version.
/etc/ssh/ssh_host_rsa_key: RSA private key for SSH 2 protocol version.
/etc/ssh/ssh_host_rsa_key.pub: RSA public key for SSH 2 protocol version.
/etc/pam.d/sshd: PAM configuration file.

sshd_config can configure many items, only some of them are described below

PasswordAuthentication whether to allow password login, the default is yes
ClientAliveCountMax specifies the number of times the server attempts to connect when the client loses response after the connection is established (ClientAliveCountMax 8)
Port represents the sshd listening port, the default is 22