Home  >  Article  >  Operation and Maintenance  >  Detailed explanation of CentOS SSH installation and configuration

Detailed explanation of CentOS SSH installation and configuration

藏色散人
藏色散人forward
2020-11-13 15:14:139289browse

The following column centos tutorial will introduce CentOS SSH installation and configuration to you. I hope it will be helpful to friends in need!

CentOS SSH installation and configuration

SSH is the abbreviation of Secure Shell, formulated by the IETF Network Working Group; SSH is built on the application layer and security protocols based on the transport layer.

Traditional network service programs, such as FTP, POP and Telnet, are inherently unsafe; because they transmit data, user accounts and user passwords in plain text on the network, they are easily vulnerable to man-in-the-middle (man- in-the-middle) attack. It means that there is another person or machine pretending to be a real server to receive the data sent by the user to the server, and then pretending to be the user to send the data to the real server.

SSH is currently a more reliable protocol designed to provide security for remote login sessions and other network services. Using the SSH protocol can effectively prevent information leakage during remote management. All transmitted data can be encrypted through SSH, and DNS spoofing and IP spoofing can also be prevented.

Install SSH:

yum install ssh

Start SSH:

service sshd start

Set up to run on boot:

chkconfig sshd on

Generally, CentOS has OpenSSH installed by default, even if you minimize it The same goes for installation.

SSH configuration:

1. Modify vi /etc/ssh/sshd_config, remove the parameter comments to be modified according to the template and modify the parameter value:

Port 22 specifies SSH connection Port number, it is not recommended to use the default port 22 for security reasons

Protocol 2,1 allows SSH1 and SSH2 connections, it is recommended to set it to Protocol 2

Other parameters can be adjusted according to your own needs. For details on the configuration method, see: man ssh_config

2. Modify hosts.deny and add a line at the end:

sshd:All

3. Modify hosts.allow and add a line at the end:

sshd:All

If you want to install an IP that can restrict access, set it as follows:

sshd:192.168.0.101
sshd:192.168.0.102

The above configuration means that only servers 101 and 102 are allowed to make SSH connections

4. Start SSH

/etc/init.d/sshd start

At this point SSH can be connected

Enter the connection IP

Configure related parameters

Select utf-8 to support Chinese display

Automatically enter the login user root

After entering the user name, you can connect to the server

But currently our SSH connection still requires a password. The following will introduce how to use a key to connect, eliminating the trouble of entering a password:

1. Produce the key on the managed machine

[root@localhost ~]# mkdir /root/.ssh
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):   ##直接回车默认路径
Enter passphrase (empty for no passphrase):                ##输入密码短语
Enter same passphrase again:                               ##重复密码短语
Your identification has been saved in /root/.ssh/id_rsa.   ##如果在这里报错是因为SeLinux引起的按照Policy:yum install selinux-policy
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:76:71:1e:51:fe:3b:4c:51:30:b2:90:55:e9:58:7c root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|        .ooo+o   |
|        ...o+.E  |
|         o.+ o   |
|        . o o    |
|        S. . .   |
|      ..o   o    |
|      .+ . o .   |
|    ... .   +    |
|   ...       .   |
+-----------------+

2. Produce the key for putty

Open puttygen. If you don’t have this program, you can download it from the putty official website.

The following picture will appear after clicking the Generate button. Keep moving the mouse in the red box until the key generation is completed

The big red box above is the public key we generated. This public key is used to place on the managed server, and the private key is placed on your own machine.

Key comment is a remark information. If it is an enterprise environment, there will be many public keys on one machine. In order to identify them, a comment will generally be defined according to each person's own.

You can use your email or work ID, enter Key comment to copy the public key first, and click Saved public Key and Saved Private Key to save the two keys

Then open the key agent tool pageant. exe (can also be downloaded from putty's official website), using pageant.exe has a great advantage. If you also need to use other tools of putty, then they can share the key verification without having to set the key repeatedly.

Right-click the pageant.exe icon on the taskbar and select view keys to open the following window.

Click Add key to add the private key you just saved.

3. Managed machine key deployment

Copy the id_rsa.pub just produced on the managed machine into authrized.keys

[root@localhost .ssh]# cp id_rsa.pub authrized.keys[root@localhost .ssh]# chmod 600 authrized.keys      ##这一步是必须的,否则连接不上

Modify vi /root/.ssh/ authrized.keys Delete the original key and add the key produced by puttygen.exe (that is, the public key copied earlier)

sh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAh+gDpVSNIwBHZvmHS240AoueNHIgDHhczQ/fhiN/IdAQVdh7Ovw2pnJ4sd6so0kqCizsU7FOu2rvaK7vHC3QrrYmeqn94V595pYGLnMCbtEd7ONew47TU8wjtdldbc7liEmkTVIdkCbbrzQa372/u2LSjkldu2BUiXkevlnGNUc= hellwen.wu~~~~

Save and exit.

4. Open putty to log in

Pay attention to the red part in the picture above. If you often connect to this machine, it is recommended to enter the IP and configure it, then enter the identification name in Saved Sessions and click Save button so that the server's connection configuration is permanently retained in the list box.

The above is the detailed content of Detailed explanation of CentOS SSH installation and configuration. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete