May 24, 2021 That's what Linux should learn
Secure Shell is a protocol that provides remote login in a secure manner and is currently the preferred way to remotely manage Linux systems. P reviously, FTP or Telnet was generally used for remote logins. But because they transmit account passwords and data information over the network in clear text, they are inseconcable and vulnerable to a middleman attack by hackers, who tamper with the transmitted data and grab the server's account password directly.
To use the SSH protocol to remotely manage Linux systems, you need to deploy a configuration sshd service program. sshd is a remote management service program based on the SSH protocol that is easy to use and provides two methods of security verification:
Password-based authentication - using account and password to verify login;
Key-based authentication - It is more secure to generate a key pair locally and then upload the public key in the key pair to the server and compare it to the public key in the server.
The previous article has repeatedly emphasized that "everything in a Linux system is a file", so modifying the operating parameters of a service program in a Linux system is actually the process of modifying the program profile. T he configuration information for the sshd service is saved in the /etc/ssh/sshd_config file. O perations personnel typically refer to files that hold the most important configuration information as the primary configuration file, which has many comment lines that begin with a hashtag, which needs to be removed after modifying the parameters for these configuration parameters to take effect. The important parameters contained in the sshd service profile are shown in Table 9-1.
The parameters and effects contained in the Table 9-1 sshd service profile
Parameter Port 22 The default sshd service port ListenAddress 0.0.0.0 sets the IP address of the sshd server to listen to Protocol 2 SSH protocol version number HostKey /tc/ssh/ssh_host_key SSH protocol version 1, where the DES private key is stored HostKey /etc/ssh/ssh_host_rsa_key SS When the H protocol version is 2, the location where the RSA private key is stored HostKey/etc/ssh/ssh_host_dsa_key SSH protocol is 2, the location where the DSA private key is stored, PermitRootLogin yes, sets whether the root administrator is allowed to log directly into StrictModes yes when the remote user's private key changes and directly refuses to connect to MaxAuthTries 6 MaxSsions 10 maximum password attempts T he maximum number of terminals PasswordAuthentication yes allows password verification PermitEmptyPaswords no to allow an empty password to log on (very inseconvently) In the RHEL 7 system, the sshd service program has been installed and enabled by default. T he next remote connection is made using the ssh command, in the format of "ssh (parameter) host IP address". To log out, execute the exit command.
[root@linuxprobe ~]# ssh 192.168.10.10 The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established. E CDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f. A re you sure you want to continue connecting (yes/no)? y es Warning: Permanently added '192.168.10.10' (ECDSA) to the list of known hosts. r [email protected]'s password: Enter the password of the remote host root administrator here Last login: Wed Apr 15 15:54:21 2017 from 192.168.10.10 ( root@linuxprobe . root@linuxprobe . I f you prevent remote login to the server as a root administrator, you can significantly reduce the chance of being bruted by hackers. C onfigure accordingly below. F irst use the Vim text editor to open the main profile of the sshd service, then remove the hashtag before the 48th line, the PermitRootLogin yes parameter, and change the parameter value yes to no, so that the root administrator is no longer allowed to log in remotely. Remember to save the file last and exit.
[root@linuxprobe ~]# vim /etc/ssh/sshd_config .................. O mit some of the output information... 4 6 47 #LoginGraceTime 2m 48 PermitRootLogin no 49 #StrictModes yes 50 #MaxAuthTries 6 51 #MaxSessions 10 52 .................. O mit some of the output information... A gain, the typical service program does not get the latest parameters immediately after the profile is modified. I f you want the new profile to take effect, you'll need to manually restart the service program. It is a good idea to also add this service program to the boot item so that the service program will run automatically the next time the system starts, continuing to provide services to the user.
Root@linuxprobe systemctl restart sshd root@linuxprobe sshd sshd sshd so that when the root administrator tries to access the sshd service program again, the system will prompt for inalienable error messages. A lthough the parameters of the sshd service program are relatively simple, this is the correct way to configure the service program in a Linux system. What we have to do is to take one back three, live learning to use, so that even if later encountered strange services, but also can be done.
root@linuxprobe ssh 192.168.10.10 [email protected]'s password: enter the password of the remote host root user Permission denied, try please again.