SSH Remote Control and access

1、SSH Server configuration

        （1）SSH Service description
Default port ：22
Master profile ：/etc/ssh/sshd_config
service name ：sshd
Check the port ：netstat  -anpt | grep sshd
restart ssh service ：systemctl restart sshd  （ After changing the main configuration file, be sure to restart ！）
ssh The service is on by default
 

Change the port number to 2345, Disable reverse parsing , Ban root User and empty password user login .
 

vim  /etc/ssh/sshd_config

Port 2345                        ( Modify the listening port to 2345)

UseDNS no                       ( Ban DNS Reverse DNS )

PermitRootLogin no                ( Ban root User remote login )

PermitEmptyPasswords no            ( Disable blank password login )

ListenAddress 172.16.16.22      ( The monitoring address is 172 .16.16.22)

Protocol 2                      ( Use SSH V2 agreement )

Only zhangsan user ,lisi User remote login ,lisi Users can only use 1.20 Client remote login

vim  /etc/ssh/sshd_config

    （ add to ）
AllowUsers zs [email protected]    

  Only refuse zs user ,ls User remote login , Refuse 1.20 Client login

vim  /etc/ssh/sshd_config

    （ add to ）
DenyUsers zs [email protected]    

restart ssh service

systemctl restart sshd

 2、Linux Client remote login download and upload

        （1） Separate use zs,ls,root Verify whether the user can log in remotely .

ssh -p 2345 [email protected]        （ Default port number 22 Don't have to  -p）

ssh -p 2345 [email protected]

ssh -p 2345 [email protected]

        （2） Use scp Command in 1.10 Download a file from , take 1.20 Upload your files to 1.10 On . The files are all in /tmp Next  

          Use touch Command create file

scp -P 2345 [email protected]:/tmp/222.txt  /tmp/   （ On the server /tmp/222.txt Download to local directory /tmp in ）


scp -P 2345 /tmp/333.txt  [email protected]:/tmp/   （ take /tmp/333.txt Upload the file to the server /tmp Directory ）

 3、Windows Client client remote login download and upload

          Use xshell Remote login
        （1） Verify use zs user xshell Remote login 1.10 The server

        （2） Use rz Command to upload a file to the server /usr/src Next . Use sz Command to download a file from the server

download ：
Switching users ： su    root
sz   / route / file name   （ Download the file ）

  Upload ：
Switching users ： su    root
Entry directory ：cd /usr/src 
rz   ( Upload files ）
 
 

 4、 Key pair login

         stay 1.20 Of linux Client create user tom, And log in to the system

useradd tom           （ New client tom user ）

passwd tom            （ modify tom User password ）

su tom                （ Client switching tom user ）

         Generate key pair

ssh-keygen -t ecdsa   ( Client generation tom The public and private keys of )

 The first tip ： Enter enter enter 
 Second and third tips ： Enter the key phrase twice （ Greater than 4 digit , It's the same twice ）

         Upload the public key to the server zs user .

ssh-copy-id  -p  2345  -i   ~/.ssh/id_ecdsa.pub   [email protected]

         Verify whether there is a public key file

   ll  -a  /home/zs/.ssh/    （ stay ssh Operation on the server ）

         Verify key pair login

ssh  -p 2345 [email protected]
        Tips ： Enter the key phrase 
    After successful verification 
   exit  sign out 

5、TCP wrapper Protect

  stay ssh Server setting policy ,sshd The service only allows 192.168.1.20 and 192.168.3.0 Segment login , Other network segments are not allowed to log in .
vim /etc/hosts.allow （ Permitted Services ）
vim /etc/hosts.deny  （ Rejected Services ）

vim /etc/hosts.allow 
 add to 
sshd:192.168.1.20,192.168.3.


vim /etc/hosts.deny
 add to 
sshd:ALL

Verify with the client
Linux client

ssh -p 2345 [email protected]92.168.1.10

Windows Client authentication
Use Xshell authentication