SSH is a toolkit used to replace Telnet, FTP and R commandssolveThe problem of password plaintext transmission on the Internet. in order tosystemIt is necessary to promote SSH for security and users’ own rights and interests. SSH has two versions. We are now introducing version 2.
The specific steps are as follows:
Obtain SSH package. (ftp://ftp.pku.edu.cn:/pub/unix/ssh-2.3.0.tar.gz)
# gzip –cd ssh-2.3.0.tar.gz |tar xvf –
# cd ssh-2.3.0
Note that if you want to use TCP_ Wrappers to control SSH, you need to add the option “– with libwrap = / path / to / libwrap /” in configure to tell SSH about libwrap A and TCPD H position.
# make install
SSH related programs are placed in / usr / local / bin, including SSH, SFTP, sshd2, SSH keygen, etc.
The SSH configuration file is under / etc / SSH2, which includes the host public key and private key of sshd2: hostkey and hostkey pub。 These two files are usually ininstallGenerated automatically during SSH. You can regenerate them with the following command:
# rm /etc/ssh2/hostkey*
# ssh-keygen2 –P /etc/ssh2/hostkey
And SSH2_ The config file generally does not need to be modified.
3、 Start sshd2
Each to use SSHsystemYou must run sshd2 in the background. Start manually:
You can add this command to “/ etc / RC2. D / s99local”, so thatsystemSshd2 will be started automatically every time it is started.
4、 Using TCP_ Wrappers control SSH
installSSH sites can use TCP_ Wrappers to restrict which IP addresses can access themselves through SSH. For example, in / etc / hosts Add in allow
Then only 10.0.0.1 can access the host through SSH.
All of the abovesystemWork done by the administrator. Let’s talk about how ordinary users use SSH.
5、 Basic application
Before using SSH, each user should complete the following steps:
Generate your own SSH public and private keys on the local host (for example, local. PKU. Edu. CN). The command is as follows:
Generating 1024-bit dsa key pair
1024-bit dsa, [email protected], Fri Oct 20 2000 17:27:05
Passphrase: *********************************************/ * enter your password here, which will be used when accessing this host in the future.
Again :************ /*
Private key saved to /home1/teng/.ssh2/id_dsa_1024_a
Public key saved to /home1/teng/.ssh2/id_dsa_1024_a.pub
The generated private key and public key (id_dsa_1024_a and id_dsa_1024_a.pub) are stored in ~ /. Of your home directory SSH2 directory. The SSH configuration files related to users are in ~ / SSH 2. The private key is saved by the user on the local host, and the public key needs to be transmitted to the ~ /. Of your own account on the remote host Under SSH2, if you want to use SSH2 to access the local host.
At ~ / Create an “identification” file under SSH2 to describe the private key for authentication. The command is as follows:
local:~/.ssh2# echo “IdKey id_dsa_1024_a” > identification
3. Similarly, complete the above steps on the remote host (for example, remote. PKU. Edu. CN).
4. Copy your own public key (id_dsa_1024_a.pub) under the local (local. PKU. Edu. CN) to your own home directory on the remote host (remote. PKU. Edu. CN) In the SSH2 directory, it can be named “local. Pub”, which is usually uploaded by FTP.
On the remote host, your own home directory In the SSH2 directory, create an “authorization” file, which specifies the public key file used for identity authentication. The command is as follows:
remote:~/.ssh2# echo “Key local.pub” > authorization
Now you can log in from local to remote with SSH2systemYes. The command is as follows:
local# ssh remote.pku.edu.cn
Passphrase for key “/home1/teng/.ssh2/id_dsa_1024_a” with comment “1024-bit dsa,
[email protected], Fri Oct 20 2000 17:27:05″:***********
You will be asked to enter your SSH password. After the verification is passed, log in to the remote host.