How to configure SSH under Linux system


SSH is a toolkit used to replace Telnet, FTP and R commandssolveThe problem of password plaintext transmission on the Internet. in order tosystemIt is necessary to promote SSH for security and users’ own rights and interests. SSH has two versions. We are now introducing version 2.


The specific steps are as follows:

Obtain SSH package. (

Become root

# gzip –cd ssh-2.3.0.tar.gz |tar xvf –

# cd ssh-2.3.0

# ./configure

Note that if you want to use TCP_ Wrappers to control SSH, you need to add the option “– with libwrap = / path / to / libwrap /” in configure to tell SSH about libwrap A and TCPD H position.

# make

# make install

SSH related programs are placed in / usr / local / bin, including SSH, SFTP, sshd2, SSH keygen, etc.

2、 Disposition

The SSH configuration file is under / etc / SSH2, which includes the host public key and private key of sshd2: hostkey and hostkey pub。 These two files are usually ininstallGenerated automatically during SSH. You can regenerate them with the following command:

# rm /etc/ssh2/hostkey*

# ssh-keygen2 –P /etc/ssh2/hostkey

And SSH2_ The config file generally does not need to be modified.

3、 Start sshd2

Each to use SSHsystemYou must run sshd2 in the background. Start manually:

# /usr/local/bin/sshd2&

You can add this command to “/ etc / RC2. D / s99local”, so thatsystemSshd2 will be started automatically every time it is started.

4、 Using TCP_ Wrappers control SSH

installSSH sites can use TCP_ Wrappers to restrict which IP addresses can access themselves through SSH. For example, in / etc / hosts Add in allow


Then only can access the host through SSH.

All of the abovesystemWork done by the administrator. Let’s talk about how ordinary users use SSH.

5、 Basic application

Before using SSH, each user should complete the following steps:

Generate your own SSH public and private keys on the local host (for example, local. PKU. Edu. CN). The command is as follows:

local# ssh-keygen

Generating 1024-bit dsa key pair

1 oOo.oOo.o

Key generated.

1024-bit dsa, [email protected], Fri Oct 20 2000 17:27:05

Passphrase: *********************************************/ * enter your password here, which will be used when accessing this host in the future.

Again :************ /*

Private key saved to /home1/teng/.ssh2/id_dsa_1024_a

Public key saved to /home1/teng/.ssh2/

The generated private key and public key (id_dsa_1024_a and are stored in ~ /. Of your home directory SSH2 directory. The SSH configuration files related to users are in ~ / SSH 2. The private key is saved by the user on the local host, and the public key needs to be transmitted to the ~ /. Of your own account on the remote host Under SSH2, if you want to use SSH2 to access the local host.

At ~ / Create an “identification” file under SSH2 to describe the private key for authentication. The command is as follows:

local:~/.ssh2# echo “IdKey id_dsa_1024_a” > identification

3. Similarly, complete the above steps on the remote host (for example, remote. PKU. Edu. CN).

4. Copy your own public key ( under the local (local. PKU. Edu. CN) to your own home directory on the remote host (remote. PKU. Edu. CN) In the SSH2 directory, it can be named “local. Pub”, which is usually uploaded by FTP.

On the remote host, your own home directory In the SSH2 directory, create an “authorization” file, which specifies the public key file used for identity authentication. The command is as follows:

remote:~/.ssh2# echo “Key” > authorization

Now you can log in from local to remote with SSH2systemYes. The command is as follows:

local# ssh

Passphrase for key “/home1/teng/.ssh2/id_dsa_1024_a” with comment “1024-bit dsa,

[email protected], Fri Oct 20 2000 17:27:05″:***********

You will be asked to enter your SSH password. After the verification is passed, log in to the remote host.

Recommended Today

Explain the use of ntpq command in Linux system in detail

The command “ntpq – Q” outputs the following table: Copy code The code is as follows: remote refid st t when poll reach delay offset jitter ============================================================================== LOCAL(0) .LOCL. 10 l 96h 64 0 0.000 0.000 0.000 * 2 u 936 1024 377 31.234 3.353 3.096 More detailsHeader Remote – the remote node or […]