Generate and use SSH keys

1. Check whether the SSH key already exists

Sshkey is usually generated in the user’s home directory by default, so check to see if there is an.ssh folder in the home directory, and if there is a related directory. (~ /. SSH/id_rsa)

Generate key

On the console enter:

ssh-keygen -t rsa

Note: -t means select kye type. RSA and DSA are available. Please search baidu for details

The console output is as follows:

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created the directory ‘/ root /. SSH’.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

(To avoid having to enter passphrase every time you make an SSH connection, you don’t need to enter passphrase.)

Now your private key is stored in ~/.ssh/id_rsa and your public key is stored in ~/.ssh/id_rsa.pub.

3. Use the SSH key

The purpose of using an SSH key is to establish trust between the two machines and to log in from one machine to the other without requiring a password. Specific methods are as follows:

1. Create A key pair on host A. 2

ssh-keygen -t rsa

In this case, you can view the generated secret key ~/. SSH /id_rsa and public key ~/. SSH/id_rsa.pub on host A

2. Place the public key of host A on host B

SCP – r/root /. SSH/id_rsa pub 192.168.31.147: / root /. SSH/authorized_keys

Here’s the SCP command:

There are three ways to copy files between Different Linux servers:

The first is FTP, that is, one Linux install FTP Server, so that the other can use FTP client program to copy files.

The second method is to use Samba service, similar to Windows file copy to operate, relatively simple and convenient.

The third way is to use the SCP command to copy files.

SCP is a Security file copy, based on SSH login. For example, to copy a file to another remote host, run the following command:

SCP/home/Daisy/full. Tar. Gz [email protected]: / home/root

You will be prompted to enter the password of user root on the other 172.19.2.75 host.

3. You don’t need A password to log in to B

ssh B_ip

The same applies to B logging in to A

1. SSH structure

SSH consists of the client and server software. There are two incompatible versions: 1.x and 2.x. SSH 2.x clients cannot connect to SSH 1.x servers. OpenSSH 2.x supports SSH 1.x and 2.x.

The server is a daemon that runs in the background and responds to connection requests from clients. The server is usually the SSHD process, which provides remote connection processing, including public key authentication, key exchange, symmetric key encryption, and insecure connection.

The client contains SSH programs and other applications such as SCP (remote copy), SLOGIN (remote login), AND SFTP (secure file transfer).

The local client sends a connection request to the remote server. The server checks the requested packet and IP address and then sends the key to the SSH client. The local client sends the key back to the server and the connection is established. SSH 1.x and SSH 2.x have some differences in connection protocols.

Once a secure transport layer connection is established, the client sends a service request. When the user is authenticated, a second service request is sent. This allows the newly defined protocols to coexist with the above protocols. Connection protocols provide a wide variety of channels for a wide variety of purposes, and there are standard methods for establishing secure interactive session shells and forwarding (” tunneling “) proprietary TCP/IP ports and X11 connections.

SSH is designed to work on its own without using a superserver (InETD), although it is possible to run SSH processes through TCPD on InetD, but this is not necessary. After start the SSH server, SSHD running and listening on the default port 22 (you can use the # ps – waux | grep SSHD to see whether SSHD has been correct operation) if not by inetd start the SSH, SSH will have been waiting for connection requests. When the request arrives, the SSH daemon generates a child that handles the connection.

2. Start and stop SSH

Ensure that the SSH service has been installed

Check whether the service has been started

ps -e | grep sshd

Start, stop, and restart the service

Service SSHD start Enables the SSH service

Service SSHD stop Stops the SSH service

Service SSHD restart Restarts the SSH service

Or use a script with a path:

/etc/init.d/sshd start

/etc/init.d/sshd stop

/etc/init.d/restart

Configure the ssh-server. The configuration file is located in /etc/ssh/sshd_config. The default port number is 22

Related Posts

Why didn’t Spring automatically inject the @webFilter annotation when I added it?

JVM simple troubleshooting – High CPU usage

Gin Framework practice [GO-GIN_API]2.0 is a new update