Detailed explanation of sshd service and service management commands under Linux

sshd

SSH is the abbreviation of Secure Shell, which is a security protocol at the application layer. SSH is currently the most reliable protocol designed to provide security for remote login sessions and other network services. Using the SSH protocol can effectively prevent information leakage during remote management.

openssh-server

Function: Allow the remote host to access the sshd service through the network and start a secure shell

Client connection method

ssh remote host user@remote host ip先rm -rf /root/.ssh/清掉之前的配置
ssh remote host user@remote host ip -X調用遠程主機圖形工具
ssh remote host user@remote host ip command直接在遠程主機執行某條命令

SSHKey encryption

Password-based security authentication As long as you know your account and password, you can log in to the remote host. But there will be a "man-in-the-middle" attack
ssh remoteuser@remotehost
ssh remoteuser@remotehost hostname

For key-based security authentication, you must create a pair of keys for yourself and put the public key on the server you need to access.
If you want to connect to an SSH server, the client software will send a request to the server, requesting security verification using your key. After receiving the request, the server will first search for your public key in your directory on the server, and then compare it with the public key you sent. If the two keys match, the server encrypts the "challenge" with the public key and sends it to the client software. After receiving the "challenge", the client software can decrypt it with your private key and send it to the server

1. Generate public and private keys

ssh-keygen ##Generate public and private key tools ls /root/.ssh/
id_rsa ##Private key, which is the key id_rsa.pub ##Public key, which is the lock

2. Add key authentication method

ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.101
ssh-copy-id ##Add key authentication tool -i ##Specify encryption key file /root/.ssh/id_rsa.pub ##Encryption key
root ##Encryption user is root
@172.25.254.101 ##Encrypted host IP

3. Distribute keys to client hosts

scp /root/.ssh/id_rsa root@172.25.254.201:/root/.ssh/

4. Testing

ssh root@172.25.254.101 ##Connect directly via id_rsa without entering the user password

Server

Client

No key for the first time, password required

The server sends the key to the client

Remote login without password

Improve the security level of openssh

1.openssh-server configuration file

vim /etc/ssh/sshd_config

78 PasswordAuthentication yes|no ##Whether to enable user password authentication, yes means support and no means disable
48 PermitRootLogin yes|no ##Whether to allow superuser login
49 AllowUsers student westos

##User whitelist, only users on the list can use sshd to create a shell
50 DenyUsers westos ##User blacklist

2. Control ssh client access

vim /etc/hosts.deny sshd:ALL ##Deny everyone to connect to the sshd service

Control of system services

1.systemd

System initialization program, the first process started by the system, pid is 1

2.systemctl command

systemctl list-units ##List the status of current system servicessystemctl list-unit-files ##List the startup status of servicessystemctl status sshd ##View the status of the specified servicesystemctl stop sshd ##Shut down the specified servicesystemctl start sshd ##Start the specified servicesystemctl restart sshd ##Restart the servicesystemctl enable sshd ##Set the specified service to start at startupsystemctl disable sshd ##Set the specified service to start and shut downsystemctl reload sshd ##Reload the configuration of the specified servicesystemctl list-dependencies sshd ##View the dependencies of the specified servicesystemctl mask sshd ##Freeze the specified servicesystemctl unmask sshd ##Start the servicesystemctl set-default multi-user.target ##Do not turn on graphics at startupsystemctl set-default graphical.target ##Start graphics at startupsetterm ##Set color in text interface
vga=ask

3. Service Status

systemctl status service name

active (running) ##The system service has been initialized and the configuration has been loaded; one or more programs are currently executing in the system; vsftpd is in this mode

active (exited) ##A service that is executed only once and ends normally; currently no program is executing in the system

active（waiting） ##is currently executing; but we still have to wait for other events before we can continue processing

inactive ##Service shutdown

enable ##Service startup

disable ##The service does not start automatically after booting

The above is a detailed explanation and integration of sshd service and service management commands under Linux introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!