Linux command for beginners :ssh command (remote Login)
- 2020-06-07 05:54:22
- OfStack
1. View SSH client version
Sometimes it is necessary to confirm 1 SSH client and its corresponding version number. Use the ES5en-ES6en command to get the version number. It should be noted that Linux1 comes with OpenSSH: the following example shows that the system is using OpenSSH:
$ ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003The following example shows that the system is using SSH2:
$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu2. Connect to the remote host:
Command format:
ssh name@remoteserver # or
ssh remoteserver -l nameNote: Either way, you can log in to the remote host remotely. server represents the remote host, and name is the user name of the login remote host.
3. Connect to the port specified by the remote host:
Command format:
ssh name@remoteserver -p 2222 # or
ssh remoteserver -l name -p 2222Note: The p parameter specifies the port number. Generally, when port mapping is done in the route, port 22 is not directly mapped out, but converted into other port Numbers. In this case, the -ES34en port number command format is needed.
4. Jump to remote host 2 through remote host 1:
Command format:
ssh -t remoteserver1 ssh remoteserver2Note: When the remote host remoteserver2 cannot be reached directly, the -ES44en parameter can be used and then jump from remoteserver1 to remoteserver2. During this process, enter the password for remoteserver1, then the password for remoteserver2, and then you can operate remoteserver2.
5. Run the remote shell command through SSH:
Command format:
ssh -l name remoteserver ' command'
Note: Connect to the remote host and execute the remote host's command command. For example: Viewing memory usage on remote hosts.
$ ssh -l root 192.168.1.100 svmon -G6. Modify SSH listening port:
By default, SSH listens on port 22, and attackers can use the port scan software to see if the host is running SSH services. Changing SSH to a port greater than 1024 is a wise choice, as most port scans, including nmap, do not scan high ports by default. Open the /etc/ssh/sshd_config file and look for the following line:
Port 22
Remove the # in front of the line, then change the port number and restart the SSH service:
$ /etc/init.d/ssh restart7. SSH Protocol Version 2 only:
There are two versions of the SSH protocol, only version 2 of the SSH protocol is more secure, and version 1 of the SSH protocol has security issues, including man-in-the-middle attacks (ES94en-ES95en-ES96en-ES97en) and injection attacks (insertion). Edit the /etc/ssh/sshd_config file and find the following lines:
# Protocol 2 . 1
Modified to
Protocol 28. root users are prohibited from logging in:
Normally, root users are not used to log in to the remote host directly. root users have super privileges, which will bring security risks. Therefore, we usually log in with ordinary users, and switch to root users when it is necessary to manage the remote host. Open the /etc/ssh/sshd_config file and look for the following lines:
#PermitRootLogin yesRemove the # sign, change yes to no, and restart the ssh service to disable root users from logging in.
Remove the # sign and replace the full path of the ES127en.txt file with /some/path, then save and restart the ssh service. When the client logs in, it sees the prompt in the bannertest.txt file.
9. Port mapping:
If there is an web server in the company's internal network, but it is only internal and external, so that the external network cannot be accessed, ssh can be used for port mapping to achieve access to the internal network's web server. If the web server name is webserver, webserver can use ssh to access the remote host remoteserver, log in to webserver, and then map with the following command
Command format:
$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
After the execution is completed, on the remoteserver machine, execute netstat-an | grep 3000 to see if port 3000 has been opened. And execute the following command to see if you can open a web page on webserver
$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
If the interface can be opened, the mapping is successful. However, this is limited to the native access to the web server, that is, only the remoteserver machine access to webserver. Because port 3000 is bound to port 127.0.0.1 of the remoteserver machine. You can edit the /etc/ssh/sshd_config file on the remoteserver machine and add the following:
Add GatewayPorts yes content, bind the listener port 3000 to the 0.0.0.0 address so that all external machines can access the listener port, and then save and exit. And restart the ssh service. When finished, other machines can enter http://remoteserver:3000 into the browser to access webserver.
10. Set the prompt message for login
Start by editing a file, such as ES183en.txt, whose content is defined by itself. Then open the /etc/ssh/sshd_config file and look for the following lines:
$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu