标题:在Linux中安装和配置OpenSSH服务器
Install OpenSSH in Linux & 在Linux计算机中安装OpenSSH
Being a network administrator requires a deep knowledge about remote login protocols such as rlogin, telnet and ssh. The one I will discuss in this article is ssh, a secure remote protocol which is used to work remotely on other machines or transfer data between computers using SCP (Secure Copy) command. But, what is OpenSSH and how to install it in your Linux distribution?
作为网络管理员需要深入了解远程登录协议,如rlogin,telnet和ssh。我将在本文中讨论的是ssh,一种安全的远程协议,用于在其他计算机上远程工作或使用SCP(安全复制)命令在计算机之间传输数据。但是,什么是OpenSSH以及如何在Linux发行版中安装它?
What is OpenSSH?
OpenSSH is a free open source set of computer tools used to provide secure and encrypted communication over a computer network by using the ssh protocol. Many people, new to computers and protocols, create a misconception about OpenSSH, they think it is a protocol, but it is not, it is a set of computer programs that use the ssh protocol.
OpenSSH is developed by the Open BSD group and it is released under Simplified BSD License. A main factor which has made possible for OpenSSH to be used so much among system administrators is its multi-platform capability and very useful nice features it has. The latest version is OpenSSH 6.4 which has been released on November 8, 2013.
This version of OpenSSH comes with many new features and patches, so if you already use OpenSSH for administering your machines, I suggest you to do an upgrade.
什么是OpenSSH?
OpenSSH是一套免费的开源计算机工具,通过使用ssh协议在计算机网络上提供安全和加密的通信。许多人,不熟悉计算机和协议,对OpenSSH产生误解,他们认为这是一种协议,但事实并非如此,它是一组使用ssh协议的计算机程序。
OpenSSH由Open BSD组开发,并在简化BSD许可下发布。使OpenSSH在系统管理员中得到充分利用的一个主要因素是它的多平台功能和非常有用的功能。最新版本是OpenSSH 6.4,已于2013年11月8日发布。
此版本的OpenSSH附带了许多新功能和补丁,因此如果您已经使用OpenSSH来管理您的计算机,我建议您进行升级。
Why Use OpenSSH And Over Telnet Or Ftp?
The most important reason why should use OpenSSH tools over ftp and telnet is that all communications and user credentials using OpenSSH are encrypted, they are also protected from man in the middle attacks. If a third party tries to intercept your connection, OpenSSH detects it and informs you about that.
为什么使用OpenSSH而不是Telnet或Ftp?
为什么要使用的最重要原因是:OpenSSH的所有的通信和用户证书是进行加密过的,保护计算机免受中间人攻击。如果第三方试图拦截您的连接,OpenSSH会检测到它并通知您。
What Are Some Of The OpenSSH Features?
- Secure Communication
- Strong Encryption (3DES, Blowfish, AES, Arcfour)
- X11 Forwarding (encrypt X Window System traffic)
- Port Forwarding (encrypted channels for legacy protocols)
- Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
- Agent Forwarding (Single-Sign-On)
- Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
- SFTP client and server support in both SSH1 and SSH2 protocols.
- Kerberos and AFS Ticket Passing
- Data Compression
OpenSSH具有哪些功能?
- 安全通信
- 强加密(3DES,Blowfish,AES,Arcfour)
- X11转发(加密X Window系统流量)
- 端口转发(传统协议的加密通道)
- 强身份验证(公钥,一次性密码和Kerberos身份验证)
- 代理转发(单点登录)
- 互操作性(符合SSH 1.3,1.5和2.0协议标准)
- SSH1和SSH2协议中的SFTP客户端和服务器支持。
- Kerberos和AFS票证传递
- 数据压缩
Installation of OpenSSH in Linux
To install OpenSSH, open a terminal and run the following commands with superuser permissions.
On Ubuntu/Debian/Linux Mint
$ sudo apt-get install openssh-server openssh-client
On RHEL/Centos/Fedora
Type the following yum command to install openssh client and server.
# yum -y install openssh-server openssh-clients
在Linux中安装OpenSSH
要安装OpenSSH,请打开终端并使用超级用户权限运行以下命令。
在Ubuntu / Debian / Linux Mint上
$ sudo apt-get install openssh-server openssh-client
在RHEL / Centos / Fedora上
键入以下yum命令以安装openssh客户端和服务器。
#yum -y install openssh-server openssh-clients
Configuration of OpenSSH
It’s time to configure our OpenSSH behaviour through the ssh config file, but before editing the /etc/ssh/sshd_config file we need to backup a copy of it, so in case we make any mistake we have the original copy.
Open a terminal and run the following command to make a copy of the original sshd configuration file.
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original_copy
As you can see from the command I typed, I added the original_copy suffix, so every time I see this file I know it is an original copy of the sshd config file.
配置OpenSSH
是时候通过ssh配置文件配置我们的OpenSSH行为了,但是在编辑/ etc / ssh / sshd_config文件之前我们需要备份它的副本,所以如果我们犯了任何错误,我们就有了原始副本。
打开终端并运行以下命令以复制原始sshd配置文件。
$ sudo cp / etc / ssh / sshd_config /etc/ssh/sshd_config.original_copy
从我输入的命令中可以看出,我添加了original_copy后缀,所以每次看到这个文件时我都知道它是sshd配置文件的原始副本。
PS:保证副本这一步非常重要,因为您一旦配置错误了,可以用副本还原。
How Do I Connect to OpenSSH
Before we go further, we need to verify if our openssh server is working or not. How to do that? You can try to connect to the openssh server from your localhost through your openssh client or do a portscan with nmap, but I like to use a small tool called netcat, also known as the TCP/IPSwiss army knife. I love working with this amazing tool on my machine, so let me show it to you.
# nc -v -z 127.0.0.1 22
Referring to the netcat results, the ssh service is running on port 22 on my machine. Very good! What if we want to use another port, instead of 22? We can do that by editing the sshd configuration file.
Set your OpenSSH to listen on TCP port 13 instead of the default TCP port 22. Open the sshd_config file with your favourite text editor and change the port directive to 13.
# What ports, IPs and protocols we listen for
Port 13
Restart OpenSSH server so the changes in config file can take place by typing the following command and run netcat to verify if the port you set for listening is open or not.
$ sudo /etc/init.d/ssh restart
Should we verify is our openssh server is listening on port 13, or not?. This verification is necessary, so I am calling my lovely tool netcat to help me do the job.
# nc -v -z 127.0.0.1 13
Do you like to make your openssh server display a nice login banner? You can do it by modifying the content of /etc/issue.net file and adding the following line inside the sshd configuration file.
Banner /etc/issue.net
如何连接到OpenSSH
在我们进一步讨论之前,我们需要验证我们的openssh服务器是否正常工作。怎么做?您可以尝试通过openssh客户端从localhost连接到openssh服务器,或者使用nmap执行portscan,但我喜欢使用名为netcat的小工具,也称为TCP / IP瑞士军刀。我喜欢在我的机器上使用这个神奇的工具,所以让我给你看看。
#nc -v -z 127.0.0.1 22
参考netcat结果,ssh服务在我的机器上的端口22上运行。很好!如果我们想要使用另一个端口,而不是22,该怎么办?我们可以通过编辑sshd配置文件来做到这一点。
将OpenSSH设置为侦听TCP端口13而不是默认TCP端口22。使用您喜欢的文本编辑器打开sshd_config文件,并将port指令更改为13。PS:常用文本编辑器:VI 、VIM 、EMACS
# What ports, IPs and protocols we listen for
Port 13
重新启动OpenSSH服务器,以便通过键入以下命令并运行netcat来验证配置文件中的更改是否已打开,以验证您设置用于侦听的端口是否已打开。
$ sudo /etc/init.d/ssh restart
我们应该验证我们的openssh服务器是否正在侦听端口13?这个验证是必要的,所以我打电话给我可爱的工具netcat帮助我完成这项工作。
#nc -v -z 127.0.0.1 13
你喜欢让openssh服务器显示一个漂亮的登录横幅吗?您可以通过修改/etc/issue.net文件的内容并在sshd配置文件中添加以下行来完成此操作。
Banner /etc/issue.net
Conclusion
There are many things you can do with the openssh tools when it comes to the way you configure your openssh server, I can say that your imagination is the limit!.
Read Also: 5 Best Practices to Secure and Protect OpenSSH Server
结论
在配置openssh服务器的方式上,使用openssh工具可以做很多事情,可以说会挑战你的想象力极限!
转载来源:https://www.tecmint.com/install-openssh-server-in-linux/