Introduction:
SSH service, the full name of which is Secure Shell, is a service that provides secure remote access in a network environment. SSH service enables users to remotely log in to the server, transfer files or execute commands securely through encrypted communication, identity authentication and data integrity protection. It is a core tool that replaces traditional plaintext protocols (such as Telnet and FTP).
Working principle:
Establishment of encrypted channel: SSH server uses asymmetric encryption technology to establish a secure encrypted channel through public and private key pairs.
Data encryption transmission: In the encrypted channel, data is transmitted in plain text, but it is encrypted to ensure the confidentiality and integrity of the data.
Identity authentication: The client and server exchange public and private keys for identity authentication to ensure the legitimacy of both parties.
Main application scenarios:
Remote server management: Use administrators to connect to the server through SSH to perform system maintenance and configuration management.
Secure data transmission: Encrypt the transmitted data to prevent information from being stolen or tampered with, and protect sensitive information such as user passwords and commands.
Authentication: Ensure that the user or client connected to the server is legitimate to prevent unauthorized access.
Port forwarding: You can forward local or remote ports to other servers or services to achieve a secure data transmission channel.
Agent forwarding: Access multiple servers through local SSH key management to avoid repeated key configuration.
The following is a tutorial on how to enable the SSH service:
1. Install the SSH server:
First, install the OpenSSH server. You can use the following command:
sudo apt update
sudo apt install openssh-server
2. Check the SSH service status:
After the installation is complete, check the status of the SSH service to make sure it is running:
sudo systemctl status ssh
If the service is running, you should see a status of "active (running)". If it is not started, you can start it with the following command:
sudo systemctl start ssh
3. Set the SSH service to start automatically at boot:
To ensure that the SSH service starts automatically at system boot, you can use the following command:
sudo systemctl enable ssh
4. Adjust firewall settings (if any):
If you are using a firewall (such as UFW), make sure SSH traffic is allowed:
sudo ufw allow ssh
Check the firewall status:
sudo ufw status
5. Modify SSH configuration (run as root user to log in via SSH):
Modify the SSH configuration file to adjust the behavior of the service:
sudo vi /etc/ssh/sshd_config
You can use any editor, if you don't have vim, you can use sudo apt install vim to install it
sudo apt install vim
Find the following line (if it exists) and make sure its value is yes:
PermitRootLogin yes
If you are using the vim editor, press i to enter edit mode
If this line is not there, you can add it.
If you only want to allow root users to log in with a password, you can set it to:
PermitRootLogin without-password
This will only allow root users to log in using SSH keys. If you want to use a password, you should set it to yes.
To ensure that SSH logins for other users are allowed, you can add the following line:
AllowUsers "***"
This will only allow *** users to log in. If you want to allow other users, just add more usernames after the space.
If you use the vim editor, after editing, press the ESC key and enter :wq to save.
After setting, restart the SSH service (sudo systemctl restart ssh) or reboot the server (sudo reboot).
6. Connect to the SSH service:
You can use an SSH client on another machine to connect to the server:
ssh username@server_ip_address
Where username is the username and server_ip_address is the IP address of the server.
This completes the tutorial on enabling the SSH service. The SSH service plays a key role in network security. Through encryption and identity authentication technology, the SSH service provides users with secure remote management, data transmission, port forwarding and other services, effectively preventing security issues such as information leakage, tampering and man-in-the-middle attacks, and providing reliable security protection for network communications.