52ky 发表于 2022-9-7 12:01:35

REHL5基于RAS的公匙和私匙加密认证SSH应用于服务器远程备

REHL5基于RAS的公匙和私匙加密认证SSH使用于服务器远程备份实验环境:两台RHEL5虚拟机
SSH服务器Serv1,IP地址:192.168.10.1
客户端Serv2,IP地址:192.168.10.2
一、在RHEL5默许都是安装好SSH服务RPM包,没有就安装下
二、在Serv1上sshd服务启动
#service
sshd
restart
三、在别的一台服务器Serv2用ssh远程连接Serv1
首次登入服务器时,要输入“yes”,再输入远程服务器的密码,登入信息记入到用户主目录下.ssh的known_H/OST文件中。
以上这种方法是基于口令认证,这种方法不需求任何配置,这种方法比Telnet仍是很安全,基他服务器在假充,可是仍是有也许受到“中间人”攻击。
四、基于密匙认证
基于密匙认证需求依托密匙,首选创建一对密匙,并把公匙保留于远程服务器。
在Serv1服务器上配置阻止口令认证,只允许使用密匙认证。由于公匙加密数只能用私匙解密,服务器通过对比就可以认识该客户端连接的合法性。

(REHL5 RAS-based public key and private key encryption authentication SSH is used for server remote backup Experimental environment: two RHEL5 virtual machines
SSH server Serv1, IP address: 192.168.10.1
Client Serv2, IP address: 192.168.10.2
1. In RHEL5, the SSH service RPM package is installed by default. If not, install it.
2. Start the sshd service on Serv1
#service
sshd
restart
3. Use ssh to remotely connect to Serv1 on another server Serv2
When you log in to the server for the first time, you need to enter "yes", and then enter the password of the remote server. The login information is recorded in the known_H/OST file of .ssh in the user's home directory.
The above method is based on password authentication, this method does not require any configuration, this method is still very secure than Telnet, the other server is impersonating, but it is still possible to be attacked by "man in the middle".
4. Key-based authentication
Based on the key authentication requirements, relying on the key, it is preferred to create a pair of keys and keep the public key on the remote server.
Configure the Serv1 server to prevent password authentication and only allow key authentication. Since the encrypted data with the public key can only be decrypted with the private key, the server can recognize the legitimacy of the client connection through comparison.)




页: [1]
查看完整版本: REHL5基于RAS的公匙和私匙加密认证SSH应用于服务器远程备