Linux ssh

ssh

Linux remote connection tool。

1. ssh install

　　check if ssh is installed on your computer.

dpkg -l | grep ssh

　　install on ubuntu

sudo apt-get install openssh-client
sudo apt-get install openssh-server

2. start the ssh server

　　check if the ssh server started on your computer.

ps -ef | grep ssh

　　if not, you can execute the following command to start the ssh server.

sudo /etc/init.d/ssh start

3. stop and restart the ssh server

sudo /etc/init.d/ssh stop 
sudo /etc/init.d/ssh restart

4. ssh remote login methods

　　(1) password login

ssh root@192.168.3.3

　　(2) public key login

　　　generate a key pair locally

ssh-keygen -t rsa

　　根据提示一步一步往下走即可。完成后会生成公钥和私钥。公钥和私钥所在位置：

　　当前用户下生成一个.ssh的文件夹，里面包含id_rsa(私钥)和id_rsa.pub(公钥)

　　copy id_rsa.pub to remote host

　　ssh-copy-id command can copy id_rsa.pub to remote host of ~/.ssh/authorized_key

ssh-copy-id root@192.168.3.3

　　you can not use password to login remote host.

问题

1. ssh、scp连接时避免输入yes，并防止出现POSSIBLE BREAK-IN ATTEM

方法一：连接时添加 StrictHostKeyChecking=no

ssh -o StrictHostKeyChecking=no root@192.168.1.10

方法二：修改/etc/ssh/ssh_config配置文件，然后重启sshd

StrictHostKeyChecking=no

注意：这时连接会出现 POSSIBLE BREAK-IN ATTEM

解决方法：修改 /etc/ssh/ssh_config 中 GSSAPIAuthentication yes

# GSSAPIAuthentication yes
GSSAPIAuthentication no

脚本（命令）

sed -i 's/#   StrictHostKeyChecking ask/StrictHostKeyChecking no/' /etc/ssh/ssh_config
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/ssh_config
service sshd restart