Secure Shell Protocol (SSH)

create login

create login and access different port

The default port for SSH is 22, you can change to access other port by this command

Remark: If you are first time to login the remote host, below prompt will appear

which this mean can ensure the host authenticity, only know the RSA key fingerprint.

• The key (here we use RSA) normally will be very hard to compare because of the length. So the RSA key fingerprint here is the RSA key hashed by MD5 which become 128 bit fingerprint, which is much easier to compare

• The user need to know the remote host key fingerprint to confirm the authenticity. One normal way is the remote host upload the key fingerprint online and let the user check

If the user type yes, then it will appear

If the remote host public key is accepted, then it will be saved as $HOME/.ssh/known_hosts. Next time user will skipped the warning part and directly to the entering password part

copy the public key to remote host

Remark: If still can't open the /etc/ssh/sshd_config in the remote host, make sure below code are not comment out

restart the remote host ssh service

Remark: Remote host will store user public key inside user's $HOME/.ssh/authorized_keys

Actually you can use this to store the public key

The workflow of public key login

1. The user stores his public key on the remote host. When login, the remote host will send a random string to the user

2. The user encrypts it with his private key and then sends it back

3. The remote host decrypts it with the public key stored in advance

4. If it succeeds, it proves that the user is trustworthy and allows login to the shell directly without asking for a password

• \[阮一峰的网络日志\] SSH原理与运用（一）：远程登录

• \[阮一峰的网络日志\] SSH原理与运用（二）：远程操作与端口转发