Linux服务器 Linux SSH Service SSH Configuration SSH Usage Guide Password-free Login sshd_config 2025-12-08 140 views

I. What is SSH Service?

SSH (Secure Shell) is a secure network protocol used to access remote servers securely in insecure network environments (e.g., the Internet). It replaces early insecure services like Telnet and FTP by encrypting data transmission, preventing passwords or commands from being stolen by man-in-the-middle attacks. It is a standard tool for remote server management in Linux.

II. Why Choose SSH?

  1. High Security: Data is encrypted throughout the transmission (default encryption algorithms: AES, RSA, etc.), preventing password leaks or session hijacking.
  2. Cross-Platform Compatibility: Supports clients on Windows, Mac, Linux, etc., with command-line or graphical tools (e.g., Xshell, FinalShell).
  3. Rich Features: Besides remote login, supports file transfer (SCP/SFTP), port forwarding, X11 forwarding, and other advanced functions.

III. Components of SSH Service

  • Server (sshd): Runs on the target server, listens on port 22 (default), handles client connection requests, verifies user identity, and provides services.
  • Client (ssh): Runs on the local device, initiates connections via command-line tools. For example:
  • ssh command for remote login.
  • scp command for file transfer.

IV. Installing SSH Service (Examples for Common Linux Distributions)

1. Ubuntu/Debian

# Install SSH server (sshd)
sudo apt update && sudo apt install openssh-server -y

# Start the service and enable auto-start on boot
sudo systemctl enable --now sshd

2. CentOS/RHEL

# Install SSH server
sudo yum install openssh-server -y

# Start the service and enable auto-start on boot
sudo systemctl enable --now sshd

3. Verify Service Status

# Check if the service is running
sudo systemctl status sshd

# Check if the port is listening (default 22)
sudo netstat -tuln | grep 22  # or ss -tuln | grep 22

V. Basic Client Usage

1. Basic Login Command

Format: ssh 用户名@服务器IP
Example: 

# Log in to a server with username 'root' and IP 192.168.1.100
ssh root@192.168.1.100

When connecting for the first time, you will be prompted to confirm the host key. Enter yes and press Enter: 

The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxx.
Are you sure you want to continue connecting (yes/no)? yes

Then enter the target server password to log in.

Passwordless login avoids repeated password entry and uses key-pair authentication. Steps:
1. Generate local key pair (only on the client): 

ssh-keygen -t ed25519  # Generate an ED25519 key pair (more secure than RSA)
# Press Enter all the way; keys are saved to ~/.ssh/id_ed25519 (private key) and id_ed25519.pub (public key)
  1. Copy public key to target server: 
ssh-copy-id 用户名@服务器IP  # Automatically append the public key to ~/.ssh/authorized_keys on the target server
# Enter the target server password when prompted for the first time; subsequent logins are passwordless
  1. Verify passwordless login: 
ssh 用户名@服务器IP  # Log in without entering a password

VI. Server Configuration (sshd_config)

The core configuration file for SSH is /etc/ssh/sshd_config. Restart the service after modification: 

sudo vim /etc/ssh/sshd_config  # Edit the configuration file

Common Configuration Options:
- Port 22: Modify the SSH port (e.g., change to 2222 to avoid default port exposure risks). Ensure the new port is open in the firewall.
- PermitRootLogin yes: Allow root direct login (not recommended! Set to no and use a regular user + sudo for privilege escalation).
- PasswordAuthentication yes: Allow password login (set to no if using passwordless login).
- AllowUsers 用户名: Allow only specified users to log in (e.g., AllowUsers alice).

Restart the service after modification: 

sudo systemctl restart sshd

VII. Common Issues and Solutions

  1. Cannot Connect? Check the following steps:
    - Is the service running? sudo systemctl status sshd
    - Is the port open? sudo ufw status (Ubuntu) or sudo firewall-cmd --list-ports (CentOS)
    - Firewall blocking: Open port 22 (e.g., sudo ufw allow 22) or the new port (e.g., sudo ufw allow 2222).

  2. Login Rejected?
    - Incorrect password: Verify username/password.
    - Configuration file issues: If PermitRootLogin is yes but password is correct, confirm password authentication is not disabled.

  3. Passwordless Login Failed?
    - Permission issues: The target server ~/.ssh directory should have permissions 700, and authorized_keys should have permissions 600.
    - Public key not copied correctly: Manually check if ~/.ssh/authorized_keys contains the public key.

VIII. Summary

SSH is the foundation for Linux server remote management. Mastery of its installation, configuration, and usage is essential for operations/development. Key points:
- Ensure sshd is running properly after server installation.
- Use the ssh command for quick login; passwordless login improves efficiency.
- Enhance security by modifying configuration files (port, disable root login).

Begin with basic commands and gradually practice passwordless login and port modification. When encountering issues, prioritize checking service status and firewalls!

Related Articles

SSH Service Configuration: A Detailed Explanation of Linux Remote Connection 2025-12-08 Essential for Beginners: 5 Basic Linux Server Commands 2025-12-08 Zero to Hero: A Guide to Installing Linux on a Server 2025-12-08 Setting up Apache on Linux Servers: Quick Deployment of Websites 2025-12-08 Beginner's Guide to Nginx: From Installation to Reverse Proxy Configuration 2025-12-08
Xiaoye