Use SSH to communicate between windows and linux

Introduction

SSH is a secure network protocol designed to allow secure data transfer between clients and servers. The core idea of SSH is to use a combination of public key encryption technology and shared key encryption technology to establish a secure connection between the client and the server. When a client initiates a connection request, the server authenticates the client to ensure that it is a legitimate user. In order to achieve this purpose, the server will send its public key to the client, and the client will use this public key to encrypt a set of random data and return it to the server. After receiving it, the server decrypts it with its own private key to verify the client’s identity. Once the client’s identity is confirmed, the two parties begin negotiating a shared session key, a temporary key that is used to encrypt all subsequently transmitted data. Both parties generate a key and exchange it to form a consistent session key. At this time, all data sent via SSH will be encrypted using this shared session key. Only the client and server know this key, so even if the data is intercepted during transmission, it cannot be interpreted by others. In addition, to prevent man-in-the-middle attacks, SSH automatically updates the session key after a period of time. The above is the basic operating principle of SSH, which can ensure the secure transmission of data between the client and the server through such an encryption process.

Function: When multiple cluster nodes need to be managed at the same time, they can be accessed through a client, which is relatively convenient.

Windows essential services

Use ssh -V to check whether SSH is installed on the computer. Generally, computers will have their own ssh service.

Install it by yourself, it’s very simple and I won’t go into details anymore.

Then check the operation of SSH, use Get-Service -Name ssh*

Generate key

Keys need to be generated on all machines that require SSH communication.

1. Generate key

ssh-keygen -t rsa -f D://id_rsa

Note that if you want to log in without a password when generating a key, do not enter the password;

Copy the D://id_rsa.pub file to the authorized_keys file under the C:\Users\\.ssh folder on the server. The blogger’s path is C:\Users\Administrator\.ssh

Modify the configuration file sshd_config, C:\Program Files\Git\etc\ssh, there will be some differences depending on the computer path.

#Comment these two lines
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

##Add these three lines
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes

Description:

  1. Commenting out the #Match Group administrators and #AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys lines will disable matching and authorized key files for the administrators group.

  2. Adding the PubkeyAuthentication yes line will enable public key authentication. This means that clients connecting to the SSH server will need to authenticate using public and private keys instead of passwords.

  3. Adding the AuthorizedKeysFile .ssh/authorized_keys line will specify the authorized key files to check when authenticating the user. By default, the SSH server looks for a file named .ssh/authorized_keys in the user’s home directory.

  4. Modifying the PasswordAuthentication yes line will enable password authentication. This means that when a client connects to an SSH server, it can authenticate using a password.

Add IP mapping

Modify the file C:\Windows\System32\drivers\etc\hosts.

Add the server name and IP you need

Format: IP address hostname

Restart the service

Use the command services.msc to open the service list and start openssh.

linux configuration

Edit the IP mapping file vim /etc/hostname

Format IP address hostname

In Windows, use ipconfig to view the local machine’s hostname. Use hostname

Generate the key in the virtual machine

ssh-keygen-trsa

At this time, a .ssh/ folder will be created simultaneously. There are two files below the folder, (
cp id_rsa, cp id_rsa.pub). Back up the id_rsa.pub file into authorized_keys

Authorize

chmod 700 .ssh/

chmod 700 .ssh/*

Description:

The first command: chmod 700 .ssh/ will grant 700 permissions to the entire .ssh directory, allowing only the owner to have read, write, and execute permissions on the directory.

The second command: chmod 600 .ssh/* will give 600 permissions to all files in the .ssh directory, allowing only the owner to have read and write permissions on the file.

Test

Use the ssh username @hostname to log in to any node

The first time you log in to any node, you need to confirm with yes.

C:\>ssh hadoop@vm10
The authenticity of host 'vm10 (10.0.0.110)' can't be established.
ED25519 key fingerprint is SHA256:yUxCtH472lSUYgAgJqeOE9lvAiaMBwPO78SogOujnH4.
This host key is known by the following other names/addresses:
    C:\Users\Administrator/.ssh/known_hosts:1: vm08
    C:\Users\Administrator/.ssh/known_hosts:4: vm09
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'vm10' (ED25519) to the list of known hosts.
hadoop@vm10's password:
Last login: Mon Nov 6 10:11:33 2023 from vm08
[hadoop@vm10 ~]$ exit

Log in to the node using the method, and the command matches the operation command of the corresponding server.