With the needs of our website and project, and the cost of VPS host/server continues to decrease, more and more webmaster users will choose VPS or server as our site building environment, but most of the basic operations for users come from online tutorials, such as using SSH After logging in the software, you can learn how to install the panel and one click package, and then go to build the website. We often mention that when using VPS, all security needs to be undertaken and maintained by ourselves. It is appropriate to keep a certain period of backup data, but we also need to pay attention to and ensure the security of accounts and systems.
Even though our project did not provoke other peers or deliberately destroy it, there are still players around the world scanning all machines with software to try to enter our servers to reflect their technology. In Laozuo's blog, I have shared several simple VPS host security articles before.
One of the Linux VPS security settings: Modify the SSH port (CentOS/Debian)
Linux VPS security setting 2: disable ROOT account
Linux VPS security setting 3: use DDOS deflate to resist a small number of DDOS attacks
No matter how secure our website project program is, The security of the VPS login portal must be done. Even if we modify the port, it will be cracked by guessing other port numbers. A more secure solution is to log in with a key. For example, when we need to use XSHELL (here we share the XSHELL key login scheme) to log in to VPS, if we set the key to log in, we must log in to VPS with the computer we have configured It can only be accessed at the remote end. If it is not for our computer, it will be difficult to log in.
Step 1: Use the Xshell to generate the key
We open the familiar XSHELL software, and then click Tools - New User Key Generation Wizard.
In the interface of generating key parameters, we need to select the RSA key type, and the key length can be 1024 or 2048. Then click Next.
To continue, we need to encrypt the private key we set.
Click Next to generate the key.
The public key format is SSH2-OPENSSH. We can copy the public key and save it as a file.
Step 2: Upload the public key to the server
A - Upload our generated laozo.org.pub public key file to the/root/. ssh folder (if not, we need to create it), and then we need to rename laozo.org.pub to authorized_keys and set permissions with chmod 600 authorized_keys.
B - Find/etc/ssh/sshd_config and remove the # comment in front of the RSAAuthentication and PubkeyAuthentication lines.
C - Restart the SSHD service.
Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart
Step 3: Configure the Xshell to log in with the key
Create a new link in the Xshell.
Set the user ID as Public Key and select the user key.
Enter the key password we set earlier. At this time, we can actually log in, but we need to set permissions.
Step 4: Modify the remote server SSHD configuration
Similarly, change the yes after PasswordAuthentication found in the/etc/ssh/sshd_config file to no
Then restart sshd
Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart
To sum up, our xshell sets the key to log in. If we try to log in with other computers, it is not easy to log in, even if you have a ROOT password. In this way, the security is very high, but we need to pay attention to the security of the local computer, especially the pub file, to ensure the security of the VPS/server from the source.
