Focus on cloud service provider activities
Notes on website operation and maintenance

Xshell Set Key Login to Ensure More Security of Linux VPS and Server

With the needs of our website and project, and the cost of VPS host/server continues to decrease, more and more webmaster users will choose VPS or server as our site building environment, but most of the basic operations for users come from online tutorials, such as learning to install panels and one click packages after logging in with SSH software, Then go and build a website. We often mention that when using VPS, all security needs to be undertaken and maintained by ourselves. It is appropriate to keep a certain period of backup data, but we also need to pay attention to and ensure the security of accounts and systems.

Even though our project did not provoke other peers or deliberately destroy it, there are still players around the world scanning all machines with software to try to enter our servers to reflect their technology. In Laozuo's blog, I have shared several simple VPS host security articles before.

One of the Linux VPS security settings: Modify the SSH port (CentOS/Debian)

Linux VPS security setting 2: disable ROOT account

Linux VPS security setting 3: use DDOS deflate to resist a small number of DDOS attacks

No matter how secure our website project program is, VPS login portal security is a must. Even if we modify the port, it will be cracked by guessing other port numbers. A more secure solution is that we log in with a key. For example, when we need to use XSHELL (share the XSHELL key login solution here) to log in to VPS, If you set the key to log in, you must log in to the VPS remote end with the computer we have configured before you can access it. If you do not log in with our computer, it will be difficult to log in.

Step 1: Use the Xshell to generate the key

 New XSHELL Key

We open the familiar XSHELL software, and then click Tools - New User Key Generation Wizard.

 Key Type

In the interface of generating key parameters, we need to select the RSA key type, and the key length can be 1024 or 2048. Then click Next.

 Generate Key

To continue, we need to encrypt the private key we set.

 Private key encryption

Click Next to generate the key.

 Public key format

The public key format is SSH2-OPENSSH. We can copy the public key and save it as a file.

Step 2: Upload the public key to the server

A - Upload our generated laozo.org.pub public key file to the/root/. ssh folder (if not, we need to create it), and then we need to rename laozo.org.pub to authorized_keys and set permissions with chmod 600 authorized_keys.

B - Find/etc/ssh/sshd_config and remove the # comment in front of the RSAAuthentication and PubkeyAuthentication lines.

C - Restart the SSHD service.

 Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart

 key-6

Step 3: Configure the Xshell to log in with the key

 key-7

Create a new link in the Xshell.

 key-8

Set the user ID as Public Key and select the user key.

 key-9

Enter the key password we set earlier. At this time, we can actually log in, but we need to set permissions.

Step 4: Modify the remote server SSHD configuration

Similarly, change the yes after PasswordAuthentication found in the/etc/ssh/sshd_config file to no

Then restart sshd

 Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart

To sum up, our xshell sets the key to log in. If we try to log in with other computers, it is not easy to log in, even if you have a ROOT password. In this way, the security is very high, but we need to pay attention to the security of the local computer, especially the pub file, to ensure the security of the VPS/server from the source.

Domain name host preferential information push QQ group: six hundred and twenty-seven million seven hundred and seventy-five thousand four hundred and seventy-seven Get preferential promotion from merchants.
Like( zero )
Do not reprint without permission: Lao Zuo's Notes » Xshell Set Key Login to Ensure More Security of Linux VPS and Server


Scan the code to follow the official account

Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge