WordPress knowledge sharing
Current location: Weiss Notes WordPress Guide text

Configuration process of Xshell logging in to the server with SSH key

2018-06-04 06:00:50 Classification: WordPress Guide Reading (1W+)

We need a security concept when using Linux servers for websites, projects and services. By default, we use passwords to log in, and ordinary projects are enough. However, there are a lot of good and bad people on the network now, and hackers from all walks of life are surfing the server all the time, scanning weak passwords, ports, etc. on the network with various software. In order to improve the security of the Linux server, we need to set a key on the SSH login interface, improve the difficulty of cracking, and also improve the security of the server relatively.

Article Contents hide
Generate Key
Upload public key to VPS server
Final summary

Generally, when we log in to the server with SSH software, we use the root account and password to connect. In fact, this is not secure. We use the SSH key and password to log in at the same time, so that it will not be easily cracked, and thus improve the security of the server SSH login. In this article, we introduce the configuration process of SSH key login to Linux server. Usually, we use Xshell SSH login. Its operation interface is relatively friendly.

Generate Key

1. Click Xshell Tools - New User Key Generation Wizard to start generating keys.

2. The key type and key length on the pop-up page should not be modified by default. Click Next to see that the program generates a 2048 bit RSA key. Click Next to enter the key name and login password. Choose a random key name. The password is used for double encryption with the key. Even if the key is stolen, SSH login to the server is not possible without the password.


3. Click Next to save the key as a file to the local computer. This is the public key.

In addition, you can see the corresponding private key in Xshell Tools>>User Key Manager. It is important to export and save the private key to the local computer and mailbox.

On June 12, 2018, it was added that many friends were confused about the public key and private key after reading the article. Explain that public key files are files with the extension. pub, and the private key PEM (OpenSSH2) Private Keys has no extension. Because there are many key formats, this paragraph is only for the explanation of this operation process.

Upload public key to VPS server

1、 Create folders and files. Create a. ssh directory with hidden properties. The command is as follows: Upload the key file to the server The ssh directory exists in lnmp1.4 by default and is a hidden attribute. The path is in/root/. ssh

cd /root/.ssh

Connect to the VPS server with sftp software, Rename the public key stored on the local computer to authorized_keys, upload it to the. ssh directory, and overwrite the default file.

2. Set permissions. The command is as follows:

chmod 700 .ssh

chmod 600 .ssh/authorized_keys

3. Edit the sshd_config configuration file. The command is as follows:

vi /etc/ssh/sshd_config

Remove the # in front of # RSAAuthentication yes # PubkeyAuthentication yes # AuthorizedKeysFile. ssh/authorized_keys, which means to enable RSA key verification, public key verification, and set the path of public key verification files.

Replace PasswordAuthentication yes with PasswordAuthentication no. It is forbidden to log in with a password.

After modification, it is correct as shown in the figure below.

4. Restart the sshd service. The command is as follows:

service sshd restart

5. Connect VPS server with key

Open the Xshell to access the connection>>user authentication, select Public Key, select the established private key for the user key, and enter the private key password you set above. Click Connect to log in the VPS server with the key.

In order to verify whether the key is effective, I changed the login method to Password and tried again. Then I could not log in and jumped to the key login interface, indicating that the original password login was invalid at this time, and then I successfully entered the password of the key to log in.

In the process of configuring the key, Lao Wei encountered the situation that "the selected user key is not registered on the remote host", which led to the key login failure. At the beginning, he used the command to create authorized_keys and save the key. Many articles on the network use this method, but it is not easy for me to use it. Later, the problem was solved by uploading keys via local SFTP. Other people's things may not be suitable for your specific situation. The tutorial written by Lao Wei is a personal test to know what is going on, and then it can be published for your reference.

Final summary

1. In order to improve the security of the website, project and server, you can consider using the key login method, or you can not set the key password. At this time, you can only use the key to log in to the server (the password is double encryption, even if someone else has the key, they cannot log in).

2. The private key must be saved to the local computer and mailbox, because the SSH login to the server cannot be performed on another computer without the private key (or the private key is lost).

3. The SSH key login server method can really improve the security of the SSH connection. I suggest you consider this method.

AD: [Tencent Cloud Server Price Reduction] 2 cores 4G 222 yuan/3 years 1 core 2G 38 yuan/year
Like( three )
Article name: Configuration Process of Xshell Login Server with SSH Key
Article link: https://www.vpsss.net/5722.html
Copyright notice: The resources of this website are only for personal learning and exchange, and are not allowed to be reproduced and used for commercial purposes, otherwise, legal issues will be borne by yourself.
The copyright of the pictures belongs to their respective creators, and the picture watermark is for the purpose of preventing unscrupulous people from stealing the fruits of labor.
Share to

Related recommendations

Popular articles

Hot tags

Sugar hosts AliCloud 1-core 1G server Is the domain name accessible without registration How large is the 1M bandwidth DC3 CN2 WordPress custom background login page plug-in WordPress 6.0 Pagoda Linux Panel Tencent Cloud Exclusive Edition Alibaba Cloud Mid 2018 Promotion Alibaba Cloud enterprise class half discount server WordPress video membership theme Unable to login to WordPress background JustWeapp applet Nicetheme theme update What is Alibaba Cloud's trademark preference What is inode Alibaba Cloud lightweight application server Tencent Cloud Backup 2021 Tencent Cloud Spring Festival Activity Taji Theme Secondary developer of lightweight application server MobX MIP Theme RAKsmart China US direct connection WordPress directory plug-in Discuz! Q Application image Unable to establish a secure connection to wordpress org Green ftp software Wordpress Label Alibaba Cloud Enterprise Server Discount 5118 account rental Pagoda panel phpmyadmin enable public access Payment plug-in of WooCommerce Mall Rent AliCloud servers vultr Dedicated Cloud Hostinger Alibaba Cloud WAF WooCommerce UpdraftPlus Backup/Restore NS parsing error AliCloud AccessKey 2M bandwidth, 2-core, 8G Tencent cloud exclusive host