Connect to remote VPS Using SSH keys in Ubuntu Linux

Source: Internet
Author: User
Tags vps

Many of my friends found that someone in their VPS would try the root Password Brute Force. The purpose of this tutorial is to shield the password from logging on to SSH, instead of using only the key to log on to SSH.

This greatly improves the security of VPS (except for program vulnerabilities)

Note: In this example, the local environment is Linux. In Windows, refer to other tutorials on the network.

Warning the following operations are risky and may cause you to fail to manage your VPS through SSH. We recommend that you have a VPS control panel and try to reinstall the system online, the HyperVM panel has a default account password SSH connected to the master machine, you can jump to the root user SSH to connect to your VPS.



Test environment: Local Ubuntu, remote VPS for centos System

Ubuntu does not allow you to log on directly with the root user. Here is a user name named test.

This test user was created during Ubuntu installation.

It has sudo permissions (by default, users of useradd do will not have sudo permissions)

Step 1: log on to VPS in the form of an SSH password and perform the following settings:

1. Add a user named test and specify the password.

# Useradd test

# Passwd test

2. Grant sudo permissions to the test user

# Usermod-G wheel test (add the test user to the wheel User Group)

# Vi/etc/pam. d/su (modify the configuration file and find # auth required/lib/security/$ ISA/pam_wheel.so use_uid to remove the "#" at the beginning of the line)

# Echo "SU_WHEEL_ONLY yes">/etc/login. defs (sudo can be used only for the wheel User Group)

3. Switch to test user logon

# Su-test

4. Create a key pair in the test user State

# Ssh-keygen-t rsa (save to the default path/home/test/. ssh/id_rsa and specify the password)

$ Cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys (copy the public key file to the default file name called by the System)

$ Chmod 400 ~ /. Ssh/authorized_keys (modify permission)

5. Switch to the root user to modify the SSH configuration file.

$ Su

# Vi/etc/ssh/sshd_config

(Find # Protocol 768, remove the line's first "#", then delete ", 1" at the end of the line, and connect only using SSH2; find # ServerKeyBits and remove the line's first "#", change "768" to "1024" to increase the password strength. Find "#" at the beginning of the line "#" in "# PermitRootLogin", and change "yes" to "no" to disable root logon; find # PasswordAuthentication yes remove the first line "#", change yes to no do not allow password login; find # PermitEmptyPasswords no remove the first line "#", disable empty password login)

6. Restart the SSH service.

#/Etc/rc. d/init. d/sshd restart

Step 2: log on to SHEEL in the local environment and create a key to save the directory reference:

$ Cd ~ (Go to the user's home directory for test)

$ Mkdir. ssh (create a folder) Step 3: Ubuntuone.cn Save the key id_rsa on VPS ~ /. Ssh/directory (SFTP encrypted download is recommended)

After logging on, su switches to root to complete the operation.

When you log on for the first time, you will be prompted to change the public key. yes, you can save the new Public Key locally.

In the future, you can log on directly using the command ssh IP address, unlike the previous ssh IP address-l root

PS: Of course, you can create a key pair locally and upload the public key to the VPS/home/test/. ssh/directory.

PS: the VPS Public Key is saved in the known_hosts file in the same directory. If the public key changes, you can directly overwrite it, or manually delete it and then access VPS for loading again.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.