There are always a lot of boring people scanning the server password on the internet. I have encountered this problem on one of my previous servers. Of course, the severity of this problem is still very high. if it is infiltrated, the harm is not small. it is often used as a zombie, data theft, or Spam handled by others, therefore, anti-cracking of basic security settings is very necessary for vps owners. Generally, the basic settings include the following steps: 1. modify the ssh port number; 2. set a complex root password. 3.
There are always a lot of boring people scanning the server password on the internet. I have encountered this problem on one of my previous servers. Of course, the severity of this problem is still very high. if it is infiltrated, the harm is not small. it is often used as a zombie, data theft, or Spam handled by others, therefore, anti-cracking of basic security settings is very necessary for vps owners.
Generally, the basic settings include the following steps:
1. modify the ssh port number
2. set a complex root password
3. disable root remote login
4. use scripts to automatically generate ip addresses with deny password errors greater than x (the number of x can be defined based on actual conditions)
First, let's give you a piece of code to check whether your vps has encountered a packet cracking attack:
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'
If the query result contains the result of "IP address = quantity", it indicates that someone tried to crack your password.
The following describes how to change the ssh port number and disable remote root logon:
1. change the ssh port number
The default ssh port of VPS is 22. run the following command to enter the configuration file:
vi /etc/ssh/sshd_config
Find # port 22
Remove the previous # and modify port 12345 (the port here can be defined as needed)
Then restart the ssh service.
service sshd restart
II. disable root login
Before disabling root logon, you must first add a user with normal permissions and set the password.
useradd testpasswd test
Disable ROOT remote SSH logon:
vi /etc/ssh/sshd_config
Put
PermitRootLogin yes
Change
PermitRootLogin no
If there is # in front of PermitRootLogin, you must delete it. Otherwise, it will not take effect.
Restart the sshd service.
service sshd restart
Later, we will be able to connect to our vps through an ssh account with normal permissions. if you need to manage permissions, you can use the following command to escalate to root permissions:
su root