Enhanced VPS SSH Account security: Change port, disable root, key login, denyhosts anti-violence attack

Source: Internet
Author: User
Tags account security vps ssh account ssh port vps hosting

VPS SSH Account is our daily management VPS main login method, especially the root account, for Linux system security is critical. Before a lot of webmasters like to use Putty Chinese version, which is actually someone else to modify the official Putty Han, these software was implanted in the back door, resulting in several famous site information leaks, loss of heavy.

How do you know that your VPS account is being scanned and violently cracked by bad guys? The easy way is to view the log: Cat/var/log/auth.log. How to enhance the security of the VPS SSH account? In addition to a good habit of using regular software, but also from the VPS itself to enhance the security of the VPS SSH account.

The default SSH port is 22, by modifying their own VPS port first for the scanner to add a port threshold, VPS default account is root, if we disable root, then to break the account and the first violent speculation VPS account, the difficulty increases a bit. If you are not sure, we can directly disable password login to verify the VPS way, use the key to log in, so the safety factor is quite high.

Linux also has an automatic statistics VPS login Error Tool: denyhosts, once login VPS account errors more than the DenyHosts security settings, DenyHosts will record the IP, and put it in the blacklist, Prohibit the IP in a certain period of time to continue to access the VPS, through the denyhosts can be implemented to automatically block malicious IP.

VPS Hosting and website Security optimization is a persistent problem, no once and for all "security settings", however persuasive, outsmart, we only have to constantly find problems in order to maximize the protection of their website and VPS security:

Enhanced VPS SSH Account security: Change port, prohibit root, key login, denyhosts anti-violence attack

One, enhance the VPS SSH account security Method One: Modify the SSH login port

1, enter the configuration file with the following command.

 vi /etc/ssh/sshd_config

2. Find #port 22, remove the previous #, then modify Port 123 (self-setting).

3. Then restart the SSH service.

/etc/init.d/ssh restart

Second, enhance the VPS SSH account security Method Two: Use the key to login to SSH

1, SSH login mode has account + password and key two forms, in order to prevent brute force to crack the VPS account and password, we can discard the password authentication method, use key file verification.

2. Execute the following command to generate the key file on the VPS.

ssh-keygen -t rsa

3, generate the key will ask you to save the location of the key, by default, you can also set a password for your key, the default is empty.

4. After the key is generated, enter the directory where the key is stored and execute the following command to generate a new file for the public key.

cat id_rsa.pub >> authorized_keys

5, download Id-rsa This private key file to local, open Puttygen software, execute conversions->import key, import this private key file.

6, putty using the key login SSH method: If you want to use Putty, select Save private key in Puttygen, this will generate a PPK file locally.

7. Then fill in the server name in the Putty, select the key in the SSH authorization mode and import the PPK file that you just saved.

8. Use Xshell to login VPS via key: If you want to use Xshell, select Export Open#ssh key in Puttygen conversions and set a name to save.

9. Then enable Xshell, fill in the server IP, select "Public key" in user authentication, then browse to import the Key file you just saved.

10, import the key, you can directly open the login VPS, do not need to enter a password, you can enter the VPS.

11, with the key login VPS, we can prohibit password login This authentication mode, or edit configuration: Vim/etc/ssh/sshd_config,

Add a line: Passwordauthentication No, if you have this line, please change yes to No, save, restart the SSH service, effective.

Challengeresponseauthentication No
Usepam No

Three, enhance the VPS SSH account security Method Three: Disable the root account

1, if you have set the SSH key login mode, you can disable the root account, or you can create a new VPS account. Execute the following command:

useradd freehao123 #添加用户名passwd freehao123 #为freehao123用户名设置密码

2, and then edit into the configuration: Vim/etc/ssh/sshd_config, find Permitrootlogin Yes, and then the next yes to No, if there is no line of command, directly will: Permitrootlogin no add in.

3, after saving, restart the SSH service, effective.

Four, enhance the VPS SSH account security method four: DenyHosts anti-violence attack

1, Linux platform now basically can be directly installed DenyHosts, execute the following command:

Debian/Ubuntu:sudo apt-get install denyhosts RedHat/CentOSyum install denyhosts Archlinuxyaourt denyhosts Gentooemerge -av denyhosts

2, Installed denyhosts, the default configuration is basically able to defend against a certain amount of brute force attack,/etc/hosts.deny file saved a blocked record.

3, if you want to customize the relevant configuration of DenyHosts, execute: vim/etc/denyhosts.conf, the following is a description of the relevant parameters:

SECURE_LOG = /var/log/auth.log #ssh 日志文件,它是根据这个文件来判断的。HOSTS_DENY = /etc/hosts.deny #控制用户登陆的文件PURGE_DENY = #过多久后清除已经禁止的,空表示永远不解禁BLOCK_SERVICE = sshd #禁止的服务名,如还要添加其他服务,只需添加逗号跟上相应的服务即可DENY_THRESHOLD_INVALID = 5 #允许无效用户失败的次数DENY_THRESHOLD_VALID = 10 #允许普通用户登陆失败的次数DENY_THRESHOLD_ROOT = 1 #允许root登陆失败的次数DENY_THRESHOLD_RESTRICTED = 1WORK_DIR = /var/lib/denyhosts #运行目录SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YESHOSTNAME_LOOKUP=YES #是否进行域名反解析LOCK_FILE = /var/run/denyhosts.pid #程序的进程IDADMIN_EMAIL = [email protected] #管理员邮件地址,它会给管理员发邮件SMTP_HOST = localhostSMTP_PORT = 25SMTP_FROM = DenyHosts SMTP_SUBJECT = DenyHosts ReportAGE_RESET_VALID=5d #用户的登录失败计数会在多久以后重置为0,(h表示小时,d表示天,m表示月,w表示周,y表示年)AGE_RESET_ROOT=25dAGE_RESET_RESTRICTED=25dAGE_RESET_INVALID=10dRESET_ON_SUCCESS = yes #如果一个ip登陆成功后,失败的登陆计数是否重置为0

Five, enhance the VPS SSH account Summary

1, the above mentioned four methods to enhance the security of the VPS SSH account, then how to know that their VPS has been or is suffering account violence login? Execute the following command, the result of the query contains the "IP address = Quantity" is the attacker information.

cat /var/log/secure|awk ‘/Failed/{print $(NF-3)}‘|sort|uniq -c|awk ‘{print $2"="$1;}‘

2, at present Putty official online did not see the Chinese version of the putty, so popular online some of the Chinese version of the putty is likely to be implanted in the back door, we must pay special attention when using. Xshell's website is directly available in many languages, including Chinese.

Enhanced VPS SSH Account security: Change port, disable root, key login, denyhosts anti-violence attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.