As our website and project needs, as well as the cost of the VPS host/server continuously reduced, more and more webmaster users will choose the VPS or server as our site environment, but for users, most of the basic operations from the online tutorials, For example, use SSH software to log in and then learn the tutorial installation panel, a key package, and then go to build the site. We often mention that for the use of VPS, all security needs to be borne and maintained by ourselves, to maintain a certain period of backup data should be, but also need to pay attention to and ensure that the account and system security.
Even if our project does not provoke other peers or intentionally sabotage it, there is a global range of home software that scans all the machines and tries to penetrate our servers to reflect their technology. In the old left blog, there have been several simple VPS Host security prior to sharing.
One of Linux VPS security settings: Modify SSH port (Centos/debian)
Linux VPS Security Set Two: Disable root account
Linux VPS Security Three: Use DDoS deflate to protect against a small number of DDoS attacks
Regardless of how our website project program to do security, VPS login security is necessary to do, even if we modify the port, it will be guessed that the other port number to crack out, a more secure solution is that we use the key to log in, For example, we need to use Xshell (here to share the Xshell key login scheme) when landing a VPS, if set key login must be used with our configuration of this computer landing VPS remote can access, if not our computer landing, it is certainly not good landing.
First step, use Xshell to generate the key
We open the familiar Xshell software and then in the tools-New User key Generation Wizard.
Key type
To generate the key parameter interface, we need to select the RSA key type, and the key length can be selected 1024 or I choose 2048 here. Then click the Next button.
Generate key
To continue next, we need to encrypt the private key we set up.
Private key encryption
Click Next to generate the key.
Public key format
Public key Format Select Ssh2-openssh, we can copy the public key and save as a file after completion.
Step two, upload the public key to the server
A-Upload our generated laozuo.org.pub public key file to the/root/.ssh folder (if not we need to create it), then we need to rename the laozuo.org.pub to Authorized_keys and use chmod 600 Authorized_keys set permissions.
B-Find/etc/ssh/sshd_config and remove the # comments in front of the rsaauthentication and Pubkeyauthentication lines.
C-Restart the sshd service.
Debian/ubuntu execution:/etc/init.d/ssh restart
centos execution:/etc/init.d/sshd restart
Step three, configure Xshell to log in using a key
Create a new link in Xshell.
Set the user as public key and select the user key.
Enter the key password we set up previously. This time we can actually login, but we need to set permissions.
Step fourth, modify the remote server sshd configuration
Similarly, modify the/etc/ssh/sshd_config file to find the passwordauthentication behind the Yes to No
and restart sshd.
Debian/ubuntu execution:/etc/init.d/ssh restart
centos execution:/etc/init.d/sshd restart
Summary, so that our Xshell will be set up key login completed, if we use other computer landing to try, it is not good landing, even if you have the root password is not allowed. This security is very high, but we need to pay attention to the security of the local computer, especially the pub file to keep good, from the source to ensure the security of the vps/server.