Linux operating system settings SSH and SFTP login via key

If you have used a Linux operating system VPS or other server, you may often be prompted to log in at the number of times you have failed to log in.

This logging failure record is actually the attacker using a script to automatically scan the entire network IP and then filter and test, the final script will use the built-in cipher group to try to log on to open 22-Port Linux server.

Of course, if the login success means that your server is hacked, in addition to the search for valuable content in the server is to serve as a broiler.

For this we can shut down 22 port using the key to log in, this way can instantly improve the security of the server several grades.

The following are the basic operating procedures:

1. Log in to the Linux server to generate the public and private keys:

[Email protected] ~]#Ssh-keygen<==generate key pair generating public/private RSA key pair. Enterfile inch whichTo save the key (/root/.SSH/ID_RSA): <==Key pair default path, enter passphrase directly (empty forNo passphrase): <==Enter the private key password, and if you press ENTER directly, the private key is not encrypted enter same passphrase again:<==Enter the private key password again your identification has been savedinch/root/.SSH/id_rsa. <==This is the generated private key your public key have been savedinch/root/.SSH/id_rsa.pub. <==This is the generated public key, the key fingerprint is:2b: -: -: B6: +: 2f: the: ee:f3:3: 5e: the: the:Panax Notoginseng:d 9:6e [email protected]the key's Randomart image is:+--[RSA2048]----+

2. Enter the default path of the key pair that you just generated, and then install the generated public key on the operating system:

[Email protected] ~]# cd/root/. ssh                         <== Enter the directory where the key pair is located [[email protected]. SSH cat id_rsa.pub >> authorized_keys  <== Installing the public key file to the system

3. Type the following command to set permissions on the public key and directory:

[Email protected]. SSH chmod  authorized_keys          <== set 600 permissions [[email protected]. SSH chmod  ~/. ssh                   <== setting the directory to 700 permissions

4. Download the SSH configuration file () via the FTP tool ( /etc/ssh/sshd_config or edit it directly vim ):

Please delete the following three items before the # (#号为注释符, that is, do not take effect), if the default is no after the corresponding item is changed to Yes

Note: If you are not logged in by using the root account yourself then do not modify the PermitRootLogin option to include the previous # number.

5, after the completion of the modification will be sshd_config uploaded and overwritten the original file on the server, overwriting the successful restart SSH service:

[Email protected]. SSH] # service sshd Restart       <==/bin/systemctl restart  sshd.service

6, download the private key /root/.ssh/id_rsa to the local test, Xshell as an example in the management of the verification method to key:

Click the user key after browsing, import and select the file you just downloaded id_rsa , select and click OK (password is key password)

Changing the SFTP connection also requires the use of a key to log in, taking FileZilla as an example:

Click File-Manage-Select site-General-Login type-key file-browse-then select private key file, FileZilla will prompt you to Putty PPK format you can follow the instructions.

7, in the SSH and SFTP test can use the key login after we edit the SSH configuration file (just downloaded sshd_config ):

PasswordAuthenticationRemove the previous # and change the following to Yes prevent the No password from being used to log in to SSH and SFTP.

After the modification, save the file and upload it to the server again and then restart the SSH server and you are done! Be careful not to lose the private key and password Oh.

[Email protected]. SSH] # service sshd Restart      <==/bin/systemctl restart Sshd.service[[email  protected]. SSH

Linux operating system settings SSH and SFTP login via key