SSH key logon makes Linux VPS/server more secure (1)

As PHP becomes more and more popular, Linux VPS/servers are used more and more, and Linux security issues need to be strengthened. If you have installed DenyHosts and set up email reminders, you may receive several DenyHosts reports every day to add the IP address that is used to crack the SSH password to/etc/hosts. deny.

There are two types of Linux SSH Logon:

1. Log On with password verification

Generally, after the VPS or server is activated, the IP address and root password are provided directly. In this way, the password is used to log on. If the password is not strong enough and DenyHosts and other software is not installed to prevent SSH password cracking, there will be a great risk of system security.

2. log on using key verification

For key-based security authentication, you must create a pair of keys for the user and place the keys on the server to be accessed. When you need to connect to the SSH server, the client software sends a request to the server to use the client key for security verification. After receiving the request, the server first looks for a common key under the root directory of the user, and then compares it with the public key sent. If the two keys are consistent, the server uses the public key to encrypt the question and send it to the client software (putty, xshell, etc ). After receiving the question, the client can decrypt it with a local private key and then send it to the server. This method is quite safe.

1. Generate a key

Because the key generated by puttygen may have a problem: "Server refused our key", it is best to use XShell to generate a key or generate a key on a remote Linux VPS/Server.

1. Generate a key on a Linux Remote Server:

Log on to the remote Linux VPS/server and run the following command:

[Root @ vps ~] #Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/. ssh/id_rsa ):
// Press Enter.
Created directory '/root/. ssh '.
Enter passphrase (empty for no passphrase ):
// Enter the key and password
Enter same passphrase again:
// Duplicate key password
Your identification has been saved in/root/. ssh/id_rsa.
// The system prompts that the public key and private key have been stored in the/root/. ssh/directory.
Your public key has been saved in/root/. ssh/id_rsa.pub.
The key fingerprint is:
1e: 86: 3c: 2e: 3a: 5d: f2: 8c: 2b: e7: 80: 15: a5: 93: 85: e3 root@vps.clangcn.com
The key's randomart image is:
+-[RSA 2048] -- +
|. O |
| O = |
|. =. |
| Eo... |
|. + S |
| O... +. |
| .... *... |
| Oo +. o |
|. = O. |
+ ------ +
[Root @ clangcn ~] #

2. Use XShell to generate a key

Xshell is a powerful SSH client in Windows. It can store N multi-sessions by category, supports Tab, and supports multi-key management, it is convenient to manage multiple VPS/servers and use XShell. We recommend that you use XShell.

Download xshell.rar, install and run XShell, and choose Tool> User Key Generation Wizard from the menu,

Select "RSA" as the key type. The password encryption strength is 1024 bits by default,

Click Next directly,

The key name can be defined by yourself. The following two items are the key password. We recommend that you set them. Remember them after setting them,

Generate the key content and save the key to the local disk named id_rsa.pub.