Last update at :2024-04-27,Edit by888u
After writing the article on how to set up a php environment yesterday, I was originally going to write about how to bond a domain name and open a website today, but security issues are always the most important, so in this article we will first improve the security of our Linux VPS. Some. This article mainly teaches you how to improve the security of SSH to avoid being brute force cracked. In order to write an introductory article yesterday, I deliberately reinstalled my VPS, and guess how many people tried to crack the ROOT password today, haha
There are more than 50 IPs trying to brute force crack my ROOT password. After visual inspection, there are probably hundreds of thousands of times. A day, 24 hours. Do you still feel your vps is safe? Enter this command and take a look. The data may be shocking.
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'
This article only teaches you a very simple method, which is to change the port, what to ban ROOT login, use a key to log in, etc., etc., the reason is very simple, changing the port can already prevent 99.9% of attacks. If Unless the other party is completely in trouble with you, the 0.1% of people don't have time to spend on you.
This article requires a tool called WinSCP. Please go to the official website to download it, and be careful not to download it by mistake. Use WinSCP to log in to our VPS. There will be a warning box when you log in for the first time. Don't worry about it. Just click [Yes].
This is what it looks like after logging in
We go to the /etc/ssh folder and find the sshd_config file.
After downloading, open it, probably at line 13
Change it to this, save it and upload it. 26709 is your new port:
Then click on this small black window, (or you can also enter the command line below)
Enter the [Enter Command] in the pop-up window, and then execute:
service sshd restart
Okay, the modification should be successful. Let’s try it with PUTTY. Pay attention to changing the port to a new one. Here it is 26709. A warning box may pop up. Click [Yes].
OK, you can log in.
Okay, let's ban port 22 and prevent port 22 from logging in. Let's go to winscp again, first close the window we just ran, and then download the sshd_config file. Delete or add # back to the [Port 22] line. save upload
Refer to the previous steps and re-run the [service sshd restart] command.
Okay, let's turn off putty again and log in again. We use port 22.
Something like this will pop up, indicating that you cannot log in.
If we use port 26709, we can log in. The port modification is completed.
If you need more security, restrict login with secret key, tutorial: http://www.138vps.com/vpsjc/159.html
Summary:
Generally speaking, the default port of our Linux is 22. Many hackers will use this information to continuously crack your root password. If the port is changed, the hacker will not be able to crack it directly. He must first find it. port. There are tens of thousands of ports. It takes a long time to find the port, and even if it is found, it will be changed by you. Therefore, most hackers will not waste time guessing when they encounter a default port other than 22. port, it is impossible to brute force crack your ROOT password.
As you can see, we have now talked about two tools for managing Linux vps, putty and winscp. Generally speaking, putty is mainly used to run codes and install online, while winscp is used to modify files, upload and follow. Delete or something. To manage our vps, these two tools are basically enough. vnc and other management panels are not really needed.
Recommended site search: free IP address in mainland China, Tianjin server rental, host discount code, free US host, cn domain name, Korean cheap server, Hong Kong ip proxy, foreign php host, asp host space, US server Rent,
发表评论