Some details of modifying SS port under vestacp panel

For server security, we usually choose to modify the default port of SS to prevent brute force cracking. Generally speaking, our normal practice is: modify the default value of Port 22 in /etc/ssh/sshd_config, and then Restart SS: /etc/init.d/ssh restart.

A more reliable approach is to use a key instead of a password to log in and turn off password login. The general process is as follows:

First: Generate a key, remember to save the key. The following demonstration is to save the generated key under /root/.ssh, id_rsa is the private key, and id_rsa.pub is the public key. ssh-keygen-trsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): ## Enter the default path directly Created direc”undescriptable”y ‘/root/.ssh’. Enter passphrase (empty for no passphrase): ##Enter the passphrase (leave it blank to enter directly) Enter same passphrase again: ##Repeat passphrase Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 04:e1:93:92:95:ba:55:21:58:05:7d:57:58:92:32:d3 root@x The key’s randomart image is: +–[RSA 2048]—-+ | oB*o. ..=o | | .+.+o = E. | | o.+… = | |…o| | o S | | . | | | | | | | +——————–+ Second: Import the public key cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

Again: Change SS configuration file Modify the SS configuration file /etc/ssh/sshd_config, find the following 3 lines, remove the # in front and save, then restart SS: /etc/init.d/ssh restart #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys

Also: If you use putty to log in, the id_rsa cannot be recognized. You need to use putty genera "indescribable" to convert the file into a PPK file. After the conversion, you will get a file name.ppk. Save this file. If you use Xshell, you can avoid this trouble and can directly identify id_rsa

Finally: Close SS password login Find PasswordAuthentication yes in /etc/ssh/sshd_config, change it to PasswordAuthentication no, remember to remove the "#" in front, and then restart SS: /etc/init.d/ssh restart

Usually it’s over here, but with vestacp you will find that after doing the above, you will eventually be unable to log in with the key. At first, I was puzzled, and finally learned it through other people’s prompts. You need to modify the fire protection "indescribable" rule in the vestacp panel. Failure2ban will kill you if you don't modify it. So before we do the above things, we need to modify the fail2ban rules first.

As follows (the picture below demonstrates changing port 22 to 8063, which must be consistent with the modified port mentioned in the first paragraph of the article):

This article is compiled from the information of teddysun and Mr. Xi Qin. Thank you!

Recommended site searches: domain name registration information inquiry, filing inquiry, domain name price, renting server, Tietong IP address, US host, US free host, 100m free space, vps host, cloud host,