Xshell sets key login to ensure Linux VPS and server are more secure

With the needs of our website and projects, and the continuous reduction of VPS host/server costs, more and more webmaster users will choose VPS or servers as our website building environment, but for users, the basic Most of the operations come from online tutorials. For example, after logging in with SSH software, you can follow the tutorial to install the panel, one-click package, and then build the website. We often mention that when using VPS, all security needs to be borne and maintained by ourselves. It is necessary to maintain a certain period of backup data, but we also need to pay attention to and ensure the security of accounts and systems.

Even if our project does not provoke other peers or deliberately sabotage it, there are still players around the world using software to scan all machines, trying to enter our servers and embody their technology. On Snail Blog, I have shared several simple VPS host security articles before.

Linux VPS security settings one: modify the SSH port (CentOS/Debian)

Linux VPS Security Settings 2: Disable ROOT Account

Linux VPS security setting three: Use DDOS deflate to resist a small number of DDOS attacks

No matter how secure our website project program is, the security of the VPS login entrance is a must. Even if we modify the port, other port numbers will be guessed and cracked. A safer solution is to use a key Login, for example, when we need to use XSHELL (share the XSHELL key login solution here) to log in to the VPS, if we set the key to log in, we must use the computer we configured to log in to the VPS remote end before we can access it. If it is not ours It is definitely difficult to log in to a computer.

Article Directory Hide

Step one, use Xshell to generate a key

The second step is to upload the public key to the server

The third step is to configure Xshell to use the key to log in

Step 4. Modify the remote server SSHD configuration

Step one, use Xshell to generate a key

We open the familiar XSHELL software, and then go to Tools-New User Key Generation Wizard.

When we get to the key parameter interface, we need to select the RSA key type, and the key length can be 1024 or 2048 here. Then click the Next button.

To continue with the next step, we need to encrypt the private key we set.

Click Next to generate a key.

Select SSH2-OPENSSH as the public key format. We can copy the public key and save it as a file to complete.

Step 2, upload the public key to the server

A – Upload the laozuo.org.pub public key file we generated to the /root/.ssh folder (if it does not exist, we need to create it), then we need to rename laozuo.org.pub to authorized_keys and use chmod 600 authorized_keys sets permissions.

B – Find /etc/ssh/sshd_config and remove the # comment in front of the RSAAuthentication and PubkeyAuthentication lines.

C – Restart the SSHD service.

Debian/Ubuntu execution: /etc/init.d/ssh restartCentOS execution: /etc/init.d/sshd restart

The third step is to configure Xshell to use the key to log in

Create a new link in Xshell.

Set the user identity as Public Key and select the user key.

Enter the key password we set earlier. We can actually log in at this time, but we need to set permissions.

Step 4: Modify the remote server SSHD configuration

Similarly, modify the yes after PasswordAuthentication found in the /etc/ssh/sshd_config file and change it to no

Then restart sshd

Debian/Ubuntu execution: /etc/init.d/ssh restartCentOS execution: /etc/init.d/sshd restart

To summarize, our xshell has set the key to log in. If we try to log in from another computer, it will be difficult to log in, even if you have the ROOT password. This provides high security, but we need to pay attention to the security of the local computer, especially the pub file, to ensure the security of the VPS/server from the source.

Recommended site search: server high defense Hong Kong, registered domain name purchase, domain name service provider, broadband IP address query, US website space, overseas server, cheap domain name Registration, free US hosting, free asp.net space, the cheapest cloud server,