Tsab ntawv teev npe
Tshaj 90% ntawm VPS tawm tsam yog vim ... Kev tawm tsam brute-force ntawm SSH uas tsis muaj zogYog tias koj tseem nkag mus rau hauv lub server nrog tus password, nws txaus ntshai npaum li tso koj tus yuam sij tsev dai rau ntawm lub qhov rooj.
Hauv tsab xov xwm no, kuv yuav qhia koj ib kauj ruam zuj zus kom dim ntawm qhov kev tawm tsam password brute-force. Peb yuav muab... VPS tiv tiag PuTTYSoftwareCov lus qhia no siv cov cuab yeej hais kom ua uas siv tau zoo tshaj plaws los pab koj tsa koj qhov kev ruaj ntseg SSH mus rau qib siab tshaj plaws.
Vim li cas ho siv tus yuam sij es tsis siv tus password?
Txawm hais tias lo lus zais nyuaj npaum li cas los xij, nws tseem tuaj yeem raug tsoo los ntawm kev siv zog phem. Cov neeg nyiag khoom tuaj yeem siv cov cuab yeej los sim ntau txhiab tus lej sib xyaw ua ke hauv ib ob.
thiab 4096-ntsis RSA yuam sijHauv kev xav, nws yuav siv sijhawm ntau txhiab lab xyoo los tawg. Piv rau qhov ntawd, lo lus zais zoo li lub qhov rooj ntawv, thaum tus yuam sij yog lub rooj vag hlau.
Kauj Ruam 1: Tsim tus yuam sij SSH
在 Linux Xwb, ntawm macOS, koj tuaj yeem tsim ncaj qha 4096-bit RSA key pair:
ssh-keygen -t rsa -b 4096
Nias Enter kom txuag tau txoj kev uas twb muaj lawm. /root/.ssh/id_rsa.
Sau ib lo lus zais (xaiv tau), lossis tsuas yog nias Enter thiab tsis txhob sau dab tsi.
Lub kaw lus yuav tsim ob cov ntaub ntawv:
- Tus yuam sij ntiag tug:
id_rsa - Tus yuam sij rau pej xeem:
id_rsa.pub
Qhov no yog koj lub "xauv" thiab "tus yuam sij".
Kauj Ruam 2: Kho qhov public key ntawm lub server
Muab tus yuam sij rau pej xeem tso rau hauv daim nplaub tshev uas muaj ntawv tso cai ntawm VPS:
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Xyuas kom meej tias daim ntawv qhia /root/.ssh/ muaj nyob.
Ua li no, lub server tsuas yog yuav paub koj tus yuam sij pej xeem thiab yuav tsis cia siab rau tus password ntxiv lawm.
Kauj Ruam 3: Hloov kho cov ntaub ntawv teeb tsa SSH
Kho cov ntaub ntawv teeb tsa:
nano /etc/ssh/sshd_config
Hloov cov parameter hauv qab no:
RSAAuthentication yes #RSA认证 PubkeyAuthentication yes #开启公钥验证 AuthorizedKeysFile .ssh/authorized_keys #验证文件路径 PasswordAuthentication no #禁止密码认证 PermitEmptyPasswords no #禁止空密码
Cov kauj ruam no tseem ceeb heev: kaw tag nrho cov password nkag mus.
Kauj Ruam 4: Rov pib dua qhov kev pabcuam SSH
Ua kom qhov kev teeb tsa ua haujlwm tam sim ntawd:
- CentOS7:
systemctl restart sshd
- Ubuntu / Debian:
systemctl restart ssh
Kev pabcuam tau lees paub tias tab tom khiav:
systemctl status sshd
Kauj Ruam 5: Cov neeg siv Windows hloov tus yuam sij siv PuTTYGen.
Yog tias koj siv Windows, koj yuav tsum hloov tus yuam sij ntiag tug mus rau hom ntawv PuTTY:
- tig mus PuTTYGen
- Nyem load 加载
id_rsa - Nyem Txuag tus yuam sij Txuag li
.ppk - 在 PuTTY → Kev Sib Txuas → SSH → Kev Pom Zoo Xaiv qhov no
.ppkntawv
Li no, koj tuaj yeem nkag mus rau hauv koj lub VPS siv PuTTY.
Kauj Ruam 6: Xyuas kom tseeb thiab tiv thaiv kev tawm tsam brute-force
Paub tseeb tias qhov kev teeb tsa tau ua haujlwm:
grep "Failed password" /var/log/auth.log
Cov ntaub ntawv teev cia tsuas yog qhia tus neeg tawm tsam qhov kev sim ua tsis tiav, tsis yog kev nkag mus tau zoo.
Kev tiv thaiv ntxiv:
- 配合 Fail2Ban Thaiv cov IP uas tawm tsam tsis siv neeg
- Hloov qhov chaw nres nkoj uas twb muaj lawm (piv txwv li, hloov nws mus rau 2222).
- Firewall tsuas yog tso cai rau IPs uas ntseeg siab xwb
Peb txoj kev no tuaj yeem tiv thaiv tau tag nrho cov kev siv zog ntawm tus neeg hacker.
mus hais txog
Dhau Tsim tus yuam sij → Kho tus yuam sij pej xeem → Hloov kho sshd_config → Rov pib dua kev pabcuam → PuTTY los hloov tus yuam sij Cov kauj ruam no, koj HestiaCP Ib lub VPS tuaj yeem tshem tawm tag nrho qhov kev pheej hmoo ntawm kev tawm tsam brute-force password.
Cov ntawv sau "Failed password" hauv cov cav ntawd tsuas yog kev sim ua tsis tau los ntawm cov neeg tawm tsam thiab tsis qhia tias kev lees paub password tseem qhib.
Xaus Lus: Kev ruaj ntseg yog txoj sia ntawm lub server.
Hauv lub ntiaj teb ntawm kev ruaj ntseg ntawm cov ntaub ntawv, cov passwords yog qhov txuas uas muaj kev phom sij tshaj plaws. Kev hloov cov passwords nrog cov yuam sij tsis yog tsuas yog kev xaiv thev naus laus zis xwb, tab sis kuj yog kev xav txog lub luag haujlwm thiab kev txawj ntse.
Raws li tau hais nyob rau hauv "Daim Ntawv Dawb Txog Kev Ruaj Ntseg ntawm Cov Ntaub Ntawv": "Kev ruaj ntseg tsis yog tus nqi, tab sis yog tus nqi."
Yog li ntawd, ua ib yam dab tsi. Tso koj lub VPS kom dim ntawm cov passwords, thiab cia cov neeg nyiag khoom siv brute-force tawm tsam nyob mus ib txhis hauv cov cav tsis ua haujlwm.
Cia siab Chen Weiliang Blog ( https://www.chenweiliang.com/ Tsab xov xwm "Yuav Ua Li Cas Thiaj Daws Tau SSH Brute-Force Attacks? Ib Zaj Lus Qhia Txog Kev Teeb Tsa VPS Key Authentication nrog HestiaCP," uas tau muab qhia rau ntawm no, tej zaum yuav pab tau koj.
Zoo siab txais tos los qhia qhov txuas ntawm kab lus no:https://www.chenweiliang.com/cwl-34161.html