Me pēhea te ārai i ngā whakaekenga kaha-kino a te SSH? He akoranga whai hua mō te whirihora i te manatoko kī VPS me HestiaCP.

Neke atu i te 90% o ngā whakaekenga VPS nā... Whakaekenga kaha-pūmau kupuhipa ngoikore SSHKi te mea kei te takiuru tonu koe ki te tūmau me te kupuhipa, he rite tonu te mōrearea ki te waiho i te kī o tō whare e iri ana i te tatau.

I roto i tēnei tuhinga, ka ārahi ahau i a koe i ia taahiraa, i ia taahiraa, kia mawhiti atu ai koe i te moemoeā kino o ngā whakaeke kupuhipa kaha-kino. Ka whakakotahi tātou... VPS whakatoi PuTTY软件Ka whakamahia e tēnei akoranga ngā taputapu raina whakahau tino whai hua hei āwhina i a koe ki te whakapai ake i tō haumarutanga SSH ki te taumata teitei rawa atu.

He aha i whakamahia ai he kī hei utu mō te kupuhipa?

Ahakoa te uaua o tētahi kupuhipa, ka taea tonu te pakaru mā te kaha. Ka taea e ngā kaipahua te whakamahi i ngā taputapu hei whakamātau i ngā tekau mano o ngā huinga kupuhipa ia hekona.

me ngā Kī RSA 4096-mokaI roto i te ariā, e piriona tau te roa hei wawahi. Ki te whakataurite, he rite te kupuhipa ki te tatau pepa, ko te kī ia he keti maitai.

Hipanga 1: Waihangahia te kī SSH

在 Linux Heoi anō, i runga i te macOS, ka taea e koe te whakaputa tika i tētahi takirua kī RSA 4096-bit:

ssh-keygen -t rsa -b 4096

Pēhia te Enter hei tiaki i te ara taunoa. /root/.ssh/id_rsa.

Tāuruhia he kupuhipa (kāore he kōwhiringa), pēhi noa rānei i te Enter ka waiho kau.

Ka hangaia e te pūnaha ngā kōnae e rua:

• Kī tūmataiti:id_rsa
• Kī tūmatanui:id_rsa.pub

Koinei tō "raka" me tō "kī".

Hipanga 2: Whirihorahia te kī tūmatanui i runga i te tūmau

Whakatakotoria te kī tūmatanui ki te whaiaronga raihana a te VPS:

cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Whakaū i te whaiaronga /root/.ssh/ te noho.

Mā tēnei, ka mōhio noa te tūmau ki tō kī tūmatanui, ā, kāore e whakawhirinaki ki te kupuhipa.

Hipanga 3: Whakarerekētia te kōnae whirihoranga SSH

Whakatikahia te kōnae whirihoranga:

nano /etc/ssh/sshd_config

Whakakētia ngā tawhā e whai ake nei:

RSAAuthentication yes #RSA认证
PubkeyAuthentication yes #开启公钥验证
AuthorizedKeysFile .ssh/authorized_keys #验证文件路径
PasswordAuthentication no #禁止密码认证
PermitEmptyPasswords no #禁止空密码

He mea nui tēnei taahiraa: monoa rawatia te kupuhipa takiuru.

Hipanga 4: Tīmata anō i te ratonga SSH

Me whai mana tonu te whirihoranga:

• CentOS7:

systemctl restart sshd

• Ubuntu / Debian:

systemctl restart ssh

Kua whakaūtia kei te rere te ratonga:

systemctl status sshd

Hipanga 5: Ka hurihia e ngā kaiwhakamahi Windows te kī mā te whakamahi i te PuTTYGen.

Mena kei te whakamahi koe i te Windows, me huri e koe te kī tūmataiti ki te hōputu PuTTY:

1. whakaweto PuTTYGen
2. 点击 Utaina 加载 id_rsa
3. 点击 Tiakina te kī muna Tiaki hei .ppk
4. 在 PuTTY → Hononga → SSH → Whakamana Tīpakohia tēnei .ppk 文件

Mā tēnei, ka taea e koe te takiuru haumaru ki tō VPS mā te whakamahi i te PuTTY.

Hipanga 6: Manatoko me te tiaki i ngā whakaekenga kaha-kino

Whakaū kei te whai mana te whirihoranga:

grep "Failed password" /var/log/auth.log

Ko ngā nganatanga kore angitu a te kaiwhakaeke anake ka whakaaturia e ngā rangitaki, kāore ko ngā takiuru angitu.

Te parenga atu:

• 配合 Fail2Ban Ārai aunoa i ngā IP whakaeke
• Hurihia te tauranga taunoa (hei tauira, hurihia ki te 2222).
• Ka whakaaetia anake ngā IP pono e te pātūahi ahi

Ka taea e ēnei tikanga e toru te aukati rawa i ngā mahi a te kaipahua.

总结

Na roto Waihanga kī → Whirihorahia te kī tūmatanui → Whakarerekētia te sshd_config → Tīmata anō i te ratonga → PuTTY hei huri i te kī Ko ēnei kaupae, tō HestiaCP Ka taea e te VPS te whakakore rawa i te mōrearea o ngā whakaekenga kino ki te kupuhipa.

He ngana koretake noa iho ngā tāurunga "Kupuhipa i rahua" i roto i aua rangitaki a ngā kaiwhakaeke, ā, kāore e tohu kei te whakahohea tonu te manatoko kupuhipa.

Whakatau: Ko te haumarutanga te pūtake o tētahi tūmau.

I te ao o te haumarutanga mōhiohio, ko ngā kupuhipa te hononga tino ngoikore. Ehara i te mea he kōwhiringa hangarau noa te whakakapi kupuhipa ki ngā kī, engari he whakaata hoki i te kawenga me te whakaaro nui.

E ai ki te "Pepa Ma mō te Haumarutanga Mōhiohio": "Ehara te haumarutanga i te utu, engari he uara."

Nō reira, me mahi. Wetekina tō VPS i ngā here o ngā kupuhipa, ā, waiho kia noho tonu ngā whakaekenga nanakia a ngā kaipahua ki roto i ngā rangitaki i rahua.