Nzira yekudzivirira sei kurwiswa kweSSH brute-force? Dzidziso inoshanda yekugadzirisa VPS key authentication neHestiaCP.

Kupfuura 90% yekurwiswa kweVPS kunokonzerwa ne... Kurwisa kweSSH kwepassword isina simba kunokonzerwa nebrute-forceKana uchiri kupinda muserver uchishandisa password, zvine njodzi sekusiya kiyi yemba yako yakaturikwa pamusuwo.

Muchinyorwa chino, ndichakutungamira nhanho nhanho kuti ubvise zvachose dambudziko rekurwisa mapassword emhando yebrute-force. Tichabatanidza... VPS inopesana putty软件Chidzidzo ichi chinoshandisa maturusi emirairo anoshanda zvakanyanya kuti akubatsire kusimudzira kuchengetedzeka kwako kweSSH kusvika padanho repamusoro.

Sei uchishandisa kiyi pachinzvimbo chepassword?

Kunyangwe password yakaoma sei, inogona kupwanywa nechisimba. Vanoba ma hacker vanogona kushandisa maturusi kuyedza makumi ezviuru ekubatanidza ma password pasekondi imwe neimwe.

uye Kiyi yeRSA ye4096-bitMukufunga, zvingatora mabhiriyoni emakore kuti zvivhurwe. Kana tichienzanisa, password yakaita semusuwo wepepa, nepo kiyi iri gedhi resimbi.

Nzira yekudzivirira sei kurwiswa kweSSH brute-force? Dzidziso inoshanda yekugadzirisa VPS key authentication neHestiaCP.

Danho 1: Gadzira kiyi yeSSH

mu Linux Neimwe nzira, pa macOS, unogona kugadzira zvakananga 4096-bit RSA key pair:

ssh-keygen -t rsa -b 4096

Dzvanya Enter kuti uchengetedze nzira yawakajaira. /root/.ssh/id_rsa.

Isa password (sarudzo), kana kungodzvanya Enter wosiya isina chinhu.

Sisitimu iyi ichagadzira mafaira maviri:

  • Kiyi yakavanzika:id_rsa
  • Kiyi yeruzhinji:id_rsa.pub

Iyi ndiyo "kiyi" yako uye "kiyi" yako.

Danho rechipiri: Gadzirisa kiyi yeruzhinji kune sevha

Isa kiyi yeruzhinji mudhairekitori reVPS rine rezinesi:

cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Iva nechokwadi chekuti dhairekitori iri /root/.ssh/ zviripo.

Nenzira iyi, sevha inongoziva kiyi yako yeruzhinji chete uye haizoshandisi password zvakare.

Nhanho 3: Chinja faira rekugadzirisa SSH

Gadzirisa faira rekugadzirisa:

nano /etc/ssh/sshd_config

Shandura zvinotevera parameters:

RSAAuthentication yes #RSA认证
PubkeyAuthentication yes #开启公钥验证
AuthorizedKeysFile .ssh/authorized_keys #验证文件路径
PasswordAuthentication no #禁止密码认证
PermitEmptyPasswords no #禁止空密码

Danho iri rakakosha: dzima zvachose kupinda mupassword.

Danho rechina: Tangazve basa reSSH

Ita kuti magadzirirwo acho atange kushanda nekukasika:

systemctl restart sshd
  • Ubuntu / Debian:
systemctl restart ssh

Sevhisi yakasimbiswa kuti iri kushanda:

systemctl status sshd

Danho rechishanu: Vashandisi veWindows vanoshandura kiyi vachishandisa PuTTYGen.

Kana uri kushandisa Windows, unofanirwa kushandura kiyi yakavanzika kuita fomati yePuTTY:

  1. batidza PuTTYGen
  2. 点击 mutoro load id_rsa
  3. 点击 Sevha kiyi yakavanzika Sevha se .ppk
  4. mu PuTTY → Kubatanidza → SSH → Kubvumidza Sarudza izvi .ppk 文件

Nenzira iyi, unogona kupinda muVPS yako zvakachengeteka uchishandisa PuTTY.

Danho 6: Simbisa uye dzivirira kubva mukurwiswa kwechisimba

Simbisa kuti gadziriro iri kushanda:

grep "Failed password" /var/log/auth.log

Marogi acho anongoratidza chete kuedza kwemurwisi kwakundikana, kwete kupinda kwakabudirira.

Kudzivirira kwakawedzerwa:

  • Batira pamwe Fail2Ban Dzima otomatiki kurwisa ma IP
  • Chinja chiteshi chekare (semuenzaniso, chichinje kuita 2222).
  • Firewall inobvumira ma IP akavimbika chete

Matekiniki matatu aya anogona kukanganisa zvachose kuedza kwemubavha.

kupfupikisa

Pfuura Gadzira kiyi → Gadzirisa kiyi yeruzhinji → Gadzirisa sshd_config → Tangazve sevhisi → PuTTY kushandura kiyi Matanho aya, ako HestiaCP VPS inogona kubvisa zvachose njodzi yekurwiswa ne password brute-force.

Mashoko ekuti "Failed password" ari mumagwaro iwayo anongori kuedza kusina maturo kwevanorwisa uye haaratidzi kuti kusimbiswa kwepassword kuchiri kushanda.

Mhedziso: Kuchengetedzwa ndiko nhungamiro huru yeserver.

Munyika yekuchengetedzwa kwemashoko, mapassword ndiwo anonyanya kukanganiswa. Kutsiva mapassword nemakiyi hakusi sarudzo yetekinoroji chete, asiwo kuratidzwa kwemutoro neuchenjeri.

Sezvakataurwa mu "Information Security White Paper": "Kuchengetedzwa hakusi mutengo, asi kukosha."

Saka tora matanho. Sunungura VPS yako kubva muzvisungo zvemapassword, uye rega kurwiswa kwechisimba kwevanokuvadza kurambe kuri mumabhuku akakundikana.

Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Chinyorwa chinoti "Nzira Yokugadzirisa Kurwiswa kweSSH Brute-Force? Chidzidzo Chinoshanda Pakugadzirisa Kusimbiswa kweVPS Key neHestiaCP," chakagoverwa pano, chingakubatsira.

Welcome to share link yechinyorwa chino:https://www.chenweiliang.com/cwl-34161.html

Kuti uvhure mamwe akavanzwa matipi🔑, unogamuchirwa kujoina yedu Telegraph chiteshi!

Dzvanya apa kuti ubatane neTeregiramu chiteshi

Govera uye like kana wazvifarira! Magove ako uye zvaanoda ndiko kuenderera mberi kwedu kukurudzira!

 

发表 评论

Yako email kero haizoburitswa. Minda inodiwa inoshandiswa * Chitaera

Chinyorwa Directory

Chinyorwa Directory
Mupumburu TOP