Ungayithintela njani i-SSH brute-force attacks? Isifundo esisebenzayo sokumisela uqinisekiso lwe-VPS key ngeHestiaCP.

Ngaphezulu kwe-90% yohlaselo lwe-VPS lubangelwa... Uhlaselo lwe-brute-force olubuthathaka lwe-SSHUkuba usangena kwiseva usebenzisa igama eligqithisiweyo, kuyingozi njengokushiya isitshixo sendlu yakho sijinga emnyango.

Kweli nqaku, ndiza kukukhokela inyathelo ngenyathelo ukuze ubaleke ngokupheleleyo kwiphupha elibi lokuhlaselwa ngamagama agqithisileyo. Siza kudibanisa... VPS Ukuqobisana I-PuTTY软件Le khosi isebenzisa izixhobo zomyalelo ezisebenzayo ukukunceda uphakamise ukhuseleko lwakho lwe-SSH luye kwinqanaba eliphezulu.

Kutheni usebenzisa isitshixo endaweni yegama eligqithisiweyo?

Nokuba igama eliyimfihlo linzima kangakanani na, lisenokuqhekeka ngamandla amakhulu. Abaphangi banokusebenzisa izixhobo ukuzama amashumi amawaka eendibaniselwano zamagama ayimfihlo ngomzuzwana.

kwaye Isitshixo se-RSA se-4096-bitNgokwethiyori, kungathabatha iibhiliyoni zeminyaka ukuqhekeka. Xa kuthelekiswa, igama eliyimfihlo lifana nocango lwephepha, ngelixa isitshixo lisango lentsimbi.

Ungayithintela njani i-SSH brute-force attacks? Isifundo esisebenzayo sokumisela uqinisekiso lwe-VPS key ngeHestiaCP.

Inyathelo 1: Yenza isitshixo se-SSH

In Linux Okanye, kwi-macOS, ungavelisa ngokuthe ngqo isitshixo se-RSA se-4096-bit:

ssh-keygen -t rsa -b 4096

Cinezela u-Enter ukuze ugcine indlela emiselweyo. /root/.ssh/id_rsa,

Faka igama eligqithisiweyo (ukhetho), okanye ucinezele nje u-Enter uze ulishiye lingenanto.

Inkqubo iya kuvelisa iifayile ezimbini:

  • Isitshixo sabucala:id_rsa
  • Isitshixo sikawonke-wonke:id_rsa.pub

Le "yitshixo" kunye "nesitshixo" sakho.

Inyathelo lesi-2: Lungiselela isitshixo sikawonke-wonke kwiseva

Beka isitshixo sikawonke-wonke kwisikhokelo seelayisenisi seVPS:

cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Qinisekisa ukuba uluhlu lweencwadi /root/.ssh/ zikhona.

Ngale ndlela, iseva iya kuqaphela kuphela isitshixo sakho sikawonke-wonke kwaye ayisayi kuxhomekeka kwigama lokugqitha.

Inyathelo lesi-3: Guqula ifayile yoqwalaselo lwe-SSH

Hlela ifayile yoqwalaselo:

nano /etc/ssh/sshd_config

Lungisa ezi parameters zilandelayo:

RSAAuthentication yes #RSA认证
PubkeyAuthentication yes #开启公钥验证
AuthorizedKeysFile .ssh/authorized_keys #验证文件路径
PasswordAuthentication no #禁止密码认证
PermitEmptyPasswords no #禁止空密码

Eli nyathelo libaluleke kakhulu: khubaza ngokupheleleyo ukungena ngephasiwedi.

Inyathelo lesi-4: Qala kwakhona inkonzo ye-SSH

Yenza uqwalaselo lusebenze ngoko nangoko:

systemctl restart sshd
  • Ubuntu / Debian:
systemctl restart ssh

Inkonzo iqinisekisiwe ukuba iyasebenza:

systemctl status sshd

Inyathelo lesi-5: Abasebenzisi beWindows baguqula isitshixo besebenzisa iPuTTYGen.

Ukuba usebenzisa iWindows, kuya kufuneka uguqule isitshixo sabucala sibe yifomathi yePuTTY:

  1. layita I-PuTTYGen
  2. 点击 umthwalo 加载 id_rsa
  3. 点击 Gcina isitshixo sabucala Yigcine njenge .ppk
  4. In I-PuTTY → Uqhagamshelo → I-SSH → Ugunyaziso Khetha oku .ppk 文件

Ngale ndlela, ungangena ngokukhuselekileyo kwi-VPS yakho usebenzisa i-PuTTY.

Inyathelo lesi-6: Qinisekisa kwaye ukhusele kwiintlaselo zamandla angaqhelekanga

Qinisekisa ukuba uqwalaselo luyasebenza:

grep "Failed password" /var/log/auth.log

Iilog ziza kubonisa kuphela imizamo yomhlaseli engaphumelelanga, kungekhona ukungena ngemvume okuphumeleleyo.

Ukuzikhusela okungakumbi:

  • Ukusebenzisana Fail2Ban Vimba ngokuzenzekelayo ii-IP ezihlaselayo
  • Tshintsha izibuko elimiselweyo (umz., litshintshe libe yi-2222).
  • I-Firewall ivumela kuphela ii-IP ezithembekileyo

Ezi ndlela zintathu zinokuyithintela ngokupheleleyo imizamo yomqhekezi.

总结

Ngu Yenza isitshixo → Lungiselela isitshixo sikawonke-wonke → Guqula i-sshd_config → Qala kwakhona inkonzo → PuTTY ukuguqula isitshixo La manyathelo, akho I-HestiaCP I-VPS inokuphelisa ngokupheleleyo umngcipheko wokuhlaselwa nge-password brute-force.

Ungeniso "lwegama lokugqitha elihlulekileyo" kwezo log luyimizamo nje engenamsebenzi yabahlaseli kwaye alubonisi ukuba ukuqinisekiswa kwegama lokugqitha kusasebenza.

Isiphelo: Ukhuseleko luyindlela ebalulekileyo yomncedisi.

Kwihlabathi lokhuseleko lolwazi, amagama ayimfihlo ngawona makhonkco asengozini. Ukutshintsha amagama ayimfihlo ngamaqhosha akuyondlela yobuchwepheshe nje kuphela, kodwa kukwabonisa uxanduva kunye nobulumko.

Njengoko kuchaziwe kwi "Information Security White Paper": "Ukhuseleko aluyondleko, kodwa lixabiso."

Ngoko ke thabatha inyathelo. Khulula i-VPS yakho kwiingxaki zamagama ayimfihlo, kwaye uvumele uhlaselo lwamandla olunamandla lwabaphangi luhlale ngonaphakade kwiirekhodi ezingasebenziyo.

Ndiyathemba Chen Weiliang Blog ( https://www.chenweiliang.com/ Inqaku elithi "Ungazisombulula njani ii-SSH Brute-Force Attacks? Isifundo Esisebenzayo malunga noCwangciso lwe-VPS Key Authentication ngeHestiaCP," esabelwe apha, singakunceda.

Wamkelekile ukwabelana ngekhonkco leli nqaku:https://www.chenweiliang.com/cwl-34161.html

Ukuvula amaqhinga afihlakeleyo🔑, wamkelekile ukujoyina ijelo lethu leTelegram!

Cofa apha ukujoyina ijelo leTelegram

Yabelana kwaye uthande ukuba uyayithanda! Izabelo zakho kunye nezinto ozithandayo ziyinkuthazo yethu eqhubekayo!

 

Shiya uluvo

Idilesi yakho ye-imeyile ayizupapashwa. Iinkalo ezifunekayo zisetyenzisiwe * Ileyibheli

Isalathiso senqaku

Isalathiso senqaku
Skrolela phezulu