Ungakuvimbela kanjani ukuhlaselwa kwe-SSH brute-force? Isifundo esiwusizo sokulungiselela ukuqinisekiswa kokhiye we-VPS nge-HestiaCP.

Ukuhlaselwa kwe-VPS okungaphezu kuka-90% kubangelwa... Ukuhlasela kwe-brute-force ngephasiwedi ebuthakathaka ye-SSHUma usangena ngemvume kuseva ngephasiwedi, kuyingozi njengokushiya ukhiye wendlu yakho ulenga emnyango.

Kulesi sihloko, ngizokuqondisa isinyathelo ngesinyathelo ukuze ubalekele ngokuphelele iphupho elibi lokuhlaselwa ngamaphasiwedi ngamandla amakhulu. Sizohlanganisa... VPS Nge I-PuTTY软件Lesi sifundo sisebenzisa amathuluzi omugqa wemiyalo awusizo kakhulu ukukusiza ukuthi uphakamise ukuphepha kwakho kwe-SSH ezingeni eliphezulu kakhulu.

Kungani usebenzise ukhiye esikhundleni sephasiwedi?

Kungakhathaliseki ukuthi iphasiwedi iyinkimbinkimbi kangakanani, isengaqhekeka ngamandla amakhulu. Abaduni bangasebenzisa amathuluzi ukuzama amashumi ezinkulungwane zezinhlanganisela zamaphasiwedi ngomzuzwana.

futhi Ukhiye we-RSA ongu-4096-bitNgokwenkolelo-mbono, kungathatha izigidigidi zeminyaka ukuqhekeka. Uma kuqhathaniswa, iphasiwedi ifana nomnyango wephepha, kanti isihluthulelo isango lensimbi.

Ungakuvimbela kanjani ukuhlaselwa kwe-SSH brute-force? Isifundo esiwusizo sokulungiselela ukuqinisekiswa kokhiye we-VPS nge-HestiaCP.

Isinyathelo 1: Khiqiza ukhiye we-SSH

KW Linux Ngaphandle kwalokho, ku-macOS, ungakha ngqo umbhangqwana wokhiye we-RSA ongu-4096-bit:

ssh-keygen -t rsa -b 4096

Cindezela u-Enter ukuze ulondoloze indlela ezenzakalelayo. /root/.ssh/id_rsa,

Faka iphasiwedi (ongakukhetha), noma mane ucindezele u-Enter bese uyishiya ingenalutho.

Uhlelo luzokhiqiza amafayela amabili:

  • Ukhiye oyimfihlo:id_rsa
  • Ukhiye womphakathi:id_rsa.pub

Lona "ukhiye" wakho kanye "nesihluthulelo".

Isinyathelo 2: Lungiselela ukhiye womphakathi kuseva

Faka ukhiye womphakathi kufolda enelayisensi ye-VPS:

cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Qinisekisa ukuthi ifolda /root/.ssh/ zikhona.

Ngale ndlela, iseva izobona kuphela ukhiye wakho womphakathi futhi ngeke isathembela kuphasiwedi.

Isinyathelo 3: Shintsha ifayela lokucushwa kwe-SSH

Hlela ifayela lokucushwa:

nano /etc/ssh/sshd_config

Lungisa amapharamitha alandelayo:

RSAAuthentication yes #RSA认证
PubkeyAuthentication yes #开启公钥验证
AuthorizedKeysFile .ssh/authorized_keys #验证文件路径
PasswordAuthentication no #禁止密码认证
PermitEmptyPasswords no #禁止空密码

Lesi sinyathelo sibalulekile: khubaza ngokuphelele ukungena ngemvume ngephasiwedi.

Isinyathelo 4: Qala kabusha isevisi ye-SSH

Yenza ukucushwa kusebenze ngokushesha:

systemctl restart sshd
  • Ubuntu / Debian:
systemctl restart ssh

Isevisi iqinisekisiwe ukuthi iyasebenza:

systemctl status sshd

Isinyathelo 5: Abasebenzisi beWindows baguqula ukhiye besebenzisa i-PuTTYGen.

Uma usebenzisa iWindows, udinga ukuguqula ukhiye wangasese ube yifomethi yePuTTY:

  1. Ukuqhekeka I-PuTTYGen
  2. 点击 Layisha umthwalo id_rsa
  3. 点击 Londoloza ukhiye oyimfihlo Igcine njenge .ppk
  4. KW I-PuTTY → Uxhumano → I-SSH → Ugunyazo Khetha lokhu .ppk 文件

Ngale ndlela, ungangena ngokuphephile ku-VPS yakho usebenzisa i-PuTTY.

Isinyathelo 6: Qinisekisa futhi uvikele ekuhlaselweni ngamandla amakhulu

Qinisekisa ukuthi ukucushwa kuyasebenza:

grep "Failed password" /var/log/auth.log

Amalogi azobonisa kuphela imizamo yomhlaseli ehlulekile, hhayi ukungena ngemvume okuphumelelayo.

Ukuzivikela okwengeziwe:

  • Bambisana Fail2Ban Vimba ngokuzenzakalelayo ama-IP ahlaselayo
  • Shintsha imbobo ezenzakalelayo (isb., yishintshe ibe ngu-2222).
  • I-Firewall ivumela ama-IP athembekile kuphela

Lezi zindlela ezintathu zingayivimba ngokuphelele imizamo yomdubuli we-inthanethi.

总结

Ngo Khiqiza ukhiye → Lungiselela ukhiye womphakathi → Shintsha i-sshd_config → Qala kabusha isevisi → I-PuTTY ukuze uguqule ukhiye Lezi zinyathelo, zakho I-HestiaCP I-VPS ingasusa ngokuphelele ingozi yokuhlaselwa yi-password brute-force.

Okufakiwe "kwephasiwedi ehlulekile" kulawo malogi kumane kuyimizamo engenamsebenzi yabahlaseli futhi akusho ukuthi ukuqinisekiswa kwephasiwedi kusasebenza.

Isiphetho: Ukuphepha kuyindlela yokuphila yeseva.

Ezweni lokuphepha kolwazi, amaphasiwedi ayisixhumanisi esisengozini kakhulu. Ukufaka amaphasiwedi okhiye esikhundleni sawo akuyona nje ukukhetha kobuchwepheshe, kodwa futhi kubonisa umthwalo wemfanelo nokuhlakanipha.

Njengoba kushiwo ku-"Information Security White Paper": "Ukuphepha akuyona izindleko, kodwa kuyinani."

Ngakho-ke thatha isinyathelo. Khulula i-VPS yakho ezibophweni zamaphasiwedi, futhi uvumele ukuhlaselwa kwamandla amabi kwabaphangi kuhlale kuze kube phakade ezingomeni ezihlulekile.

I-Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Isihloko esithi "Ungaxazulula Kanjani Ukuhlaselwa Kwe-SSH Brute-Force? Isifundo Esiwusizo Sokuhlela Ukuqinisekiswa Kwekhiye Ye-VPS nge-HestiaCP," esabelwe lapha, singase sibe usizo kuwe.

Siyakwamukela ukwabelana ngesixhumanisi salesi sihloko:https://www.chenweiliang.com/cwl-34161.html

Ukuze uvule amaqhinga afihliwe🔑, wamukelekile ukujoyina isiteshi sethu seTelegram!

Chofoza lapha ukuze ujoyine isiteshi seTelegram

Yabelana futhi uthanda uma uthanda! Ukwabelana kwakho nokuthanda kwakho kuyisikhuthazo sethu esiqhubekayo!

 

发表 评论

Ikheli lakho le-imeyili ngeke lishicilelwe. 必填 项 已 用 * Ilebula

Uhla lwemibhalo ye-athikili

Uhla lwemibhalo ye-athikili
Skrolela Top