Alicloud Linux server modifies SSH connection port and sets key login

Time:2020-11-18

Today, I found that someone attacked my alicloud server. Although I used a strong password, I still felt a little uneasy. I decided to restrict access only through key and change the SSH connection port
Alicloud Linux server modifies SSH connection port and sets key login

1. Generate key pair

First of all, execute the following command on the login server

ssh-keygen -t rsa -C " [email protected] "< = = the email address is filled in after

The first prompt is the key saving path, which can be entered directly here (under the default file of / root /. SSH /). The second and third steps are to prompt for the key lock code. I can also enter it directly and leave it blank (of course, you can also enter the password for private key security).
The key pair is generated successfully

Your identification has been saved in /root/.ssh/id_ = = RSA private key
Your public key has been saved in /root/.ssh/id_ rsa.pub . < = = public key

View public key

cat ~/.ssh/id_rsa.pub
# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCskragdQD1O3Ualmr+C....

2. Install the public key on the server

This step is operated in ~ /. SSH directory to ensure successful execution. First, execute the above two commands and set file permissions.

chmod 600 authorized_keys
chmod 700 ~/.ssh
cat id_ rsa.pub  >> authorized_ Keys < = = install public key

3. Edit / etc / SSH / sshd_ Config file

RSAAuthentication yes
PubkeyAuthentication yes
Permitrotelogin yes < = = can root log in via SSH

Restart the SSH service

service sshd restart

4. Download the private key file

Set the private key file ID_ RSA is downloaded to the local machine through FTP to test whether the key login is successful. Xshell is recommended.
After successful login, return to sshd_ Config file, set disable password login!

PasswordAuthentication no

Take care of the private key file. This will be the only credential for you to connect to the server!

5. Modify SSH port

Or modify / etc / SSH / sshd_ For example, in order to connect port 22, we need to add a new port in the following line
Test the SSH connection after restarting the SSH service:

Service sshd restart < = = restart SSH service
SSH localhost - p your port number < = = Test SSH connection on this machine

If there is no problem with the native test, but you still can’t use the third room tool to connect from the external SSH, you need to close the firewall and restart sshd. That will do.
After the SSH multi port test is successful, you can modify sshd_ The config file or firewall closes port 22.
Happy New Year!