Today, I found that someone attacked my alicloud server. Although I used a strong password, I still felt a little uneasy. I decided to restrict access only through key and change the SSH connection port
1. Generate key pair
First of all, execute the following command on the login server
ssh-keygen -t rsa -C " [email protected] "< = = the email address is filled in after
The first prompt is the key saving path, which can be entered directly here (under the default file of / root /. SSH /). The second and third steps are to prompt for the key lock code. I can also enter it directly and leave it blank (of course, you can also enter the password for private key security).
The key pair is generated successfully
Your identification has been saved in /root/.ssh/id_ = = RSA private key Your public key has been saved in /root/.ssh/id_ rsa.pub . < = = public key
View public key
cat ~/.ssh/id_rsa.pub # ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCskragdQD1O3Ualmr+C....
2. Install the public key on the server
This step is operated in ~ /. SSH directory to ensure successful execution. First, execute the above two commands and set file permissions.
chmod 600 authorized_keys chmod 700 ~/.ssh cat id_ rsa.pub >> authorized_ Keys < = = install public key
3. Edit / etc / SSH / sshd_ Config file
RSAAuthentication yes PubkeyAuthentication yes Permitrotelogin yes < = = can root log in via SSH
Restart the SSH service
service sshd restart
4. Download the private key file
Set the private key file ID_ RSA is downloaded to the local machine through FTP to test whether the key login is successful. Xshell is recommended.
After successful login, return to sshd_ Config file, set disable password login!
Take care of the private key file. This will be the only credential for you to connect to the server!
5. Modify SSH port
Or modify / etc / SSH / sshd_ For example, in order to connect port 22, we need to add a new port in the following line
Test the SSH connection after restarting the SSH service:
Service sshd restart < = = restart SSH service SSH localhost - p your port number < = = Test SSH connection on this machine
If there is no problem with the native test, but you still can’t use the third room tool to connect from the external SSH, you need to close the firewall and restart sshd. That will do.
After the SSH multi port test is successful, you can modify sshd_ The config file or firewall closes port 22.
Happy New Year!