How to enhance the safety of logging into the VPS?

2019-05-3010:24:24 评论

Step 1: generate the private and public RSA key pair in Xsheel/Centos as below:

ssh-keygen -t rsa

Enter file in which to save the key (/root/.ssh/id_rsa):    /* press the Enter button */

Enter passphrase (empty for no passphrase):    /* enter your password */

Enter same passphrase again:    /* enter the password again */

Your identification has been saved in /root/.ssh/id_rsa.  /* the private key is already */

Your public key has been saved in /root/.ssh/  /* the publick key is already */

Step 2: download the id_rsa. and as a copy before step 3

press the ctrl+alt+F to open the Xftp, when opened, input "/root/.ssh" to locate to the directory, now download the two files above and save them safely. When downloading finished delete the id_rsa. in the Xftp for safefy

Step 3: rename the pub key and make use of it at once(please exit the current connection firstly in Xshell by input "exit" and enter)

mv /root/.ssh/ /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

Step 4: use the keys to login into the VPS

in Xsheel, choose the authentication method as RSA file and upload the id_rsa.(ofcourse you can rename the file as your will), now try to login again. If succeed, see the step 5 as below.

Step 5: forbid the password authentication

in Xftp,in "/etx/ssh/", find the file sshd_config and download it. Open it with tools such as the Notepad++, ctrl+F to find the "PasswordAuthentication yes", replace the "yes" with "no",then close and save it.Now upload it to /etc/ssh to over write itself.

Step 6: restart the sshd service in Xshell as below

service sshd restart


Ok, all is done and now you can only log into the VPS via the RSA file pair.



:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: