How to enhance the safety of logging into the VPS?

2019-05-3010:24:24 评论

Step 1: generate the private and public RSA key pair in Xsheel/Centos as below:

ssh-keygen -t rsa

Enter file in which to save the key (/root/.ssh/id_rsa):    /* press the Enter button */

Enter passphrase (empty for no passphrase):    /* enter your password */

Enter same passphrase again:    /* enter the password again */

Your identification has been saved in /root/.ssh/id_rsa.  /* the private key is already */

Your public key has been saved in /root/.ssh/id_rsa.pub.  /* the publick key is already */

Step 2: download the id_rsa. and id_rsa.pub as a copy before step 3

press the ctrl+alt+F to open the Xftp, when opened, input "/root/.ssh" to locate to the directory, now download the two files above and save them safely. When downloading finished delete the id_rsa. in the Xftp for safefy

Step 3: rename the pub key and make use of it at once(please exit the current connection firstly in Xshell by input "exit" and enter)

mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

Step 4: use the keys to login into the VPS

in Xsheel, choose the authentication method as RSA file and upload the id_rsa.(ofcourse you can rename the file as your will), now try to login again. If succeed, see the step 5 as below.

Step 5: forbid the password authentication

in Xftp,in "/etx/ssh/", find the file sshd_config and download it. Open it with tools such as the Notepad++, ctrl+F to find the "PasswordAuthentication yes", replace the "yes" with "no",then close and save it.Now upload it to /etc/ssh to over write itself.

Step 6: restart the sshd service in Xshell as below

service sshd restart

 

Ok, all is done and now you can only log into the VPS via the RSA file pair.

avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: