×ðÁú¿­Ê±¹ÙÍøµÇ¼

SSHÇå¾²¼Ó¹Ì£º± £»¤Linux SysOpsÇéÐÎÃâÊܹ¥»÷

SSHÇå¾²¼Ó¹Ì£º± £»¤Linux SysOpsÇéÐÎÃâÊܹ¥»÷

СÐò£º

Secure Shell£¨SSH£©ÊÇÒ»ÖÖÆÕ±éÓ¦ÓÃÓÚÔ¶³ÌÖÎÀí¡¢Îļþ´«ÊäºÍÇå¾²´«ÊäµÄЭÒ顣Ȼ¶ø£¬ÓÉÓÚSSH¾­³£×÷ΪºÚ¿ÍÈëÇÖµÄÄ¿µÄ£¬Çå¾²¼Ó¹ÌSSHЧÀÍÆ÷ÊǺÜÊÇÖ÷ÒªµÄ¡£±¾ÎĽ«ÏÈÈÝһЩÊÊÓõÄÒªÁ죬×ÊÖúSysOps£¨ÏµÍ³ÔËά£©Ö°Ô±¼Ó¹ÌºÍ± £»¤ËûÃǵÄLinuxÇéÐÎÃâÊÜSSH¹¥»÷¡£

Ò»¡¢½ûÓÃSSH ROOTµÇ¼

SSH ROOTµÇ¼ÊÇ×îÊܺڿ͹¥»÷µÄÄ¿µÄÖ®Ò»¡£ºÚ¿ÍÄܹ»Ê¹Óñ©Á¦Æƽâ»òÕë¶ÔÒÑÖªµÄSSHÎó²î¾ÙÐй¥»÷À´Í¨¹ýSSH ROOTµÇ¼»ñÈ¡ÖÎÀíԱȨÏÞ¡£ÎªÁ˱ÜÃâÕâÖÖÇéÐα¬·¢£¬½ûÓÃSSH ROOTµÇ¼ÊǺÜÊÇÖ÷ÒªµÄÒ»²½¡£

ÔÚSSHÉèÖÃÎļþ£¨Ò»Ñùƽ³£Îª/etc/ssh/sshd_config£©ÖУ¬ÕÒµ½”PermitRootLogin”Ñ¡Ï²¢½«ÆäÖµÐÞ¸ÄΪ”no”£¬È»ºóÖØÆôSSHЧÀÍ¡£Ð޸ĺóµÄÉèÖÃÈçÏÂËùʾ£º

PermitRootLogin no

¶þ¡¢Ê¹ÓÃSSHÃÜÔ¿ÈÏÖ¤

SSHÃÜÔ¿ÈÏ֤ʹÓÃÁ˷ǶԳƼÓÃÜËã·¨£¬±È¹Å°åµÄ»ùÓÚÃÜÂëµÄÈÏÖ¤¸üÇå¾²¡£ÔÚʹÓÃSSHÃÜÔ¿ÈÏ֤ʱ£¬Óû§ÐèÒªÌìÉúÒ»¶ÔÃÜÔ¿£¬¹«Ô¿´æ´¢ÔÚЧÀÍÆ÷ÉÏ£¬Ë½Ô¿ÉúÑÄÔÚ¿Í»§¶Ë¡£Óû§ÔڵǼʱ£¬Ð§ÀÍÆ÷ͨ¹ýÑéÖ¤¹«Ô¿µÄ׼ȷÐÔÀ´È·ÈÏÓû§Éí·Ý¡£

ÌìÉúSSHÃÜÔ¿µÄÒªÁ죺

ÔÚ¿Í»§¶ËÉÏʹÓÃssh-keygenÏÂÁîÌìÉúÃÜÔ¿¶Ô¡£

½«±¬·¢µÄ¹«Ô¿¸´ÖƵ½Ð§ÀÍÆ÷µÄ~/.ssh/authorized_keysÎļþÖС£

È·±£Ë½Ô¿ÎļþµÄȨÏÞÉèÖÃΪ600£¨¼´Ö»ÓÐËùÓÐÕß¿ÉÒÔ¶Áд£©¡£

ÔÚÍê³ÉÒÔÉÏ°ì·¨ºó£¬¿ÉÒÔ½ûÓÃÃÜÂëµÇ¼£¬Ö»ÔÊÐíÃÜÔ¿µÇ¼¡£ÔÚSSHÉèÖÃÎļþÖУ¬½«”PasswordAuthentication”Ñ¡ÏîÐÞ¸ÄΪ”no”£¬È»ºóÖØÆôSSHЧÀÍ¡£

PasswordAuthentication no

Èý¡¢¸ü¸ÄSSH¶Ë¿Ú

ĬÈÏÇéÐÎÏ£¬SSHЧÀÍÆ÷¼àÌý¶Ë¿Ú22¡£ÓÉÓÚÕâ¸ö¶Ë¿ÚÊǹûÕæµÄ£¬ºÜÈÝÒ×Êܵ½±©Á¦Æƽâ»ò¶Ë¿ÚɨÃèµÄ¹¥»÷¡£ÎªÁËÌá¸ßÇå¾²ÐÔ£¬ÎÒÃÇ¿ÉÒÔ¸ü¸ÄSSHЧÀÍÆ÷µÄ¼àÌý¶Ë¿Ú¡£

ÔÚSSHÉèÖÃÎļþÖУ¬ÕÒµ½”Port”Ñ¡Ï²¢½«ÆäÉèÖÃΪһ¸ö·ÇͨÀýµÄ¶Ë¿ÚºÅ£¬ÀýÈç2222¡£¼ÇµÃÖØÐÂÆô¶¯SSHЧÀÍ¡£

Port 2222

ËÄ¡¢Ê¹Ó÷À»ðǽÏÞÖÆSSH»á¼û

ÉèÖ÷À»ðǽÊDZ £»¤Ð§ÀÍÆ÷µÄÖ÷Òª°ì·¨Ö®Ò»¡£Í¨¹ýʹÓ÷À»ðǽ£¬ÎÒÃÇ¿ÉÒÔÏÞÖÆSSH»á¼û½öÀ´×ÔÌض¨µÄIPµØµã»òIPµØµã¹æÄ£¡£

ʹÓÃiptables·À»ðǽ£¬¿ÉÒÔÖ´ÐÐÒÔÏÂÏÂÁîÀ´ÏÞÖÆSSH»á¼û£º

sudo iptables -A INPUT -p tcp –dport 2222 -s ÔÊÐí»á¼ûµÄIPµØµã -j ACCEPT

sudo iptables -A INPUT -p tcp –dport 2222 -j DROP

ÒÔÉÏÏÂÁîÔÊÐíÖ¸¶¨IPµØµã»á¼ûSSH£¬²¢ÇÒ×èÖ¹ÆäËûËùÓÐIPµØµãµÄ»á¼û¡£¼ÇµÃÉúÑIJ¢Ó¦Ó÷À»ðǽ¹æÔò¡£

Î塢ʹÓÃFail2Ban×Ô¶¯×èÖ¹¶ñÒâIP

Fail2BanÊÇÒ»¸ö¿ÉÒÔ×Ô¶¯¼à¿ØÈÕÖ¾Îļþ²¢¶Ô¶ñÒâÐÐΪ¾ÙÐзâ±ÕµÄ¹¤¾ß¡£Í¨¹ý¼à¿ØSSHµÇ¼ʧ°ÜµÄÇéÐΣ¬Fail2Ban¿ÉÒÔ×Ô¶¯×èÖ¹¹¥»÷ÕßµÄIPµØµã¡£

ÔÚ×°ÖÃFail2Banºó£¬·­¿ªÆäÉèÖÃÎļþ£¨Ò»Ñùƽ³£Îª/etc/fail2ban/jail.conf£©²¢¾ÙÐÐÒÔÏÂÉèÖãº

[sshd]

enabled = true

port = 2222

filter = sshd

maxretry = 3

findtime = 600

bantime = 3600

ÒÔÉÏÉèÖÃÒâζ×Å£¬ÈôÊÇÒ»¸öIPµØµãÔÚ10·ÖÖÓÄÚʵÑéSSHµÇ¼Áè¼Ý3´Î£¬Ëü½«±»×Ô¶¯×èÖ¹1Сʱ¡£ÉèÖÃÍê³Éºó£¬ÖØÐÂÆô¶¯Fail2BanЧÀÍ¡£

×ܽ᣺

ͨ¹ý½ûÓÃSSH ROOTµÇ¼¡¢Ê¹ÓÃSSHÃÜÔ¿ÈÏÖ¤¡¢¸ü¸ÄSSH¶Ë¿Ú¡¢Ê¹Ó÷À»ðǽÏÞÖÆSSH»á¼ûºÍʹÓÃFail2BanµÈÒªÁ죬ÎÒÃÇ¿ÉÒÔÓÐÓõؼӹ̺ͱ £»¤Linux SysOpsÇéÐÎÃâÊÜSSH¹¥»÷¡£ÒÔÉÏÊÇһЩÊÊÓõÄÒªÁ죬SysOpsÖ°Ô±¿ÉÒÔƾ֤ÏÖÕæÏàÐÎÀ´Ñ¡ÔñºÏÊʵÄÇå¾²²½·¥²¢ÊµÑéËüÃÇ¡£Í¬Ê±£¬°´ÆÚ¸üкͼà¿ØЧÀÍÆ÷ÉϵÄÈí¼þºÍ²¹¶¡Ò²ÊDZ £»¤Ð§ÀÍÆ÷ÃâÊܹ¥»÷µÄÒªº¦¡£Ö»Óмá³ÖСÐIJ¢½ÓÄÉÊʵ±µÄÇå¾²²½·¥£¬ÎÒÃDzŻªÈ·±£ÎÒÃǵÄLinuxÇéÐεÄÇå¾²¡£

ÒÔÉϾÍÊÇSSHÇå¾²¼Ó¹Ì£º± £»¤Linux SysOpsÇéÐÎÃâÊܹ¥»÷µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ