Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use root to safely log in to VPS". In daily operation, I believe that many people have doubts about how to use root to log in safely to VPS. The editor has consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "how to use root to log in safely to VPS". Next, please follow the editor to study!

If you are still hesitant about security and have the idea of "no one cares about my small site", open / var/log/secure to see how many IP and how many attempts to log on to your server?

It is too late to use a newly launched VPS. When I open / var/log/secure a few days later, I find that n IP have been visited n times. A machine with an IP address of 213.115.115.113 guesses the username / password more than 2600 times a day in an attempt to log in.

This is a snippet of the log file:

The code is as follows:

Jun 28 13:49:23 blog sshd [3462]: Received disconnect from 213.115.115.113: 11: Bye Bye

Jun 28 13:49:24 blog sshd [3695]: Invalid user radu from 213.115.115.113

Jun 28 13:49:24 blog sshd [3703]: input_userauth_request: invalid user radu

Jun 28 13:49:24 blog sshd [3695]: pam_unix (sshd:auth): check pass; user unknown

Jun 28 13:49:24 blog sshd [3695]: pam_unix (sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-213-115115-113.sme.bredbandsbolaget.se

Jun 28 13:49:26 blog sshd [3695]: Failed password for invalid user radu from 213.115.115.113 port 51310 ssh3

Jun 28 13:49:26 blog sshd [3703]: Received disconnect from 213.115.115.113: 11: Bye Bye

Jun 28 13:49:27 blog sshd [3910]: Invalid user raducu from 213.115.115.113

Jun 28 13:49:27 blog sshd [3921]: input_userauth_request: invalid user raducu

Jun 28 13:49:27 blog sshd [3910]: pam_unix (sshd:auth): check pass; user unknown

Jun 28 13:49:27 blog sshd [3910]: pam_unix (sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-213-115115-113.sme.bredbandsbolaget.se

Jun 28 13:49:30 blog sshd [3910]: Failed password for invalid user raducu from 213.115.115.113 port 52740 ssh3

Jun 28 13:49:30 blog sshd [3921]: Received disconnect from 213.115.115.113: 11: Bye Bye

Jun 28 13:49:31 blog sshd [5280]: Invalid user raul from 213.115.115.113

Jun 28 13:49:31 blog sshd [5293]: input_userauth_request: invalid user raul

Jun 28 13:49:31 blog sshd [5280]: pam_unix (sshd:auth): check pass; user unknown

Jun 28 13:49:31 blog sshd [5280]: pam_unix (sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-213-115115-113.sme.bredbandsbolaget.se

Jun 28 13:49:33 blog sshd [5280]: Failed password for invalid user raul from 213.115.115.113 port 54742 ssh3

Jun 28 13:49:34 blog sshd [5293]: Received disconnect from 213.115.115.113: 11: Bye Bye

Jun 28 13:49:35 blog sshd [5540]: Invalid user robert from 213.115.115.113

Jun 28 13:49:35 blog sshd [5570]: input_userauth_request: invalid user robert

Jun 28 13:49:35 blog sshd [5540]: pam_unix (sshd:auth): check pass; user unknown

Jun 28 13:49:35 blog sshd [5540]: pam_unix (sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-213-115115-113.sme.bredbandsbolaget.se

Jun 28 13:49:37 blog sshd [5540]: Failed password for invalid user robert from 213.115.115.113 port 56483 ssh3

Therefore, the security issue should not be underestimated. There are two ways to increase the security when root logs in to VPS. These two ways are best tied together, and at least one of them should be used if you are afraid of trouble.

Prohibit root from logging in directly to sshd

When you log in to VPS, you must log in with a normal account, and then su into root. You can modify / etc/ssh/sshd_config to prevent root from logging in directly:

PermitRootLogin no enables SSH Keys login

This approach does not allow root to log in to ssh directly by entering a password, but it can be logged in by using a pair of ssh public/private key. The configuration steps are as follows:

1. Run the following command on the client side to create a pair of public/private key:

Ssh-keygen-t dsa

As prompted, the above command creates two files: id_dsa and id_dsa.pub, the first is private key and the second is public key. When you create a key, you will be prompted to enter passphrase, the equivalent of a password, to protect private key from abuse.

2. Protect the generated private key from being accessed by the outside world.

3. Create a / root/.ssh/authorized_keys file on the server you want to access, copy+paste the contents of the generated publice key (id_dsa.pub) into authorized_keys, be careful of the complete copy, and there are no spaces / blank lines.

4. Forbid root to log in to sshd directly by entering a password, modify / etc/ssh/sshd_config, and add / modify this line:

PermitRootLogin without-password restart sshd/etc/init.d/sshd restart here, on "how to use root security login VPS" study is over, hope to be able to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.