修改SSH端口:
在/etc/ssh/sshd_config里面将Port 22这个默认值修改掉,然后重启SSH:/etc/init.d/ssh restart
用密匙代替密码登陆,并关闭密码登陆:
首先:生成密匙,记得保存密匙,下面演示的是将生成的保存在/root/.ssh下,id_rsa为私钥,id_rsa.pub为公钥
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##直接回车默认路径
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase): ##输入密码短语(留空则直接回车)
Enter same passphrase again: ##重复密码短语
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
04:e1:93:92:95:ba:55:21:58:05:7d:57:58:92:32:d3 root@vpn
The key’s randomart image is:
+–[ RSA 2048]—-+
| oB*o. ..=o |
| .+.+o = E. |
| o.+… = |
| …o |
| o S |
| . |
| |
| |
| |
+—————–+
其次:导入公钥
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
再次:更改SSH配置文件
修改SSH的配置文件/etc/ssh/sshd_config,找到下面3行,将前面的#去掉后保存,然后重启SSH:/etc/init.d/ssh restart
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
还有:如果用putty登陆的话是不能识别这货id_rsa的,需要借助putty generator将文件转换成PPK文件,转后会得到一个 文件名.ppk,保存好这个文件。如果使用Xshell的就可以直接省略这么麻烦了,能直接识别id_rsa
最后:关闭SSH密码登陆
在/etc/ssh/sshd_config找到PasswordAuthentication yes,改为PasswordAuthentication no,记得把前面的“#”给去掉,然后重启SSH:/etc/init.d/ssh restart
发表回复