Centos7 配置密钥登录,关闭密码登录

一、问题:

公网上的服务器用密码登录时经常看到被攻击.

Last failed login: Tue Dec 12 07:55:36 CST 2017 from 219.146.144.254 on ssh:notty
There were 14011 failed login attempts since the last successful login.Last login: Mon Dec 11 09:23:25 2017 from 180.110.80.73123

二、解决办法

登录方式修改为密钥登录,关闭密码登录,且尝试登录失败次数修改为3

  1. 生成ssh公钥和私钥:可指定文件位置,输入公钥和私钥验证密码
ssh-keygen -t rsa
[root@localhost opt]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IgB6YCXsSnuL6ntCkQirCaOEiD8NqsGQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|+ooo             |
|=*o              |
|%=O              |
|XEo+             |
|@++o= . S        |
|*+o+.= .         |
|o +.+            |
| + o             |
|oo+              |
+----[SHA256]-----+
  1. 将公钥追加到authorized_keys 中
#将公钥追加到keys文件中
cat id_rsa.pub >> /root/.ssh/authorized_keys
  1. 修改sshd_config 文件
vim  /etc/ssh/sshd_config 
# 将sshd_config 中以下四个参数设置为如下所示
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
MaxAuthTries 3

#如果这步不想操作,可以执行以下命令
wget http://pan1.pan.94p.net/服务器环境/sh/sshd_config
cp sshd_config /etc/ssh/
chmod 600 /etc/ssh/sshd_config
  1. 重启sshd.service服务,则配置成功,完毕
systemctl restart sshd.service
systemctl status sshd.service
  1. 将公钥和私钥复制到自己的windos电脑上,使用公钥进行登录

 

没有账号? 忘记密码?
网站地图