解决自己的云服务器经常被登录问题
1、解决过程
1.1 环境:
腾讯centos云服务器
1.2 原因:
每次登录云服务器时系统都会提示,这是被各种尝试登录导致的(简单说就是你的服务器被攻击了)
Last failed login: Tue Dec 29 21:06:17 CST 2020 from 182.78.163.21 on ssh:notty
There were 6751 failed login attempts since the last successful login.
Last login: Sat Dec 26 01:17:59 2020 from 120.230.83.193
1.3 解决办法:
使用密钥登录可以解决
1.4 步骤如下:
(1)生成ssh密钥:
[root@hangzhi ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #此处直接回车就可以
Enter passphrase (empty for no passphrase): #设置解密钥密码
Enter same passphrase again: #再此输入一样密码确认
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9vRVtZ9uUUinLq+0byUMYDo8XZpZQ/t2iDbrGjcjMNc root@hangzhi
The key's randomart image is:
+---[RSA 2048]----+
| .. . o|
| o +o +o|
| . + B..o.o|
| = =..+ o+|
| Soo Eo*oo|
| . * o B+.o|
| + B .= |
| * =o |
| ..+o. |
+----[SHA256]-----+
(2)查看生成的密钥:
[root@hangzhi ~]# cd /root/.ssh/
[root@hangzhi .ssh]# ll
total 12
-rw-r--r--. 1 root root 0 Mar 7 2018 authorized_keys
-rw------- 1 root root 1766 Dec 29 21:13 id_rsa #私钥
-rw-r--r-- 1 root root 394 Dec 29 21:13 id_rsa.pub #公钥
-rw-r--r-- 1 root root 176 Jan 6 2019 known_hosts
(3)将公钥追加到authorized_keys文件中:
[root@hangzhi .ssh]# cat id_rsa.pub >> /root/.ssh/authorized_keys
(4)将权限改为只有当前用户可读可写,保证安全:
[root@hangzhi .ssh]# chmod 600 authorized_keys
(5)打开ssh的密钥登录功能:
[root@hangzhi .ssh]# vim /etc/ssh/sshd_config
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#将上面2行前面的注释去掉,然后保存
# 重启ssh服务
[root@hangzhi .ssh]# systemctl restart sshd.service
(6)然后使用客户端配置密钥登录,如果成功接着下一步,不成功重复上面步骤
(7)关闭ssh密码登录(注意:只有配置成功后才操作这个步,不然没成功关闭这个会导致不能登录服务器 )
[root@hangzhi .ssh]# vim /etc/ssh/sshd_config
PasswordAuthentication yes 修改为: PasswordAuthentication no
# 重启ssh服务
[root@hangzhi .ssh]# systemctl restart sshd.service