1. \u5f3a\u5316\u5bc6\u7801\u767b\u5f55<\/strong><\/div>\n
\u5bc6\u7801\u767b\u5f55\u5f88\u65b9\u4fbf\uff0c\u56e0\u4e3a\u4f60\u53ef\u4ee5\u4ece\u4efb\u4f55\u5730\u65b9\u7684\u4efb\u4f55\u673a\u5668\u4e0a\u767b\u5f55\u3002\u4f46\u662f\u5b83\u4eec\u5728\u66b4\u529b\u653b\u51fb\u9762\u524d\u4e5f\u662f\u8106\u5f31\u7684\u3002\u5c1d\u8bd5\u4ee5\u4e0b\u7b56\u7565\u6765\u5f3a\u5316\u4f60\u7684\u5bc6\u7801\u767b\u5f55:<\/p>\n
\n
(1)\u4f7f\u7528\u4e00\u4e2a\u5bc6\u7801\u751f\u6210\u5de5\u5177\uff0c\u4f8b\u5982 pwgen\u3002pwgen \u6709\u51e0\u4e2a\u9009\u9879\uff0c\u6700\u6709\u7528\u7684\u5c31\u662f\u5bc6\u7801\u957f\u5ea6\u7684\u9009\u9879\uff08\u4f8b\u5982\uff1a\u4ea7\u751f\u4e00\u4e2a12\u4f4d\u5b57\u7b26\u7684\u5bc6\u7801pwgen 12\uff09<\/li>\n
(2)\u4e0d\u8981\u91cd\u590d\u4f7f\u7528\u5bc6\u7801\u3002\u5ffd\u7565\u6240\u6709\u90a3\u4e9b\u4e0d\u8981\u5199\u4e0b\u4f60\u7684\u5bc6\u7801\u7684\u5efa\u8bae\uff0c\u7136\u540e\u5c06\u4f60\u7684\u6240\u6709\u767b\u5f55\u4fe1\u606f\u90fd\u8bb0\u5728\u4e00\u4e2a\u672c\u5b50\u4e0a\uff0c\u5982\u679c\u4f60\u4e0d\u76f8\u4fe1\u6211\u7684\u5efa\u8bae\uff0c\u90a3\u603b\u53ef\u4ee5\u76f8\u4fe1\u5b89\u5168\u6743\u5a01 Bruce Schneier \u5427\u3002\u5982\u679c\u4f60\u8db3\u591f\u7ec6\u5fc3\uff0c\u6ca1\u6709\u4eba\u80fd\u591f\u53d1\u73b0\u4f60\u7684\u7b14\u8bb0\u672c\uff0c\u90a3\u4e48\u8fd9\u6837\u80fd\u591f\u4e0d\u53d7\u5230\u7f51\u7edc\u4e0a\u7684\u90a3\u4e9b\u653b\u51fb\u3002<\/li>\n
(3)\u4f60\u53ef\u4ee5\u4e3a\u4f60\u7684\u767b\u5f55\u8bb0\u4e8b\u672c\u589e\u52a0\u4e00\u4e9b\u989d\u5916\u7684\u4fdd\u62a4\u63aa\u65bd\uff0c\u4f8b\u5982\u7528\u5b57\u7b26\u66ff\u6362\u6216\u8005\u589e\u52a0\u65b0\u7684\u5b57\u7b26\u6765\u63a9\u76d6\u7b14\u8bb0\u672c\u4e0a\u7684\u767b\u5f55\u5bc6\u7801\u3002\u4f7f\u7528\u4e00\u4e2a\u7b80\u5355\u800c\u4e14\u597d\u8bb0\u7684\u89c4\u5219\uff0c\u6bd4\u5982\u8bf4\u7ed9\u4f60\u7684\u5bc6\u7801\u589e\u52a0\u4e24\u4e2a\u989d\u5916\u7684\u968f\u673a\u5b57\u7b26\uff0c\u6216\u8005\u4f7f\u7528\u5355\u4e2a\u7b80\u5355\u7684\u5b57\u7b26\u66ff\u6362\uff0c\u4f8b\u5982 # \u66ff\u6362\u6210 * \u3002<\/li>\n
(4)\u4e3a\u4f60\u7684 SSH \u670d\u52a1\u5f00\u542f\u4e00\u4e2a\u975e\u9ed8\u8ba4\u7684\u76d1\u542c\u7aef\u53e3\u3002\u867d\u7136\u662f\u5f88\u8001\u5957\u7684\u5efa\u8bae\uff0c\u4f46\u662f\u5b83\u786e\u5b9e\u5f88\u6709\u6548\u3002\u68c0\u67e5\u4f60\u7684\u767b\u5f55\uff0c\u5f88\u6709\u53ef\u80fd 22 \u7aef\u53e3\u662f\u88ab\u666e\u904d\u653b\u51fb\u7684\u7aef\u53e3\uff0c\u5176\u4ed6\u7aef\u53e3\u5219\u5f88\u5c11\u88ab\u653b\u51fb\u3002<\/li>\n
(5)\u4f7f\u7528 Fail2ban\u6765\u52a8\u6001\u4fdd\u62a4\u4f60\u7684\u670d\u52a1\u5668\uff0c\u662f\u670d\u52a1\u5668\u514d\u4e8e\u88ab\u66b4\u529b\u653b\u51fb\u3002<\/li>\n
(6)\u4f7f\u7528\u4e0d\u5e38\u7528\u7684\u7528\u6237\u540d\u3002\u7edd\u4e0d\u80fd\u8ba9 root \u53ef\u4ee5\u8fdc\u7a0b\u767b\u5f55\uff0c\u5e76\u907f\u514d\u7528\u6237\u540d\u4e3a\u201cadmin\u201d\u3002<\/li>\n<\/ul>\n
2. \u89e3\u51b3 Too Many Authentication Failures \u62a5\u9519<\/strong><\/div>\n
\u5f53\u6211\u7684 ssh \u767b\u5f55\u5931\u8d25\uff0c\u5e76\u663e\u793a\u201cToo many authentication failures for carla\u201d\u7684\u62a5\u9519\u4fe1\u606f\u65f6\uff0c\u6211\u4eec\u4e0d\u5e94\u8be5\u6c14\u9981\uff0c\u4f24\u75db\u4e4b\u611f\u5e76\u4e0d\u80fd\u89e3\u51b3\u95ee\u9898\u3002\u89e3\u51b3\u529e\u6cd5\u5c31\u662f\u5728\u4f60\u7684\uff08\u5ba2\u6237\u7aef\u7684\uff09 ~\/.ssh\/config \u6587\u4ef6\u8bbe\u7f6e\u5f3a\u5236\u5bc6\u7801\u767b\u5f55\u3002\u5982\u679c\u8fd9\u4e2a\u6587\u4ef6\u4e0d\u5b58\u5728\uff0c\u9996\u5148\u521b\u4e2a ~\/.ssh\/\u76ee\u5f55\u3002<\/p>\n
$ mkdir ~\/.ssh\r\n$ chmod 700 ~\/.ssh\r\n<\/pre>\n
\u7136\u540e\u5728\u4e00\u4e2a\u6587\u672c\u7f16\u8f91\u5668\u521b\u5efa ~\/.ssh\/confg \u6587\u4ef6\uff0c\u8f93\u5165\u4ee5\u4e0b\u884c\uff0c\u4f7f\u7528\u4f60\u81ea\u5df1\u7684\u8fdc\u7a0b\u57df\u540d\u66ff\u6362 HostName\u3002<\/p>\n
HostName remote.site.com\r\nPubkeyAuthentication=no\r\n<\/pre>\n
\uff08LCTT \u8bd1\u6ce8\uff1a\u8fd9\u79cd\u9519\u8bef\u53d1\u751f\u5728\u4f60\u4f7f\u7528\u4e00\u53f0 Linux \u673a\u5668\u4f7f\u7528 ssh \u767b\u5f55\u53e6\u5916\u4e00\u53f0\u670d\u52a1\u5668\u65f6\uff0c\u4f60\u7684 .ssh \u76ee\u5f55\u4e2d\u5b58\u50a8\u4e86\u8fc7\u591a\u7684\u79c1\u94a5\u6587\u4ef6\uff0c\u800c ssh \u5ba2\u6237\u7aef\u5728\u4f60\u6ca1\u6709\u6307\u5b9a -i \u9009\u9879\u65f6\uff0c\u4f1a\u9ed8\u8ba4\u9010\u4e00\u5c1d\u8bd5\u4f7f\u7528\u8fd9\u4e9b\u79c1\u94a5\u6765\u767b\u5f55\u8fdc\u7a0b\u670d\u52a1\u5668\u540e\u624d\u4f1a\u63d0\u793a\u5bc6\u7801\u767b\u5f55\uff0c\u5982\u679c\u8fd9\u4e9b\u79c1\u94a5\u5e76\u4e0d\u80fd\u5339\u914d\u8fdc\u7a0b\u4e3b\u673a\uff0c\u663e\u7136\u4f1a\u89e6\u53d1\u8fd9\u6837\u7684\u62a5\u9519\uff0c\u751a\u81f3\u62d2\u7edd\u8fde\u63a5\u3002\u56e0\u6b64\u672c\u6761\u662f\u901a\u8fc7\u7981\u7528\u672c\u5730\u79c1\u94a5\u7684\u65b9\u5f0f\u6765\u5f3a\u5236\u4f7f\u7528\u5bc6\u7801\u767b\u5f55\u2014\u2014\u663e\u7136\u8fd9\u5e76\u4e0d\u53ef\u53d6\uff0c\u5982\u679c\u4f60\u786e\u5b9e\u8981\u907f\u514d\u7528\u79c1\u94a5\u767b\u5f55\uff0c\u90a3\u4f60\u5e94\u8be5\u7528 -o PubkeyAuthentication=no \u9009\u9879\u767b\u5f55\u3002\u663e\u7136\u8fd9\u6761\u548c\u4e0b\u4e24\u6761\u662f\u4e92\u76f8\u77db\u76fe\u7684\uff0c\u6240\u4ee5\u8bf7\u65e0\u89c6\u672c\u6761\u5373\u53ef\u3002\uff09<\/p>\n
3. \u4f7f\u7528\u516c\u94a5\u8ba4\u8bc1<\/strong><\/div>\n
\u516c\u94a5\u8ba4\u8bc1\u6bd4\u5bc6\u7801\u767b\u5f55\u5b89\u5168\u591a\u4e86\uff0c\u56e0\u4e3a\u5b83\u4e0d\u53d7\u66b4\u529b\u5bc6\u7801\u653b\u51fb\u7684\u5f71\u54cd\uff0c\u4f46\u662f\u5e76\u4e0d\u65b9\u4fbf\u56e0\u4e3a\u5b83\u4f9d\u8d56\u4e8e RSA \u5bc6\u94a5\u5bf9\u3002\u9996\u5148\uff0c\u4f60\u8981\u521b\u5efa\u4e00\u4e2a\u516c\u94a5\/\u79c1\u94a5\u5bf9\uff1b\u4e0b\u4e00\u6b65\uff0c\u79c1\u94a5\u653e\u4e8e\u4f60\u7684\u5ba2\u6237\u7aef\u7535\u8111\uff0c\u5e76\u4e14\u590d\u5236\u516c\u94a5\u5230\u4f60\u60f3\u767b\u5f55\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u3002\u4f60\u53ea\u80fd\u4ece\u62e5\u6709\u79c1\u94a5\u7684\u7535\u8111\u767b\u5f55\u624d\u80fd\u767b\u5f55\u5230\u8fdc\u7a0b\u670d\u52a1\u5668\uff0c\u4f60\u7684\u79c1\u94a5\u5c31\u548c\u4f60\u7684\u5bb6\u95e8\u94a5\u5319\u4e00\u6837\u654f\u611f\uff1b\u4efb\u4f55\u4eba\u83b7\u53d6\u5230\u4e86\u79c1\u94a5\u5c31\u53ef\u4ee5\u83b7\u53d6\u4f60\u7684\u8d26\u53f7\u3002\u4f60\u53ef\u4ee5\u7ed9\u4f60\u7684\u79c1\u94a5\u52a0\u4e0a\u5bc6\u7801\u6765\u589e\u52a0\u4e00\u4e9b\u5f3a\u5316\u4fdd\u62a4\u89c4\u5219\u3002\u4f7f\u7528 RSA \u5bc6\u94a5\u5bf9\u7ba1\u7406\u591a\u4e2a\u7528\u6237\u662f\u4e00\u79cd\u597d\u7684\u65b9\u6cd5\uff1a\u5f53\u4e00\u4e2a\u7528\u6237\u79bb\u5f00\u4e86\uff0c\u53ea\u8981\u4ece\u670d\u52a1\u5668\u5220\u4e86\u4ed6\u7684\u516c\u94a5\u5c31\u80fd\u53d6\u6d88\u4ed6\u7684\u767b\u5f55\u3002<\/p>\n
\u4ee5\u4e0b\u4f8b\u5b50\u521b\u5efa\u4e00\u4e2a\u65b0\u7684 3072 \u4f4d\u957f\u5ea6\u7684\u5bc6\u94a5\u5bf9\uff0c\u5b83\u6bd4\u9ed8\u8ba4\u7684 2048 \u4f4d\u66f4\u5b89\u5168\uff0c\u800c\u4e14\u4e3a\u5b83\u8d77\u4e00\u4e2a\u72ec\u4e00\u65e0\u4e8c\u7684\u540d\u5b57\uff0c\u8fd9\u6837\u4f60\u5c31\u53ef\u4ee5\u77e5\u9053\u5b83\u5c5e\u4e8e\u54ea\u4e2a\u670d\u52a1\u5668\u3002<\/p>\n
$ ssh-keygen -t rsa -b 3072 -f id_mailserver\r\n<\/pre>\n
\u4ee5\u4e0b\u521b\u5efa\u4e24\u4e2a\u65b0\u7684\u5bc6\u94a5, id_mailserver \u548c id_mailserver.pub \uff0cid_mailserver \u662f\u4f60\u7684\u79c1\u94a5--\u4e0d\u8981\u4f20\u64ad\u5b83\uff01\u73b0\u5728\u7528 ssh-copy-id \u547d\u4ee4\u5b89\u5168\u5730\u590d\u5236\u4f60\u7684\u516c\u94a5\u5230\u4f60\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u3002\u4f60\u5fc5\u987b\u786e\u4fdd\u5728\u8fdc\u7a0b\u670d\u52a1\u5668\u4e0a\u6709\u53ef\u7528\u7684 SSH \u767b\u5f55\u65b9\u5f0f\u3002<\/p>\n
$ ssh-copy-id -i id_rsa.pub user@remoteserver\r\n\r\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\nuser@remoteserver's password:\r\n\r\nNumber of key(s) added: 1\r\n\r\nNow try logging into the machine, with: \"ssh 'user@remoteserver'\"\r\nand check to make sure that only the key(s) you wanted were added.\r\n<\/pre>\n
ssh-copy-id \u4f1a\u786e\u4fdd\u4f60\u4e0d\u4f1a\u65e0\u610f\u95f4\u590d\u5236\u4e86\u4f60\u7684\u79c1\u94a5\uff1b\u4ece\u4e0a\u8ff0\u8f93\u51fa\u4e2d\u590d\u5236\u767b\u5f55\u547d\u4ee4\uff0c\u8bb0\u5f97\u5e26\u4e0a\u5176\u4e2d\u7684\u5355\u5f15\u53f7\uff0c\u4ee5\u6d4b\u8bd5\u4f60\u7684\u65b0\u7684\u5bc6\u94a5\u767b\u5f55\u3002<\/p>\n
$ ssh 'user@remoteserver'\r\n<\/pre>\n
\u5b83\u5c06\u7528\u4f60\u7684\u65b0\u5bc6\u94a5\u767b\u5f55\uff0c\u5982\u679c\u4f60\u4e3a\u4f60\u7684\u79c1\u94a5\u8bbe\u7f6e\u4e86\u5bc6\u7801\uff0c\u5b83\u4f1a\u63d0\u793a\u4f60\u8f93\u5165\u3002<\/p>\n
4. \u53d6\u6d88\u5bc6\u7801\u767b\u5f55<\/strong><\/div>\n
\u4e00\u65e6\u4f60\u5df2\u7ecf\u6d4b\u8bd5\u5e76\u4e14\u9a8c\u8bc1\u4e86\u4f60\u7684\u516c\u94a5\u53ef\u4ee5\u767b\u5f55\uff0c\u5c31\u53ef\u4ee5\u53d6\u6d88\u5bc6\u7801\u767b\u5f55\uff0c\u8fd9\u6837\u4f60\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u5c31\u4e0d\u4f1a\u88ab\u66b4\u529b\u5bc6\u7801\u653b\u51fb\u3002\u5982\u4e0b\u8bbe\u7f6e\u4f60\u7684\u8fdc\u7a0b\u670d\u52a1\u5668\u7684 \/etc\/sshd_config \u6587\u4ef6\u3002<\/p>\n
PasswordAuthentication no\r\n<\/pre>\n
\u7136\u540e\u91cd\u542f\u670d\u52a1\u5668\u4e0a\u7684 SSH \u5b88\u62a4\u8fdb\u7a0b\u3002<\/p>\n
5. \u8bbe\u7f6e\u522b\u540d -- \u8fd9\u5f88\u5feb\u6377\u800c\u4e14\u5f88\u6709 B \u683c<\/strong><\/div>\n
\u4f60\u53ef\u4ee5\u4e3a\u4f60\u7684\u8fdc\u7a0b\u767b\u5f55\u8bbe\u7f6e\u5e38\u7528\u7684\u522b\u540d\uff0c\u6765\u66ff\u4ee3\u767b\u5f55\u65f6\u8f93\u5165\u7684\u547d\u4ee4\uff0c\u4f8b\u5982\uff1a<\/p>\n
ssh -u username -p 2222 remote.site.with.long-name<\/pre>\n
\u4f60\u53ef\u4ee5\u4f7f\u7528 ssh remote1\u3002\u4f60\u7684\u5ba2\u6237\u7aef\u673a\u5668\u4e0a\u7684 ~\/.ssh\/config \u6587\u4ef6\u53ef\u4ee5\u53c2\u7167\u5982\u4e0b\u8bbe\u7f6e<\/p>\n
Host remote1\r\nHostName remote.site.with.long-name\r\nPort 2222\r\nUser username\r\nPubkeyAuthentication no\r\n<\/pre>\n
\u5982\u679c\u4f60\u6b63\u5728\u4f7f\u7528\u516c\u94a5\u767b\u5f55\uff0c\u53ef\u4ee5\u53c2\u7167\u8fd9\u4e2a\uff1a<\/p>\n
Host remote1\r\nHostName remote.site.with.long-name\r\nPort 2222\r\nUser username\r\nIdentityFile ~\/.ssh\/id_remoteserver\r\n<\/pre>\n
\n
\u539f\u6587\u6765\u81ea\uff1ahttps:\/\/linux.cn\/article-7683-1.html<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/strengthen-ssh.html<\/a><\/p>\n

\n\u7f16\u8f91\u5458\uff1a\u738b\u6bc5\uff0c\u5ba1\u6838\u5458\uff1a\u9004\u589e\u5b9d<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u5f53\u4f60\u67e5\u770b\u4f60\u7684 SSH \u670d\u52a1\u65e5\u5fd7\uff0c\u53ef\u80fd\u4f60\u4f1a\u53d1\u73b0\u5145\u65a5\u7740\u4e00\u4e9b\u4e0d\u6000\u597d\u610f\u7684\u5c1d\u8bd5\u6027\u767b\u5f55\u3002\u8fd9\u91cc\u6709 5 \u6761\u5e38\u89c4\u5efa\u8bae\uff08\u548c\u4e00\u4e9b\u4e2a\u522b\u7279\u6b8a\u7b56\u7565\uff09\u53ef\u4ee5\u8ba9\u4f60\u7684 OpenSSH \u4f1a\u8bdd\u66f4\u52a0\u5b89\u5168\u3002<\/p>\n","protected":false},"author":564,"featured_media":26927,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-26704","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/26704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/564"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=26704"}],"version-history":[{"count":10,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/26704\/revisions"}],"predecessor-version":[{"id":77489,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/26704\/revisions\/77489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/26927"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=26704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=26704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=26704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}