!增强VPS SSH账号安全:改端口,禁用Root,密钥登录,Denyhosts防暴力攻击
1.防火墙
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 27938 -j ACCEPT
yum install iptables -y # 安装iptables
yum install iptables-services -y
service iptables restart #重启防火墙使配置生效
service iptables save #保存配置
systemctl enable iptables.service #设置防火墙开机启动
2.ssh
sed -i 's/^#Port 22$/Port 27938/g' /etc/ssh/sshd_config && cat /etc/ssh/sshd_config |grep "Port" #修改并查看端口
service sshd restart #重启ssh
#检查一下端口是否可用
ssh-keygen -t rsa #生成密钥
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys #添加到可信任的列表
chmod 600 ~/.ssh/authorized_keys #必须600 否则不能正常登陆
#使用id_rsa生成一个公钥和私钥
service sshd restart
sed -i 's/^PasswordAuthentication yes$/PasswordAuthentication no/g' /etc/ssh/sshd_config && cat /etc/ssh/sshd_config |grep "Password"
service sshd restart
3.安装java
#若地址失效到https://www.oracle.com/technetwork/java/javase/downloads/index.html 查找最新版java
mkdir ~/data && cd ~/data
wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" https://download.oracle.com/otn-pub/java/jdk/8u201-b09/42970487e3af4f5aa5bca3f542482c60/jdk-8u201-linux-x64.tar.gz
mkdir /usr/local/java && cd /usr/local/java/ && cp ~/data/jdk-8u201-linux-x64.tar.gz ./ && tar -zxvf jdk-8u201-linux-x64.tar.gz && rm -f jdk-8u201-linux-x64.tar.gz
sed -i '$aJAVA_HOME=/usr/local/java/jdk1.8.0_201\nexport JRE_HOME=${JAVA_HOME}/jre\nexport CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib\nexport PATH=${JAVA_HOME}/bin:$PATH' /etc/profile #添加系统变量到最后一行
source /etc/profile && java -version #生效并验证
