安裝並啟動SSH服務(wù)，配置/etc/ssh/sshd_config文件以更改端口、禁用root登錄和限制用戶訪問；2. 使用ssh username@remote_host命令從客戶端連接，若端口更改則添加-p參數(shù)；3. 生成SSH密鑰對並用ssh-copy-id將公鑰部署到服務(wù)器，實現(xiàn)無密碼安全登錄；4. 通過禁用密碼認證、修改默認端口、使用非root用戶、限制允許用戶及部署fail2ban等措施強化安全；每次配置後需重啟SSH服務(wù)，並確保測試新配置避免被鎖定，正確設(shè)置後SSH可提供高效、加密且可腳本化的遠程管理方案。

Using SSH for secure remote access to a Linux machine is one of the most common and reliable methods for managing servers and devices over a network. Whether you're administering a cloud server, a home lab, or a remote workstation, SSH (Secure Shell) provides an encrypted channel for logging in and executing commands securely.

Here's how to use SSH effectively and securely:

1. Enable and Configure SSH on the Linux Machine

Before you can connect, make sure the SSH server is installed and running on the target machine.

• On Debian/Ubuntu:

   sudo apt update
  sudo apt install openssh-server
  sudo systemctl enable ssh
  sudo systemctl start ssh

• On CentOS/RHEL/Rocky Linux:

  

   sudo yum install openssh-server # or dnf on newer versions
  sudo systemctl enable sshd
  sudo systemctl start sshd

Check that the service is active:

 sudo systemctl status ssh

By default, SSH listens on port 22. The main configuration file is /etc/ssh/sshd_config . You can customize settings like:

• Changing the default port
• Disabling root login ( PermitRootLogin no )
• Allowing specific users ( AllowUsers alice bob )

After making changes, restart the SSH service:

 sudo systemctl restart ssh

? Tip: Always test changes in a separate terminal before closing your current session to avoid locking yourself out.

2. Connect Using SSH from a Client

From your local machine (Linux, macOS, or Windows with OpenSSH), use:

 ssh username@remote_host

Example:

 ssh alice@192.168.1.100

If you changed the SSH port:

 ssh -p 2222 alice@192.168.1.100

The first time you connect, you'll see a message about the server's authenticity. Verify the fingerprint if possible, then accept it to proceed.

3. Use SSH Keys for Passwordless and More Secure Login

Using SSH keys is more secure than passwords and avoids repeated authentication prompts.

Generate a key pair (on your local machine):

 ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept defaults or specify a location. Optionally, add a passphrase for extra security.

Copy the public key to the remote machine:

 ssh-copy-id alice@192.168.1.100

Now you can log in without a password:

 ssh alice@192.168.1.100

Behind the scenes, SSH checks your private key against the public key stored in ~/.ssh/authorized_keys on the server.

? If ssh-copy-id isn't available, manually copy the contents of ~/.ssh/id_ed25519.pub and append it to ~/.ssh/authorized_keys on the remote machine.

4. Enhance Security Best Practices

To reduce the risk of unauthorized access:

• Disable password authentication (after setting up keys): In /etc/ssh/sshd_config :

   PasswordAuthentication no

  This prevents brute-force attacks.

• Change the default SSH port :

   Port 2222

  Helps reduce automated bot scans on port 22.

• Use a non-root user with sudo privileges : Avoid enabling PermitRootLogin yes . Instead, log in as a regular user and use sudo when needed.

• Limit user access :

   AllowUsers alice bob

• Use fail2ban to block repeated login attempts:

   sudo apt install fail2ban

• Keep SSH updated and avoid outdated protocols or ciphers.

After any configuration change, always reload SSH:

 sudo systemctl reload ssh

Final Notes

SSH is powerful but only as secure as its configuration. Always:

• Use strong keys (preferably Ed25519)
• Disable unused authentication methods
• Regularly audit who has access

With proper setup, SSH gives you a fast, encrypted, and scriptable way to manage remote Linux systems — whether across the room or around the world.

Basically, get the server running, use keys, lock down the config, and stay safe.

以上是使用SSH安全遠程訪問Linux機器的詳細內(nèi)容。更多資訊請關(guān)注PHP中文網(wǎng)其他相關(guān)文章！