{"id":120,"date":"2025-10-08T03:32:53","date_gmt":"2025-10-08T03:32:53","guid":{"rendered":"https:\/\/blog.tudcloud.com\/?p=120"},"modified":"2025-10-08T03:35:59","modified_gmt":"2025-10-08T03:35:59","slug":"linux-vps-security-best-practices","status":"publish","type":"post","link":"https:\/\/blog.tudcloud.com\/zh\/linux-vps-security-best-practices\/","title":{"rendered":"Linux VPS \u5b89\u5168\u6700\u4f73\u5b9e\u8df5"},"content":{"rendered":"

<\/p>\n\n\n\n

\u5728\u90e8\u7f72\u60a8\u7684\u7f51\u7ad9\u6216\u5e94\u7528\u7a0b\u5e8f\u4e4b\u524d\uff0c\u4fdd\u62a4\u60a8\u7684 VPS \u5e94\u8be5\u662f\u60a8\u7684\u9996\u8981\u4efb\u52a1\u3002
\u4ee5\u4e0b\u662f\u786e\u4fdd\u60a8\u7684 Linux \u670d\u52a1\u5668\u5b89\u5168\u7a33\u5b9a\u7684\u6700\u91cd\u8981\u7684\u5b89\u5168\u5b9e\u8df5\u3002<\/p>\n\n\n\n

\n\n\n\n

1\ufe0f\u20e3 \u7981\u7528 Root \u767b\u5f55<\/h2>\n\n\n\n

\u7f16\u8f91SSH\u914d\u7f6e\u6587\u4ef6\uff1a<\/p>\n\n\n\n

nano \/etc\/ssh\/sshd_config\n<\/code><\/pre>\n\n\n\n
\u67e5\u627e\u5e76\u4fee\u6539\uff1a<\/p>\n\n\n\n
PermitRootLogin no\n<\/code><\/pre>\n\n\n\n
\u7136\u540e\u91cd\u65b0\u542f\u52a8SSH\uff1a<\/p>\n\n\n\n
systemctl restart ssh\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
2\ufe0f\u20e3 \u521b\u5efa\u5177\u6709 Sudo \u6743\u9650\u7684\u666e\u901a\u7528\u6237<\/h2>\n\n\n\n
adduser admin\nusermod -aG sudo admin\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
3\ufe0f\u20e3 \u4f7f\u7528 SSH \u5bc6\u94a5\u767b\u5f55<\/h2>\n\n\n\n
\u5728\u672c\u5730\u673a\u5668\u4e0a\uff0c\u751f\u6210 SSH \u5bc6\u94a5\u5bf9\uff1a<\/p>\n\n\n\n
ssh-keygen -t rsa\n<\/code><\/pre>\n\n\n\n
\u5c06\u516c\u94a5\u4e0a\u4f20\u5230\u60a8\u7684 VPS\uff1a<\/p>\n\n\n\n
ssh-copy-id admin@your-server-ip\n<\/code><\/pre>\n\n\n\n
\u73b0\u5728\u60a8\u65e0\u9700\u5bc6\u7801\u5373\u53ef\u5b89\u5168\u767b\u5f55\u3002<\/p>\n\n\n\n
\n\n\n\n
4\ufe0f\u20e3 \u542f\u7528\u9632\u706b\u5899\uff08UFW\uff09<\/h2>\n\n\n\n
apt install ufw -y\nufw allow 22\/tcp\nufw allow 80\/tcp\nufw enable\n<\/code><\/pre>\n\n\n\n
\u8fd9\u5c06\u9650\u5236\u4ec5\u5bf9\u5fc5\u8981\u7aef\u53e3\u7684\u8bbf\u95ee\u3002<\/p>\n\n\n\n
\n\n\n\n
5\ufe0f\u20e3 \u542f\u7528\u81ea\u52a8\u5b89\u5168\u66f4\u65b0<\/h2>\n\n\n\n
apt install unattended-upgrades -y\ndpkg-reconfigure --priority=low unattended-upgrades\n<\/code><\/pre>\n\n\n\n
\u8fd9\u53ef\u786e\u4fdd\u60a8\u7684\u7cfb\u7edf\u81ea\u52a8\u63a5\u6536\u5173\u952e\u8865\u4e01\u3002<\/p>\n\n\n\n
\n\n\n\n
6\ufe0f\u20e3 \u76d1\u63a7\u53ef\u7591\u8fdb\u7a0b<\/h2>\n\n\n\n
top\nps aux --sort=-%mem | head\n<\/code><\/pre>\n\n\n\n
\u4f7f\u7528\u8fd9\u4e9b\u547d\u4ee4\u6765\u68c0\u6d4b\u5f02\u5e38\u7684\u5185\u5b58\u6216 CPU \u4f7f\u7528\u60c5\u51b5\u3002<\/p>\n\n\n\n
\n\n\n\n
\u2705 \u63a8\u8350\u8bbe\u7f6e<\/h2>\n\n\n\n
    \n
  • Tudcloud \u7f8e\u56fd VPS<\/strong> \u2014 \u5305\u62ec 20Gbps DDoS \u4fdd\u62a4<\/li>\n\n\n\n
  • Linux + SSH \u5bc6\u94a5 + \u9632\u706b\u5899<\/strong><\/li>\n\n\n\n
  • \u5b9a\u671f\u5907\u4efd\u6216\u5feb\u7167<\/strong><\/li>\n<\/ul>\n\n\n\n
    \n\n\n\n
    \ud83e\udde9 \u7ed3\u8bba<\/h2>\n\n\n\n
    \u5b89\u5168\u6c38\u8fdc\u662f\u7b2c\u4e00\u4f4d\u7684\u3002
    \u901a\u8fc7\u9075\u5faa\u8fd9\u4e9b\u6700\u4f73\u5b9e\u8df5\uff0c\u60a8\u5c06\u786e\u4fdd\u60a8\u7684 VPS \u5b89\u5168\u3001\u53ef\u9760\u5e76\u53ef\u4f9b\u751f\u4ea7\u4f7f\u7528\u3002<\/p>","protected":false},"excerpt":{"rendered":"
    Before you deploy your website or application, securing your VPS should be your top priority.Here are the most important security practices to keep your Linux server safe and stable. 1\ufe0f\u20e3 Disable Root Login Edit the SSH configuration file: Find and modify: Then restart SSH: 2\ufe0f\u20e3 Create a Normal User with Sudo Privileges 3\ufe0f\u20e3 Use SSH […]<\/p>","protected":false},"author":1,"featured_media":93,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[41,33,40,42,39],"class_list":["post-120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-security","tag-firewall","tag-linux-vps","tag-root-login","tag-ssh","tag-vps-security"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":2,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"predecessor-version":[{"id":124,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120\/revisions\/124"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/media\/93"}],"wp:attachment":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}