{"id":120,"date":"2025-10-08T03:32:53","date_gmt":"2025-10-08T03:32:53","guid":{"rendered":"https:\/\/blog.tudcloud.com\/?p=120"},"modified":"2025-10-08T03:35:59","modified_gmt":"2025-10-08T03:35:59","slug":"linux-vps-security-best-practices","status":"publish","type":"post","link":"https:\/\/blog.tudcloud.com\/zh\/linux-vps-security-best-practices\/","title":{"rendered":"Linux VPS \u5b89\u5168\u6700\u4f73\u5b9e\u8df5"},"content":{"rendered":"

<\/p>\n\n\n\n

\u5728\u90e8\u7f72\u60a8\u7684\u7f51\u7ad9\u6216\u5e94\u7528\u7a0b\u5e8f\u4e4b\u524d\uff0c\u4fdd\u62a4\u60a8\u7684 VPS \u5e94\u8be5\u662f\u60a8\u7684\u9996\u8981\u4efb\u52a1\u3002
\u4ee5\u4e0b\u662f\u786e\u4fdd\u60a8\u7684 Linux \u670d\u52a1\u5668\u5b89\u5168\u7a33\u5b9a\u7684\u6700\u91cd\u8981\u7684\u5b89\u5168\u5b9e\u8df5\u3002<\/p>\n\n\n\n

\n\n\n\n

1\ufe0f\u20e3 \u7981\u7528 Root \u767b\u5f55<\/h2>\n\n\n\n

\u7f16\u8f91SSH\u914d\u7f6e\u6587\u4ef6\uff1a<\/p>\n\n\n\n

nano \/etc\/ssh\/sshd_config\n<\/code><\/pre>\n\n\n\n
\u67e5\u627e\u5e76\u4fee\u6539\uff1a<\/p>\n\n\n\n
PermitRootLogin no\n<\/code><\/pre>\n\n\n\n
\u7136\u540e\u91cd\u65b0\u542f\u52a8SSH\uff1a<\/p>\n\n\n\n
systemctl restart ssh\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
2\ufe0f\u20e3 \u521b\u5efa\u5177\u6709 Sudo \u6743\u9650\u7684\u666e\u901a\u7528\u6237<\/h2>\n\n\n\n
adduser admin\nusermod -aG sudo admin\n<\/code><\/pre>\n\n\n\n
\n\n\n\n
3\ufe0f\u20e3 \u4f7f\u7528 SSH \u5bc6\u94a5\u767b\u5f55<\/h2>\n\n\n\n
\u5728\u672c\u5730\u673a\u5668\u4e0a\uff0c\u751f\u6210 SSH \u5bc6\u94a5\u5bf9\uff1a<\/p>\n\n\n\n
ssh-keygen -t rsa\n<\/code><\/pre>\n\n\n\n
\u5c06\u516c\u94a5\u4e0a\u4f20\u5230\u60a8\u7684 VPS\uff1a<\/p>\n\n\n\n
ssh-copy-id admin@your-server-ip\n<\/code><\/pre>\n\n\n\n
\u73b0\u5728\u60a8\u65e0\u9700\u5bc6\u7801\u5373\u53ef\u5b89\u5168\u767b\u5f55\u3002<\/p>\n\n\n\n
\n\n\n\n
4\ufe0f\u20e3 \u542f\u7528\u9632\u706b\u5899\uff08UFW\uff09<\/h2>\n\n\n\n
apt install ufw -y\nufw allow 22\/tcp\nufw allow 80\/tcp\nufw enable\n<\/code><\/pre>\n\n\n\n
\u8fd9\u5c06\u9650\u5236\u4ec5\u5bf9\u5fc5\u8981\u7aef\u53e3\u7684\u8bbf\u95ee\u3002<\/p>\n\n\n\n
\n\n\n\n
5\ufe0f\u20e3 \u542f\u7528\u81ea\u52a8\u5b89\u5168\u66f4\u65b0<\/h2>\n\n\n\n
apt install unattended-upgrades -y\ndpkg-reconfigure --priority=low unattended-upgrades\n<\/code><\/pre>\n\n\n\n
\u8fd9\u53ef\u786e\u4fdd\u60a8\u7684\u7cfb\u7edf\u81ea\u52a8\u63a5\u6536\u5173\u952e\u8865\u4e01\u3002<\/p>\n\n\n\n
\n\n\n\n
6\ufe0f\u20e3 \u76d1\u63a7\u53ef\u7591\u8fdb\u7a0b<\/h2>\n\n\n\n
top\nps aux --sort=-%mem | head\n<\/code><\/pre>\n\n\n\n
\u4f7f\u7528\u8fd9\u4e9b\u547d\u4ee4\u6765\u68c0\u6d4b\u5f02\u5e38\u7684\u5185\u5b58\u6216 CPU \u4f7f\u7528\u60c5\u51b5\u3002<\/p>\n\n\n\n
\n\n\n\n
\u2705 \u63a8\u8350\u8bbe\u7f6e<\/h2>\n\n\n\n
    \n
  • Tudcloud \u7f8e\u56fd VPS<\/strong> \u2014 \u5305\u62ec 20Gbps DDoS \u4fdd\u62a4<\/li>\n\n\n\n
  • Linux + SSH \u5bc6\u94a5 + \u9632\u706b\u5899<\/strong><\/li>\n\n\n\n
  • \u5b9a\u671f\u5907\u4efd\u6216\u5feb\u7167<\/strong><\/li>\n<\/ul>\n\n\n\n
    \n\n\n\n
    \ud83e\udde9 \u7ed3\u8bba<\/h2>\n\n\n\n
    \u5b89\u5168\u6c38\u8fdc\u662f\u7b2c\u4e00\u4f4d\u7684\u3002
    \u901a\u8fc7\u9075\u5faa\u8fd9\u4e9b\u6700\u4f73\u5b9e\u8df5\uff0c\u60a8\u5c06\u786e\u4fdd\u60a8\u7684 VPS \u5b89\u5168\u3001\u53ef\u9760\u5e76\u53ef\u4f9b\u751f\u4ea7\u4f7f\u7528\u3002<\/p>","protected":false},"excerpt":{"rendered":"
    \u5728\u90e8\u7f72\u7f51\u7ad9\u6216\u5e94\u7528\u7a0b\u5e8f\u4e4b\u524d\uff0c\u786e\u4fdd VPS \u7684\u5b89\u5168\u5e94\u8be5\u662f\u60a8\u7684\u9996\u8981\u4efb\u52a1\u3002\u4ee5\u4e0b\u662f\u786e\u4fdd Linux \u670d\u52a1\u5668\u5b89\u5168\u7a33\u5b9a\u7684\u6700\u91cd\u8981\u5b89\u5168\u5b9e\u8df5\uff1a1\ufe0f\u20e3 \u7981\u7528 root \u7528\u6237\u767b\u5f55 \u7f16\u8f91 SSH \u914d\u7f6e\u6587\u4ef6\uff1a\u627e\u5230\u5e76\u4fee\u6539\uff1a\u7136\u540e\u91cd\u542f SSH\uff1a2\ufe0f\u20e3 \u521b\u5efa\u4e00\u4e2a\u5177\u6709 sudo \u6743\u9650\u7684\u666e\u901a\u7528\u6237 3\ufe0f\u20e3 \u4f7f\u7528 SSH [\u2026]<\/p>","protected":false},"author":1,"featured_media":93,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[41,33,40,42,39],"class_list":["post-120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-security","tag-firewall","tag-linux-vps","tag-root-login","tag-ssh","tag-vps-security"],"_links":{"self":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":2,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"predecessor-version":[{"id":124,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/posts\/120\/revisions\/124"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/media\/93"}],"wp:attachment":[{"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tudcloud.com\/zh\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}