{"id":15950,"date":"2025-08-12T08:00:19","date_gmt":"2025-08-12T01:00:19","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=15950"},"modified":"2025-08-13T17:57:44","modified_gmt":"2025-08-13T10:57:44","slug":"ssh-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/ssh-la-gi\/","title":{"rendered":"SSH (Secure Shell) l\u00e0 g\u00ec? L\u1ee3i \u00edch, L\u1ec7nh &#038; So v\u1edbi Telnet\/SSL\/TLS"},"content":{"rendered":"<p><b class=\"\">SSH (Secure Shell)<\/b> l\u00e0 m\u1ed9t giao th\u1ee9c m\u1ea1ng m\u1eadt m\u00e3 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh tr\u00ean m\u00e1y t\u00ednh t\u1eeb xa m\u1ed9t c\u00e1ch an to\u00e0n v\u00e0 b\u1ea3o m\u1eadt. N\u00f3 gi\u00fap b\u1ea1n qu\u1ea3n l\u00fd <a href=\"https:\/\/interdata.vn\/blog\/may-chu-server-la-gi\/\">m\u00e1y ch\u1ee7<\/a>, truy\u1ec1n d\u1eef li\u1ec7u v\u00e0 th\u1ef1c hi\u1ec7n nhi\u1ec1u t\u00e1c v\u1ee5 kh\u00e1c m\u00e0 kh\u00f4ng lo b\u1ecb k\u1ebb x\u1ea5u nghe l\u00e9n hay \u0111\u00e1nh c\u1eafp th\u00f4ng tin. C\u00f9ng InterData t\u00ecm hi\u1ec3u giao th\u1ee9c SSH l\u00e0 g\u00ec, c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng, ch\u1ee9c n\u0103ng ch\u00ednh cho \u0111\u1ebfn nh\u1eefng so s\u00e1nh v\u1edbi Telnet, SSL\/TLS chi ti\u1ebft v\u00e0 h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng cho ng\u01b0\u1eddi m\u1edbi.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#SSH-la-gi\" >SSH l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Chuc-nang-chinh-cua-SSH\" >Ch\u1ee9c n\u0103ng ch\u00ednh c\u1ee7a SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Quan-ly-va-dieu-khien-may-chu-tu-xa\" >Qu\u1ea3n l\u00fd v\u00e0 \u0111i\u1ec1u khi\u1ec3n m\u00e1y ch\u1ee7 t\u1eeb xa<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Truyen-tai-tap-tin-an-toan-SFTPSCP\" >Truy\u1ec1n t\u1ea3i t\u1eadp tin an to\u00e0n (SFTP\/SCP)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Tao-duong-ham-bao-mat-SSH-Tunneling\" >T\u1ea1o \u0111\u01b0\u1eddng h\u1ea7m b\u1ea3o m\u1eadt (SSH Tunneling)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cach-hoat-dong-cua-giao-thuc-SSH\" >C\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao th\u1ee9c SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Giai-doan-thiet-lap-ket-noi\" >Giai \u0111o\u1ea1n thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Giai-doan-xac-thuc-nguoi-dung\" >Giai \u0111o\u1ea1n x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#So-sanh-SSH-va-Telnet\" >So s\u00e1nh SSH v\u00e0 Telnet<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#So-sanh-SSH-voi-SSLTLS\" >So s\u00e1nh SSH v\u1edbi SSL\/TLS<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Muc-dich-su-dung\" >M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cach-thuc-hoat-dong\" >C\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Kien-truc\" >Ki\u1ebfn tr\u00fac<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cong-port\" >C\u1ed5ng (port)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Mot-so-uu-%E2%80%93-nhuoc-diem-cua-SSH\" >M\u1ed9t s\u1ed1 \u01b0u &#8211; nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Uu-diem\" >\u01afu \u0111i\u1ec3m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Nhuoc-diem\" >Nh\u01b0\u1ee3c \u0111i\u1ec3m<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Truong-hop-nen-su-dung-giao-thuc-SSH\" >Tr\u01b0\u1eddng h\u1ee3p n\u00ean s\u1eed d\u1ee5ng giao th\u1ee9c SSH<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cac-van-de-bao-mat-thuong-gap-trong-giao-thuc-SSH\" >C\u00e1c v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt th\u01b0\u1eddng g\u1eb7p trong giao th\u1ee9c SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#1-Mat-khau-yeu\" >1. M\u1eadt kh\u1ea9u y\u1ebfu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#2-Tan-cong-Brute-Force\" >2. T\u1ea5n c\u00f4ng Brute Force<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#3-Nguy-co-tan-cong-Man-in-the-Middle-MITM\" >3. Nguy c\u01a1 t\u1ea5n c\u00f4ng Man-in-the-Middle (MITM)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#4-Lo-hong-bao-mat-o-phien-ban-SSH-cu\" >4. L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u1edf phi\u00ean b\u1ea3n SSH c\u0169<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#5-Phuong-thuc-xac-thuc-khong-an-toan\" >5. Ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c kh\u00f4ng an to\u00e0n<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Trien-khai-SSH\" >Tri\u1ec3n khai SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cai-dat-SSH-Client\" >C\u00e0i \u0111\u1eb7t SSH Client<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Cai-dat-SSH-Server\" >C\u00e0i \u0111\u1eb7t SSH Server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Tao-va-su-dung-SSH-Key\" >T\u1ea1o v\u00e0 s\u1eed d\u1ee5ng SSH Key<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Mot-so-lenh-SSH-co-ban\" >M\u1ed9t s\u1ed1 l\u1ec7nh SSH c\u01a1 b\u1ea3n<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Lenh-ssh-co-ban\" >L\u1ec7nh ssh c\u01a1 b\u1ea3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Lenh-scp-Secure-Copy\" >L\u1ec7nh scp (Secure Copy)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Lenh-sftp-SSH-File-Transfer-Protocol\" >L\u1ec7nh sftp (SSH File Transfer Protocol)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Lenh-ssh-keygen\" >L\u1ec7nh ssh-keygen<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/#Lenh-ssh-copy-id\" >L\u1ec7nh ssh-copy-id<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"SSH-la-gi\"><\/span>SSH l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>SSH (Secure Shell)<\/strong> l\u00e0 m\u1ed9t giao th\u1ee9c m\u1ea1ng an to\u00e0n, ho\u1ea1t \u0111\u1ed9ng tr\u00ean <a href=\"https:\/\/interdata.vn\/blog\/client-server-la-gi\/\">m\u00f4 h\u00ecnh Client-Server<\/a>, giao th\u1ee9c n\u00e0y \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 t\u1ea1o ra m\u1ed9t k\u00eanh giao ti\u1ebfp b\u1ea3o m\u1eadt gi\u1eefa m\u00e1y kh\u00e1ch v\u00e0 m\u00e1y ch\u1ee7, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng \u0111i\u1ec1u khi\u1ec3n m\u00e1y ch\u1ee7 t\u1eeb xa.<\/p>\n<p>SSH ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch m\u00e3 h\u00f3a to\u00e0n b\u1ed9 d\u1eef li\u1ec7u trao \u0111\u1ed5i trong su\u1ed1t qu\u00e1 tr\u00ecnh k\u1ebft n\u1ed1i. \u0110i\u1ec1u n\u00e0y gi\u00fap ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nghe l\u00e9n (eavesdropping) ho\u1eb7c gi\u1ea3 m\u1ea1o (spoofing), v\u1ed1n l\u00e0 nh\u1eefng r\u1ee7i ro ph\u1ed5 bi\u1ebfn tr\u00ean c\u00e1c m\u1ea1ng c\u00f4ng c\u1ed9ng.<\/p>\n<figure id=\"attachment_32595\" aria-describedby=\"caption-attachment-32595\" style=\"width: 728px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32595\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-la-gi.jpg\" alt=\"SSH l\u00e0 g\u00ec?\" width=\"728\" height=\"250\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-la-gi.jpg 728w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-la-gi-300x103.jpg 300w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><figcaption id=\"caption-attachment-32595\" class=\"wp-caption-text\">SSH l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<p>Thu\u1eadt ng\u1eef chuy\u00ean ng\u00e0nh:<\/p>\n<ul>\n<li><strong>Client<\/strong>: Thi\u1ebft b\u1ecb ho\u1eb7c ph\u1ea7n m\u1ec1m kh\u1edfi t\u1ea1o k\u1ebft n\u1ed1i SSH (v\u00ed d\u1ee5: m\u00e1y t\u00ednh c\u00e1 nh\u00e2n c\u1ee7a b\u1ea1n).<\/li>\n<li><strong>Server<\/strong>: M\u00e1y t\u00ednh ho\u1eb7c d\u1ecbch v\u1ee5 t\u1eeb xa \u0111ang ch\u1edd c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ebfn (v\u00ed d\u1ee5: m\u1ed9t <a href=\"https:\/\/interdata.vn\/blog\/web-server\/\">m\u00e1y ch\u1ee7 web<\/a> ho\u1eb7c m\u00e1y ch\u1ee7 \u1ea3o).<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Chuc-nang-chinh-cua-SSH\"><\/span>Ch\u1ee9c n\u0103ng ch\u00ednh c\u1ee7a SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>S\u1ee9c m\u1ea1nh c\u1ee7a SSH kh\u00f4ng ch\u1ec9 n\u1eb1m \u1edf kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt m\u00e0 c\u00f2n \u1edf s\u1ef1 \u0111a d\u1ee5ng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c ch\u1ee9c n\u0103ng ch\u00ednh gi\u00fap SSH tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 kh\u00f4ng th\u1ec3 thi\u1ebfu c\u1ee7a c\u00e1c qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng v\u00e0 l\u1eadp tr\u00ecnh vi\u00ean.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-ly-va-dieu-khien-may-chu-tu-xa\"><\/span>Qu\u1ea3n l\u00fd v\u00e0 \u0111i\u1ec1u khi\u1ec3n m\u00e1y ch\u1ee7 t\u1eeb xa<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 ch\u1ee9c n\u0103ng c\u01a1 b\u1ea3n v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t c\u1ee7a SSH. Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 t\u1eeb b\u1ea5t k\u1ef3 \u0111\u00e2u tr\u00ean th\u1ebf gi\u1edbi v\u00e0 th\u1ef1c thi c\u00e1c l\u1ec7nh nh\u01b0 th\u1ec3 \u0111ang ng\u1ed3i tr\u01b0\u1edbc m\u00e0n h\u00ecnh m\u00e1y ch\u1ee7. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p b\u1ea1n:<\/p>\n<ul>\n<li><strong>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m:<\/strong> D\u1ec5 d\u00e0ng ch\u1ea1y c\u00e1c l\u1ec7nh nh\u01b0 <code>apt-get<\/code> ho\u1eb7c <code>yum<\/code> tr\u00ean server.<\/li>\n<li><strong>C\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng:<\/strong> Ch\u1ec9nh s\u1eeda c\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh, qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng v\u00e0 quy\u1ec1n truy c\u1eadp.<\/li>\n<li><strong>Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng:<\/strong> Ki\u1ec3m tra t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng (<a href=\"https:\/\/interdata.vn\/blog\/cpu-server\/\">CPU<\/a>, <a href=\"https:\/\/interdata.vn\/blog\/ram-server\/\">RAM<\/a>), xem log file \u0111\u1ec3 <a href=\"https:\/\/interdata.vn\/blog\/wordpress-debug-la-gi\/\">debug<\/a> l\u1ed7i.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Truyen-tai-tap-tin-an-toan-SFTPSCP\"><\/span>Truy\u1ec1n t\u1ea3i t\u1eadp tin an to\u00e0n (SFTP\/SCP)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSH cung c\u1ea5p c\u00e1c giao th\u1ee9c con \u0111\u1ec3 truy\u1ec1n file m\u1ed9t c\u00e1ch b\u1ea3o m\u1eadt:<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/interdata.vn\/blog\/sftp-la-gi\/\">SFTP<\/a> (SSH <a href=\"https:\/\/interdata.vn\/blog\/ftp-la-gi\/\">File Transfer Protocol<\/a>):<\/strong> M\u1ed9t giao th\u1ee9c truy\u1ec1n file c\u00f3 \u0111\u1ea7y \u0111\u1ee7 ch\u1ee9c n\u0103ng, t\u01b0\u01a1ng t\u1ef1 FTP nh\u01b0ng an to\u00e0n h\u01a1n. N\u00f3 cho ph\u00e9p b\u1ea1n qu\u1ea3n l\u00fd, di chuy\u1ec3n v\u00e0 x\u00f3a file tr\u00ean server.<\/li>\n<li><strong>SCP (Secure Copy Protocol):<\/strong> M\u1ed9t c\u00f4ng c\u1ee5 \u0111\u01a1n gi\u1ea3n h\u01a1n, d\u00f9ng \u0111\u1ec3 sao ch\u00e9p file nhanh ch\u00f3ng gi\u1eefa c\u00e1c m\u00e1y ch\u1ee7.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Tao-duong-ham-bao-mat-SSH-Tunneling\"><\/span>T\u1ea1o \u0111\u01b0\u1eddng h\u1ea7m b\u1ea3o m\u1eadt (SSH Tunneling)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSH Tunneling (c\u00f2n g\u1ecdi l\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/port-la-gi\/\">Port<\/a> Forwarding) cho ph\u00e9p b\u1ea1n chuy\u1ec3n ti\u1ebfp l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng t\u1eeb m\u1ed9t c\u1ed5ng n\u00e0y sang m\u1ed9t c\u1ed5ng kh\u00e1c th\u00f4ng qua m\u1ed9t k\u00eanh SSH \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a. T\u00ednh n\u0103ng n\u00e0y \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch \u0111\u1ec3:<\/p>\n<ul>\n<li><strong>Truy c\u1eadp c\u00e1c d\u1ecbch v\u1ee5 b\u1ecb ch\u1eb7n:<\/strong> V\u00ed d\u1ee5, b\u1ea1n c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o m\u1ed9t c\u01a1 s\u1edf d\u1eef li\u1ec7u n\u1ed9i b\u1ed9 kh\u00f4ng c\u00f3 k\u1ebft n\u1ed1i ra <a href=\"https:\/\/interdata.vn\/blog\/mang-internet\/\">Internet<\/a> b\u1eb1ng c\u00e1ch t\u1ea1o m\u1ed9t \u0111\u01b0\u1eddng h\u1ea7m SSH t\u1eeb m\u00e1y t\u00ednh c\u1ee7a m\u00ecnh.<\/li>\n<li><strong>B\u1ea3o v\u1ec7 l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp:<\/strong> To\u00e0n b\u1ed9 d\u1eef li\u1ec7u s\u1ebd \u0111i qua k\u00eanh SSH \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a, gi\u00fap b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda tr\u00ean m\u1ea1ng c\u00f4ng c\u1ed9ng.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cach-hoat-dong-cua-giao-thuc-SSH\"><\/span>C\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao th\u1ee9c SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSH ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean c\u01a1 ch\u1ebf m\u00e3 h\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng (asymmetric encryption) v\u00e0 x\u00e1c th\u1ef1c m\u1ea1nh m\u1ebd \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o m\u1ecdi giao ti\u1ebfp \u0111\u1ec1u an to\u00e0n. Qu\u00e1 tr\u00ecnh k\u1ebft n\u1ed1i bao g\u1ed3m c\u00e1c b\u01b0\u1edbc sau:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giai-doan-thiet-lap-ket-noi\"><\/span>Giai \u0111o\u1ea1n thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>B\u1eaft tay (Handshake):<\/strong> Khi SSH client k\u1ebft n\u1ed1i \u0111\u1ebfn server, hai b\u00ean s\u1ebd trao \u0111\u1ed5i phi\u00ean b\u1ea3n giao th\u1ee9c v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/thuat-toan-algorithm\/\">thu\u1eadt to\u00e1n<\/a> m\u00e3 h\u00f3a \u0111\u1ec3 th\u1ed1ng nh\u1ea5t c\u00e1ch giao ti\u1ebfp.<\/li>\n<li><strong>Trao \u0111\u1ed5i kh\u00f3a:<\/strong> Server g\u1eedi public key c\u1ee7a m\u00ecnh cho client. Client s\u1eed d\u1ee5ng key n\u00e0y \u0111\u1ec3 x\u00e1c minh danh t\u00ednh c\u1ee7a server v\u00e0 thi\u1ebft l\u1eadp m\u1ed9t session key (kh\u00f3a phi\u00ean) t\u1ea1m th\u1eddi. Session key n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 m\u00e3 h\u00f3a to\u00e0n b\u1ed9 d\u1eef li\u1ec7u trao \u0111\u1ed5i trong su\u1ed1t phi\u00ean l\u00e0m vi\u1ec7c.<\/li>\n<\/ul>\n<figure id=\"attachment_32596\" aria-describedby=\"caption-attachment-32596\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32596\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Cach-hoat-dong-cua-SSH.jpg\" alt=\"C\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSH\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Cach-hoat-dong-cua-SSH.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Cach-hoat-dong-cua-SSH-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Cach-hoat-dong-cua-SSH-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32596\" class=\"wp-caption-text\">C\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSH<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Giai-doan-xac-thuc-nguoi-dung\"><\/span>Giai \u0111o\u1ea1n x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sau khi k\u00eanh b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp, client s\u1ebd x\u00e1c th\u1ef1c danh t\u00ednh c\u1ee7a m\u00ecnh v\u1edbi server. C\u00f3 hai ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c ph\u1ed5 bi\u1ebfn:<\/p>\n<ul>\n<li><strong>X\u00e1c th\u1ef1c b\u1eb1ng m\u1eadt kh\u1ea9u:<\/strong> Ph\u01b0\u01a1ng ph\u00e1p \u0111\u01a1n gi\u1ea3n nh\u1ea5t, ng\u01b0\u1eddi d\u00f9ng nh\u1eadp t\u00ean v\u00e0 m\u1eadt kh\u1ea9u. Tuy nhi\u00ean, n\u00f3 d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng brute-force.<\/li>\n<li><strong>X\u00e1c th\u1ef1c b\u1eb1ng <a href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/\">SSH Key<\/a>:<\/strong> \u0110\u00e2y l\u00e0 ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c khuy\u1ebfn kh\u00edch v\u00ec t\u00ednh b\u1ea3o m\u1eadt cao. Ng\u01b0\u1eddi d\u00f9ng t\u1ea1o m\u1ed9t c\u1eb7p kh\u00f3a g\u1ed3m:\n<ul>\n<li><strong>Public Key:<\/strong> L\u01b0u tr\u00ean server, d\u00f9ng \u0111\u1ec3 x\u00e1c minh.<\/li>\n<li><strong>Private Key:<\/strong> Gi\u1eef b\u00ed m\u1eadt tr\u00ean m\u00e1y client, d\u00f9ng \u0111\u1ec3 gi\u1ea3i m\u00e3. Khi k\u1ebft n\u1ed1i, client d\u00f9ng private key \u0111\u1ec3 &#8220;k\u00fd&#8221; m\u1ed9t th\u00f4ng \u0111i\u1ec7p v\u00e0 g\u1eedi cho server. Server s\u1ebd d\u00f9ng public key t\u01b0\u01a1ng \u1ee9ng \u0111\u1ec3 x\u00e1c minh ch\u1eef k\u00fd, t\u1eeb \u0111\u00f3 bi\u1ebft \u0111\u00f3 l\u00e0 ng\u01b0\u1eddi d\u00f9ng h\u1ee3p l\u1ec7.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"So-sanh-SSH-va-Telnet\"><\/span>So s\u00e1nh SSH v\u00e0 Telnet<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tr\u01b0\u1edbc khi c\u00f3 SSH, <strong>Telnet<\/strong> l\u00e0 giao th\u1ee9c ph\u1ed5 bi\u1ebfn \u0111\u1ec3 truy c\u1eadp m\u00e1y ch\u1ee7 t\u1eeb xa. Tuy nhi\u00ean, Telnet c\u00f3 m\u1ed9t nh\u01b0\u1ee3c \u0111i\u1ec3m ch\u00ed t\u1eed: to\u00e0n b\u1ed9 d\u1eef li\u1ec7u (bao g\u1ed3m c\u1ea3 m\u1eadt kh\u1ea9u) \u0111\u1ec1u \u0111\u01b0\u1ee3c truy\u1ec1n d\u01b0\u1edbi d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay (plain text) kh\u00f4ng \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a.<\/p>\n<figure id=\"attachment_32599\" aria-describedby=\"caption-attachment-32599\" style=\"width: 908px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32599\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/So-sanh-SSH-va-Telnet.webp\" alt=\"So s\u00e1nh SSH v\u00e0 Telnet\" width=\"908\" height=\"423\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/So-sanh-SSH-va-Telnet.webp 908w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/So-sanh-SSH-va-Telnet-300x140.webp 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/So-sanh-SSH-va-Telnet-768x358.webp 768w\" sizes=\"auto, (max-width: 908px) 100vw, 908px\" \/><figcaption id=\"caption-attachment-32599\" class=\"wp-caption-text\">So s\u00e1nh SSH v\u00e0 Telnet<\/figcaption><\/figure>\n<p>B\u1ea3ng so s\u00e1nh chi ti\u1ebft gi\u1eefa SSH v\u00e0 Telnet:<\/p>\n<table style=\"width: 100%; max-width: 900px; border-collapse: collapse; font-family: Arial, Helvetica, sans-serif; border: 1px solid #0D6EFD;\">\n<thead>\n<tr>\n<th style=\"background: #0d6efd; color: #ffffff; padding: 12px 14px; border-bottom: 2px solid #0d6efd; font-size: 16px; text-align: center;\">Ti\u00eau ch\u00ed<\/th>\n<th style=\"background: #0d6efd; color: #ffffff; padding: 12px 14px; border-bottom: 2px solid #0d6efd; font-size: 16px; text-align: center;\">SSH (Secure Shell)<\/th>\n<th style=\"background: #0d6efd; color: #ffffff; padding: 12px 14px; border-bottom: 2px solid #0d6efd; font-size: 16px; text-align: center;\">Telnet<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb; font-weight: 600; width: 28%;\">M\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">Cao. D\u1eef li\u1ec7u \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a m\u1ea1nh m\u1ebd.<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">Th\u1ea5p. D\u1eef li\u1ec7u truy\u1ec1n d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay.<\/td>\n<\/tr>\n<tr style=\"background: #fbfdff;\">\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb; font-weight: 600;\">M\u00e3 h\u00f3a<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">C\u00f3. S\u1eed d\u1ee5ng c\u00e1c thu\u1eadt to\u00e1n m\u00e3 h\u00f3a ti\u00ean ti\u1ebfn.<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">Kh\u00f4ng. D\u1ec5 b\u1ecb nghe l\u00e9n.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb; font-weight: 600;\">X\u00e1c th\u1ef1c<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">M\u1ea1nh m\u1ebd, h\u1ed7 tr\u1ee3 m\u1eadt kh\u1ea9u v\u00e0 SSH Key.<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">Y\u1ebfu, ch\u1ec9 d\u00f9ng m\u1eadt kh\u1ea9u.<\/td>\n<\/tr>\n<tr style=\"background: #fbfdff;\">\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb; font-weight: 600;\">C\u1ed5ng m\u1eb7c \u0111\u1ecbnh<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">22<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">23<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb; font-weight: 600;\">Nguy c\u01a1<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">Th\u1ea5p, mi\u1ec5n l\u00e0 c\u1ea5u h\u00ecnh \u0111\u00fang.<\/td>\n<td style=\"padding: 10px 14px; border-bottom: 1px solid #e9eefb;\">R\u1ea5t cao, d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m d\u1ec5 b\u1ecb l\u1ed9.<\/td>\n<\/tr>\n<tr style=\"background: #fbfdff;\">\n<td style=\"padding: 10px 14px; font-weight: 600;\">\u1ee8ng d\u1ee5ng<\/td>\n<td style=\"padding: 10px 14px;\">Qu\u1ea3n tr\u1ecb server, truy\u1ec1n file b\u1ea3o m\u1eadt.<\/td>\n<td style=\"padding: 10px 14px;\">\u00cdt d\u00f9ng, ch\u1ec9 trong c\u00e1c m\u1ea1ng n\u1ed9i b\u1ed9.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><span class=\"ez-toc-section\" id=\"So-sanh-SSH-voi-SSLTLS\"><\/span>So s\u00e1nh SSH v\u1edbi SSL\/TLS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Secure Shell v\u00e0 SSL\/TLS (Secure Sockets Layer\/Transport Layer Security) \u0111\u1ec1u l\u00e0 c\u00e1c giao th\u1ee9c m\u1eadt m\u00e3 <strong>cung c\u1ea5p k\u1ebft n\u1ed1i an to\u00e0n<\/strong> tr\u00ean m\u1ea1ng. Tuy nhi\u00ean, ch\u00fang c\u00f3 <strong>nh\u1eefng \u0111i\u1ec3m kh\u00e1c bi\u1ec7t<\/strong> quan tr\u1ecdng v\u1ec1 m\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng, c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng v\u00e0 ki\u1ebfn tr\u00fac. Vi\u1ec7c hi\u1ec3u r\u00f5 s\u1ef1 kh\u00e1c bi\u1ec7t n\u00e0y gi\u00fap b\u1ea1n l\u1ef1a ch\u1ecdn \u0111\u00fang giao th\u1ee9c cho t\u1eebng t\u00ecnh hu\u1ed1ng c\u1ee5 th\u1ec3, t\u1ed1i \u01b0u hi\u1ec7u qu\u1ea3.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Muc-dich-su-dung\"><\/span>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>M\u1ee5c \u0111\u00edch s\u1eed d\u1ee5ng ch\u00ednh<\/strong> l\u00e0 \u0111i\u1ec3m kh\u00e1c bi\u1ec7t l\u1edbn nh\u1ea5t. SSH th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 <strong>truy c\u1eadp v\u00e0 qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7 t\u1eeb xa<\/strong>, c\u0169ng nh\u01b0 truy\u1ec1n t\u1ec7p tin an to\u00e0n (SFTP). Trong khi \u0111\u00f3, SSL\/TLS th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 <strong>b\u1ea3o m\u1eadt c\u00e1c k\u1ebft n\u1ed1i web<\/strong> (HTTPS), email (SMTPS, IMAPS), v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng tr\u1ef1c tuy\u1ebfn kh\u00e1c b\u1ea3o v\u1ec7 tr\u00ecnh duy\u1ec7t web c\u1ee7a b\u1ea1n!<\/p>\n<figure id=\"attachment_32600\" aria-describedby=\"caption-attachment-32600\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32600\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-so-voi-SSL-TLS.jpg\" alt=\"So s\u00e1nh SSH v\u1edbi SSL\/TLS\" width=\"800\" height=\"450\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-so-voi-SSL-TLS.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-so-voi-SSL-TLS-300x169.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/SSH-so-voi-SSL-TLS-768x432.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32600\" class=\"wp-caption-text\">So s\u00e1nh SSH v\u1edbi SSL\/TLS<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Cach-thuc-hoat-dong\"><\/span>C\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>C\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng<\/strong> c\u1ee7a SSH so v\u1edbi SSL\/TLS c\u0169ng c\u00f3 s\u1ef1 kh\u00e1c bi\u1ec7t. SSH s\u1eed d\u1ee5ng <strong>m\u00f4 h\u00ecnh client-server<\/strong> v\u1edbi x\u00e1c th\u1ef1c hai chi\u1ec1u (client x\u00e1c th\u1ef1c server v\u00e0 ng\u01b0\u1ee3c l\u1ea1i). SSL\/TLS ban \u0111\u1ea7u ch\u1ec9 x\u00e1c th\u1ef1c server (server g\u1eedi ch\u1ee9ng ch\u1ec9 s\u1ed1 cho client). Nh\u01b0ng hi\u1ec7n nay c\u0169ng h\u1ed7 tr\u1ee3 x\u00e1c th\u1ef1c client (client g\u1eedi ch\u1ee9ng ch\u1ec9 s\u1ed1 cho server). S\u1ef1 kh\u00e1c bi\u1ec7t n\u00e0y <strong>t\u1ea1o ra c\u00e1c tr\u01b0\u1eddng h\u1ee3p s\u1eed d\u1ee5ng<\/strong> kh\u00e1c nhau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kien-truc\"><\/span>Ki\u1ebfn tr\u00fac<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1ec1 <strong>ki\u1ebfn tr\u00fac<\/strong>, SSH th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i <strong>tr\u1ef1c ti\u1ebfp<\/strong> gi\u1eefa hai m\u00e1y t\u00ednh (client v\u00e0 server). Trong khi \u0111\u00f3, SSL\/TLS th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng <strong>trong c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/web-application-la-gi\/\">\u1ee9ng d\u1ee5ng web<\/a><\/strong>, n\u01a1i c\u00f3 nhi\u1ec1u client k\u1ebft n\u1ed1i \u0111\u1ebfn m\u1ed9t server. SSL\/TLS th\u01b0\u1eddng \u0111\u01b0\u1ee3c <strong>t\u00edch h\u1ee3p v\u00e0o c\u00e1c \u1ee9ng d\u1ee5ng<\/strong> v\u00e0 giao th\u1ee9c kh\u00e1c (v\u00ed d\u1ee5: HTTPS, FTPS). N\u00f3 <strong>kh\u00f4ng ph\u1ea3i<\/strong> l\u00e0 m\u1ed9t giao th\u1ee9c \u0111\u1ed9c l\u1eadp.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cong-port\"><\/span>C\u1ed5ng (port)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSH th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u1ed5ng 22, trong khi HTTPS (s\u1eed d\u1ee5ng SSL\/TLS) th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u1ed5ng 443. Tuy nhi\u00ean, c\u00e1c c\u1ed5ng n\u00e0y <strong>c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c thay \u0111\u1ed5i<\/strong> t\u00f9y theo c\u1ea5u h\u00ecnh c\u1ee7a server. Vi\u1ec7c thay \u0111\u1ed5i c\u1ed5ng m\u1eb7c \u0111\u1ecbnh c\u00f3 th\u1ec3 gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt. B\u1eb1ng c\u00e1ch <strong>tr\u00e1nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng<\/strong> t\u1ef1 \u0111\u1ed9ng nh\u1eafm v\u00e0o c\u00e1c c\u1ed5ng ph\u1ed5 bi\u1ebfn.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Mot-so-uu-%E2%80%93-nhuoc-diem-cua-SSH\"><\/span>M\u1ed9t s\u1ed1 \u01b0u &#8211; nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1eb7c d\u00f9 l\u00e0 c\u00f4ng c\u1ee5 m\u1ea1nh m\u1ebd, Secure Shell c\u0169ng c\u00f3 nh\u1eefng \u01b0u v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m ri\u00eang.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uu-diem\"><\/span>\u01afu \u0111i\u1ec3m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>B\u1ea3o m\u1eadt v\u01b0\u1ee3t tr\u1ed9i:<\/strong> \u0110\u00e2y l\u00e0 \u0111i\u1ec3m m\u1ea1nh l\u1edbn nh\u1ea5t. Vi\u1ec7c m\u00e3 h\u00f3a end-to-end gi\u00fap b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u kh\u1ecfi m\u1ecdi s\u1ef1 can thi\u1ec7p.<\/li>\n<li><strong>T\u00ednh linh ho\u1ea1t cao:<\/strong> H\u1ed7 tr\u1ee3 nhi\u1ec1u t\u00ednh n\u0103ng nh\u01b0 Port Forwarding, SFTP\/SCP.<\/li>\n<li><strong>X\u00e1c th\u1ef1c m\u1ea1nh m\u1ebd:<\/strong> C\u01a1 ch\u1ebf kh\u00f3a c\u00f4ng khai\/ri\u00eang t\u01b0 gi\u00fap lo\u1ea1i b\u1ecf r\u1ee7i ro t\u1eeb vi\u1ec7c s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u y\u1ebfu.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Nhuoc-diem\"><\/span>Nh\u01b0\u1ee3c \u0111i\u1ec3m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Ph\u1ee9c t\u1ea1p v\u1edbi ng\u01b0\u1eddi m\u1edbi:<\/strong> C\u1ea5u h\u00ecnh v\u00e0 s\u1eed d\u1ee5ng SSH Key c\u00f3 th\u1ec3 g\u00e2y b\u1ee1 ng\u1ee1 cho ng\u01b0\u1eddi d\u00f9ng ch\u01b0a c\u00f3 kinh nghi\u1ec7m.<\/li>\n<li><strong>Ph\u1ee5 thu\u1ed9c v\u00e0o qu\u1ea3n l\u00fd kh\u00f3a:<\/strong> N\u1ebfu private key b\u1ecb m\u1ea5t ho\u1eb7c l\u1ed9, k\u1ebb x\u1ea5u c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o server c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>Nguy c\u01a1 t\u1eeb c\u1ea5u h\u00ecnh sai:<\/strong> N\u1ebfu SSH server kh\u00f4ng \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u00fang, n\u00f3 v\u1eabn c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Truong-hop-nen-su-dung-giao-thuc-SSH\"><\/span>Tr\u01b0\u1eddng h\u1ee3p n\u00ean s\u1eed d\u1ee5ng giao th\u1ee9c SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Khi n\u00e0o b\u1ea1n n\u00ean s\u1eed d\u1ee5ng SSH? D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 v\u00ed d\u1ee5 th\u1ef1c t\u1ebf:<\/p>\n<ul>\n<li><strong>Qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7:<\/strong> Khi b\u1ea1n c\u1ea7n c\u00e0i \u0111\u1eb7t m\u1ed9t trang web, c\u1ea5u h\u00ecnh m\u1ed9t c\u01a1 s\u1edf d\u1eef li\u1ec7u hay th\u1ef1c hi\u1ec7n b\u1ea5t k\u1ef3 thay \u0111\u1ed5i n\u00e0o tr\u00ean server t\u1eeb xa.<\/li>\n<li><strong>Ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m:<\/strong> C\u00e1c l\u1eadp tr\u00ecnh vi\u00ean th\u01b0\u1eddng s\u1eed d\u1ee5ng SSH \u0111\u1ec3 tri\u1ec3n khai \u1ee9ng d\u1ee5ng, l\u00e0m vi\u1ec7c v\u1edbi Git, ho\u1eb7c k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/virtual-machine-la-gi\/\">m\u00e1y \u1ea3o<\/a>.<\/li>\n<li><strong>Sao l\u01b0u d\u1eef li\u1ec7u:<\/strong> S\u1eed d\u1ee5ng SFTP ho\u1eb7c SCP \u0111\u1ec3 chuy\u1ec3n c\u00e1c t\u1ec7p sao l\u01b0u quan tr\u1ecdng v\u1ec1 m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n m\u1ed9t c\u00e1ch an to\u00e0n.<\/li>\n<li><strong>Truy c\u1eadp v\u00e0o c\u00e1c thi\u1ebft b\u1ecb m\u1ea1ng:<\/strong> SSH \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 truy c\u1eadp v\u00e0 c\u1ea5u h\u00ecnh c\u00e1c thi\u1ebft b\u1ecb nh\u01b0 router hay <a href=\"https:\/\/interdata.vn\/blog\/switch-la-gi\/\">switch<\/a>.<\/li>\n<\/ul>\n<figure id=\"attachment_32597\" aria-describedby=\"caption-attachment-32597\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32597\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Truong-hop-nen-su-dung-giao-thuc-SSH.jpg\" alt=\"Tr\u01b0\u1eddng h\u1ee3p n\u00ean s\u1eed d\u1ee5ng giao th\u1ee9c SSH\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Truong-hop-nen-su-dung-giao-thuc-SSH.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Truong-hop-nen-su-dung-giao-thuc-SSH-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/03\/Truong-hop-nen-su-dung-giao-thuc-SSH-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32597\" class=\"wp-caption-text\">Tr\u01b0\u1eddng h\u1ee3p n\u00ean s\u1eed d\u1ee5ng giao th\u1ee9c SSH<\/figcaption><\/figure>\n<p><strong>C\u00e1c \u1ee9ng d\u1ee5ng kh\u00e1c:<\/strong><\/p>\n<p>Ngo\u00e0i ba \u1ee9ng d\u1ee5ng ch\u00ednh \u0111\u00e3 n\u00eau, Secure Shell c\u00f2n c\u00f3 m\u1ed9t s\u1ed1 \u1ee9ng d\u1ee5ng kh\u00e1c, \u00edt ph\u1ed5 bi\u1ebfn h\u01a1n nh\u01b0ng c\u0169ng r\u1ea5t h\u1eefu \u00edch:<\/p>\n<ul>\n<li><strong>X11 Forwarding:<\/strong> Cho ph\u00e9p ch\u1ea1y c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u1ed3 h\u1ecda tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa v\u00e0 hi\u1ec3n th\u1ecb ch\u00fang tr\u00ean m\u00e1y client.<\/li>\n<li><strong>SOCKS Proxy:<\/strong> S\u1eed d\u1ee5ng SSH \u0111\u1ec3 t\u1ea1o m\u1ed9t proxy SOCKS, gi\u00fap \u1ea9n <a href=\"https:\/\/interdata.vn\/blog\/dia-chi-ip-la-gi\/\">\u0111\u1ecba ch\u1ec9 IP<\/a> v\u00e0 v\u01b0\u1ee3t qua c\u00e1c h\u1ea1n ch\u1ebf m\u1ea1ng.<\/li>\n<li><strong>VPN \u0111\u01a1n gi\u1ea3n:<\/strong> C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng SSH \u0111\u1ec3 t\u1ea1o m\u1ed9t k\u1ebft n\u1ed1i VPN \u0111\u01a1n gi\u1ea3n cho c\u00e1c m\u1ee5c \u0111\u00edch c\u1ee5 th\u1ec3.<\/li>\n<li>S\u1eed d\u1ee5ng trong c\u00e1c h\u1ec7 th\u1ed1ng nh\u00fang<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cac-van-de-bao-mat-thuong-gap-trong-giao-thuc-SSH\"><\/span>C\u00e1c v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt th\u01b0\u1eddng g\u1eb7p trong giao th\u1ee9c SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1-Mat-khau-yeu\"><\/span>1. M\u1eadt kh\u1ea9u y\u1ebfu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>D\u00f9ng m\u1eadt kh\u1ea9u y\u1ebfu l\u00e0 m\u1ed9t trong nh\u1eefng <a href=\"https:\/\/interdata.vn\/blog\/lo-hong-bao-mat-la-gi\/\">l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/a> nghi\u00eam tr\u1ecdng nh\u1ea5t, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1eed l\u1ea7n l\u01b0\u1ee3t m\u1ecdi kh\u1ea3 n\u0103ng cho \u0111\u1ebfn khi \u0111o\u00e1n \u0111\u00fang m\u1eadt kh\u1ea9u. \u0110\u1ec3 ph\u00f2ng tr\u00e1nh, h\u00e3y \u0111\u1eb7t m\u1eadt kh\u1ea9u m\u1ea1nh k\u1ebft h\u1ee3p ch\u1eef hoa, ch\u1eef th\u01b0\u1eddng, s\u1ed1 v\u00e0 k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2-Tan-cong-Brute-Force\"><\/span>2. T\u1ea5n c\u00f4ng Brute Force<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"https:\/\/interdata.vn\/blog\/tan-cong-brute-force-la-gi\/\">Brute Force<\/a> l\u00e0 h\u00ecnh th\u1ee9c k\u1ebb t\u1ea5n c\u00f4ng th\u1eed t\u1ea5t c\u1ea3 t\u1ed5 h\u1ee3p m\u1eadt kh\u1ea9u cho \u0111\u1ebfn khi t\u00ecm \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u h\u1ee3p l\u1ec7, gi\u1ea3i ph\u00e1p l\u00e0 gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai v\u00e0 \u00e1p d\u1ee5ng bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 nh\u01b0 t\u1ea1o kho\u1ea3ng d\u1eebng gi\u1eefa c\u00e1c l\u1ea7n th\u1eed.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3-Nguy-co-tan-cong-Man-in-the-Middle-MITM\"><\/span>3. Nguy c\u01a1 t\u1ea5n c\u00f4ng Man-in-the-Middle (MITM)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong ki\u1ec3u t\u1ea5n c\u00f4ng n\u00e0y, k\u1ebb x\u1ea5u ch\u00e8n m\u00ecnh v\u00e0o gi\u1eefa k\u1ebft n\u1ed1i gi\u1eefa client v\u00e0 server \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, c\u00e1ch t\u1ed1t nh\u1ea5t \u0111\u1ec3 ng\u0103n ch\u1eb7n l\u00e0 d\u00f9ng c\u1eb7p kh\u00f3a SSH (SSH key pair) thay cho m\u1eadt kh\u1ea9u khi x\u00e1c th\u1ef1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4-Lo-hong-bao-mat-o-phien-ban-SSH-cu\"><\/span>4. L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u1edf phi\u00ean b\u1ea3n SSH c\u0169<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nh\u1eefng phi\u00ean b\u1ea3n SSH c\u0169 th\u01b0\u1eddng t\u1ed3n t\u1ea1i nhi\u1ec1u l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, ch\u00ednh v\u00ec v\u1eady, c\u00e1c phi\u00ean b\u1ea3n m\u1edbi \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7i n\u00e0y. H\u00e3y \u0111\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng lu\u00f4n ch\u1ea1y b\u1ea3n SSH m\u1edbi nh\u1ea5t \u0111\u1ec3 tr\u00e1nh nguy c\u01a1 b\u1ecb khai th\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"5-Phuong-thuc-xac-thuc-khong-an-toan\"><\/span>5. Ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c kh\u00f4ng an to\u00e0n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>D\u00f9ng c\u00e1c c\u00e1ch x\u00e1c th\u1ef1c k\u00e9m an to\u00e0n nh\u01b0 m\u1eadt kh\u1ea9u d\u1ea1ng v\u0103n b\u1ea3n r\u00f5 (plaintext) ho\u1eb7c x\u00e1c th\u1ef1c b\u1eb1ng rhosts d\u1ec5 t\u1ea1o k\u1ebd h\u1edf cho hacker, thay v\u00e0o \u0111\u00f3, h\u00e3y d\u00f9ng c\u00e1c ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c m\u1ea1nh h\u01a1n nh\u01b0 SSH key pairs ho\u1eb7c x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 (2FA).<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Trien-khai-SSH\"><\/span>Tri\u1ec3n khai SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tri\u1ec3n khai SSH bao g\u1ed3m vi\u1ec7c <strong>c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh<\/strong> c\u1ea3 <a href=\"https:\/\/interdata.vn\/blog\/phan-mem-ssh-client\/\">ph\u1ea7n m\u1ec1m SSH client<\/a> v\u00e0 SSH server tr\u00ean c\u00e1c m\u00e1y t\u00ednh. \u0110\u1ec3 thi\u1ebft l\u1eadp m\u1ed9t k\u1ebft n\u1ed1i SSH an to\u00e0n. Qu\u00e1 tr\u00ecnh n\u00e0y <strong>t\u01b0\u01a1ng \u0111\u1ed1i \u0111\u01a1n gi\u1ea3n<\/strong> tr\u00ean h\u1ea7u h\u1ebft c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh\/\">h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/a> hi\u1ec7n \u0111\u1ea1i. Nh\u01b0ng \u0111\u00f2i h\u1ecfi ng\u01b0\u1eddi d\u00f9ng ph\u1ea3i c\u00f3 ki\u1ebfn th\u1ee9c c\u01a1 b\u1ea3n v\u1ec1 d\u00f2ng l\u1ec7nh (command line) v\u00e0 c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng.<\/p>\n<p>Vi\u1ec7c tri\u1ec3n khai SSH <strong>kh\u00f4ng ch\u1ec9 \u0111\u01a1n thu\u1ea7n<\/strong> l\u00e0 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m. M\u00e0 c\u00f2n bao g\u1ed3m vi\u1ec7c <strong>c\u1ea5u h\u00ecnh c\u00e1c t\u00f9y ch\u1ecdn b\u1ea3o m\u1eadt<\/strong> \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n cho k\u1ebft n\u1ed1i. \u0110i\u1ec1u n\u00e0y bao g\u1ed3m vi\u1ec7c l\u1ef1a ch\u1ecdn ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c. C\u1ea5u h\u00ecnh <a href=\"https:\/\/interdata.vn\/blog\/tuong-lua-firewall\/\">t\u01b0\u1eddng l\u1eeda<\/a>, v\u00e0 thay \u0111\u1ed5i c\u00e1c c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh n\u1ebfu c\u1ea7n thi\u1ebft. N\u00f3 gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n kh\u00f4ng ch\u1ec9 mua m\u1ed9t chi\u1ebfc kh\u00f3a, m\u00e0 c\u00f2n ph\u1ea3i l\u1eafp \u0111\u1eb7t v\u00e0 c\u00e0i \u0111\u1eb7t \u0111\u00fang c\u00e1ch.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-SSH-Client\"><\/span>C\u00e0i \u0111\u1eb7t SSH Client<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Tr\u00ean h\u1ea7u h\u1ebft c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh d\u1ef1a tr\u00ean Unix (<a href=\"https:\/\/interdata.vn\/blog\/he-dieu-hanh-linux-la-gi\/\">Linux<\/a>, macOS), SSH client <strong>th\u01b0\u1eddng \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t s\u1eb5n<\/strong>. B\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra b\u1eb1ng c\u00e1ch m\u1edf terminal v\u00e0 g\u00f5 l\u1ec7nh <code>ssh -V<\/code>. N\u1ebfu SSH client ch\u01b0a \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t, b\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng c\u00e0i \u0111\u1eb7t th\u00f4ng qua tr\u00ecnh qu\u1ea3n l\u00fd g\u00f3i c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh (v\u00ed d\u1ee5: <code>apt<\/code> tr\u00ean Debian\/Ubuntu, <code>yum<\/code> tr\u00ean CentOS\/RHEL, <code>brew<\/code> tr\u00ean macOS).<\/p>\n<p>Tr\u00ean Windows, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c \u1ee9ng d\u1ee5ng SSH client nh\u01b0 <strong><a href=\"https:\/\/interdata.vn\/blog\/putty-la-gi\/\">PuTTY<\/a>, MobaXterm, ho\u1eb7c Windows Subsystem for Linux (WSL)<\/strong>. PuTTY l\u00e0 m\u1ed9t \u1ee9ng d\u1ee5ng SSH client <strong>mi\u1ec5n ph\u00ed v\u00e0 ph\u1ed5 bi\u1ebfn<\/strong>, cung c\u1ea5p giao di\u1ec7n \u0111\u1ed3 h\u1ecda d\u1ec5 s\u1eed d\u1ee5ng. MobaXterm l\u00e0 m\u1ed9t \u1ee9ng d\u1ee5ng terminal <strong>\u0111a n\u0103ng<\/strong>, t\u00edch h\u1ee3p s\u1eb5n SSH client v\u00e0 nhi\u1ec1u c\u00f4ng c\u1ee5 kh\u00e1c. WSL cho ph\u00e9p b\u1ea1n <strong>ch\u1ea1y m\u00f4i tr\u01b0\u1eddng Linux<\/strong> tr\u1ef1c ti\u1ebfp tr\u00ean Windows.<\/p>\n<p>Vi\u1ec7c c\u00e0i \u0111\u1eb7t SSH client th\u01b0\u1eddng <strong>r\u1ea5t \u0111\u01a1n gi\u1ea3n<\/strong>. Ch\u1ec9 c\u1ea7n t\u1ea3i v\u1ec1 v\u00e0 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m t\u01b0\u01a1ng \u1ee9ng, ho\u1eb7c s\u1eed d\u1ee5ng tr\u00ecnh qu\u1ea3n l\u00fd g\u00f3i c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh. Sau khi c\u00e0i \u0111\u1eb7t, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng SSH client \u0111\u1ec3 <strong>k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 SSH<\/strong> t\u1eeb xa. B\u1ea1n ch\u1ec9 c\u1ea7n bi\u1ebft \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c <a href=\"https:\/\/interdata.vn\/blog\/domain-la-gi\/\">t\u00ean mi\u1ec1n<\/a> c\u1ee7a m\u00e1y ch\u1ee7, t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u (ho\u1eb7c kh\u00f3a SSH).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-SSH-Server\"><\/span>C\u00e0i \u0111\u1eb7t SSH Server<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 <strong>nh\u1eadn c\u00e1c k\u1ebft n\u1ed1i SSH<\/strong> t\u1eeb xa, b\u1ea1n c\u1ea7n c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh SSH server. Tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh d\u1ef1a tr\u00ean Unix, <strong>OpenSSH<\/strong> th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u00e0m SSH server. B\u1ea1n c\u00f3 th\u1ec3 c\u00e0i \u0111\u1eb7t OpenSSH th\u00f4ng qua tr\u00ecnh qu\u1ea3n l\u00fd g\u00f3i c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh. (V\u00ed d\u1ee5: <code>sudo apt install openssh-server<\/code> tr\u00ean Debian\/Ubuntu).<\/p>\n<p>Tr\u00ean Windows, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng <strong>t\u00ednh n\u0103ng OpenSSH Server<\/strong> t\u00edch h\u1ee3p s\u1eb5n (t\u1eeb Windows 10 phi\u00ean b\u1ea3n 1809 tr\u1edf l\u00ean). Ho\u1eb7c c\u00e1c ph\u1ea7n m\u1ec1m SSH server c\u1ee7a b\u00ean th\u1ee9 ba nh\u01b0 <strong>freeSSHd ho\u1eb7c OpenSSH for Windows<\/strong>. Vi\u1ec7c c\u00e0i \u0111\u1eb7t SSH server tr\u00ean Windows th\u01b0\u1eddng ph\u1ee9c t\u1ea1p h\u01a1n so v\u1edbi tr\u00ean Linux. Nh\u01b0ng c\u0169ng c\u00f3 nhi\u1ec1u h\u01b0\u1edbng d\u1eabn chi ti\u1ebft tr\u00ean m\u1ea1ng.<\/p>\n<p>Sau khi c\u00e0i \u0111\u1eb7t SSH server, b\u1ea1n c\u1ea7n <strong>c\u1ea5u h\u00ecnh c\u00e1c t\u00f9y ch\u1ecdn b\u1ea3o m\u1eadt<\/strong> trong t\u1ec7p c\u1ea5u h\u00ecnh c\u1ee7a SSH server (th\u01b0\u1eddng l\u00e0 <code>\/etc\/ssh\/sshd_config<\/code> tr\u00ean Linux). C\u00e1c t\u00f9y ch\u1ecdn quan tr\u1ecdng bao g\u1ed3m: <strong>ch\u1ecdn c\u1ed5ng SSH<\/strong> (Port), <strong>v\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp root<\/strong> (PermitRootLogin), <strong>ch\u1ecdn ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c<\/strong> (PasswordAuthentication, PubkeyAuthentication), v\u00e0 <strong>c\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda<\/strong> \u0111\u1ec3 cho ph\u00e9p k\u1ebft n\u1ed1i \u0111\u1ebfn c\u1ed5ng SSH.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tao-va-su-dung-SSH-Key\"><\/span>T\u1ea1o v\u00e0 s\u1eed d\u1ee5ng SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Thay v\u00ec s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u, b\u1ea1n n\u00ean <strong>s\u1eed d\u1ee5ng SSH key<\/strong> \u0111\u1ec3 x\u00e1c th\u1ef1c. SSH key an to\u00e0n h\u01a1n m\u1eadt kh\u1ea9u r\u1ea5t nhi\u1ec1u. \u0110\u1ec3 t\u1ea1o SSH key, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ec7nh <code>ssh-keygen<\/code> tr\u00ean terminal. L\u1ec7nh n\u00e0y s\u1ebd t\u1ea1o ra m\u1ed9t c\u1eb7p kh\u00f3a: <strong>kh\u00f3a ri\u00eang t\u01b0 (private key)<\/strong> v\u00e0 <strong>kh\u00f3a c\u00f4ng khai (public key)<\/strong>. B\u1ea1n c\u1ea7n gi\u1eef b\u00ed m\u1eadt kh\u00f3a ri\u00eang t\u01b0 v\u00e0 \u0111\u1eb7t kh\u00f3a c\u00f4ng khai l\u00ean server.<\/p>\n<p>Sau khi t\u1ea1o key, b\u1ea1n c\u1ea7n <strong>sao ch\u00e9p kh\u00f3a c\u00f4ng khai<\/strong> l\u00ean m\u00e1y ch\u1ee7 SSH m\u00e0 b\u1ea1n mu\u1ed1n truy c\u1eadp. B\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ec7nh <code>ssh-copy-id<\/code> \u0111\u1ec3 th\u1ef1c hi\u1ec7n vi\u1ec7c n\u00e0y m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng. L\u1ec7nh n\u00e0y s\u1ebd t\u1ef1 \u0111\u1ed9ng th\u00eam kh\u00f3a c\u00f4ng khai v\u00e0o t\u1ec7p <code>~\/.ssh\/authorized_keys<\/code> tr\u00ean m\u00e1y ch\u1ee7. Sau khi ho\u00e0n t\u1ea5t, b\u1ea1n c\u00f3 th\u1ec3 <strong>k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7<\/strong> m\u00e0 kh\u00f4ng c\u1ea7n nh\u1eadp m\u1eadt kh\u1ea9u.<\/p>\n<p>Vi\u1ec7c s\u1eed d\u1ee5ng SSH key kh\u00f4ng ch\u1ec9 <strong>t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt<\/strong> m\u00e0 c\u00f2n <strong>ti\u1ec7n l\u1ee3i h\u01a1n<\/strong> so v\u1edbi vi\u1ec7c s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u. B\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i nh\u1edb v\u00e0 nh\u1eadp m\u1eadt kh\u1ea9u m\u1ed7i khi k\u1ebft n\u1ed1i. Tuy nhi\u00ean, b\u1ea1n c\u1ea7n <strong>b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0<\/strong> c\u1ea9n th\u1eadn, v\u00ec n\u1ebfu b\u1ecb m\u1ea5t, b\u1ea1n s\u1ebd m\u1ea5t quy\u1ec1n truy c\u1eadp v\u00e0o m\u00e1y ch\u1ee7. V\u00e0 n\u1ebfu b\u1ecb \u0111\u00e1nh c\u1eafp, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Mot-so-lenh-SSH-co-ban\"><\/span>M\u1ed9t s\u1ed1 l\u1ec7nh SSH c\u01a1 b\u1ea3n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>L\u1ec7nh SSH kh\u00f4ng ch\u1ec9 \u0111\u01a1n thu\u1ea7n l\u00e0 <code>ssh<\/code>. M\u00e0 n\u00f3 c\u00f2n bao g\u1ed3m <strong>m\u1ed9t lo\u1ea1t c\u00e1c l\u1ec7nh v\u00e0 t\u00f9y ch\u1ecdn<\/strong> kh\u00e1c nhau. Cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n nhi\u1ec1u t\u00e1c v\u1ee5 t\u1eeb xa. Vi\u1ec7c <strong>n\u1eafm v\u1eefng c\u00e1c l\u1ec7nh SSH c\u01a1 b\u1ea3n<\/strong> l\u00e0 r\u1ea5t quan tr\u1ecdng. N\u00f3 gi\u00fap qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng v\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 t\u1eadn d\u1ee5ng t\u1ed1i \u0111a s\u1ee9c m\u1ea1nh c\u1ee7a giao th\u1ee9c n\u00e0y.<\/p>\n<p>C\u00e1c l\u1ec7nh SSH <strong>cung c\u1ea5p kh\u1ea3 n\u0103ng<\/strong> k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 t\u1eeb xa. Th\u1ef1c thi l\u1ec7nh tr\u00ean m\u00e1y ch\u1ee7 \u0111\u00f3, truy\u1ec1n t\u1ec7p tin, v\u00e0 th\u1eadm ch\u00ed t\u1ea1o \u0111\u01b0\u1eddng h\u1ea7m b\u1ea3o m\u1eadt. M\u1ed7i l\u1ec7nh c\u00f3 <strong>c\u00fa ph\u00e1p v\u00e0 c\u00e1c t\u00f9y ch\u1ecdn ri\u00eang<\/strong>. Vi\u1ec7c hi\u1ec3u r\u00f5 c\u00fa ph\u00e1p v\u00e0 c\u00e1c t\u00f9y ch\u1ecdn n\u00e0y gi\u00fap b\u1ea1n s\u1eed d\u1ee5ng SSH m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 v\u00e0 linh ho\u1ea1t h\u01a1n. Gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n bi\u1ebft s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 kh\u00e1c nhau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-ssh-co-ban\"><\/span>L\u1ec7nh ssh c\u01a1 b\u1ea3n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>L\u1ec7nh <code>ssh<\/code> c\u01a1 b\u1ea3n nh\u1ea5t c\u00f3 c\u00fa ph\u00e1p: <code>ssh [t\u00f9y_ch\u1ecdn] [user@]hostname<\/code>. Trong \u0111\u00f3, <code>user<\/code> l\u00e0 t\u00ean ng\u01b0\u1eddi d\u00f9ng tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa. <code>hostname<\/code> l\u00e0 \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c t\u00ean mi\u1ec1n c\u1ee7a m\u00e1y ch\u1ee7. N\u1ebfu b\u1ea1n kh\u00f4ng ch\u1ec9 \u0111\u1ecbnh <code>user<\/code>, SSH s\u1ebd s\u1eed d\u1ee5ng t\u00ean ng\u01b0\u1eddi d\u00f9ng hi\u1ec7n t\u1ea1i tr\u00ean m\u00e1y client. L\u1ec7nh n\u00e0y <strong>m\u1edf m\u1ed9t phi\u00ean l\u00e0m vi\u1ec7c<\/strong> (session) t\u01b0\u01a1ng t\u00e1c tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa.<\/p>\n<p>V\u00ed d\u1ee5: <code>ssh user1@192.168.1.100<\/code> s\u1ebd k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 c\u00f3 \u0111\u1ecba ch\u1ec9 IP 192.168.1.100 v\u1edbi t\u00ean ng\u01b0\u1eddi d\u00f9ng l\u00e0 user1. Sau khi k\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng, b\u1ea1n s\u1ebd <strong>c\u00f3 th\u1ec3 nh\u1eadp c\u00e1c l\u1ec7nh<\/strong> tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa nh\u01b0 th\u1ec3 b\u1ea1n \u0111ang ng\u1ed3i tr\u1ef1c ti\u1ebfp tr\u01b0\u1edbc m\u00e1y ch\u1ee7 \u0111\u00f3. N\u00f3 <strong>gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n \u0111i\u1ec1u khi\u1ec3n<\/strong> m\u00e1y t\u00ednh t\u1eeb xa v\u1eady!<\/p>\n<p>M\u1ed9t s\u1ed1 t\u00f9y ch\u1ecdn th\u01b0\u1eddng d\u00f9ng v\u1edbi l\u1ec7nh <code>ssh<\/code>:<\/p>\n<ul>\n<li><code>-p [c\u1ed5ng]<\/code>: Ch\u1ec9 \u0111\u1ecbnh c\u1ed5ng SSH (m\u1eb7c \u0111\u1ecbnh l\u00e0 22). V\u00ed d\u1ee5: <code>ssh -p 2222 user1@example.com<\/code>.<\/li>\n<li><code>-i [t\u1ec7p_kh\u00f3a]<\/code>: Ch\u1ec9 \u0111\u1ecbnh t\u1ec7p ch\u1ee9a kh\u00f3a ri\u00eang t\u01b0. V\u00ed d\u1ee5: <code>ssh -i ~\/.ssh\/mykey user1@example.com<\/code>.<\/li>\n<li><code>-X<\/code>: B\u1eadt chuy\u1ec3n ti\u1ebfp X11 (cho ph\u00e9p ch\u1ea1y \u1ee9ng d\u1ee5ng \u0111\u1ed3 h\u1ecda t\u1eeb xa).<\/li>\n<li><code>-L [c\u1ed5ng_local]:[host_remote]:[c\u1ed5ng_remote]<\/code>: T\u1ea1o \u0111\u01b0\u1eddng h\u1ea7m c\u1ee5c b\u1ed9 (local port forwarding).<\/li>\n<li><code>-R [c\u1ed5ng_remote]:[host_local]:[c\u1ed5ng_local]<\/code>: T\u1ea1o \u0111\u01b0\u1eddng h\u1ea7m t\u1eeb xa.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-scp-Secure-Copy\"><\/span>L\u1ec7nh scp (Secure Copy)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>L\u1ec7nh <code>scp<\/code> cho ph\u00e9p <strong>sao ch\u00e9p t\u1ec7p tin<\/strong> gi\u1eefa m\u00e1y t\u00ednh c\u1ee5c b\u1ed9 v\u00e0 m\u00e1y ch\u1ee7 t\u1eeb xa, ho\u1eb7c gi\u1eefa hai m\u00e1y ch\u1ee7 t\u1eeb xa, m\u1ed9t c\u00e1ch an to\u00e0n. N\u00f3 s\u1eed d\u1ee5ng SSH \u0111\u1ec3 <a href=\"https:\/\/interdata.vn\/blog\/ma-hoa-du-lieu-data-encryption\/\">m\u00e3 h\u00f3a d\u1eef li\u1ec7u<\/a> trong qu\u00e1 tr\u00ecnh truy\u1ec1n t\u1ea3i. C\u00fa ph\u00e1p c\u1ee7a l\u1ec7nh <code>scp<\/code> t\u01b0\u01a1ng t\u1ef1 nh\u01b0 l\u1ec7nh <code>cp<\/code> (copy) trong Linux. <code>scp [t\u00f9y_ch\u1ecdn] [ngu\u1ed3n] [\u0111\u00edch]<\/code>. N\u00f3 <strong>gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n sao ch\u00e9p<\/strong> file an to\u00e0n.<\/p>\n<p>V\u00ed d\u1ee5:<\/p>\n<ul>\n<li><code>scp user1@192.168.1.100:\/path\/to\/remote\/file.txt \/path\/to\/local\/<\/code>: T\u1ea3i t\u1ec7p <code>file.txt<\/code> t\u1eeb m\u00e1y ch\u1ee7 t\u1eeb xa v\u1ec1 m\u00e1y c\u1ee5c b\u1ed9.<\/li>\n<li><code>scp \/path\/to\/local\/file.txt user1@192.168.1.100:\/path\/to\/remote\/<\/code>: T\u1ea3i t\u1ec7p <code>file.txt<\/code> t\u1eeb m\u00e1y c\u1ee5c b\u1ed9 l\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa.<\/li>\n<li><code>scp -r user1@192.168.1.100:\/path\/to\/remote\/folder \/path\/to\/local<\/code>: T\u1ea3i to\u00e0n b\u1ed9 th\u01b0 m\u1ee5c t\u1eeb xa<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-sftp-SSH-File-Transfer-Protocol\"><\/span>L\u1ec7nh sftp (SSH File Transfer Protocol)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><code>sftp<\/code> l\u00e0 m\u1ed9t giao th\u1ee9c <strong>truy\u1ec1n t\u1ec7p tin an to\u00e0n<\/strong>, ho\u1ea1t \u0111\u1ed9ng tr\u00ean n\u1ec1n SSH. N\u00f3 cung c\u1ea5p m\u1ed9t giao di\u1ec7n t\u01b0\u01a1ng t\u00e1c, t\u01b0\u01a1ng t\u1ef1 nh\u01b0 FTP, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng duy\u1ec7t, t\u1ea3i l\u00ean, t\u1ea3i xu\u1ed1ng v\u00e0 qu\u1ea3n l\u00fd t\u1ec7p tin tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa. \u0110\u1ec3 s\u1eed d\u1ee5ng <code>sftp<\/code>, b\u1ea1n ch\u1ec9 c\u1ea7n g\u00f5 l\u1ec7nh <code>sftp [user@]hostname<\/code>. Sau \u0111\u00f3, b\u1ea1n s\u1ebd \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o m\u1ed9t <strong>giao di\u1ec7n d\u00f2ng l\u1ec7nh<\/strong> t\u01b0\u01a1ng t\u1ef1 FTP.<\/p>\n<p>Trong giao di\u1ec7n <code>sftp<\/code>, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c l\u1ec7nh nh\u01b0:<\/p>\n<ul>\n<li><code>ls<\/code>: Li\u1ec7t k\u00ea t\u1ec7p tin v\u00e0 th\u01b0 m\u1ee5c.<\/li>\n<li><code>cd<\/code>: Thay \u0111\u1ed5i th\u01b0 m\u1ee5c.<\/li>\n<li><code>get<\/code>: T\u1ea3i t\u1ec7p tin t\u1eeb m\u00e1y ch\u1ee7 t\u1eeb xa v\u1ec1 m\u00e1y c\u1ee5c b\u1ed9.<\/li>\n<li><code>put<\/code>: T\u1ea3i t\u1ec7p tin t\u1eeb m\u00e1y c\u1ee5c b\u1ed9 l\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa.<\/li>\n<li><code>mkdir<\/code>: T\u1ea1o th\u01b0 m\u1ee5c m\u1edbi.<\/li>\n<li><code>rm<\/code>: X\u00f3a t\u1ec7p tin.<\/li>\n<li><code>rmdir<\/code>: X\u00f3a th\u01b0 m\u1ee5c.<\/li>\n<li><code>pwd<\/code>: Hi\u1ec3n th\u1ecb th\u01b0 m\u1ee5c hi\u1ec7n h\u00e0nh<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-ssh-keygen\"><\/span>L\u1ec7nh ssh-keygen<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><code>ssh-keygen<\/code> l\u00e0 l\u1ec7nh d\u00f9ng \u0111\u1ec3 <strong>t\u1ea1o c\u1eb7p kh\u00f3a SSH<\/strong> (kh\u00f3a ri\u00eang t\u01b0 v\u00e0 kh\u00f3a c\u00f4ng khai). C\u1eb7p kh\u00f3a n\u00e0y \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 x\u00e1c th\u1ef1c b\u1eb1ng kh\u00f3a c\u00f4ng khai, thay v\u00ec m\u1eadt kh\u1ea9u. L\u1ec7nh n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng v\u1edbi c\u00e1c t\u00f9y ch\u1ecdn nh\u01b0:<\/p>\n<ul>\n<li><code>-t [lo\u1ea1i_kh\u00f3a]<\/code>: Ch\u1ec9 \u0111\u1ecbnh lo\u1ea1i kh\u00f3a (v\u00ed d\u1ee5: rsa, ed25519).<\/li>\n<li><code>-b [s\u1ed1_bit]<\/code>: Ch\u1ec9 \u0111\u1ecbnh \u0111\u1ed9 d\u00e0i kh\u00f3a (v\u00ed d\u1ee5: 2048, 4096).<\/li>\n<li><code>-f [t\u00ean_t\u1ec7p]<\/code>: Ch\u1ec9 \u0111\u1ecbnh t\u00ean t\u1ec7p \u0111\u1ec3 l\u01b0u kh\u00f3a.<\/li>\n<li>-C &#8220;comment&#8221;: Th\u00eam ch\u00fa th\u00edch v\u00e0o key<\/li>\n<\/ul>\n<p>V\u00ed d\u1ee5: <code>ssh-keygen -t rsa -b 4096 -f ~\/.ssh\/mykey<\/code> s\u1ebd t\u1ea1o m\u1ed9t c\u1eb7p kh\u00f3a RSA 4096-bit v\u00e0 l\u01b0u v\u00e0o th\u01b0 m\u1ee5c <code>~\/.ssh\/<\/code> v\u1edbi t\u00ean <code>mykey<\/code> (kh\u00f3a ri\u00eang t\u01b0) v\u00e0 <code>mykey.pub<\/code> (kh\u00f3a c\u00f4ng khai).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lenh-ssh-copy-id\"><\/span>L\u1ec7nh ssh-copy-id<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><code>ssh-copy-id<\/code> l\u00e0 m\u1ed9t ti\u1ec7n \u00edch gi\u00fap <strong>sao ch\u00e9p kh\u00f3a c\u00f4ng khai<\/strong> c\u1ee7a b\u1ea1n l\u00ean m\u00e1y ch\u1ee7 SSH m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng. N\u00f3 t\u1ef1 \u0111\u1ed9ng th\u00eam kh\u00f3a c\u00f4ng khai v\u00e0o t\u1ec7p <code>~\/.ssh\/authorized_keys<\/code> tr\u00ean m\u00e1y ch\u1ee7. C\u00fa ph\u00e1p: <code>ssh-copy-id [user@]hostname<\/code>. V\u00ed d\u1ee5: <code>ssh-copy-id user1@192.168.1.100<\/code>. L\u1ec7nh n\u00e0y s\u1ebd <strong>gi\u00fap b\u1ea1n thi\u1ebft l\u1eadp x\u00e1c th\u1ef1c<\/strong> b\u1eb1ng kh\u00f3a c\u00f4ng khai m\u1ed9t c\u00e1ch nhanh ch\u00f3ng.<\/p>\n<p>Hy v\u1ecdng b\u00e0i vi\u1ebft n\u00e0y \u0111\u00e3 gi\u00fap b\u1ea1n c\u00f3 m\u1ed9t c\u00e1i nh\u00ecn \u0111\u1ea7y \u0111\u1ee7 v\u00e0 chi ti\u1ebft v\u1ec1 SSH. N\u1eafm v\u1eefng giao th\u1ee9c n\u00e0y kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n l\u00e0m vi\u1ec7c hi\u1ec7u qu\u1ea3 h\u01a1n m\u00e0 c\u00f2n b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n kh\u1ecfi c\u00e1c r\u1ee7i ro an ninh m\u1ea1ng.<\/p>\n<div style=\"background-color: #f5f5f5; padding: 15px; border-radius: 5px; border: 1px solid #ddd;\">\n<p>\u0110\u1ec3 \u1ee9ng d\u1ee5ng SSH m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 trong qu\u1ea3n tr\u1ecb m\u00e1y ch\u1ee7, b\u1ea1n c\u1ea7n m\u1ed9t m\u00f4i tr\u01b0\u1eddng m\u00e1y ch\u1ee7 \u1ed5n \u0111\u1ecbnh v\u00e0 m\u1ea1nh m\u1ebd. InterData cung c\u1ea5p c\u00e1c gi\u1ea3i ph\u00e1p <a href=\"http:\/\/interdata.vn\/thue-hosting\/\"><strong>Hosting gi\u00e1 r\u1ebb t\u1ed1c \u0111\u1ed9 cao<\/strong><\/a> v\u1edbi nhi\u1ec1u l\u1ef1a ch\u1ecdn, t\u1ed1i \u01b0u cho nhi\u1ec1u <a href=\"https:\/\/interdata.vn\/blog\/source-code-la-gi\/\">m\u00e3 ngu\u1ed3n<\/a>, ph\u1ea7n c\u1ee9ng th\u1ebf h\u1ec7 m\u1edbi s\u1eed d\u1ee5ng <a href=\"https:\/\/interdata.vn\/blog\/chip-amd-la-gi\/\">CPU AMD<\/a> EPYC\/Intel Xeon Platinum v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/o-cung-ssd-nvme-la-gi\/\">\u1ed5 c\u1ee9ng SSD NVMe<\/a> U.2, mang l\u1ea1i hi\u1ec7u su\u1ea5t v\u01b0\u1ee3t tr\u1ed9i.<\/p>\n<p>N\u1ebfu b\u1ea1n c\u1ea7n to\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t v\u00e0 t\u00e0i nguy\u00ean chuy\u00ean d\u1ee5ng, <a href=\"http:\/\/interdata.vn\/thue-vps\/\"><strong>thu\u00ea VPS ch\u1ea5t l\u01b0\u1ee3ng gi\u00e1 r\u1ebb<\/strong><\/a> ho\u1eb7c <a href=\"http:\/\/interdata.vn\/cloud-server\/\"><strong>thu\u00ea Cloud Server gi\u00e1 r\u1ebb t\u1ed1c \u0111\u1ed9 cao<\/strong><\/a> t\u1ea1i InterData l\u00e0 nh\u1eefng l\u1ef1a ch\u1ecdn \u0111\u00e1ng c\u00e2n nh\u1eafc. V\u1edbi <a href=\"https:\/\/interdata.vn\/blog\/bang-thong-la-gi\/\">b\u0103ng th\u00f4ng<\/a> cao, dung l\u01b0\u1ee3ng \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u v\u00e0 c\u1ea5u h\u00ecnh m\u1ea1nh m\u1ebd, b\u1ea1n c\u00f3 th\u1ec3 tri\u1ec3n khai c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u00f2i h\u1ecfi t\u00e0i nguy\u00ean l\u1edbn, \u0111\u1ea3m b\u1ea3o ho\u1ea1t \u0111\u1ed9ng \u1ed5n \u0111\u1ecbnh, uy t\u00edn.<\/p>\n<p><strong>INTERDATA<\/strong><\/p>\n<ul>\n<li><strong>Website:<\/strong>\u00a0Interdata.vn<\/li>\n<li><strong>Hotline:<\/strong>\u00a01900-636822<\/li>\n<li><strong>Email:<\/strong>\u00a0Info@interdata.vn<\/li>\n<li><strong>VP\u0110D:<\/strong>\u00a0240 Nguy\u1ec5n \u0110\u00ecnh Ch\u00ednh, P.11. Q. Ph\u00fa Nhu\u1eadn, TP. Ho\u0302\u0300 Ch\u00ed Minh<\/li>\n<li><strong>VPGD:<\/strong>\u00a0S\u1ed1 211 \u0110\u01b0\u1eddng s\u1ed1 5, K\u0110T Lakeview City, P. An Ph\u00fa, TP. Th\u1ee7 \u0110\u1ee9c, TP. H\u1ed3 Ch\u00ed Minh<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSH (Secure Shell) l\u00e0 m\u1ed9t giao th\u1ee9c m\u1ea1ng m\u1eadt m\u00e3 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh tr\u00ean m\u00e1y t\u00ednh t\u1eeb xa m\u1ed9t c\u00e1ch an to\u00e0n v\u00e0 b\u1ea3o m\u1eadt. N\u00f3 gi\u00fap b\u1ea1n qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7, truy\u1ec1n d\u1eef li\u1ec7u v\u00e0 th\u1ef1c hi\u1ec7n nhi\u1ec1u t\u00e1c v\u1ee5 kh\u00e1c m\u00e0 kh\u00f4ng lo b\u1ecb k\u1ebb x\u1ea5u nghe l\u00e9n hay<\/p>\n","protected":false},"author":11,"featured_media":32598,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-15950","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/15950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=15950"}],"version-history":[{"count":2,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/15950\/revisions"}],"predecessor-version":[{"id":32601,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/15950\/revisions\/32601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/32598"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=15950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=15950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=15950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}