{"id":20163,"date":"2025-03-20T09:30:40","date_gmt":"2025-03-20T02:30:40","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=20163"},"modified":"2025-03-20T09:43:55","modified_gmt":"2025-03-20T02:43:55","slug":"ssh-key-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/","title":{"rendered":"SSH Key l\u00e0 g\u00ec? H\u01b0\u1edbng d\u1eabn T\u1ea1o, S\u1eed d\u1ee5ng v\u00e0 B\u1ea3o m\u1eadt A-Z"},"content":{"rendered":"\n<p><a href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/\"><strong>SSH Key (Secure Shell Key)<\/strong><\/a> l\u00e0 m\u1ed9t ph\u01b0\u01a1ng th\u1ee9c <strong>x\u00e1c th\u1ef1c<\/strong> ti\u00ean ti\u1ebfn, cho ph\u00e9p b\u1ea1n k\u1ebft n\u1ed1i an to\u00e0n \u0111\u1ebfn m\u00e1y ch\u1ee7 t\u1eeb xa m\u00e0 <strong>kh\u00f4ng c\u1ea7n<\/strong> s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u truy\u1ec1n th\u1ed1ng. Thay v\u00e0o \u0111\u00f3, h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng m\u1ed9t c\u1eb7p kh\u00f3a: <strong>kh\u00f3a ri\u00eang t\u01b0<\/strong> (private key) \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n v\u00e0 <strong>kh\u00f3a c\u00f4ng khai<\/strong> (public key) \u0111\u01b0\u1ee3c \u0111\u1eb7t tr\u00ean m\u00e1y ch\u1ee7 b\u1ea1n mu\u1ed1n truy c\u1eadp. C\u01a1 ch\u1ebf n\u00e0y mang l\u1ea1i s\u1ef1 b\u1ea3o m\u1eadt v\u00e0 ti\u1ec7n l\u1ee3i v\u01b0\u1ee3t tr\u1ed9i.<\/p>\n<figure id=\"attachment_25786\" aria-describedby=\"caption-attachment-25786\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/SSH-Key-Secure-Shell-Key.jpg\" alt=\"SSH Key (Secure Shell Key)\" width=\"800\" height=\"420\" class=\"size-full wp-image-25786\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/SSH-Key-Secure-Shell-Key.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/SSH-Key-Secure-Shell-Key-300x158.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/SSH-Key-Secure-Shell-Key-768x403.jpg 768w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/12\/SSH-Key-Secure-Shell-Key-750x394.jpg 750w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-25786\" class=\"wp-caption-text\">SSH Key (Secure Shell Key)<\/figcaption><\/figure>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Co-che-hoat-dong-cua-SSH-Key\" >C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSH Key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Nhung-loi-ich-cua-SSH-Key\" >Nh\u1eefng l\u1ee3i \u00edch c\u1ee7a SSH Key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Bao-mat-vuot-troi\" >B\u1ea3o m\u1eadt v\u01b0\u1ee3t tr\u1ed9i<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Tien-loi-va-nhanh-chong\" >Ti\u1ec7n l\u1ee3i v\u00e0 nhanh ch\u00f3ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Tu-dong-hoa-cac-tac-vu\" >T\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Quan-Ly-Truy-Cap-Hieu-Qua\" >Qu\u1ea3n L\u00fd Truy C\u1eadp Hi\u1ec7u Qu\u1ea3<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Cac-loai-SSH-Key\" >C\u00e1c lo\u1ea1i SSH Key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#RSA-Rivest-Shamir-Adleman\" >RSA (Rivest-Shamir-Adleman)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#DSA-Digital-Signature-Algorithm\" >DSA (Digital Signature Algorithm)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#ECDSA-Elliptic-Curve-Digital-Signature-Algorithm\" >ECDSA (Elliptic Curve Digital Signature Algorithm)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Ed25519\" >Ed25519<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Cach-tao-SSH-Key\" >C\u00e1ch t\u1ea1o SSH Key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Tao-SSH-Key-tren-LinuxmacOS-su-dung-Terminal\" >T\u1ea1o SSH Key tr\u00ean Linux\/macOS (s\u1eed d\u1ee5ng Terminal)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Tao-SSH-Key-tren-Windows-su-dung-PuTTYgen\" >T\u1ea1o SSH Key tr\u00ean Windows (s\u1eed d\u1ee5ng PuTTYgen)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Tao-SSH-Key-tren-Windows-su-dung-OpenSSH\" >T\u1ea1o SSH Key tr\u00ean Windows (s\u1eed d\u1ee5ng OpenSSH)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Cach-su-dung-SSH-Key\" >C\u00e1ch s\u1eed d\u1ee5ng SSH Key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Dat-khoa-cong-khai-len-may-chu\" >\u0110\u1eb7t kh\u00f3a c\u00f4ng khai l\u00ean m\u00e1y ch\u1ee7<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Ket-noi-den-may-chu-bang-SSH-Key\" >K\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 b\u1eb1ng SSH Key<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Bao-mat-SSH-Key\" >B\u1ea3o m\u1eadt SSH Key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Su-dung-Passphrase-manh\" >S\u1eed d\u1ee5ng Passphrase m\u1ea1nh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Luu-tru-khoa-rieng-tu-an-toan\" >L\u01b0u tr\u1eef kh\u00f3a ri\u00eang t\u01b0 an to\u00e0n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Gioi-han-quyen-truy-cap\" >Gi\u1edbi h\u1ea1n quy\u1ec1n truy c\u1eadp<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Su-dung-SSH-Agent-mot-cach-an-toan\" >S\u1eed d\u1ee5ng SSH Agent m\u1ed9t c\u00e1ch an to\u00e0n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Thu-hoi-khoa-khi-can-thiet\" >Thu h\u1ed3i kh\u00f3a khi c\u1ea7n thi\u1ebft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Cap-nhat-phan-mem-ssh\" >C\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m ssh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Giam-sat-hoat-dong-dang-nhap\" >Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng \u0111\u0103ng nh\u1eadp<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#SSH-Key-Nhung-van-de-thuong-gap\" >SSH Key: Nh\u1eefng v\u1ea5n \u0111\u1ec1 th\u01b0\u1eddng g\u1eb7p<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Permission-denied-publickey\" >Permission denied (publickey)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Connection-refused\" >Connection refused<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Agent-admitted-failure-to-sign-using-the-key\" >Agent admitted failure to sign using the key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Quen-Passphrase\" >Qu\u00ean Passphrase<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/interdata.vn\/blog\/ssh-key-la-gi\/#Mat-khoa-rieng-tu\" >M\u1ea5t kh\u00f3a ri\u00eang t\u01b0<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Co-che-hoat-dong-cua-SSH-Key\"><\/span>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a SSH Key<\/strong> d\u1ef1a tr\u00ean nguy\u00ean t\u1eafc m\u00e3 h\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng, s\u1eed d\u1ee5ng m\u1ed9t c\u1eb7p kh\u00f3a: <strong>kh\u00f3a ri\u00eang t\u01b0<\/strong> (private key) tr\u00ean m\u00e1y c\u1ee7a b\u1ea1n v\u00e0 <strong>kh\u00f3a c\u00f4ng khai<\/strong> (public key) tr\u00ean m\u00e1y ch\u1ee7. Khi b\u1ea1n k\u1ebft n\u1ed1i, kh\u00f3a ri\u00eang t\u01b0 t\u1ea1o m\u1ed9t &#8220;ch\u1eef k\u00fd s\u1ed1&#8221;, v\u00e0 m\u00e1y ch\u1ee7 d\u00f9ng kh\u00f3a c\u00f4ng khai \u0111\u1ec3 x\u00e1c minh. N\u1ebfu kh\u1edbp, k\u1ebft n\u1ed1i an to\u00e0n \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp.<\/p>\n<p>H\u00e3y h\u00ecnh dung kh\u00f3a ri\u00eang t\u01b0 nh\u01b0 <strong>ch\u00eca kh\u00f3a<\/strong> c\u1ee7a b\u1ea1n, c\u00f2n kh\u00f3a c\u00f4ng khai nh\u01b0 <strong>\u1ed5 kh\u00f3a<\/strong> tr\u00ean c\u1eeda nh\u00e0 (server). Ch\u1ec9 c\u00f3 ch\u00eca kh\u00f3a c\u1ee7a b\u1ea1n m\u1edbi m\u1edf \u0111\u01b0\u1ee3c \u1ed5 kh\u00f3a \u0111\u00f3. Khi b\u1ea1n &#8220;tra ch\u00eca&#8221; (k\u1ebft n\u1ed1i), h\u1ec7 th\u1ed1ng s\u1ebd ki\u1ec3m tra xem ch\u00eca c\u00f3 kh\u1edbp v\u1edbi \u1ed5 kh\u00f4ng. Qu\u00e1 tr\u00ecnh n\u00e0y di\u1ec5n ra ho\u00e0n to\u00e0n t\u1ef1 \u0111\u1ed9ng v\u00e0 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a.<\/p>\n<p>C\u1ee5 th\u1ec3, khi b\u1ea1n b\u1eaft \u0111\u1ea7u k\u1ebft n\u1ed1i <a href=\"https:\/\/interdata.vn\/blog\/ssh-la-gi\/\">SSH<\/a>, m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n (client) s\u1ebd s\u1eed d\u1ee5ng <strong>kh\u00f3a ri\u00eang t\u01b0<\/strong> \u0111\u1ec3 t\u1ea1o ra m\u1ed9t th\u00f4ng \u0111i\u1ec7p \u0111\u00e3 \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a, g\u1ecdi l\u00e0 <strong>ch\u1eef k\u00fd s\u1ed1<\/strong>. Th\u00f4ng \u0111i\u1ec7p n\u00e0y \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn m\u00e1y ch\u1ee7. M\u00e1y ch\u1ee7 sau \u0111\u00f3 s\u1eed d\u1ee5ng <strong>kh\u00f3a c\u00f4ng khai<\/strong> t\u01b0\u01a1ng \u1ee9ng \u0111\u1ec3 gi\u1ea3i m\u00e3 th\u00f4ng \u0111i\u1ec7p. N\u1ebfu gi\u1ea3i m\u00e3 th\u00e0nh c\u00f4ng, ch\u1ee9ng t\u1ecf b\u1ea1n s\u1edf h\u1eefu kh\u00f3a ri\u00eang t\u01b0 h\u1ee3p l\u1ec7.<\/p>\n<p>Qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c n\u00e0y di\u1ec5n ra <strong>trong t\u00edch t\u1eafc<\/strong> v\u00e0 ho\u00e0n to\u00e0n <strong>trong su\u1ed1t<\/strong> v\u1edbi ng\u01b0\u1eddi d\u00f9ng. B\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i nh\u1eadp m\u1eadt kh\u1ea9u, nh\u01b0ng h\u1ec7 th\u1ed1ng v\u1eabn \u0111\u1ea3m b\u1ea3o \u0111\u01b0\u1ee3c t\u00ednh b\u1ea3o m\u1eadt cao. \u0110\u00e2y l\u00e0 \u0111i\u1ec3m kh\u00e1c bi\u1ec7t l\u1edbn so v\u1edbi ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c b\u1eb1ng m\u1eadt kh\u1ea9u truy\u1ec1n th\u1ed1ng, v\u1ed1n d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng &#8220;brute-force&#8221; (th\u1eed t\u1ea5t c\u1ea3 c\u00e1c m\u1eadt kh\u1ea9u c\u00f3 th\u1ec3).<\/p>\n<p>V\u00ed d\u1ee5, b\u1ea1n c\u00f3 th\u1ec3 t\u01b0\u1edfng t\u01b0\u1ee3ng vi\u1ec7c g\u1eedi m\u1ed9t b\u1ee9c th\u01b0 \u0111\u01b0\u1ee3c kh\u00f3a b\u1eb1ng m\u1ed9t chi\u1ebfc kh\u00f3a \u0111\u1eb7c bi\u1ec7t. Ch\u1ec9 ng\u01b0\u1eddi nh\u1eadn c\u00f3 ch\u00eca kh\u00f3a ph\u00f9 h\u1ee3p m\u1edbi c\u00f3 th\u1ec3 m\u1edf \u0111\u01b0\u1ee3c b\u1ee9c th\u01b0 \u0111\u00f3. T\u01b0\u01a1ng t\u1ef1 nh\u01b0 v\u1eady, <strong>SSH Key<\/strong> \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 c\u00f3 b\u1ea1n, ng\u01b0\u1eddi s\u1edf h\u1eefu <strong>kh\u00f3a ri\u00eang t\u01b0<\/strong>, m\u1edbi c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o m\u00e1y ch\u1ee7. Vi\u1ec7c x\u00e1c th\u1ef1c \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n t\u1ef1 \u0111\u1ed9ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Nhung-loi-ich-cua-SSH-Key\"><\/span>Nh\u1eefng l\u1ee3i \u00edch c\u1ee7a SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSH Key mang l\u1ea1i nhi\u1ec1u l\u1ee3i \u00edch v\u01b0\u1ee3t tr\u1ed9i so v\u1edbi ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c b\u1eb1ng m\u1eadt kh\u1ea9u truy\u1ec1n th\u1ed1ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 v\u1ec1 <strong>b\u1ea3o m\u1eadt<\/strong>, <strong>ti\u1ec7n l\u1ee3i<\/strong> v\u00e0 <strong>kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng h\u00f3a<\/strong>. Vi\u1ec7c chuy\u1ec3n sang s\u1eed d\u1ee5ng SSH Key kh\u00f4ng ch\u1ec9 gi\u00fap t\u0103ng c\u01b0\u1eddng an ninh cho h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n m\u00e0 c\u00f2n gi\u00fap c\u00f4ng vi\u1ec7c qu\u1ea3n tr\u1ecb tr\u1edf n\u00ean d\u1ec5 d\u00e0ng v\u00e0 hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bao-mat-vuot-troi\"><\/span>B\u1ea3o m\u1eadt v\u01b0\u1ee3t tr\u1ed9i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>SSH Key lo\u1ea1i b\u1ecf nguy c\u01a1<\/strong> b\u1ecb t\u1ea5n c\u00f4ng brute-force (d\u00f2 m\u1eadt kh\u1ea9u) \u2013 m\u1ed9t trong nh\u1eefng h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn nh\u1ea5t. V\u00ec kh\u00f4ng c\u1ea7n nh\u1eadp m\u1eadt kh\u1ea9u, k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng th\u1ec3 th\u1eed h\u00e0ng lo\u1ea1t m\u1eadt kh\u1ea9u \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n. Kh\u00f3a SSH, v\u1edbi \u0111\u1ed9 d\u00e0i v\u00e0 \u0111\u1ed9 ph\u1ee9c t\u1ea1p cao, g\u1ea7n nh\u01b0 kh\u00f4ng th\u1ec3 b\u1ecb &#8220;b\u1ebb kh\u00f3a&#8221; b\u1eb1ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p th\u00f4ng th\u01b0\u1eddng.<\/p>\n<p>Thay v\u00ec d\u1ef1a v\u00e0o m\u1ed9t m\u1eadt kh\u1ea9u duy nh\u1ea5t, SSH Key s\u1eed d\u1ee5ng <strong>c\u1eb7p kh\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng<\/strong>. Ngay c\u1ea3 khi k\u1ebb t\u1ea5n c\u00f4ng b\u1eb1ng c\u00e1ch n\u00e0o \u0111\u00f3 c\u00f3 \u0111\u01b0\u1ee3c kh\u00f3a c\u00f4ng khai, h\u1ecd c\u0169ng kh\u00f4ng th\u1ec3 s\u1eed d\u1ee5ng n\u00f3 \u0111\u1ec3 truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng n\u1ebfu kh\u00f4ng c\u00f3 kh\u00f3a ri\u00eang t\u01b0. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt b\u1ed5 sung, gi\u00fap b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n an to\u00e0n h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tien-loi-va-nhanh-chong\"><\/span>Ti\u1ec7n l\u1ee3i v\u00e0 nhanh ch\u00f3ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1edbi SSH Key, b\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i <strong>nh\u1edb v\u00e0 nh\u1eadp m\u1eadt kh\u1ea9u<\/strong> m\u1ed7i khi k\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch n\u1ebfu b\u1ea1n th\u01b0\u1eddng xuy\u00ean l\u00e0m vi\u1ec7c v\u1edbi nhi\u1ec1u m\u00e1y ch\u1ee7 kh\u00e1c nhau. B\u1ea1n ch\u1ec9 c\u1ea7n t\u1ea1o m\u1ed9t c\u1eb7p kh\u00f3a, \u0111\u1eb7t kh\u00f3a c\u00f4ng khai l\u00ean c\u00e1c m\u00e1y ch\u1ee7, v\u00e0 sau \u0111\u00f3 c\u00f3 th\u1ec3 truy c\u1eadp m\u1ed9t c\u00e1ch nhanh ch\u00f3ng v\u00e0 d\u1ec5 d\u00e0ng.<\/p>\n<p>H\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng b\u1ea1n ph\u1ea3i qu\u1ea3n l\u00fd h\u00e0ng ch\u1ee5c m\u00e1y ch\u1ee7. Vi\u1ec7c nh\u1edb v\u00e0 nh\u1eadp m\u1eadt kh\u1ea9u cho t\u1eebng m\u00e1y ch\u1ee7 s\u1ebd r\u1ea5t m\u1ea5t th\u1eddi gian v\u00e0 d\u1ec5 g\u00e2y nh\u1ea7m l\u1eabn. <strong>SSH Key gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1<\/strong> n\u00e0y m\u1ed9t c\u00e1ch tri\u1ec7t \u0111\u1ec3. B\u1ea1n ch\u1ec9 c\u1ea7n x\u00e1c th\u1ef1c m\u1ed9t l\u1ea7n b\u1eb1ng kh\u00f3a ri\u00eang t\u01b0, v\u00e0 sau \u0111\u00f3 c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7 \u0111\u00e3 \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tu-dong-hoa-cac-tac-vu\"><\/span>T\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSH Key l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 <strong>h\u1ed7 tr\u1ee3 \u0111\u1eafc l\u1ef1c<\/strong> cho vi\u1ec7c t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5 qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng. B\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng SSH Key trong c\u00e1c script (k\u1ecbch b\u1ea3n) \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng th\u1ef1c hi\u1ec7n c\u00e1c c\u00f4ng vi\u1ec7c nh\u01b0 sao l\u01b0u d\u1eef li\u1ec7u, tri\u1ec3n khai \u1ee9ng d\u1ee5ng, gi\u00e1m s\u00e1t h\u1ec7 th\u1ed1ng, m\u00e0 kh\u00f4ng c\u1ea7n ph\u1ea3i nh\u1eadp m\u1eadt kh\u1ea9u th\u1ee7 c\u00f4ng. \u0110i\u1ec1u n\u00e0y gi\u00fap ti\u1ebft ki\u1ec7m th\u1eddi gian, c\u00f4ng s\u1ee9c.<\/p>\n<p>V\u00ed d\u1ee5, b\u1ea1n c\u00f3 th\u1ec3 vi\u1ebft m\u1ed9t script \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng sao l\u01b0u d\u1eef li\u1ec7u t\u1eeb m\u00e1y ch\u1ee7 n\u00e0y sang m\u00e1y ch\u1ee7 kh\u00e1c h\u00e0ng \u0111\u00eam. Thay v\u00ec ph\u1ea3i nh\u1eadp m\u1eadt kh\u1ea9u m\u1ed7i l\u1ea7n ch\u1ea1y script, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng <strong>SSH Key \u0111\u1ec3 x\u00e1c th\u1ef1c<\/strong>. \u0110i\u1ec1u n\u00e0y kh\u00f4ng ch\u1ec9 gi\u00fap qu\u00e1 tr\u00ecnh sao l\u01b0u di\u1ec5n ra t\u1ef1 \u0111\u1ed9ng m\u00e0 c\u00f2n \u0111\u1ea3m b\u1ea3o an to\u00e0n cho d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-Ly-Truy-Cap-Hieu-Qua\"><\/span>Qu\u1ea3n L\u00fd Truy C\u1eadp Hi\u1ec7u Qu\u1ea3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSH Key cho ph\u00e9p b\u1ea1n <strong>qu\u1ea3n l\u00fd quy\u1ec1n truy c\u1eadp<\/strong> c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0o h\u1ec7 th\u1ed1ng m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng v\u00e0 linh ho\u1ea1t h\u01a1n. B\u1ea1n c\u00f3 th\u1ec3 c\u1ea5p quy\u1ec1n truy c\u1eadp cho t\u1eebng ng\u01b0\u1eddi d\u00f9ng b\u1eb1ng c\u00e1ch th\u00eam kh\u00f3a c\u00f4ng khai c\u1ee7a h\u1ecd v\u00e0o file <code>authorized_keys<\/code> tr\u00ean m\u00e1y ch\u1ee7. Khi kh\u00f4ng c\u1ea7n thi\u1ebft, b\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng thu h\u1ed3i quy\u1ec1n truy c\u1eadp b\u1eb1ng c\u00e1ch x\u00f3a kh\u00f3a c\u00f4ng khai \u0111\u00f3.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-loai-SSH-Key\"><\/span>C\u00e1c lo\u1ea1i SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00f3 nhi\u1ec1u lo\u1ea1i SSH Key kh\u00e1c nhau, m\u1ed7i lo\u1ea1i s\u1eed d\u1ee5ng m\u1ed9t thu\u1eadt to\u00e1n m\u00e3 h\u00f3a ri\u00eang. Vi\u1ec7c l\u1ef1a ch\u1ecdn lo\u1ea1i kh\u00f3a ph\u00f9 h\u1ee3p ph\u1ee5 thu\u1ed9c v\u00e0o nhu c\u1ea7u b\u1ea3o m\u1eadt v\u00e0 hi\u1ec7u su\u1ea5t c\u1ee7a b\u1ea1n. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 lo\u1ea1i <strong>SSH Key ph\u1ed5 bi\u1ebfn<\/strong> nh\u1ea5t hi\u1ec7n nay, bao g\u1ed3m: <strong>RSA, DSA, ECDSA v\u00e0 Ed25519<\/strong>, v\u1edbi c\u00e1c \u0111\u1eb7c \u0111i\u1ec3m v\u00e0 khuy\u1ebfn ngh\u1ecb s\u1eed d\u1ee5ng ri\u00eang.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"RSA-Rivest-Shamir-Adleman\"><\/span>RSA (Rivest-Shamir-Adleman)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>RSA l\u00e0 lo\u1ea1i kh\u00f3a <strong>ph\u1ed5 bi\u1ebfn nh\u1ea5t<\/strong> v\u00e0 \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 r\u1ed9ng r\u00e3i nh\u1ea5t trong c\u00e1c h\u1ec7 th\u1ed1ng v\u00e0 \u1ee9ng d\u1ee5ng. RSA s\u1eed d\u1ee5ng thu\u1eadt to\u00e1n m\u00e3 h\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng, d\u1ef1a tr\u00ean \u0111\u1ed9 kh\u00f3 c\u1ee7a vi\u1ec7c ph\u00e2n t\u00edch m\u1ed9t s\u1ed1 nguy\u00ean l\u1edbn th\u00e0nh c\u00e1c th\u1eeba s\u1ed1 nguy\u00ean t\u1ed1. <strong>RSA<\/strong> th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng v\u1edbi \u0111\u1ed9 d\u00e0i kh\u00f3a 2048 bit ho\u1eb7c 4096 bit, cung c\u1ea5p s\u1ef1 c\u00e2n b\u1eb1ng gi\u1eefa b\u1ea3o m\u1eadt v\u00e0 hi\u1ec7u su\u1ea5t.<\/p>\n<p>Tuy nhi\u00ean, v\u1edbi s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a c\u00f4ng ngh\u1ec7, <strong>RSA<\/strong> v\u1edbi \u0111\u1ed9 d\u00e0i kh\u00f3a ng\u1eafn (v\u00ed d\u1ee5: 1024 bit) kh\u00f4ng c\u00f2n \u0111\u01b0\u1ee3c coi l\u00e0 an to\u00e0n. N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng RSA, h\u00e3y \u0111\u1ea3m b\u1ea3o s\u1eed d\u1ee5ng \u0111\u1ed9 d\u00e0i kh\u00f3a <strong>\u00edt nh\u1ea5t 2048 bit<\/strong>, t\u1ed1t nh\u1ea5t l\u00e0 <strong>4096 bit<\/strong>, \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n tr\u01b0\u1edbc c\u00e1c ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng hi\u1ec7n \u0111\u1ea1i. RSA v\u1eabn l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn t\u1ed1t, quen thu\u1ed9c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DSA-Digital-Signature-Algorithm\"><\/span>DSA (Digital Signature Algorithm)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DSA l\u00e0 m\u1ed9t ti\u00eau chu\u1ea9n c\u0169 h\u01a1n, t\u1eebng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i. Tuy nhi\u00ean, <strong>DSA<\/strong> hi\u1ec7n nay <strong>kh\u00f4ng c\u00f2n \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb<\/strong> s\u1eed d\u1ee5ng do c\u00e1c v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt ti\u1ec1m \u1ea9n. C\u00e1c phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a OpenSSH (m\u1ed9t ph\u1ea7n m\u1ec1m SSH ph\u1ed5 bi\u1ebfn) th\u1eadm ch\u00ed \u0111\u00e3 v\u00f4 hi\u1ec7u h\u00f3a h\u1ed7 tr\u1ee3 cho DSA theo m\u1eb7c \u0111\u1ecbnh. B\u1ea1n n\u00ean tr\u00e1nh s\u1eed d\u1ee5ng DSA v\u00e0 chuy\u1ec3n sang c\u00e1c lo\u1ea1i kh\u00f3a hi\u1ec7n \u0111\u1ea1i h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"ECDSA-Elliptic-Curve-Digital-Signature-Algorithm\"><\/span>ECDSA (Elliptic Curve Digital Signature Algorithm)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>ECDSA l\u00e0 m\u1ed9t thu\u1eadt to\u00e1n m\u00e3 h\u00f3a d\u1ef1a tr\u00ean <strong>\u0111\u01b0\u1eddng cong elliptic<\/strong>. N\u00f3 cung c\u1ea5p m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt t\u01b0\u01a1ng \u0111\u01b0\u01a1ng v\u1edbi RSA nh\u01b0ng v\u1edbi <strong>k\u00edch th\u01b0\u1edbc kh\u00f3a nh\u1ecf h\u01a1n<\/strong>, gi\u00fap t\u0103ng t\u1ed1c \u0111\u1ed9 t\u1ea1o kh\u00f3a v\u00e0 x\u00e1c th\u1ef1c. V\u00ed d\u1ee5, m\u1ed9t kh\u00f3a ECDSA 256 bit c\u00f3 th\u1ec3 cung c\u1ea5p m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt t\u01b0\u01a1ng \u0111\u01b0\u01a1ng v\u1edbi kh\u00f3a RSA 3072 bit. \u0110i\u1ec1u n\u00e0y l\u00e0m ECDSA tr\u1edf th\u00e0nh l\u1ef1a ch\u1ecdn.<\/p>\n<p><strong>ECDSA<\/strong> l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn t\u1ed1t n\u1ebfu b\u1ea1n c\u1ea7n hi\u1ec7u su\u1ea5t cao h\u01a1n, \u0111\u1eb7c bi\u1ec7t l\u00e0 trong c\u00e1c m\u00f4i tr\u01b0\u1eddng c\u00f3 t\u00e0i nguy\u00ean h\u1ea1n ch\u1ebf. Tuy nhi\u00ean, h\u00e3y l\u01b0u \u00fd r\u1eb1ng kh\u00f4ng ph\u1ea3i t\u1ea5t c\u1ea3 c\u00e1c h\u1ec7 th\u1ed1ng v\u00e0 \u1ee9ng d\u1ee5ng \u0111\u1ec1u h\u1ed7 tr\u1ee3 ECDSA. H\u00e3y ki\u1ec3m tra t\u00ednh t\u01b0\u01a1ng th\u00edch tr\u01b0\u1edbc khi s\u1eed d\u1ee5ng ECDSA \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng n\u00f3 \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 tr\u00ean c\u1ea3 m\u00e1y kh\u00e1ch v\u00e0 m\u00e1y ch\u1ee7.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ed25519\"><\/span>Ed25519<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ed25519 l\u00e0 m\u1ed9t lo\u1ea1i kh\u00f3a <strong>t\u01b0\u01a1ng \u0111\u1ed1i m\u1edbi<\/strong> v\u00e0 \u0111\u01b0\u1ee3c coi l\u00e0 m\u1ed9t trong nh\u1eefng l\u1ef1a ch\u1ecdn <strong>an to\u00e0n v\u00e0 hi\u1ec7u qu\u1ea3 nh\u1ea5t<\/strong> hi\u1ec7n nay. N\u00f3 c\u0169ng d\u1ef1a tr\u00ean \u0111\u01b0\u1eddng cong elliptic, nh\u01b0ng s\u1eed d\u1ee5ng m\u1ed9t \u0111\u01b0\u1eddng cong \u0111\u1eb7c bi\u1ec7t (Curve25519) \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 t\u1ed1i \u01b0u h\u00f3a c\u1ea3 b\u1ea3o m\u1eadt v\u00e0 hi\u1ec7u su\u1ea5t. <strong>Ed25519<\/strong> \u0111ang ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn v\u00e0 \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb s\u1eed d\u1ee5ng.<\/p>\n<p><strong>Ed25519<\/strong> cung c\u1ea5p t\u1ed1c \u0111\u1ed9 t\u1ea1o kh\u00f3a v\u00e0 x\u00e1c th\u1ef1c nhanh h\u01a1n so v\u1edbi RSA v\u00e0 ECDSA, \u0111\u1ed3ng th\u1eddi c\u00f3 kh\u1ea3 n\u0103ng ch\u1ed1ng l\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng side-channel (t\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean th\u00f4ng tin r\u00f2 r\u1ec9 t\u1eeb qu\u00e1 tr\u00ecnh th\u1ef1c thi, v\u00ed d\u1ee5 nh\u01b0 th\u1eddi gian x\u1eed l\u00fd). N\u1ebfu h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n h\u1ed7 tr\u1ee3, <strong>Ed25519<\/strong> l\u00e0 l\u1ef1a ch\u1ecdn <strong>t\u1ed1t nh\u1ea5t<\/strong> cho SSH Key c\u1ee7a b\u1ea1n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach-tao-SSH-Key\"><\/span>C\u00e1ch t\u1ea1o SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c t\u1ea1o SSH Key kh\u00e1 \u0111\u01a1n gi\u1ea3n v\u00e0 c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n tr\u00ean nhi\u1ec1u h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau. H\u01b0\u1edbng d\u1eabn n\u00e0y s\u1ebd tr\u00ecnh b\u00e0y chi ti\u1ebft c\u00e1ch t\u1ea1o SSH key tr\u00ean <strong>Linux\/macOS<\/strong> (s\u1eed d\u1ee5ng Terminal) v\u00e0 tr\u00ean <strong>Windows<\/strong> (s\u1eed d\u1ee5ng PuTTYgen v\u00e0 OpenSSH). B\u1ea1n c\u00f3 th\u1ec3 ch\u1ecdn ph\u01b0\u01a1ng ph\u00e1p ph\u00f9 h\u1ee3p v\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh c\u1ee7a m\u00ecnh. Qu\u00e1 tr\u00ecnh t\u1ea1o bao g\u1ed3m c\u00e1c b\u01b0\u1edbc ch\u00ednh.<\/p>\n<p>Tr\u01b0\u1edbc khi b\u1eaft \u0111\u1ea7u, h\u00e3y quy\u1ebft \u0111\u1ecbnh lo\u1ea1i <strong>SSH Key<\/strong> b\u1ea1n mu\u1ed1n t\u1ea1o (RSA, Ed25519,&#8230;). Ed25519 \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb v\u00ec t\u00ednh b\u1ea3o m\u1eadt v\u00e0 hi\u1ec7u su\u1ea5t t\u1ed1t. Sau \u0111\u00f3, b\u1ea1n s\u1ebd s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 (th\u01b0\u1eddng l\u00e0 d\u00f2ng l\u1ec7nh) \u0111\u1ec3 t\u1ea1o c\u1eb7p kh\u00f3a. Cu\u1ed1i c\u00f9ng, b\u1ea1n c\u00f3 th\u1ec3 th\u00eam m\u1ed9t <strong>passphrase<\/strong> (m\u1eadt kh\u1ea9u) \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt cho kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a m\u00ecnh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tao-SSH-Key-tren-LinuxmacOS-su-dung-Terminal\"><\/span>T\u1ea1o SSH Key tr\u00ean Linux\/macOS (s\u1eed d\u1ee5ng Terminal)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux v\u00e0 macOS, b\u1ea1n s\u1ebd s\u1eed d\u1ee5ng <strong>Terminal<\/strong> \u0111\u1ec3 t\u1ea1o SSH Key. Terminal l\u00e0 m\u1ed9t giao di\u1ec7n d\u00f2ng l\u1ec7nh cho ph\u00e9p b\u1ea1n t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh. \u0110\u1ec3 m\u1edf Terminal, tr\u00ean macOS, b\u1ea1n c\u00f3 th\u1ec3 t\u00ecm ki\u1ebfm &#8220;Terminal&#8221; trong Spotlight. Tr\u00ean Linux, b\u1ea1n c\u00f3 th\u1ec3 t\u00ecm th\u1ea5y Terminal trong danh s\u00e1ch \u1ee9ng d\u1ee5ng ho\u1eb7c s\u1eed d\u1ee5ng t\u1ed5 h\u1ee3p ph\u00edm Ctrl+Alt+T.<\/p>\n<ol>\n<li><strong>M\u1edf Terminal:<\/strong> T\u00ecm v\u00e0 m\u1edf \u1ee9ng d\u1ee5ng Terminal tr\u00ean h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>S\u1eed d\u1ee5ng l\u1ec7nh <\/strong><code><strong>ssh-keygen<\/strong><\/code><strong>:<\/strong> \u0110\u00e2y l\u00e0 l\u1ec7nh ch\u00ednh \u0111\u1ec3 t\u1ea1o SSH Key. C\u00fa ph\u00e1p \u0111\u1ea7y \u0111\u1ee7 c\u1ee7a l\u1ec7nh l\u00e0: <code>ssh-keygen -t &lt;lo\u1ea1i_kh\u00f3a&gt; -b &lt;\u0111\u1ed9_d\u00e0i_kh\u00f3a&gt; -C \"m\u00f4 t\u1ea3\"<\/code>\n<ul>\n<li><code>-t<\/code>: Ch\u1ec9 \u0111\u1ecbnh lo\u1ea1i kh\u00f3a. V\u00ed d\u1ee5: <code>-t ed25519<\/code> ho\u1eb7c <code>-t rsa<\/code>.<\/li>\n<li><code>-b<\/code>: Ch\u1ec9 \u0111\u1ecbnh \u0111\u1ed9 d\u00e0i kh\u00f3a (bits). Ch\u1ec9 \u00e1p d\u1ee5ng cho RSA. V\u00ed d\u1ee5: <code>-b 4096<\/code>. V\u1edbi Ed25519, b\u1ea1n kh\u00f4ng c\u1ea7n ch\u1ec9 \u0111\u1ecbnh \u0111\u1ed9 d\u00e0i kh\u00f3a.<\/li>\n<li><code>-C<\/code>: Th\u00eam m\u00f4 t\u1ea3 (comment). V\u00ed d\u1ee5: <code>-C \"my-key-for-server\"<\/code>. M\u00f4 t\u1ea3 n\u00e0y gi\u00fap b\u1ea1n d\u1ec5 d\u00e0ng nh\u1eadn bi\u1ebft kh\u00f3a n\u00e0y d\u00f9ng cho m\u1ee5c \u0111\u00edch g\u00ec.<\/li>\n<\/ul>\n<\/li>\n<li><strong>V\u00ed d\u1ee5 t\u1ea1o kh\u00f3a Ed25519:<\/strong> <code>ssh-keygen -t ed25519 -C \"my-ed25519-key\"<\/code> L\u1ec7nh n\u00e0y s\u1ebd t\u1ea1o m\u1ed9t kh\u00f3a Ed25519 v\u1edbi m\u00f4 t\u1ea3 l\u00e0 &#8220;my-ed25519-key&#8221;.<\/li>\n<li><strong>V\u00ed d\u1ee5 t\u1ea1o kh\u00f3a RSA 4096 bit:<\/strong> <code>ssh-keygen -t rsa -b 4096 -C \"my-rsa-4096-key\"<\/code> L\u1ec7nh n\u00e0y s\u1ebd t\u1ea1o m\u1ed9t kh\u00f3a RSA v\u1edbi \u0111\u1ed9 d\u00e0i 4096 bit v\u00e0 m\u00f4 t\u1ea3 l\u00e0 &#8220;my-rsa-4096-key&#8221;.<\/li>\n<li><strong>Ch\u1ecdn v\u1ecb tr\u00ed l\u01b0u kh\u00f3a:<\/strong> Sau khi ch\u1ea1y l\u1ec7nh, h\u1ec7 th\u1ed1ng s\u1ebd h\u1ecfi b\u1ea1n mu\u1ed1n l\u01b0u kh\u00f3a \u1edf \u0111\u00e2u. M\u1eb7c \u0111\u1ecbnh l\u00e0 <code>~\/.ssh\/id_&lt;lo\u1ea1i_kh\u00f3a&gt;<\/code> (v\u00ed d\u1ee5: <code>~\/.ssh\/id_ed25519<\/code>). B\u1ea1n c\u00f3 th\u1ec3 nh\u1ea5n Enter \u0111\u1ec3 ch\u1ea5p nh\u1eadn v\u1ecb tr\u00ed m\u1eb7c \u0111\u1ecbnh, ho\u1eb7c nh\u1eadp \u0111\u01b0\u1eddng d\u1eabn kh\u00e1c n\u1ebfu mu\u1ed1n.<\/li>\n<li><strong>Nh\u1eadp passphrase (t\u00f9y ch\u1ecdn):<\/strong> H\u1ec7 th\u1ed1ng s\u1ebd h\u1ecfi b\u1ea1n c\u00f3 mu\u1ed1n nh\u1eadp passphrase kh\u00f4ng. Passphrase l\u00e0 m\u1ed9t m\u1eadt kh\u1ea9u b\u1ed5 sung \u0111\u1ec3 b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0. N\u1ebfu b\u1ea1n nh\u1eadp passphrase, b\u1ea1n s\u1ebd c\u1ea7n nh\u1eadp l\u1ea1i passphrase \u0111\u00f3 m\u1ed7i khi s\u1eed d\u1ee5ng kh\u00f3a ri\u00eang t\u01b0. <strong>N\u00ean s\u1eed d\u1ee5ng passphrase<\/strong> \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt.<\/li>\n<li><strong>Ho\u00e0n t\u1ea5t:<\/strong> Sau khi ho\u00e0n t\u1ea5t, h\u1ec7 th\u1ed1ng s\u1ebd t\u1ea1o ra hai file:\n<ul>\n<li><code>~\/.ssh\/id_&lt;lo\u1ea1i_kh\u00f3a&gt;<\/code>: \u0110\u00e2y l\u00e0 <strong>kh\u00f3a ri\u00eang t\u01b0<\/strong> (private key) c\u1ee7a b\u1ea1n. H\u00e3y gi\u1eef b\u00ed m\u1eadt file n\u00e0y.<\/li>\n<li><code>~\/.ssh\/id_&lt;lo\u1ea1i_kh\u00f3a&gt;.pub<\/code>: \u0110\u00e2y l\u00e0 <strong>kh\u00f3a c\u00f4ng khai<\/strong> (public key) c\u1ee7a b\u1ea1n. B\u1ea1n s\u1ebd c\u1ea7n file n\u00e0y \u0111\u1ec3 \u0111\u1eb7t l\u00ean server.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Tao-SSH-Key-tren-Windows-su-dung-PuTTYgen\"><\/span>T\u1ea1o SSH Key tr\u00ean Windows (s\u1eed d\u1ee5ng PuTTYgen)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Tr\u00ean Windows, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng <strong>PuTTYgen<\/strong>, m\u1ed9t c\u00f4ng c\u1ee5 \u0111i k\u00e8m v\u1edbi b\u1ed9 ph\u1ea7n m\u1ec1m PuTTY, \u0111\u1ec3 t\u1ea1o SSH Key. PuTTY l\u00e0 m\u1ed9t tr\u00ecnh kh\u00e1ch SSH v\u00e0 Telnet ph\u1ed5 bi\u1ebfn tr\u00ean Windows. Tr\u01b0\u1edbc h\u1ebft b\u1ea1n c\u1ea7n t\u1ea3i v\u00e0 c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m PuTTY t\u1ea1i trang ch\u1ee7. Sau khi c\u00e0i \u0111\u1eb7t, b\u1ea1n h\u00e3y l\u00e0m theo h\u01b0\u1edbng d\u1eabn t\u1eebng b\u01b0\u1edbc d\u01b0\u1edbi \u0111\u00e2y.<\/p>\n<ol>\n<li><strong>M\u1edf PuTTYgen:<\/strong> T\u00ecm v\u00e0 m\u1edf \u1ee9ng d\u1ee5ng PuTTYgen tr\u00ean m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>Ch\u1ecdn lo\u1ea1i kh\u00f3a:<\/strong> Trong ph\u1ea7n &#8220;Parameters&#8221; \u1edf ph\u00eda d\u01b0\u1edbi c\u1eeda s\u1ed5, ch\u1ecdn lo\u1ea1i kh\u00f3a b\u1ea1n mu\u1ed1n t\u1ea1o. B\u1ea1n c\u00f3 th\u1ec3 ch\u1ecdn &#8220;RSA&#8221; ho\u1eb7c &#8220;ED25519&#8221;.<\/li>\n<li><strong>Ch\u1ecdn \u0111\u1ed9 d\u00e0i kh\u00f3a (cho RSA):<\/strong> N\u1ebfu b\u1ea1n ch\u1ecdn RSA, h\u00e3y ch\u1ecdn \u0111\u1ed9 d\u00e0i kh\u00f3a trong ph\u1ea7n &#8220;Number of bits in a generated key&#8221;. Khuy\u1ebfn ngh\u1ecb <strong>\u00edt nh\u1ea5t l\u00e0 2048 bit<\/strong>, t\u1ed1t nh\u1ea5t l\u00e0 <strong>4096 bit<\/strong>. V\u1edbi Ed25519, b\u1ea1n kh\u00f4ng c\u1ea7n ch\u1ecdn \u0111\u1ed9 d\u00e0i kh\u00f3a.<\/li>\n<li><strong>Nh\u1ea5p v\u00e0o &#8220;Generate&#8221;:<\/strong> Nh\u1ea5p v\u00e0o n\u00fat &#8220;Generate&#8221; \u0111\u1ec3 b\u1eaft \u0111\u1ea7u qu\u00e1 tr\u00ecnh t\u1ea1o kh\u00f3a.<\/li>\n<li><strong>Di chuy\u1ec3n chu\u1ed9t ng\u1eabu nhi\u00ean:<\/strong> PuTTYgen s\u1ebd y\u00eau c\u1ea7u b\u1ea1n di chuy\u1ec3n chu\u1ed9t ng\u1eabu nhi\u00ean trong v\u00f9ng tr\u1ed1ng c\u1ee7a c\u1eeda s\u1ed5. Vi\u1ec7c n\u00e0y gi\u00fap t\u1ea1o ra t\u00ednh ng\u1eabu nhi\u00ean cho kh\u00f3a.<\/li>\n<li><strong>Nh\u1eadp passphrase (t\u00f9y ch\u1ecdn):<\/strong> Trong ph\u1ea7n &#8220;Key passphrase&#8221; v\u00e0 &#8220;Confirm passphrase&#8221;, b\u1ea1n c\u00f3 th\u1ec3 nh\u1eadp passphrase \u0111\u1ec3 b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0. <strong>N\u00ean s\u1eed d\u1ee5ng passphrase<\/strong>.<\/li>\n<li><strong>Th\u00eam m\u00f4 t\u1ea3 (t\u00f9y ch\u1ecdn):<\/strong> Trong ph\u1ea7n &#8220;Key comment&#8221;, b\u1ea1n c\u00f3 th\u1ec3 th\u00eam m\u00f4 t\u1ea3 \u0111\u1ec3 d\u1ec5 d\u00e0ng nh\u1eadn bi\u1ebft kh\u00f3a n\u00e0y.<\/li>\n<li><strong>L\u01b0u kh\u00f3a ri\u00eang t\u01b0:<\/strong> Nh\u1ea5p v\u00e0o n\u00fat &#8220;Save private key&#8221; \u0111\u1ec3 l\u01b0u kh\u00f3a ri\u00eang t\u01b0. Ch\u1ecdn m\u1ed9t v\u1ecb tr\u00ed an to\u00e0n v\u00e0 \u0111\u1eb7t t\u00ean file d\u1ec5 nh\u1edb (v\u00ed d\u1ee5: <code>my-private-key.ppk<\/code>). Ph\u1ea7n m\u1edf r\u1ed9ng .ppk l\u00e0 \u0111\u1ecbnh d\u1ea1ng kh\u00f3a ri\u00eang c\u1ee7a PuTTY.<\/li>\n<li><strong>L\u01b0u kh\u00f3a c\u00f4ng khai:<\/strong> Nh\u1ea5p v\u00e0o n\u00fat &#8220;Save public key&#8221; \u0111\u1ec3 l\u01b0u kh\u00f3a c\u00f4ng khai. B\u1ea1n c\u00f3 th\u1ec3 \u0111\u1eb7t t\u00ean file t\u01b0\u01a1ng t\u1ef1 nh\u01b0 kh\u00f3a ri\u00eang t\u01b0 (v\u00ed d\u1ee5: <code>my-public-key.pub<\/code>).<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Tao-SSH-Key-tren-Windows-su-dung-OpenSSH\"><\/span>T\u1ea1o SSH Key tr\u00ean Windows (s\u1eed d\u1ee5ng OpenSSH)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Windows 10 v\u00e0 Windows Server 2019 tr\u1edf l\u00ean \u0111\u00e3 t\u00edch h\u1ee3p s\u1eb5n OpenSSH, cho ph\u00e9p b\u1ea1n t\u1ea1o SSH Key tr\u1ef1c ti\u1ebfp t\u1eeb Command Prompt ho\u1eb7c PowerShell, t\u01b0\u01a1ng t\u1ef1 nh\u01b0 tr\u00ean Linux\/macOS.<\/p>\n<ol>\n<li><strong>M\u1edf Command Prompt ho\u1eb7c PowerShell:<\/strong> T\u00ecm v\u00e0 m\u1edf Command Prompt ho\u1eb7c PowerShell (n\u00ean ch\u1ea1y v\u1edbi quy\u1ec1n Administrator).<\/li>\n<li><strong>S\u1eed d\u1ee5ng l\u1ec7nh <\/strong><code><strong>ssh-keygen<\/strong><\/code><strong>:<\/strong> C\u00e1ch s\u1eed d\u1ee5ng l\u1ec7nh <code>ssh-keygen<\/code> ho\u00e0n to\u00e0n gi\u1ed1ng nh\u01b0 tr\u00ean Linux\/macOS. B\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o l\u1ea1i ph\u1ea7n h\u01b0\u1edbng d\u1eabn \u1edf tr\u00ean. V\u00ed d\u1ee5: <code>ssh-keygen -t ed25519 -C \"my-windows-ssh-key\"<\/code><\/li>\n<li><strong>C\u00e1c b\u01b0\u1edbc c\u00f2n l\u1ea1i:<\/strong> C\u00e1c b\u01b0\u1edbc c\u00f2n l\u1ea1i (ch\u1ecdn v\u1ecb tr\u00ed l\u01b0u kh\u00f3a, nh\u1eadp passphrase) ho\u00e0n to\u00e0n gi\u1ed1ng nh\u01b0 tr\u00ean Linux\/macOS.<\/li>\n<\/ol>\n<p><strong>L\u01b0u \u00fd quan tr\u1ecdng:<\/strong><\/p>\n<ul>\n<li><strong>Kh\u00f3a ri\u00eang t\u01b0 (.ppk ho\u1eb7c kh\u00f4ng c\u00f3 ph\u1ea7n m\u1edf r\u1ed9ng):<\/strong> Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng chia s\u1ebb file n\u00e0y v\u1edbi b\u1ea5t k\u1ef3 ai.<\/li>\n<li><strong>Kh\u00f3a c\u00f4ng khai (.pub):<\/strong> File n\u00e0y b\u1ea1n s\u1ebd c\u1ea7n \u0111\u1ec3 c\u1ea5u h\u00ecnh tr\u00ean server.<\/li>\n<li><strong>Passphrase:<\/strong> N\u1ebfu s\u1eed d\u1ee5ng, h\u00e3y ghi nh\u1edb passphrase. M\u1ea5t passphrase \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c m\u1ea5t quy\u1ec1n truy c\u1eadp s\u1eed d\u1ee5ng key \u0111\u00f3.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Cach-su-dung-SSH-Key\"><\/span>C\u00e1ch s\u1eed d\u1ee5ng SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sau khi \u0111\u00e3 t\u1ea1o SSH Key, b\u01b0\u1edbc ti\u1ebfp theo l\u00e0 <strong>s\u1eed d\u1ee5ng n\u00f3 \u0111\u1ec3 k\u1ebft n\u1ed1i<\/strong> \u0111\u1ebfn m\u00e1y ch\u1ee7 t\u1eeb xa (remote server). Qu\u00e1 tr\u00ecnh n\u00e0y bao g\u1ed3m hai b\u01b0\u1edbc ch\u00ednh: <strong>\u0111\u1eb7t kh\u00f3a c\u00f4ng khai<\/strong> (public key) l\u00ean m\u00e1y ch\u1ee7 v\u00e0 <strong>s\u1eed d\u1ee5ng kh\u00f3a ri\u00eang t\u01b0<\/strong> (private key) tr\u00ean m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n \u0111\u1ec3 k\u1ebft n\u1ed1i. H\u01b0\u1edbng d\u1eabn n\u00e0y s\u1ebd tr\u00ecnh b\u00e0y chi ti\u1ebft c\u00e1c b\u01b0\u1edbc th\u1ef1c hi\u1ec7n.<\/p>\n<p>Vi\u1ec7c s\u1eed d\u1ee5ng SSH Key thay v\u00ec m\u1eadt kh\u1ea9u kh\u00f4ng ch\u1ec9 <strong>t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt<\/strong> m\u00e0 c\u00f2n <strong>ti\u1ec7n l\u1ee3i h\u01a1n<\/strong> r\u1ea5t nhi\u1ec1u. B\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i nh\u1edb v\u00e0 nh\u1eadp m\u1eadt kh\u1ea9u m\u1ed7i l\u1ea7n k\u1ebft n\u1ed1i. Tuy nhi\u00ean, h\u00e3y nh\u1edb r\u1eb1ng vi\u1ec7c <strong>b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0<\/strong> l\u00e0 v\u00f4 c\u00f9ng quan tr\u1ecdng. N\u1ebfu kh\u00f3a ri\u00eang t\u01b0 b\u1ecb l\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dat-khoa-cong-khai-len-may-chu\"><\/span>\u0110\u1eb7t kh\u00f3a c\u00f4ng khai l\u00ean m\u00e1y ch\u1ee7<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng nh\u1ea5t \u0111\u1ec3 c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng SSH Key. B\u1ea1n c\u1ea7n <strong>copy n\u1ed9i dung c\u1ee7a file kh\u00f3a c\u00f4ng khai<\/strong> (v\u00ed d\u1ee5: <code>id_ed25519.pub<\/code>) v\u00e0 <strong>th\u00eam n\u00f3 v\u00e0o file <\/strong><code><strong>~\/.ssh\/authorized_keys<\/strong><\/code> tr\u00ean m\u00e1y ch\u1ee7 m\u00e0 b\u1ea1n mu\u1ed1n truy c\u1eadp. C\u00f3 m\u1ed9t s\u1ed1 c\u00e1ch \u0111\u1ec3 th\u1ef1c hi\u1ec7n vi\u1ec7c n\u00e0y, t\u00f9y thu\u1ed9c v\u00e0o quy\u1ec1n truy c\u1eadp v\u00e0 c\u00f4ng c\u1ee5 b\u1ea1n c\u00f3.<\/p>\n<ul>\n<li><strong>S\u1eed d\u1ee5ng l\u1ec7nh <\/strong><code><strong>ssh-copy-id<\/strong><\/code><strong> (C\u00e1ch d\u1ec5 nh\u1ea5t):<\/strong>N\u1ebfu b\u1ea1n c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o m\u00e1y ch\u1ee7 b\u1eb1ng m\u1eadt kh\u1ea9u (\u00edt nh\u1ea5t m\u1ed9t l\u1ea7n), b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ec7nh <code>ssh-copy-id<\/code> \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng copy kh\u00f3a c\u00f4ng khai l\u00ean m\u00e1y ch\u1ee7. L\u1ec7nh n\u00e0y s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o th\u01b0 m\u1ee5c <code>~\/.ssh<\/code> v\u00e0 file <code>authorized_keys<\/code> n\u1ebfu ch\u00fang ch\u01b0a t\u1ed3n t\u1ea1i, \u0111\u1ed3ng th\u1eddi \u0111\u1eb7t quy\u1ec1n truy c\u1eadp ch\u00ednh x\u00e1c cho file.C\u00fa ph\u00e1p l\u1ec7nh: <code>ssh-copy-id -i &lt;\u0111\u01b0\u1eddng_d\u1eabn_\u0111\u1ebfn_kh\u00f3a_c\u00f4ng_khai&gt; user@remote_host<\/code>\n<ul>\n<li><code>-i<\/code>: Ch\u1ec9 \u0111\u1ecbnh \u0111\u01b0\u1eddng d\u1eabn \u0111\u1ebfn file kh\u00f3a c\u00f4ng khai. N\u1ebfu b\u1ea1n kh\u00f4ng ch\u1ec9 \u0111\u1ecbnh, n\u00f3 s\u1ebd s\u1eed d\u1ee5ng file m\u1eb7c \u0111\u1ecbnh (<code>~\/.ssh\/id_rsa.pub<\/code>).<\/li>\n<li><code>user<\/code>: T\u00ean ng\u01b0\u1eddi d\u00f9ng tr\u00ean m\u00e1y ch\u1ee7.<\/li>\n<li><code>remote_host<\/code>: \u0110\u1ecba ch\u1ec9 IP ho\u1eb7c t\u00ean mi\u1ec1n c\u1ee7a m\u00e1y ch\u1ee7.<\/li>\n<\/ul>\n<p>V\u00ed d\u1ee5: <code>ssh-copy-id -i ~\/.ssh\/id_ed25519.pub myuser@192.168.1.100<\/code><\/p>\n<p>Sau khi ch\u1ea1y l\u1ec7nh n\u00e0y, b\u1ea1n s\u1ebd \u0111\u01b0\u1ee3c y\u00eau c\u1ea7u nh\u1eadp m\u1eadt kh\u1ea9u c\u1ee7a ng\u01b0\u1eddi d\u00f9ng tr\u00ean m\u00e1y ch\u1ee7 (l\u1ea7n cu\u1ed1i c\u00f9ng). Sau \u0111\u00f3, kh\u00f3a c\u00f4ng khai s\u1ebd \u0111\u01b0\u1ee3c th\u00eam v\u00e0o <code>authorized_keys<\/code>, v\u00e0 b\u1ea1n c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i b\u1eb1ng SSH Key t\u1eeb l\u1ea7n sau.<\/li>\n<li><strong>Th\u00eam th\u1ee7 c\u00f4ng:<\/strong> N\u1ebfu b\u1ea1n kh\u00f4ng th\u1ec3 s\u1eed d\u1ee5ng <code>ssh-copy-id<\/code>, b\u1ea1n c\u00f3 th\u1ec3 th\u00eam kh\u00f3a c\u00f4ng khai v\u00e0o <code>authorized_keys<\/code> m\u1ed9t c\u00e1ch th\u1ee7 c\u00f4ng.\n<ol>\n<li><strong>Copy n\u1ed9i dung kh\u00f3a c\u00f4ng khai:<\/strong> M\u1edf file kh\u00f3a c\u00f4ng khai (v\u00ed d\u1ee5: <code>id_ed25519.pub<\/code>) b\u1eb1ng m\u1ed9t tr\u00ecnh so\u1ea1n th\u1ea3o v\u0103n b\u1ea3n (text editor) v\u00e0 copy to\u00e0n b\u1ed9 n\u1ed9i dung c\u1ee7a n\u00f3.<\/li>\n<li><strong>K\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 b\u1eb1ng SSH (s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u):<\/strong> <code>ssh user@remote_host<\/code><\/li>\n<li><strong>T\u1ea1o th\u01b0 m\u1ee5c <\/strong><code><strong>~\/.ssh<\/strong><\/code><strong> (n\u1ebfu ch\u01b0a t\u1ed3n t\u1ea1i):<\/strong> <code>mkdir -p ~\/.ssh<\/code><\/li>\n<li><strong>M\u1edf file <\/strong><code><strong>authorized_keys<\/strong><\/code><strong> (n\u1ebfu ch\u01b0a t\u1ed3n t\u1ea1i, t\u1ea1o m\u1edbi):<\/strong> <code>nano ~\/.ssh\/authorized_keys<\/code> (ho\u1eb7c s\u1eed d\u1ee5ng tr\u00ecnh so\u1ea1n th\u1ea3o v\u0103n b\u1ea3n kh\u00e1c nh\u01b0 <code>vi<\/code>).<\/li>\n<li><strong>D\u00e1n n\u1ed9i dung kh\u00f3a c\u00f4ng khai v\u00e0o file <\/strong><code><strong>authorized_keys<\/strong><\/code><strong>:<\/strong> D\u00e1n n\u1ed9i dung \u0111\u00e3 copy \u1edf b\u01b0\u1edbc 1 v\u00e0o file n\u00e0y. M\u1ed7i kh\u00f3a c\u00f4ng khai n\u00ean n\u1eb1m tr\u00ean m\u1ed9t d\u00f2ng ri\u00eang bi\u1ec7t.<\/li>\n<li><strong>L\u01b0u v\u00e0 \u0111\u00f3ng file:<\/strong> L\u01b0u c\u00e1c thay \u0111\u1ed5i v\u00e0 \u0111\u00f3ng tr\u00ecnh so\u1ea1n th\u1ea3o v\u0103n b\u1ea3n.<\/li>\n<li><strong>\u0110\u1eb7t quy\u1ec1n truy c\u1eadp ch\u00ednh x\u00e1c:<\/strong> <code>chmod 700 ~\/.ssh<\/code> v\u00e0 <code>chmod 600 ~\/.ssh\/authorized_keys<\/code>. \u0110i\u1ec1u n\u00e0y r\u1ea5t quan tr\u1ecdng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n. L\u1ec7nh tr\u00ean c\u00f3 ngh\u0129a th\u01b0 m\u1ee5c .ssh ch\u1ec9 c\u00f3 user s\u1edf h\u1eefu m\u1edbi c\u00f3 quy\u1ec1n \u0111\u1ecdc, ghi v\u00e0 th\u1ef1c thi. File authorized_keys ch\u1ec9 c\u00f3 user s\u1edf h\u1eefu m\u1edbi c\u00f3 quy\u1ec1n \u0111\u1ecdc v\u00e0 ghi.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Ket-noi-den-may-chu-bang-SSH-Key\"><\/span>K\u1ebft n\u1ed1i \u0111\u1ebfn m\u00e1y ch\u1ee7 b\u1eb1ng SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sau khi \u0111\u00e3 \u0111\u1eb7t kh\u00f3a c\u00f4ng khai l\u00ean m\u00e1y ch\u1ee7, b\u1ea1n c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i b\u1eb1ng SSH Key t\u1eeb m\u00e1y t\u00ednh c\u1ee7a m\u00ecnh.<\/p>\n<ol>\n<li><strong>M\u1edf Terminal (Linux\/macOS) ho\u1eb7c Command Prompt\/PowerShell (Windows).<\/strong><\/li>\n<li><strong>S\u1eed d\u1ee5ng l\u1ec7nh <\/strong><code><strong>ssh<\/strong><\/code><strong>:<\/strong> <code>ssh user@remote_host<\/code>\n<ul>\n<li><code>user<\/code>: T\u00ean ng\u01b0\u1eddi d\u00f9ng tr\u00ean m\u00e1y ch\u1ee7.<\/li>\n<li><code>remote_host<\/code>: \u0110\u1ecba ch\u1ec9 IP ho\u1eb7c t\u00ean mi\u1ec1n c\u1ee7a m\u00e1y ch\u1ee7.<\/li>\n<\/ul>\n<p>V\u00ed d\u1ee5: <code>ssh myuser@192.168.1.100<\/code><\/li>\n<li><strong>N\u1ebfu kh\u00f3a ri\u00eang t\u01b0 c\u00f3 passphrase:<\/strong> H\u1ec7 th\u1ed1ng s\u1ebd y\u00eau c\u1ea7u b\u1ea1n nh\u1eadp passphrase. Nh\u1eadp passphrase v\u00e0 nh\u1ea5n Enter.<\/li>\n<li><strong>K\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng:<\/strong> N\u1ebfu m\u1ecdi th\u1ee9 \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh ch\u00ednh x\u00e1c, b\u1ea1n s\u1ebd k\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng \u0111\u1ebfn m\u00e1y ch\u1ee7 m\u00e0 kh\u00f4ng c\u1ea7n nh\u1eadp m\u1eadt kh\u1ea9u.<\/li>\n<\/ol>\n<p><strong>S\u1eed d\u1ee5ng PuTTY (tr\u00ean Windows):<\/strong><\/p>\n<p>N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng PuTTY tr\u00ean Windows, b\u1ea1n c\u1ea7n c\u1ea5u h\u00ecnh PuTTY \u0111\u1ec3 s\u1eed d\u1ee5ng kh\u00f3a ri\u00eang t\u01b0 (.ppk) khi k\u1ebft n\u1ed1i.<\/p>\n<ol>\n<li><strong>M\u1edf PuTTY.<\/strong><\/li>\n<li><strong>Trong ph\u1ea7n &#8220;Connection&#8221; -&gt; &#8220;SSH&#8221; -&gt; &#8220;Auth&#8221;, nh\u1ea5p v\u00e0o n\u00fat &#8220;Browse&#8221; \u1edf ph\u1ea7n &#8220;Private key file for authentication&#8221;.<\/strong><\/li>\n<li><strong>Ch\u1ecdn file kh\u00f3a ri\u00eang t\u01b0 (.ppk) c\u1ee7a b\u1ea1n.<\/strong><\/li>\n<li><strong>Nh\u1eadp th\u00f4ng tin k\u1ebft n\u1ed1i (Host Name, Port).<\/strong><\/li>\n<li><strong>Nh\u1ea5p Open.<\/strong><\/li>\n<li>Nh\u1eadp user, n\u1ebfu c\u00f3 passphrase th\u00ec nh\u1eadp passphrase.<\/li>\n<\/ol>\n<p><strong>S\u1eed d\u1ee5ng SSH Agent (T\u00f9y ch\u1ecdn):<\/strong><\/p>\n<p>SSH Agent l\u00e0 m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh ch\u1ea1y n\u1ec1n gi\u00fap qu\u1ea3n l\u00fd c\u00e1c kh\u00f3a ri\u00eang t\u01b0 \u0111\u00e3 gi\u1ea3i m\u00e3. Khi b\u1ea1n th\u00eam kh\u00f3a ri\u00eang t\u01b0 v\u00e0o SSH Agent, b\u1ea1n ch\u1ec9 c\u1ea7n nh\u1eadp passphrase m\u1ed9t l\u1ea7n, v\u00e0 sau \u0111\u00f3 c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c m\u00e1y ch\u1ee7 kh\u00e1c nhau m\u00e0 kh\u00f4ng c\u1ea7n nh\u1eadp l\u1ea1i passphrase.<\/p>\n<ul>\n<li><strong>Linux\/macOS:<\/strong> Th\u01b0\u1eddng \u0111\u00e3 \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u1eb5n. B\u1ea1n c\u00f3 th\u1ec3 th\u00eam kh\u00f3a b\u1eb1ng l\u1ec7nh <code>ssh-add &lt;\u0111\u01b0\u1eddng_d\u1eabn_\u0111\u1ebfn_kh\u00f3a_ri\u00eang_t\u01b0&gt;<\/code>.<\/li>\n<li><strong>Windows:<\/strong> C\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Pageant (\u0111i k\u00e8m v\u1edbi PuTTY) ho\u1eb7c c\u00e1c c\u00f4ng c\u1ee5 t\u01b0\u01a1ng t\u1ef1.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Bao-mat-SSH-Key\"><\/span>B\u1ea3o m\u1eadt SSH Key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>B\u1ea3o m\u1eadt SSH Key l\u00e0 m\u1ed9t ph\u1ea7n <strong>quan tr\u1ecdng<\/strong> trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n. M\u1eb7c d\u00f9 SSH Key an to\u00e0n h\u01a1n m\u1eadt kh\u1ea9u, nh\u01b0ng n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 \u0111\u00fang c\u00e1ch, kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh c\u1eafp v\u00e0 s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o m\u00e1y ch\u1ee7. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p c\u1ea7n thi\u1ebft.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Su-dung-Passphrase-manh\"><\/span>S\u1eed d\u1ee5ng Passphrase m\u1ea1nh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Passphrase<\/strong> l\u00e0 m\u1ed9t m\u1eadt kh\u1ea9u b\u1ed5 sung \u0111\u1ec3 b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a b\u1ea1n. Khi t\u1ea1o SSH Key, b\u1ea1n n\u00ean <strong>lu\u00f4n lu\u00f4n s\u1eed d\u1ee5ng passphrase<\/strong>. N\u1ebfu kh\u00f3a ri\u00eang t\u01b0 b\u1ecb l\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng v\u1eabn c\u1ea7n passphrase \u0111\u1ec3 s\u1eed d\u1ee5ng n\u00f3. M\u1ed9t passphrase m\u1ea1nh n\u00ean <strong>d\u00e0i, ph\u1ee9c t\u1ea1p<\/strong>, bao g\u1ed3m ch\u1eef hoa, ch\u1eef th\u01b0\u1eddng, s\u1ed1 v\u00e0 k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t, v\u00e0 kh\u00f3 \u0111o\u00e1n.<\/p>\n<p>H\u00e3y coi passphrase nh\u01b0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 th\u1ee9 hai cho kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a b\u1ea1n. Gi\u1ed1ng nh\u01b0 b\u1ea1n kh\u00f4ng s\u1eed d\u1ee5ng m\u1ed9t m\u1eadt kh\u1ea9u y\u1ebfu cho t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng, b\u1ea1n c\u0169ng kh\u00f4ng n\u00ean b\u1ecf qua ho\u1eb7c s\u1eed d\u1ee5ng m\u1ed9t passphrase y\u1ebfu cho SSH Key. \u0110\u1ea7u t\u01b0 m\u1ed9t ch\u00fat th\u1eddi gian \u0111\u1ec3 t\u1ea1o m\u1ed9t passphrase m\u1ea1nh l\u00e0 r\u1ea5t x\u1ee9ng \u0111\u00e1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Luu-tru-khoa-rieng-tu-an-toan\"><\/span>L\u01b0u tr\u1eef kh\u00f3a ri\u00eang t\u01b0 an to\u00e0n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kh\u00f3a ri\u00eang t\u01b0 (private key) l\u00e0 <strong>t\u00e0i s\u1ea3n quan tr\u1ecdng nh\u1ea5t<\/strong> c\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7. <strong>Tuy\u1ec7t \u0111\u1ed1i kh\u00f4ng chia s\u1ebb<\/strong> kh\u00f3a ri\u00eang t\u01b0 v\u1edbi b\u1ea5t k\u1ef3 ai, k\u1ec3 c\u1ea3 qua email, tin nh\u1eafn, ho\u1eb7c c\u00e1c ph\u01b0\u01a1ng ti\u1ec7n kh\u00f4ng an to\u00e0n kh\u00e1c. Kh\u00f4ng l\u01b0u tr\u1eef kh\u00f3a ri\u00eang t\u01b0 tr\u00ean c\u00e1c d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef \u0111\u00e1m m\u00e2y kh\u00f4ng \u0111\u00e1ng tin c\u1eady ho\u1eb7c c\u00e1c thi\u1ebft b\u1ecb d\u1ec5 b\u1ecb m\u1ea5t ho\u1eb7c \u0111\u00e1nh c\u1eafp.<\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 l\u01b0u tr\u1eef kh\u00f3a ri\u00eang t\u01b0 tr\u00ean m\u1ed9t <strong>USB drive \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a<\/strong> v\u00e0 c\u1ea5t gi\u1eef \u1edf n\u01a1i an to\u00e0n, ho\u1eb7c s\u1eed d\u1ee5ng m\u1ed9t <strong>tr\u00ecnh qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u<\/strong> (password manager) uy t\u00edn \u0111\u1ec3 l\u01b0u tr\u1eef. Tr\u00ecnh qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n l\u01b0u tr\u1eef kh\u00f3a ri\u00eang t\u01b0 an to\u00e0n m\u00e0 c\u00f2n gi\u00fap b\u1ea1n qu\u1ea3n l\u00fd passphrase m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gioi-han-quyen-truy-cap\"><\/span>Gi\u1edbi h\u1ea1n quy\u1ec1n truy c\u1eadp<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Tr\u00ean m\u00e1y ch\u1ee7, h\u00e3y \u0111\u1ea3m b\u1ea3o r\u1eb1ng file <code>~\/.ssh\/authorized_keys<\/code> v\u00e0 th\u01b0 m\u1ee5c <code>~\/.ssh<\/code> ch\u1ec9 c\u00f3 <strong>quy\u1ec1n truy c\u1eadp h\u1ea1n ch\u1ebf<\/strong>. Ch\u1ec9 c\u00f3 ch\u1ee7 s\u1edf h\u1eefu (user) m\u1edbi c\u00f3 quy\u1ec1n \u0111\u1ecdc v\u00e0 ghi file <code>authorized_keys<\/code>, v\u00e0 ch\u1ec9 c\u00f3 ch\u1ee7 s\u1edf h\u1eefu m\u1edbi c\u00f3 quy\u1ec1n \u0111\u1ecdc, ghi v\u00e0 th\u1ef1c thi th\u01b0 m\u1ee5c <code>~\/.ssh<\/code>. S\u1eed d\u1ee5ng c\u00e1c l\u1ec7nh sau: <code>chmod 700 ~\/.ssh<\/code> <code>chmod 600 ~\/.ssh\/authorized_keys<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Su-dung-SSH-Agent-mot-cach-an-toan\"><\/span>S\u1eed d\u1ee5ng SSH Agent m\u1ed9t c\u00e1ch an to\u00e0n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>SSH Agent<\/strong> gi\u00fap b\u1ea1n qu\u1ea3n l\u00fd kh\u00f3a ri\u00eang t\u01b0 \u0111\u00e3 gi\u1ea3i m\u00e3 trong b\u1ed9 nh\u1edb, gi\u00fap b\u1ea1n kh\u00f4ng c\u1ea7n nh\u1eadp passphrase nhi\u1ec1u l\u1ea7n. Tuy nhi\u00ean, h\u00e3y c\u1ea9n th\u1eadn khi s\u1eed d\u1ee5ng SSH Agent tr\u00ean c\u00e1c m\u00e1y t\u00ednh kh\u00f4ng tin c\u1eady ho\u1eb7c chia s\u1ebb. N\u1ebfu m\u00e1y t\u00ednh b\u1ecb x\u00e2m nh\u1eadp, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng SSH Agent \u0111\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c m\u00e1y ch\u1ee7 kh\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Thu-hoi-khoa-khi-can-thiet\"><\/span>Thu h\u1ed3i kh\u00f3a khi c\u1ea7n thi\u1ebft<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n nghi ng\u1edd kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a m\u00ecnh <strong>b\u1ecb l\u1ed9<\/strong>, h\u00e3y <strong>thu h\u1ed3i kh\u00f3a ngay l\u1eadp t\u1ee9c<\/strong>. X\u00f3a kh\u00f3a c\u00f4ng khai kh\u1ecfi file <code>authorized_keys<\/code> tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7 m\u00e0 n\u00f3 \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp. Sau \u0111\u00f3, t\u1ea1o m\u1ed9t c\u1eb7p kh\u00f3a m\u1edbi v\u00e0 thay th\u1ebf kh\u00f3a c\u0169 tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7. Vi\u1ec7c n\u00e0y tuy t\u1ed1n c\u00f4ng nh\u01b0ng r\u1ea5t quan tr\u1ecdng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cap-nhat-phan-mem-ssh\"><\/span>C\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m ssh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Lu\u00f4n <strong>c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m SSH<\/strong> (OpenSSH ho\u1eb7c PuTTY) l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t. C\u00e1c b\u1ea3n c\u1eadp nh\u1eadt th\u01b0\u1eddng bao g\u1ed3m c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt \u0111\u1ec3 kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft. Vi\u1ec7c s\u1eed d\u1ee5ng phi\u00ean b\u1ea3n SSH c\u0169 c\u00f3 th\u1ec3 khi\u1ebfn h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng. C\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m l\u00e0 vi\u1ec7c l\u00e0m c\u1ea7n thi\u1ebft.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giam-sat-hoat-dong-dang-nhap\"><\/span>Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng \u0111\u0103ng nh\u1eadp<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Th\u01b0\u1eddng xuy\u00ean <strong>ki\u1ec3m tra log \u0111\u0103ng nh\u1eadp SSH<\/strong> (th\u01b0\u1eddng n\u1eb1m trong <code>\/var\/log\/auth.log<\/code> ho\u1eb7c <code>\/var\/log\/secure<\/code> tr\u00ean Linux) \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c ho\u1ea1t \u0111\u1ed9ng b\u1ea5t th\u01b0\u1eddng, ch\u1eb3ng h\u1ea1n nh\u01b0 c\u00e1c l\u1ea7n \u0111\u0103ng nh\u1eadp kh\u00f4ng th\u00e0nh c\u00f4ng t\u1eeb c\u00e1c \u0111\u1ecba ch\u1ec9 IP l\u1ea1. Vi\u1ec7c gi\u00e1m s\u00e1t ch\u1ee7 \u0111\u1ed9ng c\u00f3 th\u1ec3 gi\u00fap b\u1ea1n ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c d\u1ea5u hi\u1ec7u c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSH-Key-Nhung-van-de-thuong-gap\"><\/span>SSH Key: Nh\u1eefng v\u1ea5n \u0111\u1ec1 th\u01b0\u1eddng g\u1eb7p<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1eb7c d\u00f9 SSH Key mang l\u1ea1i nhi\u1ec1u l\u1ee3i \u00edch v\u1ec1 b\u1ea3o m\u1eadt v\u00e0 ti\u1ec7n l\u1ee3i, nh\u01b0ng \u0111\u00f4i khi b\u1ea1n c\u00f3 th\u1ec3 g\u1eb7p ph\u1ea3i m\u1ed9t s\u1ed1 v\u1ea5n \u0111\u1ec1 trong qu\u00e1 tr\u00ecnh s\u1eed d\u1ee5ng. Hi\u1ec3u r\u00f5 c\u00e1c v\u1ea5n \u0111\u1ec1 th\u01b0\u1eddng g\u1eb7p v\u00e0 c\u00e1ch kh\u1eafc ph\u1ee5c s\u1ebd gi\u00fap b\u1ea1n s\u1eed d\u1ee5ng SSH Key m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 h\u01a1n. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 l\u1ed7i v\u00e0 c\u00e1ch x\u1eed l\u00ed.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Permission-denied-publickey\"><\/span>Permission denied (publickey)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 l\u1ed7i <strong>ph\u1ed5 bi\u1ebfn nh\u1ea5t<\/strong> khi s\u1eed d\u1ee5ng SSH Key. L\u1ed7i n\u00e0y th\u01b0\u1eddng x\u1ea3y ra khi m\u00e1y ch\u1ee7 kh\u00f4ng th\u1ec3 x\u00e1c th\u1ef1c kh\u00f3a c\u00f4ng khai c\u1ee7a b\u1ea1n. Nguy\u00ean nh\u00e2n c\u00f3 th\u1ec3 l\u00e0 do: kh\u00f3a c\u00f4ng khai ch\u01b0a \u0111\u01b0\u1ee3c th\u00eam v\u00e0o file <code>authorized_keys<\/code>, file <code>authorized_keys<\/code> ho\u1eb7c th\u01b0 m\u1ee5c <code>~\/.ssh<\/code> c\u00f3 <strong>quy\u1ec1n truy c\u1eadp kh\u00f4ng ch\u00ednh x\u00e1c<\/strong>, ho\u1eb7c <strong>sai \u0111\u01b0\u1eddng d\u1eabn<\/strong> \u0111\u1ebfn kh\u00f3a c\u00f4ng khai.<\/p>\n<p>\u0110\u1ec3 kh\u1eafc ph\u1ee5c, h\u00e3y ki\u1ec3m tra k\u1ef9 xem b\u1ea1n \u0111\u00e3 <strong>copy ch\u00ednh x\u00e1c<\/strong> n\u1ed9i dung kh\u00f3a c\u00f4ng khai v\u00e0o file <code>authorized_keys<\/code> tr\u00ean m\u00e1y ch\u1ee7 ch\u01b0a. \u0110\u1ea3m b\u1ea3o r\u1eb1ng file <code>authorized_keys<\/code> c\u00f3 quy\u1ec1n 600 (<code>chmod 600 ~\/.ssh\/authorized_keys<\/code>) v\u00e0 th\u01b0 m\u1ee5c <code>~\/.ssh<\/code> c\u00f3 quy\u1ec1n 700 (<code>chmod 700 ~\/.ssh<\/code>). N\u1ebfu s\u1eed d\u1ee5ng <code>ssh-copy-id<\/code>, h\u00e3y ki\u1ec3m tra xem l\u1ec7nh c\u00f3 ch\u1ea1y th\u00e0nh c\u00f4ng kh\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Connection-refused\"><\/span>Connection refused<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>L\u1ed7i n\u00e0y th\u01b0\u1eddng x\u1ea3y ra khi <strong>d\u1ecbch v\u1ee5 SSH kh\u00f4ng ch\u1ea1y<\/strong> tr\u00ean m\u00e1y ch\u1ee7, ho\u1eb7c <strong>c\u1ed5ng SSH<\/strong> (m\u1eb7c \u0111\u1ecbnh l\u00e0 22) b\u1ecb ch\u1eb7n b\u1edfi t\u01b0\u1eddng l\u1eeda. \u0110\u1ec3 kh\u1eafc ph\u1ee5c, h\u00e3y \u0111\u1ea3m b\u1ea3o r\u1eb1ng d\u1ecbch v\u1ee5 SSH \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t v\u00e0 \u0111ang ch\u1ea1y tr\u00ean m\u00e1y ch\u1ee7. Ki\u1ec3m tra c\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng c\u1ed5ng SSH kh\u00f4ng b\u1ecb ch\u1eb7n. B\u1ea1n c\u00f3 th\u1ec3 telnet \u0111\u1ec3 ki\u1ec3m tra.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Agent-admitted-failure-to-sign-using-the-key\"><\/span>Agent admitted failure to sign using the key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>L\u1ed7i n\u00e0y th\u01b0\u1eddng li\u00ean quan \u0111\u1ebfn <strong>SSH Agent<\/strong>. SSH Agent l\u00e0 m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh gi\u00fap qu\u1ea3n l\u00fd c\u00e1c kh\u00f3a ri\u00eang t\u01b0 \u0111\u00e3 gi\u1ea3i m\u00e3. L\u1ed7i n\u00e0y c\u00f3 th\u1ec3 x\u1ea3y ra khi SSH Agent kh\u00f4ng ch\u1ea1y, ho\u1eb7c kh\u00f3a ri\u00eang t\u01b0 c\u1ee7a b\u1ea1n ch\u01b0a \u0111\u01b0\u1ee3c th\u00eam v\u00e0o Agent. H\u00e3y ki\u1ec3m tra l\u1ea1i c\u00e1c ti\u1ebfn tr\u00ecnh, ho\u1eb7c th\u00eam l\u1ea1i key.<\/p>\n<p>\u0110\u1ec3 kh\u1eafc ph\u1ee5c, h\u00e3y \u0111\u1ea3m b\u1ea3o r\u1eb1ng <strong>SSH Agent \u0111ang ch\u1ea1y<\/strong>. Tr\u00ean Linux\/macOS, b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra b\u1eb1ng l\u1ec7nh <code>ps aux | grep ssh-agent<\/code>. N\u1ebfu SSH Agent kh\u00f4ng ch\u1ea1y, b\u1ea1n c\u00f3 th\u1ec3 kh\u1edfi \u0111\u1ed9ng n\u00f3 b\u1eb1ng l\u1ec7nh <code>eval \"$(ssh-agent -s)\"<\/code>. Sau \u0111\u00f3, th\u00eam kh\u00f3a ri\u00eang t\u01b0 v\u00e0o Agent b\u1eb1ng l\u1ec7nh <code>ssh-add &lt;\u0111\u01b0\u1eddng_d\u1eabn_\u0111\u1ebfn_kh\u00f3a_ri\u00eang_t\u01b0&gt;<\/code>. Tr\u00ean Windows, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Pageant.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quen-Passphrase\"><\/span>Qu\u00ean Passphrase<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n qu\u00ean passphrase c\u1ee7a kh\u00f3a ri\u00eang t\u01b0, b\u1ea1n <strong>kh\u00f4ng th\u1ec3 kh\u00f4i ph\u1ee5c<\/strong> l\u1ea1i passphrase \u0111\u00f3. Passphrase \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 m\u00e3 h\u00f3a kh\u00f3a ri\u00eang t\u01b0, v\u00e0 kh\u00f4ng c\u00f3 c\u00e1ch n\u00e0o \u0111\u1ec3 gi\u1ea3i m\u00e3 kh\u00f3a ri\u00eang t\u01b0 n\u1ebfu kh\u00f4ng c\u00f3 passphrase. C\u00e1ch duy nh\u1ea5t l\u00e0 <strong>t\u1ea1o m\u1ed9t c\u1eb7p SSH Key m\u1edbi<\/strong> v\u00e0 thay th\u1ebf kh\u00f3a c\u0169 tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Mat-khoa-rieng-tu\"><\/span>M\u1ea5t kh\u00f3a ri\u00eang t\u01b0<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n m\u1ea5t kh\u00f3a ri\u00eang t\u01b0, b\u1ea1n s\u1ebd <strong>m\u1ea5t quy\u1ec1n truy c\u1eadp<\/strong> v\u00e0o t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7 s\u1eed d\u1ee5ng kh\u00f3a \u0111\u00f3. \u0110\u00e2y l\u00e0 l\u00fd do t\u1ea1i sao vi\u1ec7c <strong>b\u1ea3o v\u1ec7 kh\u00f3a ri\u00eang t\u01b0<\/strong> l\u00e0 v\u00f4 c\u00f9ng quan tr\u1ecdng. N\u1ebfu b\u1ea1n c\u00f3 b\u1ea3n sao l\u01b0u c\u1ee7a kh\u00f3a ri\u00eang t\u01b0, b\u1ea1n c\u00f3 th\u1ec3 kh\u00f4i ph\u1ee5c l\u1ea1i. N\u1ebfu kh\u00f4ng, b\u1ea1n c\u1ea7n t\u1ea1o m\u1ed9t c\u1eb7p kh\u00f3a m\u1edbi.<\/p>\n<p>Vi\u1ec7c hi\u1ec3u r\u00f5 c\u00e1c v\u1ea5n \u0111\u1ec1 th\u01b0\u1eddng g\u1eb7p v\u00e0 c\u00e1ch kh\u1eafc ph\u1ee5c kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea1n t\u1ef1 tin h\u01a1n khi s\u1eed d\u1ee5ng SSH Key m\u00e0 c\u00f2n gi\u00fap b\u1ea1n x\u1eed l\u00fd c\u00e1c t\u00ecnh hu\u1ed1ng kh\u1ea9n c\u1ea5p m\u1ed9t c\u00e1ch nhanh ch\u00f3ng v\u00e0 hi\u1ec7u qu\u1ea3. Ghi nh\u1edb c\u00e1c th\u00f4ng tin v\u00e0 h\u01b0\u1edbng d\u1eabn tr\u00ean gi\u00fap b\u1ea1n l\u00e0m ch\u1ee7 c\u00f4ng ngh\u1ec7.<\/p>\n<div style=\"background-color: #f5f5f5; padding: 15px; border-radius: 5px; border: 1px solid #ddd;\">\n<p>\u0110\u1ec3 t\u1eadn d\u1ee5ng t\u1ed1i \u0111a s\u1ee9c m\u1ea1nh v\u00e0 t\u00ednh b\u1ea3o m\u1eadt c\u1ee7a SSH Key, b\u1ea1n c\u1ea7n m\u1ed9t m\u00f4i tr\u01b0\u1eddng m\u00e1y ch\u1ee7 \u0111\u00e1ng tin c\u1eady. T\u1ea1i InterData, b\u1ea1n c\u00f3 th\u1ec3 tr\u1ea3i nghi\u1ec7m c\u00e1c d\u1ecbch v\u1ee5 m\u00e1y ch\u1ee7 v\u1edbi ph\u1ea7n c\u1ee9ng th\u1ebf h\u1ec7 m\u1edbi, vi x\u1eed l\u00fd AMD EPYC v\u00e0 Intel Xeon, c\u00f9ng \u1ed5 c\u1ee9ng SSD NVMe U.2, mang \u0111\u1ebfn hi\u1ec7u n\u0103ng v\u01b0\u1ee3t tr\u1ed9i.<\/p>\n<p>N\u1ebfu b\u1ea1n \u0111ang t\u00ecm ki\u1ebfm gi\u1ea3i ph\u00e1p l\u01b0u tr\u1eef website t\u1ed1i \u01b0u, h\u00e3y tham kh\u1ea3o d\u1ecbch v\u1ee5 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/interdata.vn\/thue-hosting\/\"><strong>thu\u00ea Hosting gi\u00e1 r\u1ebb t\u1ed1c \u0111\u1ed9 cao<\/strong><\/a> c\u1ee7a ch\u00fang t\u00f4i. Ho\u1eb7c, b\u1ea1n c\u1ea7n m\u1ed9t m\u00f4i tr\u01b0\u1eddng m\u00e1y ch\u1ee7 ri\u00eang t\u01b0 v\u00e0 m\u1ea1nh m\u1ebd h\u01a1n? InterData cung c\u1ea5p d\u1ecbch v\u1ee5 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/interdata.vn\/thue-vps\/\"><strong>thu\u00ea VPS gi\u00e1 r\u1ebb ch\u1ea5t l\u01b0\u1ee3ng<\/strong><\/a> v\u00e0 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/interdata.vn\/cloud-server\/\"><strong>thu\u00ea Cloud Server gi\u00e1 r\u1ebb t\u1ed1c \u0111\u1ed9 cao<\/strong><\/a>, v\u1edbi b\u0103ng th\u00f4ng l\u1edbn, dung l\u01b0\u1ee3ng \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u, gi\u00fap b\u1ea1n tri\u1ec3n khai \u1ee9ng d\u1ee5ng v\u00e0 qu\u1ea3n l\u00fd h\u1ec7 th\u1ed1ng hi\u1ec7u qu\u1ea3.<\/p>\n<p><strong>INTERDATA<\/strong><\/p>\n<ul>\n<li><strong>Website:<\/strong><span>\u00a0<\/span>Interdata.vn<\/li>\n<li><strong>Hotline:<\/strong><span>\u00a0<\/span>1900-636822<\/li>\n<li><strong>Email:<\/strong><span>\u00a0<\/span>Info@interdata.vn<\/li>\n<li><strong>VP\u0110D:<\/strong><span>\u00a0<\/span>240 Nguy\u1ec5n \u0110\u00ecnh Ch\u00ednh, P.11. Q. Ph\u00fa Nhu\u1eadn, TP. Ho\u0302\u0300 Ch\u00ed Minh<\/li>\n<li><strong>VPGD:<\/strong><span>\u00a0<\/span>S\u1ed1 211 \u0110\u01b0\u1eddng s\u1ed1 5, K\u0110T Lakeview City, P. An Ph\u00fa, TP. Th\u1ee7 \u0110\u1ee9c, TP. H\u1ed3 Ch\u00ed Minh<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSH Key (Secure Shell Key) l\u00e0 m\u1ed9t ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c ti\u00ean ti\u1ebfn, cho ph\u00e9p b\u1ea1n k\u1ebft n\u1ed1i an to\u00e0n \u0111\u1ebfn m\u00e1y ch\u1ee7 t\u1eeb xa m\u00e0 kh\u00f4ng c\u1ea7n s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u truy\u1ec1n th\u1ed1ng. Thay v\u00e0o \u0111\u00f3, h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng m\u1ed9t c\u1eb7p kh\u00f3a: kh\u00f3a ri\u00eang t\u01b0 (private key) \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean m\u00e1y t\u00ednh<\/p>\n","protected":false},"author":2,"featured_media":25786,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[91],"class_list":["post-20163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-ssh-key"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/20163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=20163"}],"version-history":[{"count":0,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/20163\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/25786"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=20163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=20163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=20163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}