{"id":35492,"date":"2025-11-03T12:05:44","date_gmt":"2025-11-03T05:05:44","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=35492"},"modified":"2025-11-05T17:52:23","modified_gmt":"2025-11-05T10:52:23","slug":"cach-bao-mat-ssh-vps","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn b\u1ea3o m\u1eadt SSH VPS to\u00e0n t\u1eadp t\u1eeb c\u01a1 b\u1ea3n \u0111\u1ebfn n\u00e2ng cao"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#Bao-mat-SSH-VPS-la-gi\" >B\u1ea3o m\u1eadt SSH VPS l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#Tai-sao-can-bao-mat-SSH-cho-VPS\" >T\u1ea1i sao c\u1ea7n b\u1ea3o m\u1eadt SSH cho VPS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#Cac-tep-cau-hinh-SSH-quan-trong-can-biet-tren-Linux\" >C\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh SSH quan tr\u1ecdng c\u1ea7n bi\u1ebft tr\u00ean Linux<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#16-Cach-bao-mat-SSH-cho-VPS-an-toan-tuyet-doi\" >16+ C\u00e1ch b\u1ea3o m\u1eadt SSH cho VPS an to\u00e0n tuy\u1ec7t \u0111\u1ed1i<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#1-Chi-su-dung-giao-thuc-SSH-phien-ban-2\" >1. Ch\u1ec9 s\u1eed d\u1ee5ng giao th\u1ee9c SSH phi\u00ean b\u1ea3n 2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#2-Vo-hieu-hoa-dang-nhap-bang-mat-khau-rong\" >2. V\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u r\u1ed7ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#3-Thay-doi-cong-SSH-mac-dinh-Port-22\" >3. Thay \u0111\u1ed5i c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh (Port 22)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#4-Tat-dang-nhap-bang-tai-khoan-root\" >4. T\u1eaft \u0111\u0103ng nh\u1eadp b\u1eb1ng t\u00e0i kho\u1ea3n root<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#5-Bat-che-do-kiem-tra-quyen-StrictModes\" >5. B\u1eadt ch\u1ebf \u0111\u1ed9 ki\u1ec3m tra quy\u1ec1n StrictModes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#6-Gioi-han-so-lan-dang-nhap-sai\" >6. Gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#7-Kich-hoat-xac-thuc-hai-lop-Google-Authenticator\" >7. K\u00edch ho\u1ea1t x\u00e1c th\u1ef1c hai l\u1edbp (Google Authenticator)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#8-Vo-hieu-hoa-dang-nhap-bang-rhosts\" >8. V\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng ~\/.rhosts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#9-Tu-dong-ngat-ket-noi-khi-user-khong-hoat-dong\" >9. T\u1ef1 \u0111\u1ed9ng ng\u1eaft k\u1ebft n\u1ed1i khi user kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#10-Dat-mat-khau-manh-va-kho-doan\" >10. \u0110\u1eb7t m\u1eadt kh\u1ea9u m\u1ea1nh v\u00e0 kh\u00f3 \u0111o\u00e1n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#11-Gioi-han-thoi-gian-nhap-thong-tin-dang-nhap\" >11. Gi\u1edbi h\u1ea1n th\u1eddi gian nh\u1eadp th\u00f4ng tin \u0111\u0103ng nh\u1eadp<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#12-Tat-hien-thi-log-dang-nhap-lan-gan-nhat\" >12. T\u1eaft hi\u1ec3n th\u1ecb log \u0111\u0103ng nh\u1eadp l\u1ea7n g\u1ea7n nh\u1ea5t<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#13-Dung-SSH-Key-thay-vi-mat-khau\" >13. D\u00f9ng SSH Key thay v\u00ec m\u1eadt kh\u1ea9u<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#14-Gioi-han-user-hoac-group-duoc-phep-dang-nhap-SSH\" >14. Gi\u1edbi h\u1ea1n user ho\u1eb7c group \u0111\u01b0\u1ee3c ph\u00e9p \u0111\u0103ng nh\u1eadp SSH<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#15-Su-dung-Firewall-CSF-de-bao-ve-VPS\" >15. S\u1eed d\u1ee5ng Firewall CSF \u0111\u1ec3 b\u1ea3o v\u1ec7 VPS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#16-Cai-dat-Fail2Ban-de-chan-IP-doc-hai\" >16. C\u00e0i \u0111\u1eb7t Fail2Ban \u0111\u1ec3 ch\u1eb7n IP \u0111\u1ed9c h\u1ea1i<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/cach-bao-mat-ssh-vps\/#Goi-y-cac-cong-cu-ho-tro-bao-mat-SSH-VPS\" >G\u1ee3i \u00fd c\u00e1c c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 b\u1ea3o m\u1eadt SSH VPS<\/a><\/li><\/ul><\/nav><\/div>\n<p>B\u1ea3o m\u1eadt SSH VPS l\u00e0 m\u1ed9t trong nh\u1eefng y\u1ebfu t\u1ed1 quan tr\u1ecdng nh\u1ea5t \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n cho m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n tr\u01b0\u1edbc c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi. D\u00f9 b\u1ea1n l\u00e0 l\u1eadp tr\u00ecnh vi\u00ean, qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng hay ng\u01b0\u1eddi m\u1edbi s\u1eed d\u1ee5ng VPS, vi\u1ec7c hi\u1ec3u v\u00e0 tri\u1ec3n khai <strong>b\u1ea3o m\u1eadt SSH (Secure Shell)<\/strong> \u0111\u00fang c\u00e1ch s\u1ebd gi\u00fap ng\u0103n ch\u1eb7n nguy c\u01a1 b\u1ecb x\u00e2m nh\u1eadp, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u ho\u1eb7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u00e1y ch\u1ee7. Trong b\u00e0i vi\u1ebft n\u00e0y, InterData s\u1ebd <strong>h\u01b0\u1edbng d\u1eabn b\u1ea1n to\u00e0n t\u1eadp v\u1ec1 c\u00e1ch b\u1ea3o m\u1eadt SSH VPS hi\u1ec7u qu\u1ea3<\/strong>, gi\u00fap t\u0103ng c\u01b0\u1eddng l\u1edbp ph\u00f2ng th\u1ee7 cho h\u1ec7 th\u1ed1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Bao-mat-SSH-VPS-la-gi\"><\/span>B\u1ea3o m\u1eadt SSH VPS l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>B\u1ea3o m\u1eadt SSH VPS l\u00e0 qu\u00e1 tr\u00ecnh b\u1ea3o v\u1ec7 k\u00eanh k\u1ebft n\u1ed1i gi\u1eefa ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u00e1y ch\u1ee7 \u1ea3o (VPS) s\u1eed d\u1ee5ng giao th\u1ee9c SSH (Secure Shell) nh\u1eb1m ng\u0103n ch\u1eb7n c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u1eeb b\u00ean ngo\u00e0i nh\u01b0 t\u1ea5n c\u00f4ng d\u00f2 m\u1eadt kh\u1ea9u (brute force), nghe l\u00e9n ho\u1eb7c truy c\u1eadp tr\u00e1i ph\u00e9p. SSH l\u00e0 c\u00e1ch th\u1ee9c an to\u00e0n \u0111\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0 qu\u1ea3n l\u00fd VPS thay v\u00ec d\u00f9ng m\u1eadt kh\u1ea9u truy\u1ec1n th\u1ed1ng.<\/p>\n<figure id=\"attachment_35505\" aria-describedby=\"caption-attachment-35505\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35505\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Bao-mat-SSH-VPS-la-gi.jpg\" alt=\"B\u1ea3o m\u1eadt SSH VPS l\u00e0 g\u00ec\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Bao-mat-SSH-VPS-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Bao-mat-SSH-VPS-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Bao-mat-SSH-VPS-la-gi-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-35505\" class=\"wp-caption-text\">B\u1ea3o m\u1eadt SSH VPS l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<p>M\u1ed9t s\u1ed1 \u0111i\u1ec3m ch\u00ednh c\u1ee7a b\u1ea3o m\u1eadt SSH VPS g\u1ed3m:<\/p>\n<ul>\n<li>S\u1eed d\u1ee5ng SSH Key thay th\u1ebf m\u1eadt kh\u1ea9u: SSH Key gi\u1ed1ng nh\u01b0 v\u00e2n tay \u0111\u1ed9c nh\u1ea5t \u0111\u1ec3 x\u00e1c th\u1ef1c, s\u1eed d\u1ee5ng m\u00e3 h\u00f3a m\u1ea1nh, r\u1ea5t kh\u00f3 b\u1ecb ph\u00e1 v\u1ee1 ho\u1eb7c gi\u1ea3 m\u1ea1o.<\/li>\n<li>Thay \u0111\u1ed5i c\u1ed5ng m\u1eb7c \u0111\u1ecbnh c\u1ee7a SSH (22) \u0111\u1ec3 gi\u1ea3m r\u1ee7i ro b\u1ecb t\u1ea5n c\u00f4ng t\u1ef1 \u0111\u1ed9ng.<\/li>\n<li>S\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u m\u1ea1nh ho\u1eb7c t\u1eaft \u0111\u0103ng nh\u1eadp m\u1eadt kh\u1ea9u n\u1ebfu d\u00f9ng SSH Key.<\/li>\n<li>K\u00edch ho\u1ea1t t\u01b0\u1eddng l\u1eeda (firewall) ch\u1ec9 cho ph\u00e9p truy c\u1eadp c\u1ed5ng c\u1ea7n thi\u1ebft.<\/li>\n<li>S\u1eed d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p b\u1ed5 sung nh\u01b0 h\u1ea1n ch\u1ebf truy c\u1eadp theo IP, b\u1ea3o m\u1eadt \u0111a l\u1edbp (2FA).<\/li>\n<li>Qu\u1ea3n l\u00fd quy\u1ec1n user, h\u1ea1n ch\u1ebf quy\u1ec1n root.<\/li>\n<\/ul>\n<p>SSH VPS b\u1ea3o m\u1eadt l\u00e0 b\u1ea3o v\u1ec7 &#8220;c\u00e1nh c\u1eeda&#8221; an ninh gi\u00fap ng\u01b0\u1eddi d\u00f9ng qu\u1ea3n tr\u1ecb VPS an to\u00e0n h\u01a1n, tr\u00e1nh nguy c\u01a1 m\u1ea5t ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng do tin t\u1eb7c l\u1ee3i d\u1ee5ng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt SSH th\u00f4ng th\u01b0\u1eddng b\u1eb1ng m\u1eadt kh\u1ea9u y\u1ebfu ho\u1eb7c c\u1ed5ng m\u1eb7c \u0111\u1ecbnh d\u1ec5 d\u00f2 t\u00ecm.<\/p>\n<p>B\u1ea3o m\u1eadt SSH VPS l\u00e0 t\u1ed5ng h\u1ee3p c\u00e1c k\u1ef9 thu\u1eadt v\u00e0 thi\u1ebft l\u1eadp nh\u1eb1m \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c ph\u00e9p m\u1edbi truy c\u1eadp \u0111\u01b0\u1ee3c VPS qua giao th\u1ee9c SSH, b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p hi\u1ec7n \u0111\u1ea1i nh\u01b0 SSH Key, \u0111\u1ed5i c\u1ed5ng, firewall&#8230; \u0111\u1ec3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng m\u1ea1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tai-sao-can-bao-mat-SSH-cho-VPS\"><\/span>T\u1ea1i sao c\u1ea7n b\u1ea3o m\u1eadt SSH cho VPS?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u1ea7n b\u1ea3o m\u1eadt SSH cho VPS v\u00ec \u0111\u00e2y l\u00e0 \u0111i\u1ec3m truy c\u1eadp quan tr\u1ecdng nh\u1ea5t v\u00e0o h\u1ec7 th\u1ed1ng VPS, n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 \u0111\u00fang c\u00e1ch d\u1ec5 b\u1ecb hacker t\u1ea5n c\u00f4ng, g\u00e2y ra h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng nh\u01b0 m\u1ea5t d\u1eef li\u1ec7u, b\u1ecb chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n ho\u1eb7c gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5. C\u1ee5 th\u1ec3:<\/p>\n<ul>\n<li>SSH th\u01b0\u1eddng d\u00f9ng \u0111\u1ec3 qu\u1ea3n l\u00fd VPS t\u1eeb xa, n\u1ebfu m\u1eadt kh\u1ea9u y\u1ebfu ho\u1eb7c d\u00f9ng c\u1ed5ng m\u1eb7c \u0111\u1ecbnh d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng d\u00f2 m\u1eadt kh\u1ea9u (Brute Force) v\u00e0 c\u00e1c cu\u1ed9c x\u00e2m nh\u1eadp tr\u00e1i ph\u00e9p.<\/li>\n<li>B\u1ea3o m\u1eadt SSH b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng SSH Key thay cho m\u1eadt kh\u1ea9u gi\u00fap ng\u0103n ch\u1eb7n vi\u1ec7c \u0111o\u00e1n m\u1eadt kh\u1ea9u v\u00e0 l\u1ed9 th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00ec SSH Key d\u00f9ng m\u00e3 h\u00f3a r\u1ea5t m\u1ea1nh, an to\u00e0n h\u01a1n nhi\u1ec1u m\u1eadt kh\u1ea9u th\u00f4ng th\u01b0\u1eddng.<\/li>\n<li>Thay \u0111\u1ed5i c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh (22), t\u1eaft \u0111\u0103ng nh\u1eadp root qua SSH, h\u1ea1n ch\u1ebf truy c\u1eadp theo IP hay b\u1eadt t\u01b0\u1eddng l\u1eeda \u0111\u1ec1u l\u00e0 bi\u1ec7n ph\u00e1p quan tr\u1ecdng \u0111\u1ec3 gi\u1ea3m kh\u1ea3 n\u0103ng t\u1ea5n c\u00f4ng v\u00e0 t\u0103ng an to\u00e0n cho VPS.<\/li>\n<li>B\u1ea3o m\u1eadt SSH gi\u00fap tr\u00e1nh \u1ea3nh h\u01b0\u1edfng x\u1ea5u \u0111\u1ebfn d\u1eef li\u1ec7u, \u1ed5n \u0111\u1ecbnh h\u1ec7 th\u1ed1ng, b\u1ea3o v\u1ec7 danh ti\u1ebfng doanh nghi\u1ec7p v\u00e0 duy tr\u00ec quy\u1ec1n ki\u1ec3m so\u00e1t VPS.<\/li>\n<\/ul>\n<p>B\u1ea3o m\u1eadt SSH l\u00e0 thi\u1ebft y\u1ebfu \u0111\u1ec3 b\u1ea3o v\u1ec7 c\u1eeda ng\u00f5 k\u1ebft n\u1ed1i quan tr\u1ecdng v\u00e0o VPS, gi\u00fap ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0 gi\u1eef an to\u00e0n cho d\u1eef li\u1ec7u, d\u1ecbch v\u1ee5 tr\u00ean m\u00e1y ch\u1ee7 \u1ea3o.<\/p>\n<figure id=\"attachment_35506\" aria-describedby=\"caption-attachment-35506\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35506\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Tai-sao-can-bao-mat-SSH-cho-VPS.jpg\" alt=\"T\u1ea1i sao c\u1ea7n b\u1ea3o m\u1eadt SSH cho VPS\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Tai-sao-can-bao-mat-SSH-cho-VPS.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Tai-sao-can-bao-mat-SSH-cho-VPS-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Tai-sao-can-bao-mat-SSH-cho-VPS-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-35506\" class=\"wp-caption-text\">T\u1ea1i sao c\u1ea7n b\u1ea3o m\u1eadt SSH cho VPS?<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Cac-tep-cau-hinh-SSH-quan-trong-can-biet-tren-Linux\"><\/span>C\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh SSH quan tr\u1ecdng c\u1ea7n bi\u1ebft tr\u00ean Linux<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Khi tri\u1ec3n khai OpenSSH tr\u00ean Linux, b\u1ea1n c\u1ea7n l\u01b0u \u00fd \u0111\u1ebfn m\u1ed9t s\u1ed1 t\u1ec7p c\u1ea5u h\u00ecnh sau:<\/p>\n<ul>\n<li><strong>C\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh:<\/strong> TCP \u2013 22<\/li>\n<li><strong>\/etc\/ssh\/sshd_config:<\/strong> t\u1ec7p c\u1ea5u h\u00ecnh c\u1ee7a d\u1ecbch v\u1ee5 <strong>OpenSSH Server<\/strong>.<\/li>\n<li><strong>\/etc\/ssh\/ssh_config:<\/strong> t\u1ec7p c\u1ea5u h\u00ecnh <strong>OpenSSH Client<\/strong>.<\/li>\n<li><strong>~\/.ssh\/:<\/strong> th\u01b0 m\u1ee5c ch\u1ee9a c\u00e1c t\u1ec7p c\u1ea5u h\u00ecnh SSH d\u00e0nh ri\u00eang cho t\u1eebng user tr\u00ean Linux.<\/li>\n<li><strong>\/etc\/nologin:<\/strong> n\u1ebfu t\u1ec7p n\u00e0y t\u1ed3n t\u1ea1i, h\u1ec7 th\u1ed1ng s\u1ebd <strong>t\u1eeb ch\u1ed1i m\u1ecdi k\u1ebft n\u1ed1i SSH<\/strong> t\u1eeb c\u00e1c user kh\u00e1c (ngo\u1ea1i tr\u1eeb root). T\u1ec7p n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng trong t\u00ecnh hu\u1ed1ng kh\u1ea9n c\u1ea5p khi c\u1ea7n c\u00e1ch ly h\u1ec7 th\u1ed1ng nhanh ch\u00f3ng.<\/li>\n<\/ul>\n<p><strong>L\u01b0u \u00fd quan tr\u1ecdng:<\/strong><\/p>\n<ul>\n<li>B\u1ea1n c\u1ea7n c\u00f3 quy\u1ec1n <strong>user root<\/strong> \u0111\u1ec3 ch\u1ec9nh s\u1eeda c\u1ea5u h\u00ecnh SSH Server khi thi\u1ebft l\u1eadp b\u1ea3o m\u1eadt.<\/li>\n<li>To\u00e0n b\u1ed9 c\u00e1c b\u01b0\u1edbc c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt SSH ph\u00eda d\u01b0\u1edbi s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n th\u00f4ng qua vi\u1ec7c ch\u1ec9nh s\u1eeda t\u1ec7p <strong>\/etc\/ssh\/sshd_config<\/strong> tr\u00ean Linux.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"16-Cach-bao-mat-SSH-cho-VPS-an-toan-tuyet-doi\"><\/span>16+ C\u00e1ch b\u1ea3o m\u1eadt SSH cho VPS an to\u00e0n tuy\u1ec7t \u0111\u1ed1i<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1-Chi-su-dung-giao-thuc-SSH-phien-ban-2\"><\/span>1. Ch\u1ec9 s\u1eed d\u1ee5ng giao th\u1ee9c SSH phi\u00ean b\u1ea3n 2<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Phi\u00ean b\u1ea3n SSH-1 hi\u1ec7n \u0111\u00e3 l\u1ed7i th\u1eddi v\u00e0 t\u1ed3n t\u1ea1i nhi\u1ec1u l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt, \u0111\u1eb7c bi\u1ec7t l\u00e0 nguy c\u01a1 <strong>t\u1ea5n c\u00f4ng man-in-the-middle<\/strong>. Do \u0111\u00f3, b\u1ea1n n\u00ean c\u1ea5u h\u00ecnh \u0111\u1ec3 <strong>ch\u1ec9 d\u00f9ng SSH phi\u00ean b\u1ea3n 2<\/strong>.<\/p>\n<p>Tr\u00ean h\u1ea7u h\u1ebft h\u1ec7 \u0111i\u1ec1u h\u00e0nh hi\u1ec7n nay, SSH m\u1eb7c \u0111\u1ecbnh l\u00e0 phi\u00ean b\u1ea3n 2, nh\u01b0ng m\u1ed9t s\u1ed1 b\u1ea3n Linux c\u0169 v\u1eabn h\u1ed7 tr\u1ee3 c\u1ea3 hai phi\u00ean b\u1ea3n.<\/p>\n<div><code># Protocol 2<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"2-Vo-hieu-hoa-dang-nhap-bang-mat-khau-rong\"><\/span>2. V\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng m\u1eadt kh\u1ea9u r\u1ed7ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kh\u00f4ng cho ph\u00e9p user \u0111\u0103ng nh\u1eadp SSH m\u00e0 kh\u00f4ng c\u00f3 m\u1eadt kh\u1ea9u l\u00e0 \u0111i\u1ec1u b\u1eaft bu\u1ed9c \u0111\u1ec3 tr\u00e1nh r\u1ee7i ro b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng.<\/p>\n<div><code># PermitEmptyPasswords no<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"3-Thay-doi-cong-SSH-mac-dinh-Port-22\"><\/span>3. Thay \u0111\u1ed5i c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh (Port 22)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh l\u00e0 <strong>22<\/strong>, nh\u01b0ng v\u00ec \u0111\u00e2y l\u00e0 port ph\u1ed5 bi\u1ebfn, c\u00e1c hacker th\u01b0\u1eddng scan t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 t\u1ea5n c\u00f4ng.<\/p>\n<p>B\u1ea1n n\u00ean <strong>\u0111\u1ed5i sang port kh\u00e1c<\/strong> (v\u00ed d\u1ee5 8022) \u0111\u1ec3 h\u1ea1n ch\u1ebf r\u1ee7i ro.<\/p>\n<div><code># Port 8022<br \/>\n<\/code><\/div>\n<p>N\u1ebfu VPS c\u00f3 nhi\u1ec1u \u0111\u1ecba ch\u1ec9 IP, b\u1ea1n n\u00ean ch\u1ec9 \u0111\u1ecbnh c\u1ee5 th\u1ec3 IP n\u00e0o cho ph\u00e9p SSH l\u1eafng nghe k\u1ebft n\u1ed1i, \u0111i\u1ec1u n\u00e0y gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt.<\/p>\n<div><code># ListenAddress 192.168.1.123<br \/>\n<\/code><\/div>\n<figure id=\"attachment_35509\" aria-describedby=\"caption-attachment-35509\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-35509\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-bao-mat-SSH-cho-VPS-an-toan.jpg\" alt=\"C\u00e1ch b\u1ea3o m\u1eadt SSH cho VPS an to\u00e0n\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-bao-mat-SSH-cho-VPS-an-toan.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-bao-mat-SSH-cho-VPS-an-toan-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/11\/Cach-bao-mat-SSH-cho-VPS-an-toan-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-35509\" class=\"wp-caption-text\">C\u00e1ch b\u1ea3o m\u1eadt SSH cho VPS an to\u00e0n<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"4-Tat-dang-nhap-bang-tai-khoan-root\"><\/span>4. T\u1eaft \u0111\u0103ng nh\u1eadp b\u1eb1ng t\u00e0i kho\u1ea3n root<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kh\u00f4ng n\u00ean cho ph\u00e9p \u0111\u0103ng nh\u1eadp SSH tr\u1ef1c ti\u1ebfp b\u1eb1ng user root.<\/p>\n<p>Thay v\u00e0o \u0111\u00f3, h\u00e3y t\u1ea1o m\u1ed9t user th\u01b0\u1eddng v\u00e0 d\u00f9ng <strong>sudo ho\u1eb7c su<\/strong> khi c\u1ea7n quy\u1ec1n root.<\/p>\n<div><code># PermitRootLogin no<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"5-Bat-che-do-kiem-tra-quyen-StrictModes\"><\/span>5. B\u1eadt ch\u1ebf \u0111\u1ed9 ki\u1ec3m tra quy\u1ec1n StrictModes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>T\u00f9y ch\u1ecdn n\u00e0y bu\u1ed9c SSH ph\u1ea3i ki\u1ec3m tra quy\u1ec1n truy c\u1eadp (permission) c\u1ee7a th\u01b0 m\u1ee5c <code>$HOME<\/code>, <code>.ssh<\/code> v\u00e0 file <code>authorized_keys<\/code>.<\/p>\n<p>N\u1ebfu b\u1ecf qua, SSH c\u00f3 th\u1ec3 b\u1ecb truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n<div><code># StrictModes yes<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"6-Gioi-han-so-lan-dang-nhap-sai\"><\/span>6. Gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 tr\u00e1nh t\u1ea5n c\u00f4ng brute force, h\u00e3y gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n nh\u1eadp sai m\u1eadt kh\u1ea9u (v\u00ed d\u1ee5 3 l\u1ea7n).<\/p>\n<div><code># MaxAuthTries 3<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"7-Kich-hoat-xac-thuc-hai-lop-Google-Authenticator\"><\/span>7. K\u00edch ho\u1ea1t x\u00e1c th\u1ef1c hai l\u1edbp (Google Authenticator)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e0i \u0111\u1eb7t <strong>Google Authenticator<\/strong> gi\u00fap b\u1ed5 sung l\u1edbp b\u1ea3o m\u1eadt th\u1ee9 hai: sau khi nh\u1eadp m\u1eadt kh\u1ea9u, ng\u01b0\u1eddi d\u00f9ng c\u1ea7n nh\u1eadp m\u00e3 x\u00e1c th\u1ef1c tr\u00ean \u0111i\u1ec7n tho\u1ea1i. C\u00e1ch n\u00e0y gi\u00fap ng\u0103n ch\u1eb7n vi\u1ec7c truy c\u1eadp tr\u00e1i ph\u00e9p hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"8-Vo-hieu-hoa-dang-nhap-bang-rhosts\"><\/span>8. V\u00f4 hi\u1ec7u h\u00f3a \u0111\u0103ng nh\u1eadp b\u1eb1ng ~\/.rhosts<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>T\u00ednh n\u0103ng \u201crlogin\u201d qua port 22 \u0111\u00e3 qu\u00e1 c\u0169 v\u00e0 ti\u1ec1m \u1ea9n nhi\u1ec1u l\u1ed7 h\u1ed5ng.<\/p>\n<p>N\u1ebfu trong file <code>~\/.rhosts<\/code> c\u00f3 danh s\u00e1ch user v\u00e0 host, c\u00e1c user n\u00e0y c\u00f3 th\u1ec3 truy c\u1eadp h\u1ec7 th\u1ed1ng <strong>m\u00e0 kh\u00f4ng c\u1ea7n m\u1eadt kh\u1ea9u<\/strong>.<\/p>\n<p>H\u00e3y t\u1eaft ngay t\u00f9y ch\u1ecdn n\u00e0y \u0111\u1ec3 t\u0103ng b\u1ea3o m\u1eadt.<\/p>\n<div><code># IgnoreRhosts yes<br \/>\n# RhostsRSAAuthentication no<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"9-Tu-dong-ngat-ket-noi-khi-user-khong-hoat-dong\"><\/span>9. T\u1ef1 \u0111\u1ed9ng ng\u1eaft k\u1ebft n\u1ed1i khi user kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Thi\u1ebft l\u1eadp <strong>th\u1eddi gian timeout<\/strong> \u0111\u1ec3 SSH Server t\u1ef1 \u0111\u1ed9ng ng\u1eaft k\u1ebft n\u1ed1i khi ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng t\u01b0\u01a1ng t\u00e1c trong kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh (v\u00ed d\u1ee5 5 ph\u00fat).<\/p>\n<div><code># ClientAliveInterval 300<br \/>\n# ClientAliveCountMax 0<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"10-Dat-mat-khau-manh-va-kho-doan\"><\/span>10. \u0110\u1eb7t m\u1eadt kh\u1ea9u m\u1ea1nh v\u00e0 kh\u00f3 \u0111o\u00e1n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n v\u1eabn s\u1eed d\u1ee5ng \u0111\u0103ng nh\u1eadp SSH b\u1eb1ng m\u1eadt kh\u1ea9u, h\u00e3y \u0111\u1ea3m b\u1ea3o:<\/p>\n<ul>\n<li>D\u00e0i tr\u00ean 8 k\u00fd t\u1ef1.<\/li>\n<li>C\u00f3 ch\u1eef hoa, ch\u1eef th\u01b0\u1eddng, s\u1ed1 v\u00e0 k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t.<\/li>\n<li>Kh\u00f4ng d\u00f9ng t\u1eeb d\u1ec5 \u0111o\u00e1n ho\u1eb7c ph\u1ed5 bi\u1ebfn.<\/li>\n<\/ul>\n<p>V\u00ed d\u1ee5: <code>sshbC3yuq57@S<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"11-Gioi-han-thoi-gian-nhap-thong-tin-dang-nhap\"><\/span>11. Gi\u1edbi h\u1ea1n th\u1eddi gian nh\u1eadp th\u00f4ng tin \u0111\u0103ng nh\u1eadp<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Thi\u1ebft l\u1eadp kho\u1ea3ng th\u1eddi gian (v\u00ed d\u1ee5 120 gi\u00e2y) \u0111\u1ec3 ng\u01b0\u1eddi d\u00f9ng ho\u00e0n t\u1ea5t qu\u00e1 tr\u00ecnh \u0111\u0103ng nh\u1eadp. N\u1ebfu v\u01b0\u1ee3t qu\u00e1 th\u1eddi gian n\u00e0y, k\u1ebft n\u1ed1i SSH s\u1ebd b\u1ecb t\u1ef1 \u0111\u1ed9ng ng\u1eaft.<\/p>\n<p><code># LoginGraceTime 120<br \/>\n<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"12-Tat-hien-thi-log-dang-nhap-lan-gan-nhat\"><\/span>12. T\u1eaft hi\u1ec3n th\u1ecb log \u0111\u0103ng nh\u1eadp l\u1ea7n g\u1ea7n nh\u1ea5t<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n kh\u00f4ng mu\u1ed1n hi\u1ec3n th\u1ecb th\u00f4ng tin \u201cLast login\u201d khi truy c\u1eadp SSH, h\u00e3y t\u1eaft t\u00f9y ch\u1ecdn n\u00e0y:<\/p>\n<p><code># PrintLastLog no<br \/>\n<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"13-Dung-SSH-Key-thay-vi-mat-khau\"><\/span>13. D\u00f9ng SSH Key thay v\u00ec m\u1eadt kh\u1ea9u<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u0103ng nh\u1eadp b\u1eb1ng <strong>SSH Key<\/strong> l\u00e0 ph\u01b0\u01a1ng ph\u00e1p b\u1ea3o m\u1eadt t\u1ed1t nh\u1ea5t hi\u1ec7n nay. N\u1ebfu v\u1eabn d\u00f9ng m\u1eadt kh\u1ea9u, b\u1ea1n c\u00f3 th\u1ec3 b\u1ecb <strong>m\u1ea5t quy\u1ec1n truy c\u1eadp VPS<\/strong> n\u1ebfu m\u1eadt kh\u1ea9u b\u1ecb l\u1ed9 ho\u1eb7c b\u1ecb t\u1ea5n c\u00f4ng brute force.<\/p>\n<p>H\u00e3y <strong>t\u1eaft x\u00e1c th\u1ef1c m\u1eadt kh\u1ea9u<\/strong> v\u00e0 ch\u1ec9 b\u1eadt x\u00e1c th\u1ef1c SSH Key:<\/p>\n<p><code># PubkeyAuthentication yes<br \/>\n# PasswordAuthentication no<br \/>\n<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"14-Gioi-han-user-hoac-group-duoc-phep-dang-nhap-SSH\"><\/span>14. Gi\u1edbi h\u1ea1n user ho\u1eb7c group \u0111\u01b0\u1ee3c ph\u00e9p \u0111\u0103ng nh\u1eadp SSH<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>B\u1ea1n c\u00f3 th\u1ec3 cho ph\u00e9p ho\u1eb7c t\u1eeb ch\u1ed1i SSH cho t\u1eebng user ho\u1eb7c group c\u1ee5 th\u1ec3.<\/p>\n<p>Cho ph\u00e9p:<\/p>\n<p><code># AllowUsers user1 user2<br \/>\n# AllowGroups group1<\/code><\/p>\n<p>T\u1eeb ch\u1ed1i:<\/p>\n<p><code># DenyUsers user3 user4<br \/>\n# DenyGroups guest<br \/>\n<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"15-Su-dung-Firewall-CSF-de-bao-ve-VPS\"><\/span>15. S\u1eed d\u1ee5ng Firewall CSF \u0111\u1ec3 b\u1ea3o v\u1ec7 VPS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>CSF (ConfigServer Security &amp; Firewall)<\/strong> l\u00e0 t\u01b0\u1eddng l\u1eeda ph\u1ea7n m\u1ec1m m\u1ea1nh m\u1ebd, d\u1ec5 c\u1ea5u h\u00ecnh, c\u00f3 th\u1ec3 ch\u1ed1ng DDoS, DoS v\u00e0 gi\u1edbi h\u1ea1n IP truy c\u1eadp SSH.<\/p>\n<p>CSF ho\u1ea1t \u0111\u1ed9ng t\u1ed1t tr\u00ean c\u00e1c n\u1ec1n t\u1ea3ng nh\u01b0 <strong>cPanel, DirectAdmin, CWP,\u2026<\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"16-Cai-dat-Fail2Ban-de-chan-IP-doc-hai\"><\/span>16. C\u00e0i \u0111\u1eb7t Fail2Ban \u0111\u1ec3 ch\u1eb7n IP \u0111\u1ed9c h\u1ea1i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Fail2Ban<\/strong> th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng c\u00f9ng <strong>iptables<\/strong> \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng ch\u1eb7n IP c\u00f3 h\u00e0nh vi \u0111\u00e1ng ng\u1edd (nh\u01b0 d\u00f2 m\u1eadt kh\u1ea9u). C\u00f4ng c\u1ee5 n\u00e0y c\u0169ng c\u00f3 th\u1ec3 b\u1ea3o v\u1ec7 c\u00e1c h\u1ec7 th\u1ed1ng t\u1ed5ng \u0111\u00e0i nh\u01b0 <strong>Asterisk, Freeswitch<\/strong>, gi\u00fap ch\u1ed1ng t\u1ea5n c\u00f4ng SIP, DoS ho\u1eb7c DDoS.<\/p>\n<div style=\"background-color: #f0f0f1; padding: 15px; border-radius: 5px;\">N\u1ebfu b\u1ea1n ch\u01b0a t\u1ef1 tin trong vi\u1ec7c thi\u1ebft l\u1eadp v\u00e0 b\u1ea3o m\u1eadt SSH cho VPS, h\u00e3y l\u1ef1a ch\u1ecdn <strong>d\u1ecbch v\u1ee5 VPS an to\u00e0n \u2013 hi\u1ec7u n\u0103ng cao t\u1ea1i InterData<\/strong>. H\u1ec7 th\u1ed1ng c\u1ee7a InterData \u0111\u01b0\u1ee3c trang b\u1ecb <strong>ch\u1ed1ng DDoS, t\u01b0\u1eddng l\u1eeda \u0111a l\u1edbp, \u1ed5 c\u1ee9ng NVMe t\u1ed1c \u0111\u1ed9 cao v\u00e0 \u0111\u1ed9i ng\u0169 k\u1ef9 thu\u1eadt h\u1ed7 tr\u1ee3 24\/7<\/strong>, gi\u00fap b\u1ea1n v\u1eadn h\u00e0nh m\u00e1y ch\u1ee7 \u1ed5n \u0111\u1ecbnh, b\u1ea3o m\u1eadt v\u00e0 \u0111\u1ea1t hi\u1ec7u su\u1ea5t t\u1ed1i \u0111a.<\/div>\n<div style=\"background-color: #f0f0f1; padding: 15px; border-radius: 5px; text-align: center;\"><a style=\"color: #0d6efd; text-decoration: underline; font-weight: 600;\" href=\"https:\/\/interdata.vn\/thue-vps\/\">Kh\u00e1m ph\u00e1 ngay d\u1ecbch v\u1ee5 VPS b\u1ea3o m\u1eadt cao t\u1ea1i InterData<\/a>.<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Goi-y-cac-cong-cu-ho-tro-bao-mat-SSH-VPS\"><\/span>G\u1ee3i \u00fd c\u00e1c c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 b\u1ea3o m\u1eadt SSH VPS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00e1c c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 b\u1ea3o m\u1eadt SSH VPS ph\u1ed5 bi\u1ebfn v\u00e0 hi\u1ec7u qu\u1ea3 bao g\u1ed3m:<\/p>\n<ul>\n<li><strong>SSH Key<\/strong>: \u0110\u00e2y l\u00e0 c\u00f4ng c\u1ee5 quan tr\u1ecdng nh\u1ea5t \u0111\u1ec3 thay th\u1ebf m\u1eadt kh\u1ea9u, s\u1eed d\u1ee5ng c\u1eb7p kh\u00f3a c\u00f4ng khai (public key) v\u00e0 kh\u00f3a ri\u00eang (private key) gi\u00fap m\u00e3 h\u00f3a b\u1ea5t \u0111\u1ed1i x\u1ee9ng, t\u0103ng c\u01b0\u1eddng x\u00e1c th\u1ef1c m\u1ea1nh m\u1ebd v\u00e0 ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng d\u00f2 m\u1eadt kh\u1ea9u.<\/li>\n<li><strong>PuTTY<\/strong>: Ph\u1ea7n m\u1ec1m client SSH ph\u1ed5 bi\u1ebfn tr\u00ean Windows, h\u1ed7 tr\u1ee3 k\u1ebft n\u1ed1i an to\u00e0n \u0111\u1ebfn VPS, qu\u1ea3n l\u00fd phi\u00ean l\u00e0m vi\u1ec7c, v\u00e0 c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt k\u1ebft n\u1ed1i SSH.<\/li>\n<li><strong>Xshell<\/strong>: M\u1ed9t c\u00f4ng c\u1ee5 m\u1ea1nh m\u1ebd gi\u00fap \u0111\u0103ng nh\u1eadp v\u00e0 qu\u1ea3n l\u00fd VPS an to\u00e0n, h\u1ed7 tr\u1ee3 nhi\u1ec1u t\u00ednh n\u0103ng b\u1ea3o m\u1eadt cao c\u1ea5p v\u00e0 qu\u1ea3n l\u00fd phi\u00ean SSH hi\u1ec7u qu\u1ea3.<\/li>\n<li><strong>Firewall (v\u00ed d\u1ee5 CSF &#8211; ConfigServer Security &amp; Firewall)<\/strong>: C\u00f4ng c\u1ee5 t\u01b0\u1eddng l\u1eeda m\u1ec1m gi\u00fap qu\u1ea3n l\u00fd c\u00e1c c\u1ed5ng m\u1edf, h\u1ea1n ch\u1ebf truy c\u1eadp tr\u00e1i ph\u00e9p th\u00f4ng qua c\u1ed5ng SSH v\u00e0 b\u1ea3o v\u1ec7 VPS kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng.<\/li>\n<li><strong>C\u00f4ng c\u1ee5 c\u1ea5u h\u00ecnh SSH server<\/strong>: Cho ph\u00e9p t\u1eaft \u0111\u0103ng nh\u1eadp m\u1eadt kh\u1ea9u, ch\u1ec9 cho ph\u00e9p x\u00e1c th\u1ef1c b\u1eb1ng SSH Key, thay \u0111\u1ed5i c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh, gi\u1edbi h\u1ea1n quy\u1ec1n user truy c\u1eadp, c\u1ea5u h\u00ecnh timeout \u0111\u0103ng nh\u1eadp l\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt quan tr\u1ecdng \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n qua file sshd_config.<\/li>\n<\/ul>\n<p>Nh\u1eefng c\u00f4ng c\u1ee5 n\u00e0y ph\u1ed1i h\u1ee3p t\u1ea1o th\u00e0nh h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt SSH hi\u1ec7u qu\u1ea3 cho VPS, b\u1ea3o v\u1ec7 t\u1ed1i \u0111a quy\u1ec1n truy c\u1eadp v\u00e0 ng\u0103n ng\u1eeba c\u00e1c nguy c\u01a1 b\u1ea3o m\u1eadt t\u1eeb m\u1ea1ng Internet.<\/p>\n<p>B\u1ea3o m\u1eadt SSH VPS kh\u00f4ng ch\u1ec9 l\u00e0 thao t\u00e1c k\u1ef9 thu\u1eadt, m\u00e0 l\u00e0 <strong>b\u01b0\u1edbc n\u1ec1n t\u1ea3ng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n cho to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng m\u00e1y ch\u1ee7<\/strong>. Ch\u1ec9 c\u1ea7n m\u1ed9t l\u1ed7 h\u1ed5ng nh\u1ecf trong c\u1ea5u h\u00ecnh SSH, k\u1ebb x\u1ea5u c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng x\u00e2m nh\u1eadp, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u ho\u1eb7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n VPS.<\/p>\n<p>V\u00ec v\u1eady, vi\u1ec7c <strong>thi\u1ebft l\u1eadp v\u00e0 duy tr\u00ec c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt SSH<\/strong> nh\u01b0 \u0111\u1ed5i port m\u1eb7c \u0111\u1ecbnh, t\u1eaft root login, s\u1eed d\u1ee5ng SSH key, gi\u1edbi h\u1ea1n quy\u1ec1n truy c\u1eadp hay b\u1eadt x\u00e1c th\u1ef1c hai l\u1edbp l\u00e0 \u0111i\u1ec1u b\u1eaft bu\u1ed9c v\u1edbi m\u1ecdi qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>B\u1ea3o m\u1eadt SSH VPS l\u00e0 m\u1ed9t trong nh\u1eefng y\u1ebfu t\u1ed1 quan tr\u1ecdng nh\u1ea5t \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o an to\u00e0n cho m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n tr\u01b0\u1edbc c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi. D\u00f9 b\u1ea1n l\u00e0 l\u1eadp tr\u00ecnh vi\u00ean, qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng hay ng\u01b0\u1eddi m\u1edbi s\u1eed d\u1ee5ng VPS, vi\u1ec7c hi\u1ec3u v\u00e0 tri\u1ec3n khai b\u1ea3o<\/p>\n","protected":false},"author":11,"featured_media":35513,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-35492","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=35492"}],"version-history":[{"count":3,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35492\/revisions"}],"predecessor-version":[{"id":35595,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/35492\/revisions\/35595"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/35513"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=35492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=35492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=35492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}