Koyan SSH: Kyawawan ayyuka da za a yi a cikin Sabar SSH

Koyan SSH: Kyawawan ayyuka da za a yi a cikin Sabar SSH

Koyan SSH: Kyawawan ayyuka da za a yi a cikin Sabar SSH

A wannan karon, post na shida da na karshe, daga jerin labaran mu akan Koyon SSH za mu magance a cikin m hanya, da sanyi da kuma amfani da zaɓuɓɓukan da aka ƙayyade a cikin Buɗe fayil ɗin sanyi naSSH wanda aka sarrafa a gefen ssh-uwar garke, wato fayil "SSHD Config" (sshd_config). Wanda muka yi magana a cikin kason da ya gabata.

Ta hanyar da za mu iya sani a takaice, sauki da kuma kai tsaye, wasu daga cikin mafi kyawun ayyuka (shawarwari da shawarwari) lokacin kafa SSH Servera gida da kuma a ofis.

Koyon SSH: SSHD Saita Zaɓuɓɓukan Fayil da Ma'auni

Koyon SSH: SSHD Saita Zaɓuɓɓukan Fayil da Ma'auni

Kuma, kafin fara batun yau, game da mafi kyau "Kyawawan ayyuka don amfani a cikin saitunan SSH Server", za mu bar wasu hanyoyin zuwa littattafai masu alaƙa, don karantawa a gaba:

Koyon SSH: SSHD Saita Zaɓuɓɓukan Fayil da Ma'auni
Labari mai dangantaka:
Koyon SSH: SSHD Saita Zaɓuɓɓukan Fayil da Ma'auni

Koyon SSH: SSH Saita Fayil Zaɓuɓɓuka da Ma'auni
Labari mai dangantaka:
Koyon SSH: SSH Saita Fayil Zaɓuɓɓuka da Ma'auni

Ayyuka masu kyau a cikin SSH Server

Ayyuka masu kyau a cikin SSH Server

Wadanne ayyuka masu kyau ne ake amfani da su yayin daidaita Sabar SSH?

Na gaba, kuma bisa zaɓuɓɓuka da sigogi del Fayil na SSHD (sshd_config), wanda aka gani a baya a cikin sakon da ya gabata, waɗannan zasu zama wasu daga cikin mafi kyawun ayyuka don aiwatarwa game da daidaitawar fayil ɗin da aka ce, zuwa inshora mafi kyawun mu hanyoyin sadarwa masu nisa, masu shigowa da masu fita, akan Sabar SSH da aka bayar:

Kyakkyawan ayyuka a cikin Sabar SSH: Zaɓin AllowUsers

Ƙayyade masu amfani waɗanda za su iya shiga SSH tare da zaɓi Masu Amfani

Tunda wannan zaɓi ko siga yawanci ba a haɗa ta ta tsohuwa a cikin wannan fayil ɗin, ana iya saka shi a ƙarshensa. Yin amfani da a jerin tsarin sunan mai amfani, rabu da sarari. Don haka, idan an ƙayyade, shiga, to, iri ɗaya kawai za a ba da izini don matches na sunan mai amfani da sunan mai masauki wanda ya dace da ɗaya daga cikin tsarin da aka tsara.

Misali, kamar yadda aka gani a kasa:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

Mafi kyawun Ayyuka a cikin Sabar SSH: Zaɓin Sauraron Adireshin

Faɗa wa SSH wace hanyar sadarwar gida don saurare tare da zaɓin ListenAddress

Don yin wannan, dole ne ka kunna (uncomment) da zaɓi SaurariAdress, wanda ya zo dagae default tare da darajar "0.0.0.0", amma yana aiki a zahiri DUK yanayin, wato sauraron duk hanyoyin sadarwa na cibiyar sadarwa. Don haka, sai a ce darajar dole ne a kafa ta yadda aka ayyana wanne ko adireshin IP na gida shirin sshd zai yi amfani da su don sauraron buƙatun haɗin gwiwa.

Misali, kamar yadda aka gani a kasa:

ListenAddress 129.168.2.1 192.168.1.*

Kyawawan ayyuka a cikin Sabar SSH: Zaɓin Tabbatar da kalmar wucewa

Saita shiga SSH ta maɓalli tare da zaɓi Tabbatar da kalmar wucewa

Don yin wannan, dole ne ka kunna (uncomment) da zaɓi Tabbatar da kalmar wucewa, wanda ya zo dagae default tare da iya darajar. Sannan, saita wannan ƙimar azaman "Kar ka", don buƙatar amfani da maɓallan jama'a da masu zaman kansu don samun izinin shiga ga takamaiman na'ura. Cimma cewa masu amfani da nesa kawai za su iya shiga, daga kwamfuta ko kwamfutoci, waɗanda aka ba da izini a baya. Misali, kamar yadda aka gani a kasa:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Kyakkyawan ayyuka a cikin Sabar SSH: PermitRootLogin Option

Kashe tushen shiga ta hanyar SSH tare da zaɓi Samun RoginShigowa

Don yin wannan, dole ne ka kunna (uncomment) da Zaɓin PermitRootLogin, wanda ya zo dagae default tare da darajar "haramta-kalmar sirri".. Duk da haka, idan ana so cewa a cikakke. Ba a yarda mai amfani da tushe ya fara zaman SSH ba, ƙimar da ta dace don saita ita ce "Kar ka". Misali, kamar yadda aka gani a kasa:

PermitRootLogin no

Kyawawan ayyuka a cikin Sabar SSH: Zabin Port

Canja tsohuwar tashar SSH tare da zaɓin Port

Don yin wannan, dole ne ka kunna (uncomment) da zaɓi na tashar jiragen ruwa, wanda ya zo ta hanyar tsoho tare da darajar "22". Duk da haka, Yana da mahimmanci a canza wannan tashar jiragen ruwa zuwa kowace irin wacce ake da ita, don ragewa da kuma guje wa yawan hare-hare, da hannu ko kuma baƙar fata, waɗanda za a iya yi ta hanyar sanannen tashar jiragen ruwa. Yana da mahimmanci a tabbatar cewa wannan sabuwar tashar jiragen ruwa tana samuwa kuma sauran aikace-aikacen da za su haɗa zuwa uwar garken namu za su iya amfani da su. Misali, kamar yadda aka gani a kasa:

Port 4568

Wasu zaɓuɓɓuka masu amfani don saitawa

Wasu zaɓuɓɓuka masu amfani don saitawa

A ƙarshe, kuma tun shirin SSH ya yi yawa, kuma a cikin kashi na baya mun riga mun magance kowane zaɓin daki-daki, a ƙasa za mu nuna wasu ƙarin zaɓuɓɓuka kawai, tare da wasu dabi'u waɗanda zasu iya dacewa a lokuta masu yawa da bambance-bambancen amfani.

Kuma waɗannan su ne masu zuwa:

  • Banner /etc/issue
  • ClientAliveInterval 300
  • ClientAliveCountMax 0
  • Shiga Lokaci 30
  • Matsayin Log takardunku
  • MaxAuthTries 3
  • MaxSessions 0
  • Max Farawa 3
  • IzininEmptyPasswords A'a
  • PrintMotd iya
  • PrintLastLog eh
  • Yankuna masu tsauri A
  • SyslogFacility AUTH
  • X11 Gabatar da eh
  • X11 NuniOffset 5

NoteLura: Lura cewa, ya danganta da matakin ƙwarewa da ƙwarewa na SysAdmins da buƙatun tsaro na kowane dandamali na fasaha, yawancin waɗannan zaɓuɓɓukan na iya bambanta daidai da ma'ana ta hanyoyi daban-daban. Bugu da kari, za a iya kunna wasu zabuka masu ci gaba ko hadaddun, saboda suna da amfani ko kuma sun zama dole a wurare daban-daban na aiki.

Sauran kyawawan ayyuka

Daga cikin wasu kyawawan ayyuka don aiwatarwa a cikin SSH Server Zamu iya ambaci waɗannan abubuwa masu zuwa:

  1. Saita sanarwar imel na gargaɗi don duk ko takamaiman haɗin SSH.
  2. Kare damar SSH zuwa sabobin mu daga hare-haren karfi ta amfani da kayan aikin Fail2ban.
  3. Bincika lokaci-lokaci tare da kayan aikin Nmap akan sabar SSH da sauransu, don neman yiwuwar buɗe tashoshin jiragen ruwa mara izini ko buƙata.
  4. Ƙarfafa tsaro na dandamalin IT ta hanyar shigar da IDS (Tsarin Gano Kutse) da IPS (Tsarin Rigakafin Kutse).
Koyon SSH: Zaɓuɓɓuka da Ma'aunin Kanfigareshan
Labari mai dangantaka:
Koyan SSH: Zaɓuɓɓuka da Ma'auni na Kanfigareshan - Sashe na I
Labari mai dangantaka:
Koyan SSH: Shigarwa da Fayilolin Kanfigareshan

Zagaye: Banner post 2021

Tsaya

A takaice, tare da wannan sabon kashi-kashi "Koyan SSH" mun gama bayanin bayanin akan duk abin da ya shafi BUDE. Tabbas, a cikin ɗan gajeren lokaci, za mu raba ɗan ƙarin mahimman bayanai game da Yarjejeniyar SSH, da kuma game da nasa amfani da console mediante Scriptan Shell. Don haka muna fata kuna "Kyawawan ayyuka a cikin SSH Server", sun ƙara ƙima mai yawa, duka na sirri da ƙwararru, lokacin amfani da GNU/Linux.

Idan kuna son wannan post ɗin, ku tabbata kuyi sharhi akansa kuma kuyi sharing zuwa wasu. Kuma ku tuna, ziyarci mu «shafin gida» don bincika ƙarin labarai, da shiga tashar tashar mu ta hukuma Sakon waya daga FromLinux, Yamma rukuni don ƙarin bayani kan batun yau.


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

2 comments, bar naka

Bar tsokaci

Your email address ba za a buga.

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   lhoqvso m

    Ina sa ran kashi na biyu na wannan labarin inda za ku ƙara faɗaɗa kan batu na ƙarshe:

    Ƙarfafa tsaro na dandamalin IT ta hanyar shigar da IDS (Tsarin Gano Kutse) da IPS (Tsarin Rigakafin Kutse).

    Gracias !!

    1.    Linux Post Shigar m

      Gaisuwa, Lhoqvso. Zan jira a gane ta. Na gode da ziyartar mu, karanta abubuwan mu da sharhi.