Kuphunzira SSH: Zochita zabwino zomwe mungachite mu SSH Server

Aprendiendo SSH: Buenas prácticas a realizar en un Servidor SSH

Kuphunzira SSH: Njira zabwino zochitira mu Seva ya SSH

Munthawi imeneyi, post yachisanu ndi chimodzi ndi yomaliza, kuchokera mndandanda wa zolemba zathu Maphunziro a SSH tidzakambirana m'njira yothandiza, kasinthidwe ndi kugwiritsa ntchito zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo ssh seva, ndiye fayilo "SHD Config" (sshd_config). Zomwe, takambirana m'nkhani yapitayi.

M'njira yoti tithe kudziwa mwachidule, mophweka komanso molunjika, ena mwa machitidwe abwino kwambiri (malangizo ndi malangizo) pamene khazikitsani Seva ya SSHkunyumba ndi muofesi.

Aprendiendo SSH: Opciones y parámetros del archivo SSHD Config

Kuphunzira SSH: SSHD Config File Options ndi Parameters

Ndipo, musanayambe mutu wa lero, za zabwino kwambiri "Zochita zabwino zomwe mungagwiritse ntchito pakukhazikitsa kwa SSH Server", tidzasiya maulalo okhudzana ndi zofalitsa, kuti tiwerenge pambuyo pake:

Nkhani yowonjezera:

Kuphunzira SSH: SSHD Config File Options ndi Parameters

Kuphunzira SSH: SSH Config File Options ndi Parameters

Aprendiendo SSH: Opciones y parámetros del archivo SSH Config

Nkhani yowonjezera:

Kuphunzira SSH: SSH Config File Options ndi Parameters

Zotsatira

1 Zochita zabwino mu Seva ya SSH
2 Chidule

Zochita zabwino mu Seva ya SSH

Ndi njira zabwino ziti zomwe zimagwira ntchito pokonza Seva ya SSH?

Chotsatira, ndikutengera zosankha ndi magawo del SSHD Config file (sshd_config), zomwe zidawoneka kale mu post yapitayi, izi zitha kukhala zina mwazo machitidwe abwino kwambiri kuchita zokhudzana ndi kasinthidwe ka fayiloyo, ku inshuwaransi zathu zabwino maulumikizidwe akutali, obwera ndi otuluka, pa Seva ya SSH yopatsidwa:

Tchulani ogwiritsa ntchito omwe angalowe mu SSH ndi mwayi Amalola Ogwiritsa Ntchito

Popeza njira iyi kapena parameter nthawi zambiri siyimaphatikizidwe mwachisawawa mufayilo yomwe yanenedwa, imatha kuyikidwa kumapeto kwake. Kugwiritsa ntchito a mndandanda wa machitidwe olowera, olekanitsidwa ndi mipata. Kotero kuti, ngati zanenedwa, kulowa, ndiye zomwezo zokha zidzaloledwa pa dzina lolowera ndi dzina la olandila zomwe zimagwirizana ndi imodzi mwamachitidwe okonzedwa.

Mwachitsanzo, monga tawonera pansipa:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

Uzani SSH mawonekedwe amtaneti amdera lanu kuti mumvetsere ndi njira ya ListenAddress

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo kusankha MveraniAddress, yomwe imachokerandi default ndi mtengo "0.0.0.0", koma zimagwira ntchito ONSE mode, ndiye kuti, mverani pa maukonde onse omwe alipo. Chifukwa chake, ndiye kuti mtengo uyenera kukhazikitsidwa m'njira yodziwika kuti ndi iti kapena ma IP adilesi adzagwiritsidwa ntchito ndi pulogalamu ya sshd kumvera zopempha zolumikizana.

Mwachitsanzo, monga tawonera pansipa:

ListenAddress 129.168.2.1 192.168.1.*

Khazikitsani kulowa kwa SSH kudzera makiyi ndi mwayi Kutsimikizira Achinsinsi

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo kusankha Kutsimikizira Achinsinsi, yomwe imachokerandi default ndi inde mtengo. Ndiyeno, ikani mtengowo ngati "Ayi", pofuna kufunikira kugwiritsa ntchito makiyi apagulu ndi achinsinsi kuti akwaniritse chilolezo chofikira pamakina enaake. Kukwaniritsa kuti ogwiritsa ntchito akutali okha ndi omwe angalowe, kuchokera pakompyuta kapena makompyuta, omwe adaloledwa kale. Mwachitsanzo, monga tawonera pansipa:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Letsani kulowa kwa mizu kudzera pa SSH ndi mwayi ChilolezoRootLogin

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo PermitRootLogin njira, yomwe imachokerandi default ndi mtengo wa "prohibit-password".. Komabe, ngati akufuna kuti zonse, wogwiritsa ntchito mizu saloledwa kuyambitsa gawo la SSH, mtengo woyenera kukhazikitsa ndi "Ayi". Mwachitsanzo, monga tawonera pansipa:

PermitRootLogin no

Sinthani doko la SSH lokhazikika ndi njira ya Port

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo doko njira, yomwe imabwera mwachisawawa ndi mtengo "22". Komabe, m'pofunika kusintha doko lina lililonse lomwe likupezeka, kuti muchepetse ndikupewa kuchuluka kwa ziwawa, zamanja kapena zankhanza, zomwe zitha kuchitika kudzera padoko lodziwika bwino. Ndikofunika kuwonetsetsa kuti doko latsopanoli likupezeka ndipo lingagwiritsidwe ntchito ndi mapulogalamu ena omwe adzalumikiza ku seva yathu. Mwachitsanzo, monga tawonera pansipa:

Port 4568

Zosankha zina zothandiza kukhazikitsa

Pomaliza, ndipo kuyambira pamenepo pulogalamu ya SSH ndi yayikulu kwambiri, ndipo m'gawo lapitalo tidakambirana kale chilichonse mwazosankha mwatsatanetsatane, pansipa tingowonetsa zina, zomwe zili ndi mfundo zomwe zingakhale zoyenera pamagwiritsidwe angapo komanso osiyanasiyana.

Ndipo izi ndi izi:

Banner /etc/issue
ClientAliveInterval 300
ClientAliveCountMax 0
Lowani muakauntiGraceTime 30
LogLevel Info
MaxAuthTries 3
MaxSessions 0
Max Startups 3
LolaniEmptyPasswords Ayi
PrintMotd inde
PrintLastLog inde
StrictModes inde
SyslogFacility AUTH
X11 Forwarding inde
Chithunzi cha X11DisplayOffset 5

ZindikiraniZindikirani: Chonde dziwani kuti, kutengera luso komanso ukadaulo wa SysAdmin ndi zofunika chitetezo cha aliyense nsanja luso, zambiri mwa njira zimenezi akhoza ndithu moyenerera ndi momveka amasiyana m'njira zosiyanasiyana. Kuphatikiza apo, zosankha zina zapamwamba kwambiri kapena zovuta zitha kuthandizidwa, chifukwa ndizothandiza kapena zofunika m'malo osiyanasiyana ogwirira ntchito.

Zochita zina zabwino

Mwa zina njira zabwino zogwiritsira ntchito SSH Server Titha kunena izi:

Khazikitsani chidziwitso cha imelo chochenjeza pamalumikizidwe onse kapena enieni a SSH.
Tetezani mwayi wa SSH kumaseva athu kuti asawukidwe mwankhanza pogwiritsa ntchito chida cha Fail2ban.
Nthawi ndi nthawi yang'anani ndi chida cha Nmap pa ma seva a SSH ndi ena, posaka madoko osaloledwa kapena otseguka.
Limbitsani chitetezo cha nsanja ya IT pokhazikitsa IDS (Intrusion Detection System) ndi IPS (Intrusion Prevention System).

Kuphunzira SSH: Zosankha ndi Zosintha Zosintha

Aprendiendo SSH: Opciones y parámetros de configuración

Nkhani yowonjezera:

Kuphunzira SSH: Zosankha ndi Zosintha Zosintha - Gawo I

Nkhani yowonjezera:

Kuphunzira SSH: Kuyika ndi Kusintha Mafayilo

Chidule

Mwachidule, ndi gawo laposachedwa kwambiri ili "Kuphunzira SSH" tinamaliza zofotokozera zonse zokhudzana nazo OpenSSH. Zachidziwikire, pakanthawi kochepa, tikhala tikugawana chidziwitso chofunikira kwambiri pankhaniyi Ndondomeko ya SSH, ndi za inu kugwiritsa ntchito console kudzera Kulemba ma Shell. Kotero ife tikuyembekeza inu muli "Zochita zabwino mu Seva ya SSH", awonjezerapo phindu lalikulu, payekha komanso mwaukadaulo, mukamagwiritsa ntchito GNU/Linux.

Ngati mudakonda positiyi, onetsetsani kuti mwayankhapo ndikugawana ndi ena. Ndipo kumbukirani, pitani kwathu «tsamba lakunyumba» kuti muwone zambiri, komanso kujowina njira yathu yovomerezeka ya Telegalamu yochokera ku DesdeLinux, Kumadzulo gulu kuti mumve zambiri pamutu wamasiku ano.

Ndemanga za 2, siyani anu

Siyani ndemanga yanu Letsani kuyankha

zomwe anati
amapanga Miyezi 4

Ndikuyembekezera gawo lachiwiri la nkhaniyi pamene mukuwonjezera zambiri pa mfundo yomaliza:

Limbitsani chitetezo cha nsanja ya IT pokhazikitsa IDS (Intrusion Detection System) ndi IPS (Intrusion Prevention System).

Gracias !!

Yankhani Lhoqvso
1. Sakani Linux Post anati
  amapanga Miyezi 4
  
  Zikomo, Lhoqvso. Ndikhala ndikudikirira kukwaniritsidwa kwake. Zikomo chifukwa chotichezera, kuwerenga zomwe zili zathu ndikuyankha.
  
  Yankhani ku Linux Post Install