Kuphunzira SSH: Njira zabwino zochitira mu Seva ya SSH

Kuphunzira SSH: Njira zabwino zochitira mu Seva ya SSH

Kuphunzira SSH: Njira zabwino zochitira mu Seva ya SSH

Munthawi imeneyi, post yachisanu ndi chimodzi ndi yomaliza, kuchokera mndandanda wa zolemba zathu Maphunziro a SSH tidzakambirana m'njira yothandiza, kasinthidwe ndi kugwiritsa ntchito zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo ssh seva, ndiye fayilo "SHD Config" (sshd_config). Zomwe, takambirana m'nkhani yapitayi.

M'njira yoti tithe kudziwa mwachidule, mophweka komanso molunjika, ena mwa machitidwe abwino kwambiri (malangizo ndi malangizo) pamene khazikitsani Seva ya SSHkunyumba ndi muofesi.

Kuphunzira SSH: SSHD Config File Options ndi Parameters

Kuphunzira SSH: SSHD Config File Options ndi Parameters

Ndipo, musanayambe mutu wa lero, za zabwino kwambiri "Zochita zabwino zomwe mungagwiritse ntchito pakukhazikitsa kwa SSH Server", tidzasiya maulalo okhudzana ndi zofalitsa, kuti tiwerenge pambuyo pake:

Kuphunzira SSH: SSHD Config File Options ndi Parameters
Nkhani yowonjezera:
Kuphunzira SSH: SSHD Config File Options ndi Parameters

Kuphunzira SSH: SSH Config File Options ndi Parameters
Nkhani yowonjezera:
Kuphunzira SSH: SSH Config File Options ndi Parameters

Zochita zabwino mu Seva ya SSH

Zochita zabwino mu Seva ya SSH

Ndi njira zabwino ziti zomwe zimagwira ntchito pokonza Seva ya SSH?

Chotsatira, ndikutengera zosankha ndi magawo del SSHD Config file (sshd_config), zomwe zidawoneka kale mu post yapitayi, izi zitha kukhala zina mwazo machitidwe abwino kwambiri kuchita zokhudzana ndi kasinthidwe ka fayiloyo, ku inshuwaransi zathu zabwino maulumikizidwe akutali, obwera ndi otuluka, pa Seva ya SSH yopatsidwa:

Zochita zabwino mu Seva ya SSH: AllowUsers Option

Tchulani ogwiritsa ntchito omwe angalowe mu SSH ndi mwayi Amalola Ogwiritsa Ntchito

Popeza njira iyi kapena parameter nthawi zambiri siyimaphatikizidwe mwachisawawa mufayilo yomwe yanenedwa, imatha kuyikidwa kumapeto kwake. Kugwiritsa ntchito a mndandanda wa machitidwe olowera, olekanitsidwa ndi mipata. Kotero kuti, ngati zanenedwa, kulowa, ndiye zomwezo zokha zidzaloledwa pa dzina lolowera ndi dzina la olandila zomwe zimagwirizana ndi imodzi mwamachitidwe okonzedwa.

Mwachitsanzo, monga tawonera pansipa:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

Zochita Zabwino Kwambiri mu Seva ya SSH: Njira YomveraAddress

Uzani SSH mawonekedwe amtaneti amdera lanu kuti mumvetsere ndi njira ya ListenAddress

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo kusankha MveraniAddress, yomwe imachokerandi default ndi mtengo "0.0.0.0", koma zimagwira ntchito ONSE mode, ndiye kuti, mverani pa maukonde onse omwe alipo. Chifukwa chake, ndiye kuti mtengo uyenera kukhazikitsidwa m'njira yodziwika kuti ndi iti kapena ma IP adilesi adzagwiritsidwa ntchito ndi pulogalamu ya sshd kumvera zopempha zolumikizana.

Mwachitsanzo, monga tawonera pansipa:

ListenAddress 129.168.2.1 192.168.1.*

Zochita zabwino mu SSH Server: PasswordAuthentication Option

Khazikitsani kulowa kwa SSH kudzera makiyi ndi mwayi Kutsimikizira Achinsinsi

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo kusankha Kutsimikizira Achinsinsi, yomwe imachokerandi default ndi inde mtengo. Ndiyeno, ikani mtengowo ngati "Ayi", pofuna kufunikira kugwiritsa ntchito makiyi apagulu ndi achinsinsi kuti akwaniritse chilolezo chofikira pamakina enaake. Kukwaniritsa kuti ogwiritsa ntchito akutali okha ndi omwe angalowe, kuchokera pakompyuta kapena makompyuta, omwe adaloledwa kale. Mwachitsanzo, monga tawonera pansipa:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Zochita zabwino mu Seva ya SSH: PermitRootLogin Option

Letsani kulowa kwa mizu kudzera pa SSH ndi mwayi ChilolezoRootLogin

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo PermitRootLogin njira, yomwe imachokerandi default ndi mtengo wa "prohibit-password".. Komabe, ngati akufuna kuti zonse, wogwiritsa ntchito mizu saloledwa kuyambitsa gawo la SSH, mtengo woyenera kukhazikitsa ndi "Ayi". Mwachitsanzo, monga tawonera pansipa:

PermitRootLogin no

Zochita zabwino mu SSH Server: Port Option

Sinthani doko la SSH lokhazikika ndi njira ya Port

Kuti muchite izi, muyenera kutsegula (kuchotsa) fayilo doko njira, yomwe imabwera mwachisawawa ndi mtengo "22". Komabe, m'pofunika kusintha doko lina lililonse lomwe likupezeka, kuti muchepetse ndikupewa kuchuluka kwa ziwawa, zamanja kapena zankhanza, zomwe zitha kuchitika kudzera padoko lodziwika bwino. Ndikofunika kuwonetsetsa kuti doko latsopanoli likupezeka ndipo lingagwiritsidwe ntchito ndi mapulogalamu ena omwe adzalumikiza ku seva yathu. Mwachitsanzo, monga tawonera pansipa:

Port 4568

Zosankha zina zothandiza kukhazikitsa

Zosankha zina zothandiza kukhazikitsa

Pomaliza, ndipo kuyambira pamenepo pulogalamu ya SSH ndi yayikulu kwambiri, ndipo m'gawo lapitalo tidakambirana kale chilichonse mwazosankha mwatsatanetsatane, pansipa tingowonetsa zina, zomwe zili ndi mfundo zomwe zingakhale zoyenera pamagwiritsidwe angapo komanso osiyanasiyana.

Ndipo izi ndi izi:

  • Banner /etc/issue
  • ClientAliveInterval 300
  • ClientAliveCountMax 0
  • Lowani muakauntiGraceTime 30
  • LogLevel Info
  • MaxAuthTries 3
  • MaxSessions 0
  • Max Startups 3
  • LolaniEmptyPasswords Ayi
  • PrintMotd inde
  • PrintLastLog inde
  • StrictModes inde
  • SyslogFacility AUTH
  • X11 Forwarding inde
  • Chithunzi cha X11DisplayOffset 5

ZindikiraniZindikirani: Chonde dziwani kuti, kutengera luso komanso ukadaulo wa SysAdmin ndi zofunika chitetezo cha aliyense nsanja luso, zambiri mwa njira zimenezi akhoza ndithu moyenerera ndi momveka amasiyana m'njira zosiyanasiyana. Kuphatikiza apo, zosankha zina zapamwamba kwambiri kapena zovuta zitha kuthandizidwa, chifukwa ndizothandiza kapena zofunika m'malo osiyanasiyana ogwirira ntchito.

Zochita zina zabwino

Mwa zina njira zabwino zogwiritsira ntchito SSH Server Titha kunena izi:

  1. Khazikitsani chidziwitso cha imelo chochenjeza pamalumikizidwe onse kapena enieni a SSH.
  2. Tetezani mwayi wa SSH kumaseva athu kuti asawukidwe mwankhanza pogwiritsa ntchito chida cha Fail2ban.
  3. Nthawi ndi nthawi yang'anani ndi chida cha Nmap pa ma seva a SSH ndi ena, posaka madoko osaloledwa kapena otseguka.
  4. Limbitsani chitetezo cha nsanja ya IT pokhazikitsa IDS (Intrusion Detection System) ndi IPS (Intrusion Prevention System).
Kuphunzira SSH: Zosankha ndi Zosintha Zosintha
Nkhani yowonjezera:
Kuphunzira SSH: Zosankha ndi Zosintha Zosintha - Gawo I
Nkhani yowonjezera:
Kuphunzira SSH: Kuyika ndi Kusintha Mafayilo

Kuzungulira: Banner post 2021

Chidule

Mwachidule, ndi gawo laposachedwa kwambiri ili "Kuphunzira SSH" tinamaliza zofotokozera zonse zokhudzana nazo OpenSSH. Zachidziwikire, pakanthawi kochepa, tikhala tikugawana chidziwitso chofunikira kwambiri pankhaniyi Ndondomeko ya SSH, ndi za inu kugwiritsa ntchito console kudzera Kulemba ma Shell. Kotero ife tikuyembekeza inu muli "Zochita zabwino mu Seva ya SSH", awonjezerapo phindu lalikulu, payekha komanso mwaukadaulo, mukamagwiritsa ntchito GNU/Linux.

Ngati mudakonda positiyi, onetsetsani kuti mwayankhapo ndikugawana ndi ena. Ndipo kumbukirani, pitani kwathu «tsamba lakunyumba» kuti muwone zambiri, komanso kujowina njira yathu yovomerezeka ya Telegalamu yochokera ku DesdeLinux, Kumadzulo gulu kuti mumve zambiri pamutu wamasiku ano.


Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Ndemanga za 2, siyani anu

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.

  1.   zomwe anati

    Ndikuyembekezera gawo lachiwiri la nkhaniyi pamene mukuwonjezera zambiri pa mfundo yomaliza:

    Limbitsani chitetezo cha nsanja ya IT pokhazikitsa IDS (Intrusion Detection System) ndi IPS (Intrusion Prevention System).

    Gracias !!

    1.    Sakani Linux Post anati

      Zikomo, Lhoqvso. Ndikhala ndikudikirira kukwaniritsidwa kwake. Zikomo chifukwa chotichezera, kuwerenga zomwe zili zathu ndikuyankha.