Kuphunzira SSH: SSHD Config File Options ndi Parameters
m'mbuyomu (chachinayi) gawo za mndandanda wa posts pa Maphunziro a SSH timayankha ku zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo SSH kasitomala, ndiye fayilo "SSHConfig" (ssh_config).
Pachifukwa ichi, lero tipitiriza mu izi kubadwa komaliza ndi kwachisanu, ndi zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo ssh seva, ndiye fayilo "SHD Config" (sshd_config).
Kuphunzira SSH: SSH Config File Options ndi Parameters
Ndipo, musanayambe mutu wa lero, za zomwe zingatheke mufayiloyo OpenSSH "SSHD Config" (sshd_config), tisiya maulalo ena a zolemba zokhudzana:
Zotsatira
SSHD Config File Options ndi Parameters (sshd_config)
Kodi fayilo ya SSHD Config (sshd_config) ya OpenSSH ndi chiyani?
Monga tafotokozera mu phunziro lapitalo, OpenSSH ili ndi mafayilo a 2. wina wotchedwa ssh_config za kasinthidwe ka SSH kasitomala mbali ndi kuyitana kwina alireza kwa kasinthidwe ka mbali ssh seva. Onse, ali munjira kapena chikwatu chotsatira: /etc/ssh.
Choncho, izi nthawi zambiri zimakhala zofunikira kwambiri kapena zofunikira, chifukwa zimatilola kutero chitetezo cholumikizira cha SSH zomwe tiloleza mu Ma seva athu. Zomwe nthawi zambiri zimakhala mbali ya chinthu chomwe chimatchedwa Kuwumitsa Seva.
Pazifukwa izi, lero tiwonetsa zomwe zambiri mwazosankha ndi magawo omwe ali mkati mwa fayiloyi ndi za, m'mafayilo athu gawo lomaliza ndi lachisanu ndi chimodzi la mndandanda uno kupereka malangizo othandiza komanso enieni momwe mungasinthire kapena kusintha kotereku kudzera muzosankha ndi magawo.
Mndandanda wa zosankha zomwe zilipo ndi magawo
monga mu fayilo "SSH Config" (ssh_config), fayilo ya "SSHD Config" (sshd_config) ili ndi zosankha zambiri ndi magawo, koma imodzi mwazo odziwika bwino, ogwiritsidwa ntchito kapena ofunikira Ndizo zotsatirazi:
AllowUsers / DenyUsers
Izi kapena parameter nthawi zambiri sizimaphatikizidwira mwachisawawa mufayilo yomwe yanenedwa, koma imayikidwamo, makamaka kumapeto kwake, imapereka mwayi onetsani ndani kapena ndani (ogwiritsa) angalowe mu seva kudzera pa SSH.
Chifukwa chake, njira iyi kapena parameter imagwiritsidwa ntchito limodzi ndi a mndandanda wa machitidwe olowera, olekanitsidwa ndi mipata. Kotero kuti, ngati zanenedwa, kulowa, ndiye zomwezo zidzaloledwa kokha pamawu olowera omwe amafanana ndi amodzi mwamachitidwewo.
Dziwani kuti mwachisawawa, kulowa kumaloledwa kwa onse ogwiritsa ntchito pagulu lililonse. Komabe, ngati chitsanzocho chakhazikitsidwa motere "USER@HOST", kotero USER ndi HOST zimatsimikiziridwa padera, zomwe zimalepheretsa kulowa kwa ogwiritsa ntchito ena kuchokera kwa makamu ena.
Ndipo chifukwa HOST, maadiresi mumtundu wa IP address/CIDR mask. Pomaliza, Amalola Ogwiritsa Ntchito ingasinthidwe ndi DenyUsers kukana machitidwe omwewo ogwiritsa ntchito.
MveraniAddress
Imakulolani kuti mufotokozere ma IP adilesi (malo olumikizirana netiweki am'makina a seva) pomwe pulogalamu ya sshd iyenera kumvera. Ndipo pa izi, mitundu yotsatirayi ya kasinthidwe ingagwiritsidwe ntchito:
- ListenAddress hostname | IPv4/IPv6 adilesi [domain]
- ListenAddress hostname : port [domain]
- MveraniAddress IPv4/IPv6 adilesi: port [domain]
- ListenAddress [dzina la alendo | IPv4/IPv6 adilesi] : port [domain]
LoginGraceTime
Amakulolani kuti mutchule a nthawi (yachisomo), pambuyo pake, seva imadula, ngati wogwiritsa ntchito yemwe akuyesera kupanga SSH sakuyenda bwino. Ngati mtengo ndi zero (0), wakhazikitsidwa kuti palibe malire a nthawi, pamene Zosasintha zakhazikitsidwa kukhala masekondi 120.
LogLevel
Imakulolani kuti mufotokozere mlingo wa verbosity kwa mauthenga a sshd log. ndi iyeMakhalidwe omwe amatha kuwongolera ndi awa: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, ndi DEBUG3. Pamene, ndiMtengo wokhazikika ndi INFO.
MaxAuthTries
Imatchula kuchuluka kwa zoyeserera zovomerezeka pa intaneti iliyonse. Mwachikhazikitso, mtengo wake umayikidwa ku 6.
MaxSessions
Imakulolani kuti mutchule kuchuluka kwa magawo otseguka a Shell pa intaneti yokhazikitsidwa, mwina ndi malowedwe kapena ndi makina ogwiritsira ntchito, mwachitsanzo kudzera pa sftp. Ekhazikitsani mtengo wake 1 ipangitsa kuti gawo lochulukirachulukira lizimitsidwa, pomwe kuyiyika ku 0 kudzaletsa mitundu yonse yolumikizirana ndi magawo. Mwachikhazikitso, mtengo wake umayikidwa ku 10.
MaxStartups
Imakulolani kuti mutchule kuchuluka kwa maulumikizidwe osavomerezeka munthawi yomweyo ku daemon ya SSH, mwachitsanzo, kuchuluka kwa ma SSH omwe angatsegulidwe pa IP/Host. Mtengo wake wokhazikika nthawi zambiri umakhala 10, 30, kapena 100, womwe nthawi zambiri umadziwika kuti ndi wapamwamba, kotero mtengo wotsika umalimbikitsidwa.
Kutsimikizira Achinsinsi
Imatchula ngati kutsimikizika kwachinsinsi kudzafunika. Mwachikhazikitso, mtengo wake umayikidwa kuti "Inde".
LolaniEmptyPasswords
Imatchula ngati seva ivomereza (kuvomereza) kulowa muakaunti ya ogwiritsa ntchito ndi zingwe zopanda mawu achinsinsi. Mwachikhazikitso, mtengo wake umayikidwa "Ayi".
ChilolezoRootLogin
Imakulolani kuti munene ngati seva ivomereza (kuvomereza) kuyambitsa magawo olowera pamaakaunti a ogwiritsa ntchito mizu. Ngakhale, dMwachikhazikitso, mtengo wake umayikidwa kuti "kuletsa-password", kukhazikitsidwa kuti "Ayi", zomwe zimakhazikitsa wogwiritsa ntchito mizu saloledwa kuyambitsa gawo la SSH.
Port
Imakulolani kuti mutchule nambala ya doko yomwe pulogalamu ya sshd idzakhala ikumvera pazopempha zonse za SSH. Mwachikhazikitso, mtengo wake umayikidwa ku "22".
StrictModes
Imatchula ngati pulogalamu ya SSH iyenera kutsimikizira mtundu wa mafayilo ndi umwini wa bukhu lanyumba la wogwiritsa ntchito ndi mafayilo asanavomereze kulowa. Mwachikhazikitso, mtengo wake umayikidwa kuti "Inde".
SyslogFacility
Amalola kuti code yoyika ikhale yoperekedwa yomwe imagwiritsidwa ntchito podula mauthenga kuchokera ku pulogalamu ya SSH. Mwachikhazikitso, mtengo wake umayikidwa ku "Authorization" (AUTH).
Zindikirani: Kutengera ndi SysAdmin ndi zofunikira zachitetezo cha nsanja iliyonse yaukadaulo, zosankha zina zambiri zitha kukhala zothandiza kwambiri kapena zofunikira. Monga momwe tidzawonera m'nkhani yathu yotsatira komanso yomaliza mndandandawu, pomwe tidzayang'ana machitidwe abwino (malangizo ndi malingaliro) pa SSH, kuti agwiritsidwe ntchito pogwiritsa ntchito zonse zomwe zasonyezedwa mpaka pano.
Zambiri
Ndipo mu gawo lachinayi ili, kuti onjezerani zambiri izi ndikuphunzira chilichonse mwazosankha ndi magawo omwe alipo mkati mwa kasinthidwe fayilo "SSHD Config" (sshd_config)Tikukulimbikitsani kuti muwone maulalo otsatirawa: Fayilo yosinthira ya SSH ya OpenSSH Server y Mabuku Ovomerezeka a OpenSSH, m'Chingerezi. Ndipo monga m'magawo atatu apitawa, fufuzani zotsatirazi zovomerezeka ndi odalirika pa intaneti za SSH ndi OpenSSH:
- Wiki ya Debian
- Buku la Debian Administrator: Remote Login / SSH
- Buku la Chitetezo cha Debian: Chaputala 5. Kuteteza Ntchito
Chidule
Mwachidule, ndi gawo latsopanoli "Kuphunzira SSH" tatsala pang'ono kumaliza zofotokozera zonse zokhudzana nazo OpenSSH, popereka chidziwitso chofunikira chokhudza mafayilo osinthira "SSHD Config" (sshd_config) y "SSH Config" (ssh_config). Chifukwa chake, tikukhulupirira kuti ikuthandizira ambiri, payekha komanso mwaukadaulo.
Ngati mudakonda positiyi, onetsetsani kuti mwayankhapo ndikugawana ndi ena. Ndipo kumbukirani, pitani kwathu «tsamba lakunyumba» kuti muwone zambiri, komanso kujowina njira yathu yovomerezeka ya Telegalamu yochokera ku DesdeLinux, Kumadzulo gulu kuti mumve zambiri pamutu wamasiku ano.
Khalani oyamba kuyankha