Kuphunzira SSH: SSHD Config File Options ndi Parameters

Kuphunzira SSH: SSHD Config File Options ndi Parameters

Kuphunzira SSH: SSHD Config File Options ndi Parameters

m'mbuyomu (chachinayi) gawo za mndandanda wa posts pa Maphunziro a SSH timayankha ku zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo SSH kasitomala, ndiye fayilo "SSHConfig" (ssh_config).

Pachifukwa ichi, lero tipitiriza mu izi kubadwa komaliza ndi kwachisanu, ndi zosankha zomwe zafotokozedwa mu OpenSSH kasinthidwe fayilo zomwe zimayikidwa pambali pawo ssh seva, ndiye fayilo "SHD Config" (sshd_config).

Kuphunzira SSH: SSH Config File Options ndi Parameters

Kuphunzira SSH: SSH Config File Options ndi Parameters

Ndipo, musanayambe mutu wa lero, za zomwe zingatheke mufayiloyo OpenSSH "SSHD Config" (sshd_config), tisiya maulalo ena a zolemba zokhudzana:

Kuphunzira SSH: SSH Config File Options ndi Parameters
Nkhani yowonjezera:
Kuphunzira SSH: SSH Config File Options ndi Parameters

Kuphunzira SSH: Zosankha ndi Zosintha Zosintha
Nkhani yowonjezera:
Kuphunzira SSH: Zosankha ndi Zosintha Zosintha - Gawo I

SSHD Config File Options ndi Parameters (sshd_config)

SSHD Config File Options ndi Parameters (sshd_config)

Kodi fayilo ya SSHD Config (sshd_config) ya OpenSSH ndi chiyani?

Monga tafotokozera mu phunziro lapitalo, OpenSSH ili ndi mafayilo a 2. wina wotchedwa ssh_config za kasinthidwe ka SSH kasitomala mbali ndi kuyitana kwina alireza kwa kasinthidwe ka mbali ssh seva. Onse, ali munjira kapena chikwatu chotsatira: /etc/ssh.

Choncho, izi nthawi zambiri zimakhala zofunikira kwambiri kapena zofunikira, chifukwa zimatilola kutero chitetezo cholumikizira cha SSH zomwe tiloleza mu Ma seva athu. Zomwe nthawi zambiri zimakhala mbali ya chinthu chomwe chimatchedwa Kuwumitsa Seva.

Kodi fayilo ya SSHD Config (sshd_config) ya OpenSSH ndi chiyani?

Pazifukwa izi, lero tiwonetsa zomwe zambiri mwazosankha ndi magawo omwe ali mkati mwa fayiloyi ndi za, m'mafayilo athu gawo lomaliza ndi lachisanu ndi chimodzi la mndandanda uno kupereka malangizo othandiza komanso enieni momwe mungasinthire kapena kusintha kotereku kudzera muzosankha ndi magawo.

Mndandanda wa zosankha zomwe zilipo ndi magawo

Mndandanda wa zosankha zomwe zilipo ndi magawo

monga mu fayilo "SSH Config" (ssh_config), fayilo ya "SSHD Config" (sshd_config) ili ndi zosankha zambiri ndi magawo, koma imodzi mwazo odziwika bwino, ogwiritsidwa ntchito kapena ofunikira Ndizo zotsatirazi:

AllowUsers / DenyUsers

Izi kapena parameter nthawi zambiri sizimaphatikizidwira mwachisawawa mufayilo yomwe yanenedwa, koma imayikidwamo, makamaka kumapeto kwake, imapereka mwayi onetsani ndani kapena ndani (ogwiritsa) angalowe mu seva kudzera pa SSH.

Chifukwa chake, njira iyi kapena parameter imagwiritsidwa ntchito limodzi ndi a mndandanda wa machitidwe olowera, olekanitsidwa ndi mipata. Kotero kuti, ngati zanenedwa, kulowa, ndiye zomwezo zidzaloledwa kokha pamawu olowera omwe amafanana ndi amodzi mwamachitidwewo.

Dziwani kuti mwachisawawa, kulowa kumaloledwa kwa onse ogwiritsa ntchito pagulu lililonse. Komabe, ngati chitsanzocho chakhazikitsidwa motere "USER@HOST", kotero USER ndi HOST zimatsimikiziridwa padera, zomwe zimalepheretsa kulowa kwa ogwiritsa ntchito ena kuchokera kwa makamu ena.

Ndipo chifukwa HOST, maadiresi mumtundu wa IP address/CIDR mask. Pomaliza, Amalola Ogwiritsa Ntchito ingasinthidwe ndi DenyUsers kukana machitidwe omwewo ogwiritsa ntchito.

MveraniAddress

Imakulolani kuti mufotokozere ma IP adilesi (malo olumikizirana netiweki am'makina a seva) pomwe pulogalamu ya sshd iyenera kumvera. Ndipo pa izi, mitundu yotsatirayi ya kasinthidwe ingagwiritsidwe ntchito:

  • ListenAddress hostname | IPv4/IPv6 adilesi [domain]
  • ListenAddress hostname : port [domain]
  • MveraniAddress IPv4/IPv6 adilesi: port [domain]
  • ListenAddress [dzina la alendo | IPv4/IPv6 adilesi] : port [domain]

LoginGraceTime

Amakulolani kuti mutchule a nthawi (yachisomo), pambuyo pake, seva imadula, ngati wogwiritsa ntchito yemwe akuyesera kupanga SSH sakuyenda bwino. Ngati mtengo ndi zero (0), wakhazikitsidwa kuti palibe malire a nthawi, pamene Zosasintha zakhazikitsidwa kukhala masekondi 120.

LogLevel

Imakulolani kuti mufotokozere mlingo wa verbosity kwa mauthenga a sshd log. ndi iyeMakhalidwe omwe amatha kuwongolera ndi awa: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, ndi DEBUG3. Pamene, ndiMtengo wokhazikika ndi INFO.

MaxAuthTries

Imatchula kuchuluka kwa zoyeserera zovomerezeka pa intaneti iliyonse. Mwachikhazikitso, mtengo wake umayikidwa ku 6.

MaxSessions

Imakulolani kuti mutchule kuchuluka kwa magawo otseguka a Shell pa intaneti yokhazikitsidwa, mwina ndi malowedwe kapena ndi makina ogwiritsira ntchito, mwachitsanzo kudzera pa sftp. Ekhazikitsani mtengo wake 1 ipangitsa kuti gawo lochulukirachulukira lizimitsidwa, pomwe kuyiyika ku 0 kudzaletsa mitundu yonse yolumikizirana ndi magawo. Mwachikhazikitso, mtengo wake umayikidwa ku 10.

MaxStartups

Imakulolani kuti mutchule kuchuluka kwa maulumikizidwe osavomerezeka munthawi yomweyo ku daemon ya SSH, mwachitsanzo, kuchuluka kwa ma SSH omwe angatsegulidwe pa IP/Host. Mtengo wake wokhazikika nthawi zambiri umakhala 10, 30, kapena 100, womwe nthawi zambiri umadziwika kuti ndi wapamwamba, kotero mtengo wotsika umalimbikitsidwa.

Kutsimikizira Achinsinsi

Imatchula ngati kutsimikizika kwachinsinsi kudzafunika. Mwachikhazikitso, mtengo wake umayikidwa kuti "Inde".

LolaniEmptyPasswords

Imatchula ngati seva ivomereza (kuvomereza) kulowa muakaunti ya ogwiritsa ntchito ndi zingwe zopanda mawu achinsinsi. Mwachikhazikitso, mtengo wake umayikidwa "Ayi".

ChilolezoRootLogin

Imakulolani kuti munene ngati seva ivomereza (kuvomereza) kuyambitsa magawo olowera pamaakaunti a ogwiritsa ntchito mizu. Ngakhale, dMwachikhazikitso, mtengo wake umayikidwa kuti "kuletsa-password", kukhazikitsidwa kuti "Ayi", zomwe zimakhazikitsa wogwiritsa ntchito mizu saloledwa kuyambitsa gawo la SSH.

Port

Imakulolani kuti mutchule nambala ya doko yomwe pulogalamu ya sshd idzakhala ikumvera pazopempha zonse za SSH. Mwachikhazikitso, mtengo wake umayikidwa ku "22".

StrictModes

Imatchula ngati pulogalamu ya SSH iyenera kutsimikizira mtundu wa mafayilo ndi umwini wa bukhu lanyumba la wogwiritsa ntchito ndi mafayilo asanavomereze kulowa. Mwachikhazikitso, mtengo wake umayikidwa kuti "Inde".

SyslogFacility

Amalola kuti code yoyika ikhale yoperekedwa yomwe imagwiritsidwa ntchito podula mauthenga kuchokera ku pulogalamu ya SSH. Mwachikhazikitso, mtengo wake umayikidwa ku "Authorization" (AUTH).

Zindikirani: Kutengera ndi SysAdmin ndi zofunikira zachitetezo cha nsanja iliyonse yaukadaulo, zosankha zina zambiri zitha kukhala zothandiza kwambiri kapena zofunikira. Monga momwe tidzawonera m'nkhani yathu yotsatira komanso yomaliza mndandandawu, pomwe tidzayang'ana machitidwe abwino (malangizo ndi malingaliro) pa SSH, kuti agwiritsidwe ntchito pogwiritsa ntchito zonse zomwe zasonyezedwa mpaka pano.

Zambiri za SSH

Zambiri

Ndipo mu gawo lachinayi ili, kuti onjezerani zambiri izi ndikuphunzira chilichonse mwazosankha ndi magawo omwe alipo mkati mwa kasinthidwe fayilo "SSHD Config" (sshd_config)Tikukulimbikitsani kuti muwone maulalo otsatirawa: Fayilo yosinthira ya SSH ya OpenSSH Server y Mabuku Ovomerezeka a OpenSSH, m'Chingerezi. Ndipo monga m'magawo atatu apitawa, fufuzani zotsatirazi zovomerezeka ndi odalirika pa intaneti za SSH ndi OpenSSH:

  1. Wiki ya Debian
  2. Buku la Debian Administrator: Remote Login / SSH
  3. Buku la Chitetezo cha Debian: Chaputala 5. Kuteteza Ntchito
Nkhani yowonjezera:
Kuphunzira SSH: Kuyika ndi Kusintha Mafayilo
Tsegulani Secure Shell (OpenSSH): Chilichonse chokhudza ukadaulo wa SSH
Nkhani yowonjezera:
Tsegulani Secure Shell (OpenSSH): Chilichonse chokhudza ukadaulo wa SSH

Kuzungulira: Banner post 2021

Chidule

Mwachidule, ndi gawo latsopanoli "Kuphunzira SSH" tatsala pang'ono kumaliza zofotokozera zonse zokhudzana nazo OpenSSH, popereka chidziwitso chofunikira chokhudza mafayilo osinthira "SSHD Config" (sshd_config) y "SSH Config" (ssh_config). Chifukwa chake, tikukhulupirira kuti ikuthandizira ambiri, payekha komanso mwaukadaulo.

Ngati mudakonda positiyi, onetsetsani kuti mwayankhapo ndikugawana ndi ena. Ndipo kumbukirani, pitani kwathu «tsamba lakunyumba» kuti muwone zambiri, komanso kujowina njira yathu yovomerezeka ya Telegalamu yochokera ku DesdeLinux, Kumadzulo gulu kuti mumve zambiri pamutu wamasiku ano.


Zomwe zili m'nkhaniyi zikutsatira mfundo zathu za malamulo okonzekera. Kuti mufotokoze cholakwika dinani Apa.

Khalani oyamba kuyankha

Siyani ndemanga yanu

Anu email sati lofalitsidwa. Amafuna minda amalembedwa ndi *

*

*

  1. Wotsogolera pazosankhazi: Miguel Ángel Gatón
  2. Cholinga cha deta: Control SPAM, kasamalidwe ka ndemanga.
  3. Kukhazikitsa: Kuvomereza kwanu
  4. Kulumikizana kwa zomwe zafotokozedwazo: Zomwezo siziziwululidwa kwa anthu ena kupatula pakukakamizidwa mwalamulo.
  5. Zosunga: Zosungidwa ndi Occentus Networks (EU)
  6. Ufulu: Nthawi iliyonse mutha kuchepetsa, kuchira ndikuchotsa zidziwitso zanu.