Kudzidza SSH: Maitiro akanaka ekuita muSSH Server

Linux Post Install

7 maminitsi

Kudzidza SSH: Maitiro akanaka ekuita muSSH Server

Kudzidza SSH: Maitiro akanaka ekuita muSSH Server

Muchiitiko chino, yechitanhatu neyekupedzisira post, kubva munhevedzano yedu yezvinyorwa pa Kudzidza SSH isu tichagadzirisa nenzira inoshanda, kugadzirisa uye kushandiswa kwe sarudzo dzakatsanangurwa mu OpenSSH yekumisikidza faira iyo inobatwa padivi pe ssh-server, kureva faira "SSHD Config" (sshd_config). Izvo, zvatakataura muchikamu chakapfuura.

Nenzira yekuti tinogona kuziva nenzira pfupi, yakapfava uye yakananga, mamwe e maitiro akanaka akanaka (kurudziro uye mazano) rinhi gadzira SSH Serverkumba uye muhofisi.

Kudzidza SSH: SSHD Config Faira Sarudzo uye Paramita

Kudzidza SSH: SSHD Config Faira Sarudzo uye Paramita

Uye, usati watanga musoro wanhasi, nezvezvakanakisa "maitiro akanaka ekushandisa mukumisikidzwa kweSSH Server", tichasiya zvimwe zvinongedzo kune zvine hukama zvinyorwa, zvekuverenga gare gare:

Kudzidza SSH: SSHD Config Faira Sarudzo uye Paramita
Nyaya inoenderana:
Kudzidza SSH: SSHD Config Faira Sarudzo uye Paramita
 Kudzidza SSH: SSH Config Faira Sarudzo uye Paramita
Nyaya inoenderana:
Kudzidza SSH: SSH Config Faira Sarudzo uye Paramita

Maitiro akanaka muSSH Server

Maitiro akanaka muSSH Server

Ndeapi maitiro akanaka anoshanda kana uchigadzira SSH Server?

Tevere, uye zvichibva pane zvingasarudzwa uye paramita del SSHD Config faira (sshd_config), zvakamboonekwa mune yapfuura positi, izvi zvingave zvimwe zve maitiro akanaka akanaka kuita maererano nekugadziriswa kwefaira rakataurwa, ku inishuwarenzi zvatinokwanisa kubatanidza kure, kupinda nekubuda, pane yakapihwa SSH Server:

Maitiro akanaka muSSH Server: AllowUsers Option

Rondedzera vashandisi vanogona kupinda muSSH nesarudzo RegaiVashandisi

Sezvo iyi sarudzo kana parameter kazhinji isingabatanidzwe nekusarudzika mune yakataurwa faira, inogona kuiswa pakupera kwayo. Kushandisa a runyorwa rwemazita ekushandisa, akaparadzaniswa nenzvimbo. Saka kuti, kana zvichitaurwa, iyo login, zvino zvakafanana chete zvinotenderwa kune zita rekushandisa uye zita remugamuchiri rinoenderana neimwe yemagadzirirwo akagadzirwa.

Somuenzaniso, sezvinoonekwa pasi apa:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

Maitiro Akanyanya muSSH Server: TeereraAddress Option

Udza SSH kuti ndeipi yemuno network interface yekuteerera nayo neiyo ListenAddress sarudzo

Kuti uite izvi, unofanirwa kugonesa (uncomment) iyo sarudzo TeereraAddress, inobvae default ne kukosha "0.0.0.0", asi inoshanda chaizvo ALL mode, kureva kuti, teerera pane zvese zviripo network interface. Naizvozvo, ipapo kukosha kwakataurwa kunofanirwa kusimbiswa nenzira yekuti inotsanangurwa kuti ndeipi kana zvemunharaunda IP kero ivo vachashandiswa ne sshd chirongwa chekuteerera zvikumbiro zvekubatanidza.

Somuenzaniso, sezvinoonekwa pasi apa:

ListenAddress 129.168.2.1 192.168.1.*

Maitiro akanaka muSSH Server: PasswordAuthentication Option

Seta SSH kupinda kuburikidza nemakiyi ane sarudzo Password Authentication

Kuti uite izvi, unofanirwa kugonesa (uncomment) iyo sarudzo Password Authentication, inobvae default ne hongu kukosha. Uye wozoisa kukosha ikoko se "Aihwa", kuitira kuti zvinoda kushandiswa kwemakiyi eruzhinji neakavanzika kuti uwane mvumo yekuwana kune chaiwo muchina. Kuwana kuti vashandisi vari kure chete vanogona kupinda, kubva pakombuta kana makomputa, ayo akambobvumidzwa. Somuenzaniso, sezvinoonekwa pasi apa:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Maitiro akanaka muSSH Server: PermitRootLogin Option

Dzima midzi yekupinda kuburikidza neSSH nesarudzo PermitRootLogin

Kuti uite izvi, unofanirwa kugonesa (uncomment) iyo PermitRootLogin sarudzo, inobvae default ne "prohibit-password" kukosha. Zvisinei, kana zvichidiwa kuti zvizere, mudzi mushandisi haabvumidzwe kutanga SSH chikamu, kukosha kwakakodzera kuseta ndiko "Aihwa". Somuenzaniso, sezvinoonekwa pasi apa:

PermitRootLogin no

Maitiro akanaka muSSH Server: Port Option

Chinja iyo yakasarudzika SSH chiteshi neiyo Port sarudzo

Kuti uite izvi, unofanirwa kugonesa (uncomment) iyo port sarudzo, iyo inouya nekusingaperi ne kukosha "22". Zvakadaro, zvakakosha kuti uchinje chiteshi ichi kune chero chiripo, kuitira kudzikisira uye kudzivirira huwandu hwekurwiswa, manyorerwo kana simba rehutsinye, rinogona kuitwa kuburikidza nechiteshi chinozivikanwa. Izvo zvakakosha kuve nechokwadi chekuti chiteshi chitsva ichi chiripo uye chinogona kushandiswa nemamwe maapplication ari kuenda kunobatana neserver yedu. Somuenzaniso, sezvinoonekwa pasi apa:

Port 4568

Dzimwe sarudzo dzinobatsira dzekugadzirisa

Dzimwe sarudzo dzinobatsira dzekugadzirisa

Pakupedzisira, uye kubvira chirongwa cheSSH chakanyanya kuwanda, uye muchikamu chakapfuura takatotaura nezveimwe neimwe yesarudzo mune zvakadzama, pazasi isu tichangoratidza dzimwe sarudzo, iine humwe hunhu hunogona kunge hwakakodzera mune akawanda uye akasiyana ekushandisa kesi.

Uye izvi zvinotevera:

  • Banner /etc/issue
  • MutengiAliveInterval 300
  • MutengiAliveCountMax 0
  • LoginGraceTime 30
  • LogLevel INFO
  • MaxAuthTries 3
  • MaxSessions 0
  • Max Kutanga 3
  • BvumiraEmptyPasswords Aihwa
  • PrintMotd hongu
  • PrintLastLog hongu
  • StrictModes Ehe
  • SyslogFacility AUTH
  • X11 Kuendesa mberi hongu
  • X11DisplayOffset 5

chitsambaOngorora: Ndokumbira utarise kuti, zvichienderana nehuwandu hwechiitiko uye hunyanzvi hweiyo SysAdmins uye zvinodikanwa zvekuchengetedza zvepuratifomu yega yega tekinoroji, mazhinji eaya sarudzo anogona chaizvo uye zvine musoro kusiyanisa munzira dzakasiyana. Pamusoro pezvo, dzimwe sarudzo dzepamberi kana dzakaoma kunzwisisa dzinogona kugoneswa, sezvo dzichibatsira kana kudikanwa munzvimbo dzakasiyana dzekushanda.

Mamwe maitiro akanaka

Pakati pevamwe maitiro akanaka ekushandisa muSSH Server tinogona kutaura zvinotevera:

  1. Gadzira email yekuzivisa yekuzivisa kune ese kana chaiyo SSH yekubatanidza.
  2. Dzivirira SSH kupinda kune maseva edu kubva kune brute simba kurwiswa uchishandisa Fail2ban chishandiso.
  3. Nguva nenguva tarisa neNmap chishandiso pamaseva eSSH uye nevamwe, mukutsvaga zvingangoitika zvisina mvumo kana zvinodiwa madoko akavhurika.
  4. Simbisa kuchengetedzwa kweiyo IT platform nekuisa IDS (Intrusion Detection System) uye IPS (Intrusion Prevention System).
Kudzidza SSH: Sarudzo uye Configuration Paramita
Nyaya inoenderana:
Kudzidza SSH: Sarudzo uye Configuration Paramita - Chikamu I
Nyaya inoenderana:
Kudzidza SSH: Kuisa uye Kugadzirisa Mafaira

Roundup: Banner post 2021

Resumen

Muchidimbu, neichi chinyorwa chazvino "Kudzidza SSH" takapedza zvinyorwa zvinotsanangura pane zvese zvine chekuita nazvo OpenSSH. Chokwadi, munguva pfupi, tichave tichigovana ruzivo rwakanyanya kukosha nezve SSH protocol, uye nezve yako kushandiswa ne console kuburikidza Shell Kuverenga. Saka tinovimba muri "maitiro akanaka muSSH Server", vawedzera kukosha kwakawanda, pachedu uye nehunyanzvi, kana uchishandisa GNU/Linux.

Kana iwe wakafarira chinyorwa ichi, iva nechokwadi chekutaura pamusoro pacho uye ugovane nevamwe. Uye rangarira, shanya yedu «peji rekumba» kuti uongorore dzimwe nhau, pamwe nekujoinha chiteshi chedu chepamutemo che Teregiramu ye DesdeLinux, Madokero boka kuti uwane rumwe ruzivo nezvenyaya yanhasi.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   lhoqvso akadaro
    inoita 2 makore

    Ndinotarisira chikamu chechipiri chechinyorwa chino apo iwe unowedzera zvakanyanya pane yekupedzisira poindi:

    Simbisa kuchengetedzwa kweiyo IT platform nekuisa IDS (Intrusion Detection System) uye IPS (Intrusion Prevention System).

    Gracias !!

    Pindura kuna Lhoqvso
    1.    Linux Tumira Kuisa akadaro
      inoita 2 makore

      Kwaziwai, Lhoqvso. Ndichange ndakamirira kuitika kwayo. Tinokutendai nekushanyira isu, kuverenga zvinyorwa zvedu uye kupindura.

      Pindura kuLinux Post Kuisa