Mekhoa e metle ka OpenSSH

OpenSSH (Bula Shell e Sireletsehileng) ke sete ea likopo tse lumellang puisano e patiloeng ka marang-rang, u sebelisa protocol SSH. E thehiloe e le mokhoa o sa lefelloeng le o bulehileng lenaneong Shell e sireletsehileng, e leng software ea thepa. « Wikipedia.

Basebelisi ba bang ba kanna ba nahana hore mekhoa e metle e lokela ho sebelisoa feela ho li-server mme ha ho joalo. Likabelo tse ngata tsa GNU / Linux li kenyelletsa OpenSSH ka boiketsetso mme ho na le lintho tse 'maloa tseo u lokelang ho li boloka kelellong.

Tshireletso

Tsena ke lintlha tsa bohlokoahali tsa 6 tseo u lokelang ho li boloka kelellong ea hau ha u hlophisa SSH:

  1. Sebelisa phasewete e matla.
  2. Fetola boema-kepe ba SSH.
  3. Kamehla sebelisa mofuta oa 2 oa protocol ea SSH.
  4. Thibela ho fihlella ha metso.
  5. Fokotsa phihlello ea mosebelisi.
  6. Sebelisa netefatso ea bohlokoa.
  7. Tse ling tsa dikgetho

Phasewete e matla

Phasewete e ntle ke e nang le litlhaku tsa alphanumeric kapa tse khethehileng, libaka, linyeoe tse holimo le tse tlase ... jj. Mona ho DesdeLinux re bontšitse mekhoa e 'maloa ea ho hlahisa li-passwords tse ntle. O ka etela Sengoloa sena y enoa e mong.

Fetola port ea kamehla

Boema-kepe ba kamehla ba SSH ke lilemo tse 22. Ho e fetola, seo re tlamehang ho se etsa feela ke ho hlophisa faele / joalo / ssh / sshd_config. Re batla mola o reng:

#Port 22

rea e tlosa ebe re fetola tse 22 bakeng sa nomoro e 'ngoe .. mohlala:

Port 7022

Ho tseba likoung tseo re sa li sebeliseng khomphuteng / seva ea rona re ka li etsa ka seemelong sa lifofane:

$ netstat -ntap

Joale ho fihlella komporo ea rona kapa seva re tlameha ho e etsa ka -p khetho ka tsela e latelang:

$ ssh -p 7022 usuario@servidor

Sebelisa Protocol 2

Ho etsa bonnete ba hore re sebelisa mofuta oa 2 oa protocol ea SSH, re tlameha ho hlophisa file / joalo / ssh / sshd_config 'me u batle mola o reng:

#Protocol2

Rea e hlakola ebe re qala bocha tšebeletso ea SSH.

Se ke oa lumella phihlello e le motso

Ho thibela mosebelisi oa metso ho khona ho fihlella hole ka SSH, re sheba faeleng/ joalo / ssh / sshd_config mola:

#PermitRootLogin no

'me rea e tlosa. Ke nahana hore ho bohlokoa ho hlakisa hore pele re etsa sena re tlameha ho etsa bonnete ba hore mosebelisi oa rona o na le tumello e hlokahalang ea ho etsa mesebetsi ea tsamaiso.

Fokotsa phihlello ke basebelisi

Hape ha ho utloise bohloko ho lumella phihlello ka SSH ho basebelisi ba bang ba tšepahalang, ka hona re khutlela faeleng / joalo / ssh / sshd_config mme re eketsa mohala:

Lumella basebelisi elav usemoslinux kzkggaara

Moo ho hlakileng, basebelisi elav, usemoslinux le kzkggaara ke bona ba tla tseba ho fihlella.

Sebelisa netefatso ea bohlokoa

Le ha mokhoa ona e le ona o khothalletsoang ka ho fetesisa, re tlameha ho ba hlokolosi haholo hobane re tla fihlella seva ntle le ho kenya phasewete. Sena se bolela hore haeba mosebelisi a khona ho kena nakong ea rona kapa khomphutha ea rona e utsoitsoe, re ka ba mathateng. Leha ho le joalo, ha re boneng hore na re ka e etsa joang.

Ntho ea pele ke ho etsa linotlolo tse peli (tsa sechaba le tsa poraefete):

ssh-keygen -t rsa -b 4096

Ebe re fetisetsa senotlolo sa rona ho komporo / seva:

ssh-copy-id -i ~/.ssh/id_rsa.pub elav@200.8.200.7

Qetellong re tlameha ho se khotsofale, faeleng / joalo / ssh / sshd_config mola:

AuthorizedKeysFile .ssh/authorized_keys

Tse ling tsa dikgetho

Monehelo oa Yukiteru

Re ka fokotsa nako ea ho leta eo ka eona mosebelisi a ka kenang ka katleho ho sistimi ho fihlela metsotsoana e 30

LoginGraceTime 30

Ho qoba litlhaselo tsa ssh ka TCP Spoofing, ho siea se patiloeng se phela ka lehlakoreng la ssh se sebetsa metsotso e meraro, re ka khetha likhetho tsena tse 3.

TCPKeepAlive no ClientAliveInterval 60 ClientAliveCountMax 3

Thibela ts'ebeliso ea lifaele tsa lits'oants'o, tseo ka mabaka a ts'ireletso li khothaletsoang hore li se sebelisoe.

Hlokomoloha Lits'ebeletso e IgnoreUserKnownHostsHosts e RhostsTlhahlobo ha e na RhostsRSATlhahlobo ea netefatso che

Lekola litumello tse sebetsang tsa mosebelisi nakong ea ho kena.

StrictModes yes

Lumella karohano ea litokelo.

UsePrivilegeSeparation yes

Qeto:

Ka ho etsa mehato ena re ka eketsa ts'ireletso ho likhomphutha le li-server tsa rona, empa ha rea ​​lokela ho lebala hore ho na le ntlha ea bohlokoa. ho teng pakeng tsa setulo le keyboard. Ke kahoo ke khothalletsang ho bala Sengoloa sena.

Mohloli: HowToForge


Litaba tsa sengoloa sena li latela melao-motheo ea rona ea melao ea boitšoaro ea bongoli. Ho tlaleha phoso tlanya mona.

Maikutlo a 8, siea ea hau

Siea maikutlo a hau

aterese ya hao ya imeile ke ke ho phatlalatswa. masimo a hlokahala a tšoailoe ka *

*

*

  1. E ikarabella bakeng sa data: Miguel Ángel Gatón
  2. Morero oa data: Laola SPAM, tsamaiso ea maikutlo.
  3. Molao: Tumello ea hau
  4. Puisano ea data: Lintlha li ke ke tsa tsebisoa batho ba boraro ntle le ka tlamo ea molao.
  5. Polokelo ea data: Database e hapiloeng ke Occentus Networks (EU)
  6. Litokelo: Nako efe kapa efe o ka fokotsa, oa hlaphoheloa mme oa hlakola tlhaiso-leseling ea hau.

  1.   yukiteru a re

    Poso e ntle @elav mme ke eketsa lintho tse ling tse khahlisang:

    LoginGraceTime 30

    Sena se re lumella ho fokotsa nako ea ho leta eo mosebelisi a ka kenang ka katleho ho sistimi ho fihlela metsotsoana e 30

    TCPKeepAlive che
    ClientAlive Nako ea 60
    ClientAliveCountMax 3

    Likhetho tsena tse tharo li bohlokoa haholo ho qoba litlhaselo tsa ssh ka TCP Spoofing, e siea se patiloeng se phela ka lehlakoreng la ssh se sebetsa metsotso e fetang 3.

    Hlokomoloha Mabotho e
    HlokomolohaMosebetsiHo tsebahala
    Netefatso Netefatso
    RhostsRSA Netefatso ha e na

    E thibela tšebeliso ea lifaele tsa lits'oants'o, tseo ka mabaka a ts'ireletso li khothaletsoang hore li se sebelisoe.

    Mekhoa e thata

    Khetho ena e sebelisetsoa ho lekola tumello e sebetsang ea mosebelisi nakong ea ho kena.

    SebelisaTs'ireletsoHo arohana ho joalo

    Lumella karohano ea litokelo.

    1.    ela a re

      Hantle, ka nakoana ke tla hlophisa poso ebe ke e eketsa poso 😀

  2.   Eugenio a re

    Ho se ts'oenyehe e le hore o se ke oa fetola mohala ha ho hlokahale. Melao e hlalositsoeng e bonts'a boleng ba mantlha ba khetho ka 'ngoe (bala tlhakiso qalong ea faele ka boeona). Ho fihlella ha motso ho holofalitsoe ka ho sa feleng, jj. Ka hona, ho e emisa ha ho na phello ho hang.

    1.    ela a re

      # Leano le sebelisitsoeng bakeng sa likhetho ho sshd_config ea kamehla e rometsoeng le
      # OpenSSH ke ho hlakisa likhetho ka boleng ba tsona ba kamehla moo
      # khonahala, empa ba tlohele ba fane ka maikutlo. Likhetho tse sa sebetsoang li feta
      # boleng ba mantlha.

      Ee, empa mohlala, re tseba joang hore re sebelisa mofuta oa 2 oa protocol? Hobane re ka be re sebelisa 1 le 2 ka nako e le 'ngoe. Joalokaha mohala oa ho qetela o bolela, ho hlakola khetho ena ka mohlala, ho ngola khetho e ikhethileng. Haeba re sebelisa mofuta oa 2 ka boikhethelo, ho lokile, haeba ho se joalo, re o sebelisa YES kapa YES 😀

      Ke leboha maikutlo

  3.   sli a re

    Sengoloa se setle haholo, ke ne ke tseba lintho tse 'maloa empa ntho e le' ngoe e sa hlaka ho 'na ke ts'ebeliso ea linotlolo, ehlile ke eng mme e na le melemo efe, haeba ke sebelisa linotlolo nka sebelisa linotlolo ??? Haeba ho joalo, hobaneng e eketsa ts'ireletso mme ha ho se joalo, nka e fumana joang ho tsoa pc e ngoe?

  4.   Adian a re

    Lumeliso, ke kentse debian 8.1 'me ha ke khone ho hokela ho tloha windows pc ho ea debian le WINSCP, na ke tla tlameha ho sebelisa protocol 1? thuso efe kapa efe .. kea leboha
    Adian

  5.   franksanabria a re

    O kanna oa khahloa ke video ena ka opensh https://m.youtube.com/watch?v=uyMb8uq6L54

  6.   Tile a re

    Ke batla ho leka lintho tse ling mona, tse 'maloa ke seng ke li lekile ka lebaka la Arch Wiki, tse ling ka lebaka la botsoa kapa ho hloka tsebo. Ke tla e boloka ha ke qala RPi ea ka