OpenSSH (Vula iShell ekhuselekileyoiseti yezicelo ezivumela unxibelelwano olofihliweyo kwinethiwekhi, usebenzisa i umgaqo SSH. Yenziwe njengenye indlela yasimahla nevulekileyo kwinkqubo Shell ekhuselekileyoIsoftware ephetheyo. « Wikipedia.
Abanye abasebenzisi banokucinga ukuba iinkqubo ezilungileyo kufuneka zisetyenziswe kuphela kwiiseva kwaye oku akunjalo. Uninzi lonikezelo lwe-GNU / Linux lubandakanya i-OpenSSH ngokuzenzekelayo kwaye kukho izinto ezimbalwa ekufuneka uzigcine engqondweni.
Khu seleko
La ngawona manqaku abalulekileyo ma-6 ekufuneka uwagcine engqondweni xa uqwalasela i-SSH:
- Sebenzisa iphasiwedi eyomeleleyo.
- Guqula izibuko elingagqibekanga le-SSH.
- Soloko usebenzisa ingxelo yesi-2 yenkqubo ye-SSH.
- Khubaza ukufikelela kwengcambu.
- Nciphisa ukufikelela komsebenzisi.
- Sebenzisa uqinisekiso olungundoqo.
- Ezinye iindlela
Igama eligqithisiweyo
Igama lokugqitha elilungileyo lelo liqulathe ialphanumeric okanye abalinganiswa abakhethekileyo, izithuba, oonobumba abakhulu nabancinci... njl. Apha ngaphakathi DesdeLinux Sibonise iindlela ezininzi zokwenza iipassword ezilungileyo. Ungandwendwela Oku kubhaliwe y le enye.
Guqula izibuko elingagqibekanga
Izibuko elingagqibekanga le-SSH lineminyaka engama-22 ukuyitshintsha, konke ekufuneka sikwenzile ukuhlela ifayile / njll / ssh / sshd_config. Sijonge umgca othi:
#Port 22
siyayikhulula kwaye sitshintshe ezingama-22 ngelinye inani .. umzekelo:
Port 7022
Ukwazi izibuko esingazisebenzisiyo kwikhompyuter / kwiserver esinokuyenza kwisiphelo sendlela:
$ netstat -ntap
Ngoku ukufikelela kwikhompyuter yethu okanye kwiserver kufuneka siyenze -p ngokolu hlobo lulandelayo:
$ ssh -p 7022 usuario@servidor
Sebenzisa iProtokholi 2
Ukuqinisekisa ukuba sisebenzisa inguqulelo yesi-2 yenkqubo ye-SSH, kufuneka sihlele ifayile / njll / ssh / sshd_config kwaye ujonge umgca othi:
# Umgaqo 2
Siyiyekisile kwaye sayiqala kwakhona inkonzo ye-SSH.
Sukuvumela ukufikelela njengengcambu
Ukuthintela umsebenzisi wengcambu ekubeni akwazi ukufikelela kude ngeSSH, sijonga kwifayile/ njll / ssh / sshd_config umgca:
#PermitRootLogin no
kwaye asihambisi. Ndicinga ukuba kufanelekile ukucacisa ukuba ngaphambi kokwenza oku kufuneka siqiniseke ukuba umsebenzisi wethu uneemvume eziyimfuneko zokwenza imisebenzi yezolawulo.
Nciphisa ukufikelela kubasebenzisi
Ayikhathazi ukuvumela ukufikelela nge-SSH kuphela kubasebenzisi abathile abathembekileyo, ke sibuyela kwifayile / njll / ssh / sshd_config kwaye sidibanisa umgca:
Vumela abasebenzisi i-elav usemoslinux kzkggaara
Apho ngokucacileyo, abasebenzisi elav, usemoslinux kunye ne-kzkggaara ngabo baya kuba nakho ukufikelela.
Sebenzisa uqinisekiso olungundoqo
Nangona le ndlela iyeyona icetyiswayo, kufuneka sithathe unonophelo olukhethekileyo kuba siya kungena kwiserver ngaphandle kokungena ngegama eligqithisiweyo. Oku kuthetha ukuba ukuba umsebenzisi uyakwazi ukungena kwiseshoni yethu okanye ikhompyuter yakho ibiwe, sinokuba sengxakini. Nangona kunjalo, masibone ukuba ungayenza njani.
Into yokuqala yokwenza isibini sezitshixo (esidlangalaleni nakwabucala):
ssh-keygen -t rsa -b 4096
Emva koko sidlulisa isitshixo sethu kwikhompyuter / kwiserver:
ssh-copy-id -i ~/.ssh/id_rsa.pub elav@200.8.200.7
Okokugqibela kufuneka singonwabi, kwifayile / njll / ssh / sshd_config umgca:
AuthorizedKeysFile .ssh/authorized_keys
Ezinye iindlela
Singalinciphisa ixesha lokulinda apho umsebenzisi anokuthi angene ngempumelelo kwinkqubo ukuya kwimizuzwana engama-30
LoginGraceTime 30
Ukuthintela uhlaselo lwe-ssh ngokusebenzisa i-TCP Spoofing, ishiya i-encrypted iphila kwicala le-ssh lisebenza kangangemizuzu emi-3, sinokusebenzisa ezi ndlela zintathu.
TCPKeepAlive no ClientAliveInterval 60 ClientAliveCountMax 3
Khubaza ukusetyenziswa kwemikhombe okanye iifayili, ezithi ngenxa yezizathu zokhuseleko zibongozwa ukuba zingasetyenziswa.
UngayihoyiRhosts Ewe UngayihoyiIsiSebenziIzinto ezaziwayo ewe iiRhostsUqinisekiso akukho RhostsRSAUqinisekiso akukho
Jonga iimvume ezisebenzayo zomsebenzisi ngexesha lokungena.
StrictModes yes
Nika amandla ukwahlulwa kwamalungelo.
UsePrivilegeSeparation yes
Izigqibo:
Ngokwenza la manyathelo sinokongeza ukhuseleko kwiikhompyuter nakwiiseva zethu, kodwa akufuneki silibale ukuba kukho into ebalulekileyo: yintoni phakathi kwesihlalo kunye nebhodi yezitshixo. Kungenxa yoko le nto ndincoma ukufunda Oku kubhaliwe.
Umthombo: HowToForge
Iposti entle kakhulu @elav kwaye ndongeza izinto ezinomdla:
Ukungena kwiXesha leXesha 30
Oku kusivumela ukuba sinciphise ixesha lokulinda apho umsebenzisi anokungena ngempumelelo kwinkqubo ukuya kwimizuzwana engama-30
TCPKeepAlive akukho
IklayentiAliveInterval 60
UmthengiAliveCountMax 3
Ezi ndlela zintathu ziluncedo ekuthinteleni uhlaselo lwe-ssh ngokusebenzisa i-TCP Spoofing, ishiya i-encrypted iphila kwicala le-ssh elisebenza kangangemizuzu emi-3.
Ungayihoyi imikhosi ewe
UngayihoyiImikhosi eyaziwayo ewe
Ukuqinisekisa ubukho no
Ukuqinisekiswa kweRhostsRSA akukho
Ikhubaza ukusetyenziswa kwemikhombe okanye iifayile zeshost, ethi ngenxa yezizathu zokhuseleko zibongozwa ukuba zingasetyenziswa.
Iindlela eziQinisekileyo ewe
Olu khetho lusetyenziselwa ukukhangela imvume esebenzayo yomsebenzisi ngexesha lokungena.
Sebenzisa iPrivilegeSeparation ewe
Nika amandla ukwahlulwa kwamalungelo.
Ewe, okwethutyana ndiza kuyilungisa iposti kwaye ndiyongeze kwiposti 😀
Ukungaphumeleli ukuze ungatshintshi umgca awusafuneki. Imigca ephawulweyo ibonisa ixabiso elisisiseko kukhetho ngalunye (funda ingcaciso ekuqaleni kwefayile uqobo). Ukufikelela kwengcambu kukhutshaziwe ngokungagqibekanga, njl. Ke ngoko, ukungaphumeleli akunampembelelo kwaphela.
Ewe, kodwa umzekelo, sazi njani ukuba sisebenzisa inguqulelo yesi-2 kuphela yomgaqo olandelwayo? Kungenxa yokuba sinokusebenzisa u-1 no-2 ngaxeshanye. Njengoko umgca wokugqibela utsho, ukungaphumeleli kolu khetho umzekelo, ubhala ngaphezulu ukhetho olungagqibekanga. Ukuba sisebenzisa uguqulelo 2 ngokungagqibekanga, kulungile, ukuba akunjalo, sisebenzisa u-YES okanye u-EWE
Enkosi ngezimvo
Inqaku elilunge kakhulu, bendizazi izinto ezininzi kodwa inye into engazange icace kum kukusetyenziswa kwezitshixo, ngokwenene ziyintoni kwaye ziluncedo luni, ukuba ndisebenzisa izitshixo ndingasebenzisa iipassword ??? Ukuba kunjalo, kutheni isonyusa ukhuseleko kwaye ukuba akunjalo, ndingayifumana njani kwenye i-pc?
Imibuliso, ndifake i-debian 8.1 kwaye andikwazi ukunxibelelana neewindows pc ukuya kwi-debian kunye ne-WINSCP, ngaba kuya kufuneka ndisebenzise umthetho 1? naluphi na uncedo .. enkosi
I-Adian
Unokuba nomdla kule vidiyo malunga nokuvula https://m.youtube.com/watch?v=uyMb8uq6L54
Ndifuna ukuzama ezinye izinto apha, ezininzi ndizamile ukubulela kwiArch Wiki, ezinye ngenxa yobuvila okanye ukungazi. Ndizoyigcina xa ndiqala i-RPi yam