Ukufunda i-SSH: I-SSHD Config File Options kunye neeParameters
ngaphambili (yesine) isavenge kolu luhlu lwezithuba kwi Ukufunda i-SSH sijongana ne iinketho ezikhankanyiweyo kwi Ifayile yoqwalaselo ye-OpenSSH eziphathwayo kwicala le Umxhasi weSSH, oko kukuthi, ifayile "SSHConfig" (ssh_config).
Ngenxa yesi sizathu, namhlanje siza kuqhubeka kule nto unikezelo olungaphambili kunye nolwesihlanu, ngokhetho oluchazwe kwi Ifayile yoqwalaselo ye-OpenSSH eziphathwayo kwicala le iseva ye-ssh, oko kukuthi, ifayile "Uqwalaselo lwe-SSHD" (sshd_config).
Ukufunda i-SSH: Iinketho zeFayile ze-SSH kunye neeParamitha
Kwaye, ngaphambi kokuqala isihloko sanamhlanje, malunga nomxholo olawulekayo wefayile VulaSSH "Uqwalaselo lwe-SSHD" (sshd_config), siya kushiya ezinye iilinki ze izithuba ezinxulumene:
Ukhetho lweFayile yokuQinisekisa ye-SSHD kunye neeParamitha (sshd_config)
Yintoni i-SSHD Config (sshd_config) ifayile ye-OpenSSH?
Njengoko sibonisile kwisifundo sangaphambili, i-OpenSSH ineefayile ezi-2 zoqwalaselo. omnye wafowuna ssh_config kuqwalaselo lwe SSH icala lomxumi kunye nomnye umnxeba sshd_config kuqwalaselo lwecala iseva ye-ssh. Zombini, zikwindlela elandelayo okanye ulawulo: /etc/ssh.
Ke ngoko, oku kudla ngokubaluleke ngakumbi okanye kufanelekile, kuba kusivumela ukuba senze njalo NONE esiya kuthi siyivumele kwiiSeva zethu. Edla ngokuba yinxalenye yento eyaziwa ngokuba Ukuqina komncedisi.
Ngesi sizathu, namhlanje sizakubonisa ukuba zeziphi iinketho ezininzi kunye neeparameters ngaphakathi kwefayile exeliweyo, ezethu yokugqibela neyesithandathu kolu ngcelele nika iingcebiso ezisebenzayo neziyinyaniso ukwenza njani uhlengahlengiso okanye utshintsho ngokhetho olunjalo kunye neeparamitha.
Uluhlu lweenketho ezikhoyo kunye neeparamitha
njengakwifayile "SSH Config" (ssh_config), ifayile "SSHD Config" (sshd_config) inokhetho oluninzi kunye neparameters, kodwa enye ye eyaziwa kakhulu, esetyenziswayo okanye ebalulekileyo Zizo zilandelayo:
AllowUsers / DenyUsers
Olu khetho okanye iparameter ayisoloko iqukwa ngokungagqibekanga kwifayile exeliweyo, kodwa ifakwe kuyo, ngokubanzi ekupheleni kwayo, inika ithuba lokuba nokwenzeka koku. bonisa ukuba ngubani okanye ngubani (abasebenzisi) abanokungena kumncedisi ngoqhagamshelwano lwe-SSH.
Ngoko ke, olu khetho okanye iparameter isetyenziswa kunye ne uluhlu lweepateni zegama lomsebenzisi, zahlulwe zizithuba. Ngoko ke, ukuba kuchaziwe, ukungena, ngoku okufanayo kuyakuvunyelwa kuphela kumagama omsebenzisi ahambelana nemilinganiselo enye.
Qaphela ukuba ngokungagqibekanga, ukungena ngemvume kuvunyelwe kubo bonke abasebenzisi nakuwuphi na umamkeli. Nangona kunjalo, ukuba ipateni imiselwe ngolu hlobo "USER@HOST", kunjalo USER kunye ne-HOST ziqinisekiswa ngokwahlukeneyo, nto leyo ethintela ukungena kubasebenzisi abathile kwiinginginya ezithile.
Kwaye UMSEBENZI, iidilesi ezikuhlobo lwe Idilesi ye-IP/i-CIDR imaski. Ekugqibeleni, Vumela abasebenzisi inokutshintshwa DenyUsers ukukhanyela iipatheni zabasebenzisi ezifanayo.
Idilesi yokumamela
Ikuvumela ukuba uchaze i iidilesi ze-IP zasekhaya (ujongano lomsebenzi womnatha wobulali womatshini womncedisi) apho inkqubo ye sshd kufuneka imamele. Kwaye oku, ezi ndlela zilandelayo zoqwalaselo zingasetyenziswa:
- Igama lomamkeli wedilesi | IPv4/IPv6 idilesi [domain]
- Igama lomamkeli weAddress : port [domain ]
- Idilesi ye-Mamela IPv4/IPv6 : izibuko [ isizinda ]
- ListenAddress [igama lomamkeli | IPv4/IPv6 idilesi] : port [domain]
Ngena kwiGraceTime
Ikuvumela ukuba uchaze i ixesha (lobabalo), emva koko, umncedisi uyaqhawula, ukuba umsebenzisi ozama ukwenza umdibaniso we-SSH akaphumelelanga. Ukuba ixabiso ngu-zero (0), limiselwe ukuba akukho mda wexesha, ngelixa Ukungagqibeki kumiselwe kwimizuzwana eyi-120.
LogLevel
Ikuvumela ukuba uchaze i inqanaba le-verbosity yemiyalezo ye-sshd yelog. kwaye yenaAmaxabiso alawulekayo ngala: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, kunye DEBUG3. Ngexesha, kwayeIxabiso elimiselweyo yi-INFO.
MaxAuthTries
Ixela elona nani liphezulu lenzame zokungqinisisa ezivumelekileyo ngoqhagamshelwano. Ngokungagqibekanga, ixabiso layo limiselwe ku-6.
MaxSessions
Ikuvumela ukuba uchaze ubuninzi benani leeseshoni zeShell ezivuliweyo ngokonxibelelwano lomsebenzi womnatha osekiweyo, ngokungena okanye ngesixokelelwano esisezantsi esisetyenzisiweyo, umzekelo nge-sftp. Emisela ixabiso layo I-1 iya kubangela ukuba iseshoni yokuphindaphinda ikhubazeke, ngelixa ukuseta kwi-0 kuya kuvala zonke iintlobo zoqhagamshelwano kunye neeseshoni. Ngokungagqibekanga, ixabiso layo limiselwe ku-10.
MaxStartups
Ikuvumela ukuba ucacise elona nani likhulu loqhagamshelo olungenakuqinisekiswa ngaxeshanye kwi-daemon ye-SSH, o.k.t. inani lodibaniso lwe-SSH olunokuvulwa nge-IP/Inginginya nganye. Ixabiso layo elingagqibekanga lidla ngokuba yi-10, 30, okanye i-100, esoloko ithathwa njengephezulu, ngoko ke ixabiso elisezantsi liyacetyiswa.
Ukuqinisekiswa Kwegama Lokugqithisa
Ixela ukuba ungqinisiso lwegama lokugqitha luyakufuneka. Ngokungagqibekanga, ixabiso layo limiselwe ku "Ewe".
AllowEmptyPasswords
Ixela ukuba ngaba umncedisi uya kuvuma (ukugunyazisa) ukungena kwiiakhawunti zomsebenzisi ezinemitya engenanto yegama lokugqitha. Ngokungagqibekanga, ixabiso layo limiselwe "Hayi".
PermitRootLogin
Ikuvumela ukuba ukhankanye ukuba ngaba umncedisi uya kuvuma (ukugunyazisa) ukuqala iiseshoni zokungena kwiingcambu zeeakhawunti zomsebenzisi. Nangona, dNgokungagqibekanga, ixabiso layo limiselwe ku "prohibit-password", imiselwe ngokufanelekileyo ku "Hayi", emisela ngokupheleleyo loo nto. Umsebenzisi wengcambu akavumelekanga ukuba aqalise iseshoni ye-SSH.
izibuko
Ikuvumela ukuba ucacise inombolo yezibuko apho inkqubo ye sshd izakumamela zonke izicelo zoqhagamshelo lwe SSH. Ngokungagqibekanga, ixabiso layo limiselwe "22".
Iindlela ezingqongqo
Ixela ukuba inkqubo ye-SSH kufuneka iqinisekise iindlela zefayile kunye nobunini bolawulo lwasekhaya lomsebenzisi kunye neefayile phambi kokwamkela ukungena. Ngokungagqibekanga, ixabiso layo limiselwe ku "Ewe".
SyslogFacility
Ivumela ikhowudi yokuhlohla ukuba inikwe esetyenziswa xa kuloga imiyalezo esuka kwinkqubo ye-SSH. Ngokungagqibekanga, ixabiso layo limiselwe ku-"Authorization" (AUTH).
Qaphela: Kuxhomekeke kwi KwiSysAdmin kunye neemfuno zokhuseleko lweqonga lobuchwepheshe ngalinye, ezinye iinketho ezininzi zinokuba luncedo kakhulu okanye ziyimfuneko. Njengoko siza kubona kwisithuba sethu esilandelayo kunye nesokugqibela kolu chungechunge, apho siya kugxininisa kwizenzo ezilungileyo (ingcebiso kunye neengcebiso) kwi-SSH, ukufaka isicelo usebenzisa yonke into eboniswe ngoku.
Olunye ulwazi
Kwaye kwesi sigaba sesine, ukuba ukwandisa olu lwazi kwaye ufunde nganye nganye kwiinketho kunye neeparamitha ezikhoyo ngaphakathi kwe ifayile yoqwalaselo "Uqwalaselo lwe-SSHD" (sshd_config)Sicebisa ukuba ujonge ezi linki zilandelayo: Ifayile yoqwalaselo ye-SSH yeseva ye-OpenSSH y Iimanyuwali ezisemthethweni ze-OpenSSH, ngesiNgesi. Kwaye njengakwizavenge ezithathu ezidlulileyo, jonga oku kulandelayo umxholo osemthethweni kwaye uthembekile kwi-intanethi malunga I-SSH kunye ne-OpenSSH:
- I-Debian Wiki
- Incwadi yoMphathi weDebian: UkuNgena okukude / i-SSH
- Incwadi yoKhuseleko lweDebian: Isahluko 5. Iinkonzo zoKhuselo
Isishwankathelo
Ngamafutshane, ngesi savenge sitsha sivuliwe "Ukufunda iSSH" phantse sigqibezela umxholo ocacisayo kuyo yonke into enxulumene nayo OpenSSH, ngokunikezela ngolwazi oluyimfuneko malunga neefayile zoqwalaselo "Uqwalaselo lwe-SSHD" (sshd_config) y "Uqwalaselo lwe-SSH" (ssh_config). Ke ngoko, sinethemba lokuba iluncedo kwabaninzi, buqu kunye nasemsebenzini.
Ukuba uyayithanda le post, qiniseka ukuba uphawule ngayo kwaye wabelane ngayo nabanye. Kwaye khumbula, ndwendwela wethu «iphepha lasekhaya» ukuphonononga ezinye iindaba, kunye nokujoyina ijelo lethu elisemthethweni le- ITelegram ye DesdeLinux, Bucala ngasekunene iqela ngolwazi oluthe vetshe ngesihloko sanamhlanje.