Ukufunda i-SSH: Iindlela ezilungileyo zokuzenza kwiSeva ye-SSH

Linux Post Install

Imizuzu ye7

Ukufunda i-SSH: Iindlela ezilungileyo zokuzenza kwiSeva ye-SSH

Ukufunda i-SSH: Iindlela ezilungileyo zokuzenza kwiSeva ye-SSH

Kule ngoku, isithuba sesithandathu nesokugqibela, ukusuka kuthotho lwethu lwezithuba Ukufunda i-SSH siya kujongana ngendlela ebonakalayo, uqwalaselo kunye nokusetyenziswa kwe iinketho ezikhankanyiweyo kwi Ifayile yoqwalaselo ye-OpenSSH eziphathwayo kwicala le iseva ye-ssh, oko kukuthi, ifayile "Uqwalaselo lwe-SSHD" (sshd_config). Nto leyo, ebesithetha ngayo kwisavenge sangaphambili.

Ngaloo ndlela sinokukwazi ngokufutshane, ngendlela elula kwaye ethe ngqo, ezinye ze ezona zenzo zilungileyo (iingcebiso kunye neengcebiso) nini cwangcisa iseva ye-SSHekhaya naseofisini.

Ukufunda i-SSH: I-SSHD Config File Options kunye neeParameters

Ukufunda i-SSH: I-SSHD Config File Options kunye neeParameters

Kwaye, ngaphambi kokuqala isihloko sanamhlanje, malunga neyona nto ingcono "Iindlela ezilungileyo zokusebenzisa kuqwalaselo lwe-SSH Server", siya kushiya amanye amakhonkco kwiimpapasho ezinxulumeneyo, ukuze sizifunde kamva:

Ukufunda i-SSH: I-SSHD Config File Options kunye neeParameters
Inqaku elidibeneyo:
Ukufunda i-SSH: I-SSHD Config File Options kunye neeParameters
 Ukufunda i-SSH: Iinketho zeFayile ze-SSH kunye neeParamitha
Inqaku elidibeneyo:
Ukufunda i-SSH: Iinketho zeFayile ze-SSH kunye neeParamitha

Iinkqubo ezilungileyo kwiSeva ye-SSH

Iinkqubo ezilungileyo kwiSeva ye-SSH

Zeziphi izenzo ezilungileyo ezisebenzayo xa uqwalasela iSeva ye-SSH?

Okulandelayo, kwaye ngokusekelwe kwiinketho kunye neeparamitha del Ifayile yoqwalaselo ye-SSHD (sshd_config), ebonwe ngaphambili kwisithuba sangaphambili, ezi ziya kuba ezinye ezona zenzo zilungileyo ukwenza malunga noqwalaselo lwefayile exeliweyo, ukuya inshurensi okusemandleni ethu imidibaniso ekude, engenayo nephumayo, kwiseva ye-SSH enikiweyo:

Iinkqubo ezilungileyo kwiSeva ye-SSH: Ukhetho lwabaSebenzisi

Chaza abasebenzisi abanokungena kwi-SSH ngokhetho Vumela abasebenzisi

Ukusukela ukuba olu khetho okanye iparameter iqhele ukungaqukwa ngokungagqibekanga kwifayile exeliweyo, inokufakwa ekupheleni kwayo. Ukusebenzisa i-a uluhlu lweepateni zegama lomsebenzisi, zahlulwe zizithuba. Ngoko ke, ukuba kuchaziwe, ukungena, ngoku kuphela okufanayo kuyakuvunyelwa kwigama lomsebenzisi kunye negama lenginginya elihambelana nepateni enye eqwalaselweyo.

Umzekelo, njengoko kubonwa ngezantsi:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

IiNgcebiso eziGqwesileyo kwiSeva ye-SSH: UKhetho lweAddress yokuMamela

Xelela i-SSH ukuba yeyiphi ujongano lwenethiwekhi yendawo omamele kuyo ngokhetho lwe- ListenAddress

Ukwenza oku, kufuneka uvule (unganikezi) ifayile ukhetho Idilesi yokumamela, evelaengagqibekanga nge ixabiso "0.0.0.0", kodwa isebenza ngokwenene ZONKE imo, oko kukuthi, mamela kuzo zonke iindawo zenethiwekhi ezikhoyo. Ke ngoko, ixabiso elixeliweyo kufuneka limiselwe ngendlela yokuba lichazwe ukuba yeyiphi okanye iidilesi ze-IP zasekhaya ziyakusetyenziswa yinkqubo yesshd ukumamela izicelo zoqhagamshelwano.

Umzekelo, njengoko kubonwa ngezantsi:

ListenAddress 129.168.2.1 192.168.1.*

Iinkqubo ezilungileyo kwiSeva ye-SSH: Ukhetho loQinisekiso lwegama eliyimfihlo

Cwangcisa ukungena kwe-SSH ngokusebenzisa izitshixo kunye nokhetho Ukuqinisekiswa Kwegama Lokugqithisa

Ukwenza oku, kufuneka uvule (unganikezi) ifayile ukhetho Ukuqinisekiswa Kwegama Lokugqithisa, evelaengagqibekanga nge ewe ixabiso. Kwaye ke, seta elo xabiso njenge "Hayi", ukwenzela ukuba kufuneke ukusetyenziswa kwezitshixo zikawonke-wonke kunye nezabucala ukufezekisa ugunyaziso lokufikelela kumatshini othile. Ukufezekisa ukuba ngabasebenzisi abakude kuphela abanokungena, ukusuka kwikhompyuter okanye kwiikhompyuter, ezigunyaziswe ngaphambili. Umzekelo, njengoko kubonwa ngezantsi:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Izenzo ezilungileyo kwiSSH Server: PermitRootLogin Option

Khubaza ukungena kwengcambu nge-SSH ngokhetho PermitRootLogin

Ukwenza oku, kufuneka uvule (unganikezi) ifayile PermitRootLogin ukhetho, evelaengagqibekanga nge ixabiso elithi "hibit-password".. Nangona kunjalo, ukuba kufunwa ukuba ngokupheleleyo, Umsebenzisi wengcambu akavumelekanga ukuba aqalise iseshoni ye-SSH, ixabiso elifanelekileyo lokuseta li "Hayi". Umzekelo, njengoko kubonwa ngezantsi:

PermitRootLogin no

Iinkqubo ezilungileyo kwiSeva ye-SSH: UKhetho lwesiZibuko

Guqula izibuko le-SSH elingagqibekanga ngokhetho lweSibuko

Ukwenza oku, kufuneka uvule (unganikezi) ifayile izibuko ukhetho, eza ngokungagqibekanga nge ixabiso "22". Nangona kunjalo, kubalulekile ukutshintsha izibuko elikhankanyiweyo ukuya kulo naliphi na elinye elikhoyo, ukuze kuncitshiswe kwaye kuthintelwe inani lohlaselo, i-manual okanye i-brute force, enokwenziwa ngezibuko elaziwayo elixeliweyo. Kubalulekile ukuqiniseka ukuba eli zibuko litsha liyafumaneka kwaye linokusetyenziswa zezinye izicelo eziza kudibanisa kumncedisi wethu. Umzekelo, njengoko kubonwa ngezantsi:

Port 4568

Ezinye iinketho eziluncedo zokuseta

Ezinye iinketho eziluncedo zokuseta

Ekugqibeleni, kwaye emva koko Inkqubo ye-SSH ibanzi kakhulu, kwaye kwisavenge sangaphambili sele sijongane nokhetho ngalunye ngokweenkcukacha ezithe vetshe, ngezantsi siza kubonisa kuphela ezinye iinketho ezingaphezulu, ezinamaxabiso athile anokufaneleka kwiimeko ezininzi zosetyenziso kunye nezahlukeneyo.

Kwaye oku kulandelayo:

  • Isibhengezo /etc/issue
  • IklayentiAliveInterval 300
  • UmthengiAliveCountMax 0
  • Ukungena kwiXesha leXesha 30
  • LogLevel ULWAZI
  • MaxAuthTries 3
  • MaxSessions 0
  • Ubukhulu bokuQalisa 3
  • AllowEmptyPasswords Hayi
  • PrintMotd ewe
  • PrintLastLog ewe
  • Iindlela ezingqongqo Ewe
  • SyslogFacility I-AUTH
  • X11 Ukudlulisela ewe
  • X11DisplayOffset 5

QaphelaQaphela: Nceda uqaphele ukuba, kuxhomekeke kwinqanaba lamava kunye nobuchule be IiSysAdmins kunye neemfuno zokhuseleko lweqonga lobuchwephesha ngalinye, uninzi lwezi khetho zinokuhluka ngokufanelekileyo nangengqiqo ngeendlela ezahlukeneyo. Ukongeza, ezinye iindlela eziphambili kakhulu okanye ezintsonkothileyo zinokwenziwa, njengoko ziluncedo okanye ziyimfuneko kwiindawo ezahlukeneyo zokusebenza.

Ezinye izenzo ezilungileyo

Phakathi kwezinye izenzo ezilungileyo zokuphumeza kwi-SSH Server Siyakwazi ukukhankanya oku kulandelayo:

  1. Cwangcisa isaziso se-imeyile yesilumkiso kuzo zonke okanye uqhagamshelo oluthile lwe-SSH.
  2. Khusela ufikelelo lwe-SSH kwiiseva zethu kuhlaselo olukhohlakeleyo usebenzisa isixhobo seFail2ban.
  3. Ngamaxesha athile jonga ngesixhobo seNmap kwiiseva ze-SSH kunye nabanye, ukukhangela amazibuko angagunyaziswanga okanye afunekayo avulekileyo.
  4. Ukuqinisa ukhuseleko lweqonga le-IT ngokufaka i-IDS (iNkqubo yokuHlola i-Intrusion) kunye ne-IPS (iNkqubo yokuThintela ukungena).
Ukufunda i-SSH: Iindlela zokuKhetha kunye neeParameters zoLungiso
Inqaku elidibeneyo:
Ukufunda i-SSH: Ukhetho kunye neeParamitha zoLungiso-Icandelo I
Inqaku elidibeneyo:
Ukufunda i-SSH: Ukufakela kunye neeFayile zoLungiso

I-Roundup: Isithuba sesibhengezo sika-2021

Isishwankathelo

Ngamafutshane, kunye nale ntlawulo yamva nje "Ukufunda iSSH" sigqibe umxholo ochazayo kuyo yonke into enxulumene nayo OpenSSH. Ngokuqinisekileyo, ngexesha elifutshane, siza kube sisabelana ngolwazi olubaluleke ngakumbi malunga ne Umgaqo-nkqubo weSSH, kwaye malunga neyakho ukusetyenziswa kwe console mediante Ukushicilela kweShell. Ngoko siyathemba ukuba unjalo "izenzo ezilungileyo kwiSeva ye-SSH", bongeze ixabiso elininzi, kokubini ngokobuqu nangobuchule, xa usebenzisa i-GNU/Linux.

Ukuba uyayithanda le post, qiniseka ukuba uphawule ngayo kwaye wabelane ngayo nabanye. Kwaye khumbula, ndwendwela wethu «iphepha lasekhaya» ukuphonononga ezinye iindaba, kunye nokujoyina ijelo lethu elisemthethweni le- ITelegram ye DesdeLinux, Bucala ngasekunene iqela ngolwazi oluthe vetshe ngesihloko sanamhlanje.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   lhoqvso sitsho
    yenzayo 2 iminyaka

    Ndijonge phambili kwinxalenye yesibini yeli nqaku apho wandisa ngakumbi kwinqaku lokugqibela:

    Ukuqinisa ukhuseleko lweqonga le-IT ngokufaka i-IDS (iNkqubo yokuHlola i-Intrusion) kunye ne-IPS (iNkqubo yokuThintela ukungena).

    Gracias !!

    Phendula uLhoqvso
    1.    Ukufaka i-Linux Post sitsho
      yenzayo 2 iminyaka

      Molo, Lhoqvso. Ndiza kulinda ukuzaliseka kwayo. Enkosi ngokusindwendwela, ufunde umxholo wethu kunye nokuphawula.

      Phendula kuLinux Post Faka