I-OpenSSH (Vula Igobolondo Eliphephile) isethi yezinhlelo zokusebenza ezivumela ukuxhumana okubethelwe ngenethiwekhi, kusetshenziswa i- umthetho ssh. Yenziwe njengenye indlela yamahhala nevulekile kuhlelo I-Shell evikelekile, okuyi-software ephathelene. « Wikipedia.
Abanye abasebenzisi bangacabanga ukuthi imikhuba emihle kufanele isetshenziswe kuphela kumaseva kanti akunjalo. Ukusabalalisa okuningi kwe-GNU / Linux kufaka i-OpenSSH ngokuzenzakalela futhi kunezinto ezimbalwa okufanele uzikhumbule.
Ukuphepha
Lawa amaphuzu abaluleke kakhulu ama-6 okufanele uwagcine engqondweni lapho ulungiselela i-SSH:
- Sebenzisa iphasiwedi eqinile.
- Shintsha imbobo ezenzakalelayo ye-SSH.
- Sebenzisa njalo inguqulo 2 yephrothokholi ye-SSH.
- Khubaza ukufinyelela kwezimpande.
- Khawulela ukufinyelela komsebenzisi.
- Sebenzisa ukufakazela ubuqiniso bokhiye.
- Okunye okukhethwa kukho
Iphasiwedi eqinile
Iphasiwedi enhle yileyo equkethe izinhlamvu ze-alphanumeric noma ezikhethekile, izikhala, izinhlamvu ezinkulu nezincane... njll. Lapha phakathi DesdeLinux Sibonise izindlela ezimbalwa zokwenza amaphasiwedi amahle. Angavakashela Lesi sihloko y lokhu okunye.
Shintsha imbobo ezenzakalelayo
Imbobo ezenzakalelayo ye-SSH ingu-22 ukuyiguqula, konke okumele sikwenze ukuhlela ifayili / njll / ssh / sshd_config. Sifuna umugqa othi:
#Port 22
siyayikhulula bese siguqula ezingama-22 zenye inombolo .. ngokwesibonelo:
Port 7022
Ukwazi amachweba esingawasebenzisi kukhompyutha / kuseva yethu singayisebenzisa esigungwini:
$ netstat -ntap
Manje ukufinyelela ikhompyutha noma iseva yethu kufanele sikwenze ngoku -p inketho ngokulandelayo:
$ ssh -p 7022 usuario@servidor
Sebenzisa i-Protocol 2
Ukuqinisekisa ukuthi sisebenzisa inguqulo 2 yephrothokholi ye-SSH, kufanele sihlele ifayela / njll / ssh / sshd_config bese ubheka umugqa othi:
# Isivumelwano 2
Siyayikhulula bese siqala kabusha insiza ye-SSH.
Ungavumeli ukufinyelela njengezimpande
Ukuvimbela umsebenzisi wezimpande ukuthi akwazi ukufinyelela kude nge-SSH, sibheka kufayela/ njll / ssh / sshd_config umugqa:
#PermitRootLogin no
futhi asikuvumeli. Ngicabanga ukuthi kufanelekile ukucacisa ukuthi ngaphambi kokwenza lokhu kufanele siqiniseke ukuthi umsebenzisi wethu unezimvume ezidingekayo zokwenza imisebenzi yokuphatha.
Khawulela ukufinyelela ngabasebenzisi
Futhi akulimazi ukuvumela ukufinyelela nge-SSH kuphela kubasebenzisi abathile abathembekile, ngakho-ke sibuyela kufayela / njll / ssh / sshd_config futhi sengeza umugqa:
VumelaUsers elav usemoslinux kzkggaara
Lapho kusobala ukuthi, abasebenzisi elav, usemoslinux kanye ne-kzkggaara yibo abazokwazi ukufinyelela.
Sebenzisa ukufakazela ubuqiniso bokhiye
Yize le ndlela kunconywa kakhulu, kufanele sinakekele ngokukhethekile ngoba sizofinyelela kuseva ngaphandle kokufaka iphasiwedi. Lokhu kusho ukuthi uma umsebenzisi ekwazi ukungena kuseshini yethu noma eyebiwe ikhompyutha yethu, singaba senkingeni. Noma kunjalo, ake sibone ukuthi singakwenza kanjani.
Into yokuqala ukudala izikhiye ezimbili (zomphakathi nezangasese):
ssh-keygen -t rsa -b 4096
Ngemuva kwalokho sidlulisa ukhiye wethu siye kukhompyutha / iseva:
ssh-copy-id -i ~/.ssh/id_rsa.pub elav@200.8.200.7
Ekugcineni kufanele singakhululeki, kufayela / njll / ssh / sshd_config umugqa:
AuthorizedKeysFile .ssh/authorized_keys
Okunye okukhethwa kukho
Singasinciphisa isikhathi sokulinda lapho umsebenzisi angangena ngempumelelo ngempumelelo ohlelweni afike kumasekhondi angama-30
LoginGraceTime 30
Ukugwema ukuhlaselwa kwe-ssh ngokusebenzisa i-TCP Spoofing, kushiya uhlangothi lwe-ssh lubethelwe luphila isikhathi esingaphezu kwemizuzu emi-3, singazisebenzisa lezi zinketho ezi-3.
I-TCPKeepAlive no ClientAliveInterval 60 ClientAliveCountMax 3
Khubaza ukusetshenziswa kwama-rhosts noma ama-shosts, okuthi ngenxa yezizathu zokuphepha unxuswa ukuthi ungasetshenziswa.
ZibaIzivakashi yebo ZibaUseKaziIzivakashiYesho amaRhostsUkuqinisekiswa chaRhostsRSAUkuqinisekiswa cha
Hlola izimvume ezisebenzayo zomsebenzisi ngesikhathi sokungena ngemvume.
StrictModes yes
Nika amandla ukuhlukaniswa kwamalungelo.
UsePrivilegeSeparation yes
Iziphetho:
Ngokwenza lezi zinyathelo singangeza ukuphepha okwengeziwe kuma-computer nakumaseva ethu, kepha akumele sikhohlwe ukuthi kunesici esibalulekile: yini phakathi kwesihlalo nekhibhodi. Kungakho ngincoma ukufunda Lesi sihloko.
Umthombo: Kanjani
Okuthunyelwe okuhle kakhulu @elav futhi ngifaka izinto ezithile ezithokozisayo:
I-LoginGraceTime 30
Lokhu kusivumela ukuthi sinciphise isikhathi sokulinda lapho umsebenzisi angangena ngempumelelo ohlelweni afike kumasekhondi angama-30
TCPKeepAlive cha
I-ClientAliveInterval 60
I-ClientAliveCountMax 3
Lezi zinketho ezintathu zilusizo impela ukugwema ukuhlaselwa kwe-ssh ngokusebenzisa i-TCP Spoofing, kushiya okubetheliwe kuphila ohlangothini lwe-ssh kusebenza isikhathi esiyimizuzu emi-3.
ZibaIzivakashi yebo
IgnoreUserKnownHosts yebo
Ukuqinisekiswa kwe-Rhosts
Ukuqinisekiswa kweRhostsRSA
Ikhubaza ukusetshenziswa kwama-rhosts noma ama-shosts file, okuthi ngenxa yezizathu zokuphepha anconywe ukuthi angasetshenziswa.
Ama-StrictMode yebo
Le nketho isetshenziselwa ukuhlola izimvume ezisebenzayo zomsebenzisi ngesikhathi sokungena ngemvume.
SebenzisaPrivilegeSeparation yebo
Nika amandla ukuhlukaniswa kwamalungelo.
Hhayi-ke, isikhashana ngizohlela okuthunyelwe bese ngikungeza kokuthunyelwe
Ukungavumeli ukubeka umugqa ukuze ungashintshi umugqa akusafuneki. Imigqa ephawuliwe ikhombisa inani elizenzakalelayo lenketho ngayinye (funda ukucaciswa ekuqaleni kwefayela uqobo). Ukufinyelela kwezimpande kukhutshazwe ngokuzenzakalela, njll. Ngakho-ke, ukuyekisa ukuthula akunamthelela nakancane.
Yebo, kepha ngokwesibonelo, sazi kanjani ukuthi sisebenzisa kuphela uhlobo 2 lwephrothokholi? Ngoba kungenzeka ukuthi sisebenzisa u-1 no-2 ngasikhathi sinye. Njengoba ulayini wokugcina usho, ukungavumeli le nketho ngokwesibonelo, kubhala ngaphezulu inketho ezenzakalelayo. Uma sisebenzisa inguqulo 2 ngokuzenzakalela, kulungile, uma kungenjalo, siyisebenzisa YEBO noma YEBO YES
Siyabonga ngokuphawula
I-athikili enhle kakhulu, bengazi izinto eziningana kepha into eyodwa engingacaceli ukusetshenziswa kwezinkinobho, empeleni ziyini futhi zinaziphi izinzuzo, uma ngisebenzisa okhiye ngingawasebenzisa amaphasiwedi ??? Uma kunjalo, kungani ikhulisa ukuphepha futhi uma kungenjalo, ngiyithola kanjani kusuka kwenye i-pc?
Sanibonani, ngifake i-debian 8.1 futhi angikwazi ukuxhuma kusuka ku-windows pc yami ukuya ku-debian nge-WINSCP, kuzodingeka ngisebenzise umthetho olandelwayo 1? noma yiluphi usizo .. ngiyabonga
I-Adian
Ungaba nentshisekelo kule vidiyo mayelana ne-opensh https://m.youtube.com/watch?v=uyMb8uq6L54
Ngifuna ukuzama ezinye izinto lapha, eziningana esengizamile ukubonga i-Arch Wiki, ezinye ngenxa yobuvila noma ukungabi nalwazi. Ngizoyilondolozela lapho ngiqala i-RPi yami