Imikhuba emihle nge-OpenSSH

Alejandro (a.k.a KZKG^Gaara)Kubuyekezwe ngomhla ka-

8 Amazwana

I-OpenSSH (Vula Igobolondo Eliphephile) isethi yezinhlelo zokusebenza ezivumela ukuxhumana okubethelwe ngenethiwekhi, kusetshenziswa i- umthetho ssh. Yenziwe njengenye indlela yamahhala nevulekile kuhlelo I-Shell evikelekile, okuyi-software ephathelene. « Wikipedia.

Abanye abasebenzisi bangacabanga ukuthi imikhuba emihle kufanele isetshenziswe kuphela kumaseva kanti akunjalo. Ukusabalalisa okuningi kwe-GNU / Linux kufaka i-OpenSSH ngokuzenzakalela futhi kunezinto ezimbalwa okufanele uzikhumbule.

Ukuphepha

Lawa amaphuzu abaluleke kakhulu ama-6 okufanele uwagcine engqondweni lapho ulungiselela i-SSH:

  1. Sebenzisa iphasiwedi eqinile.
  2. Shintsha imbobo ezenzakalelayo ye-SSH.
  3. Sebenzisa njalo inguqulo 2 yephrothokholi ye-SSH.
  4. Khubaza ukufinyelela kwezimpande.
  5. Khawulela ukufinyelela komsebenzisi.
  6. Sebenzisa ukufakazela ubuqiniso bokhiye.
  7. Okunye okukhethwa kukho

Iphasiwedi eqinile

Iphasiwedi enhle yileyo equkethe izinhlamvu ze-alphanumeric noma ezikhethekile, izikhala, izinhlamvu ezinkulu nezincane... njll. Lapha phakathi DesdeLinux Sibonise izindlela ezimbalwa zokwenza amaphasiwedi amahle. Angavakashela Lesi sihloko y lokhu okunye.

Shintsha imbobo ezenzakalelayo

Imbobo ezenzakalelayo ye-SSH ingu-22 ukuyiguqula, konke okumele sikwenze ukuhlela ifayili / njll / ssh / sshd_config. Sifuna umugqa othi:

#Port 22

siyayikhulula bese siguqula ezingama-22 zenye inombolo .. ngokwesibonelo:

Port 7022

Ukwazi amachweba esingawasebenzisi kukhompyutha / kuseva yethu singayisebenzisa esigungwini:

$ netstat -ntap

Manje ukufinyelela ikhompyutha noma iseva yethu kufanele sikwenze ngoku -p inketho ngokulandelayo:

$ ssh -p 7022 usuario@servidor

Sebenzisa i-Protocol 2

Ukuqinisekisa ukuthi sisebenzisa inguqulo 2 yephrothokholi ye-SSH, kufanele sihlele ifayela / njll / ssh / sshd_config bese ubheka umugqa othi:

# Isivumelwano 2

Siyayikhulula bese siqala kabusha insiza ye-SSH.

Ungavumeli ukufinyelela njengezimpande

Ukuvimbela umsebenzisi wezimpande ukuthi akwazi ukufinyelela kude nge-SSH, sibheka kufayela/ njll / ssh / sshd_config umugqa:

#PermitRootLogin no

futhi asikuvumeli. Ngicabanga ukuthi kufanelekile ukucacisa ukuthi ngaphambi kokwenza lokhu kufanele siqiniseke ukuthi umsebenzisi wethu unezimvume ezidingekayo zokwenza imisebenzi yokuphatha.

Khawulela ukufinyelela ngabasebenzisi

Futhi akulimazi ukuvumela ukufinyelela nge-SSH kuphela kubasebenzisi abathile abathembekile, ngakho-ke sibuyela kufayela / njll / ssh / sshd_config futhi sengeza umugqa:

VumelaUsers elav usemoslinux kzkggaara

Lapho kusobala ukuthi, abasebenzisi elav, usemoslinux kanye ne-kzkggaara yibo abazokwazi ukufinyelela.

Sebenzisa ukufakazela ubuqiniso bokhiye

Yize le ndlela kunconywa kakhulu, kufanele sinakekele ngokukhethekile ngoba sizofinyelela kuseva ngaphandle kokufaka iphasiwedi. Lokhu kusho ukuthi uma umsebenzisi ekwazi ukungena kuseshini yethu noma eyebiwe ikhompyutha yethu, singaba senkingeni. Noma kunjalo, ake sibone ukuthi singakwenza kanjani.

Into yokuqala ukudala izikhiye ezimbili (zomphakathi nezangasese):

ssh-keygen -t rsa -b 4096

Ngemuva kwalokho sidlulisa ukhiye wethu siye kukhompyutha / iseva:

ssh-copy-id -i ~/.ssh/id_rsa.pub elav@200.8.200.7

Ekugcineni kufanele singakhululeki, kufayela / njll / ssh / sshd_config umugqa:

AuthorizedKeysFile .ssh/authorized_keys

Okunye okukhethwa kukho

Igalelo likaYukiteru

Singasinciphisa isikhathi sokulinda lapho umsebenzisi angangena ngempumelelo ngempumelelo ohlelweni afike kumasekhondi angama-30

LoginGraceTime 30

Ukugwema ukuhlaselwa kwe-ssh ngokusebenzisa i-TCP Spoofing, kushiya uhlangothi lwe-ssh lubethelwe luphila isikhathi esingaphezu kwemizuzu emi-3, singazisebenzisa lezi zinketho ezi-3.

I-TCPKeepAlive no ClientAliveInterval 60 ClientAliveCountMax 3

Khubaza ukusetshenziswa kwama-rhosts noma ama-shosts, okuthi ngenxa yezizathu zokuphepha unxuswa ukuthi ungasetshenziswa.

ZibaIzivakashi yebo ZibaUseKaziIzivakashiYesho amaRhostsUkuqinisekiswa chaRhostsRSAUkuqinisekiswa cha

Hlola izimvume ezisebenzayo zomsebenzisi ngesikhathi sokungena ngemvume.

StrictModes yes

Nika amandla ukuhlukaniswa kwamalungelo.

UsePrivilegeSeparation yes

Iziphetho:

Ngokwenza lezi zinyathelo singangeza ukuphepha okwengeziwe kuma-computer nakumaseva ethu, kepha akumele sikhohlwe ukuthi kunesici esibalulekile: yini phakathi kwesihlalo nekhibhodi. Kungakho ngincoma ukufunda Lesi sihloko.

Umthombo: Kanjani


Amazwana ayi-8, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-Yukiteru kusho
    kwenza iminyaka 9

    Okuthunyelwe okuhle kakhulu @elav futhi ngifaka izinto ezithile ezithokozisayo:

    I-LoginGraceTime 30

    Lokhu kusivumela ukuthi sinciphise isikhathi sokulinda lapho umsebenzisi angangena ngempumelelo ohlelweni afike kumasekhondi angama-30

    TCPKeepAlive cha
    I-ClientAliveInterval 60
    I-ClientAliveCountMax 3

    Lezi zinketho ezintathu zilusizo impela ukugwema ukuhlaselwa kwe-ssh ngokusebenzisa i-TCP Spoofing, kushiya okubetheliwe kuphila ohlangothini lwe-ssh kusebenza isikhathi esiyimizuzu emi-3.

    ZibaIzivakashi yebo
    IgnoreUserKnownHosts yebo
    Ukuqinisekiswa kwe-Rhosts
    Ukuqinisekiswa kweRhostsRSA

    Ikhubaza ukusetshenziswa kwama-rhosts noma ama-shosts file, okuthi ngenxa yezizathu zokuphepha anconywe ukuthi angasetshenziswa.

    Ama-StrictMode yebo

    Le nketho isetshenziselwa ukuhlola izimvume ezisebenzayo zomsebenzisi ngesikhathi sokungena ngemvume.

    SebenzisaPrivilegeSeparation yebo

    Nika amandla ukuhlukaniswa kwamalungelo.

    Phendula i-Yukiteru
    1.    izinga kusho
      kwenza iminyaka 9

      Hhayi-ke, isikhashana ngizohlela okuthunyelwe bese ngikungeza kokuthunyelwe

      Phendula u-elav
  2.   Eugenio kusho
    kwenza iminyaka 9

    Ukungavumeli ukubeka umugqa ukuze ungashintshi umugqa akusafuneki. Imigqa ephawuliwe ikhombisa inani elizenzakalelayo lenketho ngayinye (funda ukucaciswa ekuqaleni kwefayela uqobo). Ukufinyelela kwezimpande kukhutshazwe ngokuzenzakalela, njll. Ngakho-ke, ukuyekisa ukuthula akunamthelela nakancane.

    Phendula u-Eugenio
    1.    izinga kusho
      kwenza iminyaka 9

      # Isu elisetshenziselwe izinketho ku-sshd_config ezenzakalelayo ethunyelwe nayo
      # I-OpenSSH ukucacisa izinketho ngenani lazo elizenzakalelayo lapho
      # kungenzeka, kepha bashiye baphawule. Izinketho ezingenamkhawulo zibhala ngaphezulu
      # inani elizenzakalelayo.

      Yebo, kepha ngokwesibonelo, sazi kanjani ukuthi sisebenzisa kuphela uhlobo 2 lwephrothokholi? Ngoba kungenzeka ukuthi sisebenzisa u-1 no-2 ngasikhathi sinye. Njengoba ulayini wokugcina usho, ukungavumeli le nketho ngokwesibonelo, kubhala ngaphezulu inketho ezenzakalelayo. Uma sisebenzisa inguqulo 2 ngokuzenzakalela, kulungile, uma kungenjalo, siyisebenzisa YEBO noma YEBO YES

      Siyabonga ngokuphawula

      Phendula u-elav
  3.   sli kusho
    kwenza iminyaka 9

    I-athikili enhle kakhulu, bengazi izinto eziningana kepha into eyodwa engingacaceli ukusetshenziswa kwezinkinobho, empeleni ziyini futhi zinaziphi izinzuzo, uma ngisebenzisa okhiye ngingawasebenzisa amaphasiwedi ??? Uma kunjalo, kungani ikhulisa ukuphepha futhi uma kungenjalo, ngiyithola kanjani kusuka kwenye i-pc?

    Phendula uSli
  4.   I-Adian kusho
    kwenza iminyaka 9

    Sanibonani, ngifake i-debian 8.1 futhi angikwazi ukuxhuma kusuka ku-windows pc yami ukuya ku-debian nge-WINSCP, kuzodingeka ngisebenzise umthetho olandelwayo 1? noma yiluphi usizo .. ngiyabonga
    I-Adian

    Phendula u-Adian
  5.   UFranksanabria kusho
    kwenza iminyaka 9

    Ungaba nentshisekelo kule vidiyo mayelana ne-opensh https://m.youtube.com/watch?v=uyMb8uq6L54

    Phendula uFranksanabria
  6.   Ithayela kusho
    kwenza iminyaka 9

    Ngifuna ukuzama ezinye izinto lapha, eziningana esengizamile ukubonga i-Arch Wiki, ezinye ngenxa yobuvila noma ukungabi nalwazi. Ngizoyilondolozela lapho ngiqala i-RPi yami

    Phendula iTile