Ukufunda i-SSH: Imikhuba emihle ongayenza Kuseva ye-SSH

Linux Post Install

Imizuzu ye-7

Ukufunda i-SSH: Imikhuba emihle ongayenza Kuseva ye-SSH

Ukufunda i-SSH: Imikhuba emihle ongayenza Kuseva ye-SSH

Kulokhu, iposi lesithupha nelokugcina, kusukela ochungechungeni lwethu lokuthunyelwe kuqhubeke Ukufunda i-SSH sizobhekana ngendlela engokoqobo, ukumiswa kanye nokusetshenziswa kwe izinketho ezishiwo ku- Ifayela lokumisa le-OpenSSH eziphethwe ohlangothini lwe iseva ye-ssh, okungukuthi, ifayela "I-SSHD Config" (sshd_config). Okungukuthi, sikhulume ngayo esitolimendeni esedlule.

Ngendlela yokuthi singakwazi ukwazi ngendlela emfushane, elula neqondile, ezinye ze imikhuba emihle engcono kakhulu (izincomo namathiphu) nini setha iseva ye-SSHkokubili ekhaya nasehhovisi.

I-SSH yokufunda: Izinketho ze-SSHD Config File kanye namapharamitha

I-SSH yokufunda: Izinketho ze-SSHD Config File kanye namapharamitha

Futhi, ngaphambi kokuqala isihloko sanamuhla, mayelana nokungcono kakhulu "imikhuba emihle ongayisebenzisa ekucushweni kwe-SSH Server", sizoshiya ezinye izixhumanisi ezincwadini ezihlobene, ukuze sizifunde kamuva:

I-SSH yokufunda: Izinketho ze-SSHD Config File kanye namapharamitha
I-athikili ehlobene:
I-SSH yokufunda: Izinketho ze-SSHD Config File kanye namapharamitha
 I-SSH yokufunda: Izinketho ze-SSH Config File kanye namapharamitha
I-athikili ehlobene:
I-SSH yokufunda: Izinketho ze-SSH Config File kanye namapharamitha

Imikhuba emihle Kuseva ye-SSH

Imikhuba emihle Kuseva ye-SSH

Yiziphi izinqubo ezinhle ezisebenzayo lapho ulungiselela Iseva ye-SSH?

Okulandelayo, futhi kususelwa kuzinketho namapharamitha del Ifayela le-SSHD Config (sshd_config), okubonwe ngaphambilini kokuthunyelwe kwangaphambilini, lezi kungaba ezinye ze imikhuba emihle engcono kakhulu ukwenza mayelana nokucushwa kwefayela elishiwo, ukuze umshuwalense okuhle kwethu ukuxhumana okukude, okungenayo nokuphumayo, Kuseva ye-SSH enikeziwe:

Imikhuba emihle Kuseva ye-SSH: Inketho ye-AllowUsers

Cacisa abasebenzisi abangangena ngemvume nge-SSH ngenketho Vumela Abasebenzisi

Njengoba le nketho noma ipharamitha ngokuvamile ayifakiwe ngokuzenzakalelayo efayeleni elishiwo, ingafakwa ekugcineni kwayo. Ukusebenzisa i-a uhlu lwamaphethini omsebenzisi, zihlukaniswe izikhala. Ukuze, uma kucacisiwe, ukungena ngemvume, kuzovunyelwa kuphela okufanayo egameni lomsebenzisi negama lomethuleli elifana nephethini eyodwa yamaphethini amisiwe.

Isibonelo, njengoba kubonakala ngezansi:

AllowUsers *patron*@192.168.1.0/24 *@192.168.1.0/24 *.midominio.com *@1.2.3.4
AllowGroups ssh

Izindlela Ezinhle Kakhulu Kuseva ye-SSH: Inketho yokulalelaAddress

Tshela i-SSH ukuthi iyiphi i-interface yenethiwekhi yendawo ongalalela ngayo ngenketho ye-ListenAddress

Ukuze wenze lokhu, kufanele uvule (ukhiphe) i- ukukhetha LalelaIkheli, evelae okuzenzakalelayo nge inani "0.0.0.0", kodwa empeleni iyasebenza YONKE imodi, okungukuthi, lalela kuzo zonke izixhumi ezibonakalayo zenethiwekhi. Ngakho-ke, inani elishiwo kufanele lisungulwe ngendlela yokuthi licaciswe ukuthi iyiphi noma amakheli endawo e-IP zizosetshenziswa wuhlelo lwe-sshd ukulalela izicelo zokuxhuma.

Isibonelo, njengoba kubonakala ngezansi:

ListenAddress 129.168.2.1 192.168.1.*

Imikhuba emihle Kuseva ye-SSH: Inketho Yokuqinisekisa Iphasiwedi

Setha ukungena ngemvume kwe-SSH ngokhiye ngenketho I-PasswordAuthentication

Ukuze wenze lokhu, kufanele uvule (ukhiphe) i- ukukhetha I-PasswordAuthentication, evelae okuzenzakalelayo nge yebo value. Bese, setha lelo nani njenge "Cha", ukuze kudinge ukusetshenziswa kokhiye basesidlangalaleni nabayimfihlo ukuze kutholwe ukugunyazwa kokufinyelela emshinini othile. Ukuthola ukuthi abasebenzisi berimothi kuphela abangangena, kusukela kukhompuyutha noma amakhompyutha, agunyazwe ngaphambilini. Ngokwesibonelo, njengoba kubonakala ngezansi:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PubkeyAuthentication yes

Imikhuba emihle Kuseva ye-SSH: Inketho ye-PermitRootLogin

Khubaza ukungena kwezimpande nge-SSH ngenketho I-PermitRootLogin

Ukuze wenze lokhu, kufanele uvule (ukhiphe) i- Inketho ye-PermitRootLogin, evelae okuzenzakalelayo nge "vimbela-iphasiwedi" inani. Nokho, uma kufiswa ukuthi ngokugcwele, umsebenzisi wempande akavunyelwe ukuqala iseshini ye-SSH, inani elifanele okumelwe lisethwe lithi "Cha". Ngokwesibonelo, njengoba kubonakala ngezansi:

PermitRootLogin no

Imikhuba emihle Kuseva ye-SSH: Inketho Yembobo

Shintsha imbobo ye-SSH ezenzakalelayo ngenketho Yembobo

Ukuze wenze lokhu, kufanele uvule (ukhiphe) i- inketho yembobo, eza ngokuzenzakalelayo ne- inani "22". Noma kunjalo, kubalulekile ukushintsha ichweba elishiwo kunoma yiliphi elinye elikhona, ukuze kwehliswe futhi kugwenywe inani lokuhlasela, amandla okwenziwa ngesandla noma anonya, angenziwa ngokusebenzisa itheku elaziwayo. Kubalulekile ukwenza isiqiniseko sokuthi le port entsha iyatholakala futhi ingasetshenziswa ezinye izinhlelo zokusebenza ezizoxhuma kuseva yethu. Isibonelo, njengoba kubonakala ngezansi:

Port 4568

Ezinye izinketho eziwusizo ongazisetha

Ezinye izinketho eziwusizo ongazisetha

Okokugcina, futhi kusukela uhlelo lwe-SSH lukhulu kakhulu, futhi esitolimendeni esedlule besesivele sikhulume ngenketho ngayinye ngokuningiliziwe okwengeziwe, ngezansi sizobonisa kuphela ezinye izinketho, ezinamavelu athile angase afaneleke ezimweni eziningi zokusetshenziswa nezihlukahlukene.

Nakhu okulandelayo:

  • Isibhengezo /etc/issue
  • I-ClientAliveInterval 300
  • I-ClientAliveCountMax 0
  • I-LoginGraceTime 30
  • I-LogLevel INFO
  • I-MaxAuthTries 3
  • I-MaxSessions 0
  • Ukuqala Okukhulu 3
  • Vumela i-EmptyPasswords Cha
  • PrintMotd yebo
  • PrintLastLog yebo
  • Amamodi Aqinile Yebo
  • I-SyslogFacility I-AUTH
  • X11 Iyadlulisela yebo
  • I-X11DisplayOffset 5

NoteQaphela: Sicela uqaphele ukuthi, kuye ngezinga lesipiliyoni kanye nobuchule bomsebenzi Ama-SysAdmins kanye nezidingo zokuphepha zenkundla yobuchwepheshe ngayinye, eziningi zalezi zinketho zingahluka ngokufanele nangokunengqondo ngezindlela ezihluke kakhulu. Ngaphezu kwalokho, ezinye izinketho ezithuthuke kakhulu noma eziyinkimbinkimbi zingavulwa, njengoba ziwusizo noma zidingekile ezindaweni zokusebenza ezihlukene.

Eminye imikhuba emihle

Phakathi kokunye imikhuba emihle ongayisebenzisa kuseva ye-SSH singasho okulandelayo:

  1. Setha isaziso se-imeyili esiyisixwayiso sakho konke noma uxhumano oluthile lwe-SSH.
  2. Vikela ukufinyelela kwe-SSH kumaseva ethu ekuhlaselweni okunamandla usebenzisa ithuluzi le-Fail2ban.
  3. Hlola ngezikhathi ezithile ngethuluzi le-Nmap kumaseva e-SSH nezinye, ukuze ufune izimbobo ezingase zibe khona ezingagunyaziwe noma ezidingekayo.
  4. Qinisa ukuphepha kwenkundla ye-IT ngokufaka i-IDS (Uhlelo Lokuthola Ukungena Kokungena) kanye ne-IPS (Uhlelo Lokuvimbela Ukungena).
I-SSH yokufunda: Izinketho namapharamitha wokucushwa
I-athikili ehlobene:
I-SSH yokufunda: Izinketho namapharamitha wokucushwa - Ingxenye I
I-athikili ehlobene:
I-SSH yokufunda: Amafayela Wokufaka kanye Nokumisa

Umjikelezo: Okuthunyelwe kwesibhengezo sango-2021

Isifingqo

Ngamafuphi, ngalesi sitolimende sakamuva sivuliwe "Ukufunda i-SSH" siqedele okuqukethwe okuyincazelo kukho konke okuhlobene nakho I-OpenSSH. Impela, esikhathini esifushane, sizokwabelana ngolwazi olubaluleke kakhulu mayelana ne Iphrothokholi ye-SSH, futhi mayelana neyakho ukusetshenziswa kwe-console ngokusebenzisa Isikripthi se-Shell. Ngakho sithemba ukuthi ukhona "imikhuba emihle kuseva ye-SSH", bengeze inani elikhulu, kokubili ngokomuntu siqu nangokomsebenzi, lapho usebenzisa i-GNU/Linux.

Uma ukuthandile lokhu okuthunyelwe, qiniseka ukuthi uyaphawula ngakho futhi wabelane ngakho nabanye. Futhi khumbula, vakashela yethu «ikhasi lasekhaya» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux, ENtshonalanga iqembu ukuze uthole ulwazi olwengeziwe ngesihloko sanamuhla.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-Lhoqvso kusho
    kwenza iminyaka 2

    Ngibheke ngabomvu ingxenye yesibili yalesi sihloko lapho unweba khona okwengeziwe ngephuzu lokugcina:

    Qinisa ukuphepha kwenkundla ye-IT ngokufaka i-IDS (Uhlelo Lokuthola Ukungena Kokungena) kanye ne-IPS (Uhlelo Lokuvimbela Ukungena).

    Siyabonga!

    Impendulo ivela ku- Lhoqvso:
    1.    Ukufaka kwe-Linux Post kusho
      kwenza iminyaka 2

      Sawubona, Lhoqvso. Ngizobe ngilindele ukufezeka kwayo. Siyabonga ngokusivakashela, ufunde okuqukethwe kwethu futhi ubeke amazwana.

      Phendula ku-Linux Post Install