I-SSH yokufunda: Izinketho ze-SSHD Config File kanye namapharamitha
kwedlule (yesine) isitolimende yalolu chungechunge lokuthunyelwe ku Ukufunda i-SSH sikhuluma nge izinketho ezishiwo ku Ifayela lokumisa le-OpenSSH eziphethwe ohlangothini lwe Iklayenti le-SSH, okungukuthi, ifayela "SSHConfig" (ssh_config).
Ngalesi sizathu, namuhla sizoqhubeka kulokhu ukulethwa okungaphambi kwesikhathi nesesihlanu, ngezinketho ezicaciswe ku Ifayela lokumisa le-OpenSSH eziphethwe ohlangothini lwe iseva ye-ssh, okungukuthi, ifayela "I-SSHD Config" (sshd_config).
I-SSH yokufunda: Izinketho ze-SSH Config File kanye namapharamitha
Futhi, ngaphambi kokuqala isihloko sanamuhla, mayelana nokuqukethwe okulawulekayo kwefayela OpenSSH "SSHD Config" (sshd_config), sizoshiya ezinye izixhumanisi ze okuthunyelwe okuhlobene:
Izinketho zefayela lokulungisa le-SSHD namapharamitha (sshd_config)
Ithini ifayela le-SSHD Config (sshd_config) le-OpenSSH?
Njengoba sishilo esifundweni sangaphambilini, i-OpenSSH inamafayela okumisa ama-2. omunye wabiza ssh_config yokucushwa kwe Uhlangothi lweklayenti le-SSH nolunye ucingo sshd_config yokucushwa okuseceleni iseva ye-ssh. Zombili, zitholakala kumzila noma umkhombandlela olandelayo: /etc/ssh.
Ngakho-ke, lokhu ngokuvamile kubaluleke kakhulu noma kufanelekile, ngoba kuyasivumela vikela ukuxhumana kwe-SSH esizokuvumela kumaseva ethu. Okuvame ukuba yingxenye yento eyaziwa ngokuthi Ukuqina Kweseva.
Ngalesi sizathu, namuhla sizobonisa ukuthi yiziphi izinketho eziningi kanye nemingcele ngaphakathi kwefayela elishiwo, kweyethu isitolimende sokugcina nesesithupha salolu chungechunge ukunikela izincomo ezingokoqobo nezingokoqobo ukwenza izinguquko ezinjalo noma izinguquko ngokusebenzisa lezo zinketho namapharamitha.
Uhlu lwezinketho ezikhona namapharamitha
njengasefayilini "SSH Config" (ssh_config), ifayela le-"SSHD Config" (sshd_config) inezinketho eziningi nemingcele, kodwa enye ye eyaziwa kakhulu, esetshenziswayo noma ebalulekile Yilezi ezilandelayo:
VumelaAbasebenzisi / I-DenyUsers
Le nketho noma ipharamitha ngokuvamile ayifakwa ngokuzenzakalelayo efayeleni elishiwo, kodwa ifakwe kulo, ngokuvamile ekupheleni kwayo, inikeza ithuba lokuthi khombisa ukuthi ubani noma ubani (abasebenzisi) abangangena kuseva ngoxhumano lwe-SSH.
Ngakho-ke, le nketho noma ipharamitha isetshenziswa ihambisana ne-a uhlu lwamaphethini omsebenzisi, zihlukaniswe izikhala. Ukuze, uma kucacisiwe, ukungena ngemvume, bese okufanayo kuzovunyelwa kuphela kumagama abasebenzisi afana nephethini eyodwa.
Qaphela ukuthi ngokuzenzakalelayo, ukungena ngemvume kuvunyelwe kubo bonke abasebenzisi kunoma yimuphi umsingathi. Nokho, uma iphethini isethwe kanje "USER@HOST", kunjalo USER kanye ne-HOST aqinisekiswa ngokwehlukana, okuvimbela ukungena kubasebenzisi abathile kubabungazi abathile.
Futhi ngoba UMPHATHI, amakheli ngefomethi ye Ikheli le-IP/imaski ye-CIDR. Ekugcineni, Vumela Abasebenzisi kungenziwa esikhundleni se- I-DenyUsers ukuphika amaphethini omsebenzisi afanayo.
LalelaIkheli
Ikuvumela ukuthi ucacise i- amakheli endawo e-IP (izixhumanisi zenethiwekhi yendawo zomshini weseva) lapho uhlelo lwe-sshd kufanele lulalele khona. Futhi kulokhu, izindlela ezilandelayo zokucushwa zingasetshenziswa:
- LalelaIkheli lomethuleli | IPv4/IPv6 ikheli [isizinda]
- Igama lomethuleli we- ListenAddress : port [domain ]
- ListenAddress IPv4/IPv6 address : port [domain ]
- ListenAddress [igama lomethuleli | IPv4/IPv6 ikheli] : imbobo [isizinda]
LoginGraceTime
Ikuvumela ukuthi ucacise a isikhathi (somusa), ngemva kwalokho, iseva iyanqamuka, uma umsebenzisi ozama ukwenza uxhumano lwe-SSH ehlulekile. Uma inani linguziro (0), lisethwa ukuthi asikho umkhawulo wesikhathi, ngenkathi Okuzenzakalelayo kusethelwe kumasekhondi angu-120.
I-LogLevel
Ikuvumela ukuthi ucacise i- izinga le-verbosity ngemiyalezo ye-sshd log. futhi yenaAmanani alawulekayo yilawa: THUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, kanye ne-DEBUG3. Ngenkathi, futhiInani elizenzakalelayo lingu-INFO.
I-MaxAuthTries
Icacisa inombolo enkulu yemizamo yokuqinisekisa evunyelwe ngoxhumano ngalunye. Ngokuzenzakalelayo, inani layo lisethelwe ku-6.
I-MaxSessions
Ikuvumela ukuthi ucacise inani eliphezulu lezikhathi zeShell ezivulekile ngoxhumano lwenethiwekhi ngayinye olusungulwe, ngokungena ngemvume noma ngohlelo oluncane olusetshenziswayo, isibonelo nge-sftp. Esetha inani layo 1 kuzobangela ukuthi ukuphindaphinda kweseshini kukhutshazwe, kuyilapho ukusethela ku-0 kuzovimba zonke izinhlobo zokuxhuma namaseshini. Ngokuzenzakalelayo, inani layo lisethelwe ku-10.
I-MaxStartups
Ikuvumela ukuthi ucacise inombolo enkulu yoxhumo olungagunyaziwe ngasikhathi sinye ku-daemon ye-SSH, okungukuthi inombolo yoxhumo lwe-SSH olungavulwa nge-IP/Isikhungo ngasinye. Inani layo elizenzakalelayo livamise ukuba ngu-10, 30, noma 100, okuvame ukubhekwa njengephezulu, ngakho inani eliphansi liyanconywa.
I-PasswordAuthentication
Icacisa ukuthi ukuqinisekiswa kwephasiwedi kuzodingeka yini. Ngokuzenzakalelayo, inani layo lisethelwe ku-"Yebo".
Vumela i-EmptyPasswords
Icacisa ukuthi ingabe iseva izokuvumela yini (ukugunyaza) ukungena ngemvume kuma-akhawunti omsebenzisi aneyunithi yezinhlamvu zephasiwedi ezingenalutho. Ngokuzenzakalelayo, inani layo lisethelwe kokuthi "Cha".
I-PermitRootLogin
Ikuvumela ukuthi ucacise ukuthi ingabe iseva izovuma (igunyaze) ukuqala izikhathi zokungena kuma-akhawunti omsebenzisi. Nakuba, dNgokuzenzakalelayo, inani layo lisethelwe kokuthi "vimbela-password", kuhlehliswe ukuthi "Cha", okusetha ngokugcwele lokho. umsebenzisi wempande akavunyelwe ukuqala iseshini ye-SSH.
Port
Ikuvumela ukuthi ucacise inombolo yembobo lapho uhlelo lwe-sshd luzolalela zonke izicelo zokuxhuma kwe-SSH. Ngokuzenzakalelayo, inani layo lisethelwe ku-"22".
Amamodi Aqinile
Icacisa ukuthi ingabe uhlelo lwe-SSH kufanele luqinisekise amamodi efayela kanye nobunikazi bohla lwemibhalo lwasekhaya lomsebenzisi namafayela ngaphambi kokwamukela ukungena ngemvume. Ngokuzenzakalelayo, inani layo lisethelwe ku-"Yebo".
I-SyslogFacility
Ivumela ikhodi yokufaka ukuthi ihlinzekwe esetshenziswa uma uloga imilayezo esuka kuhlelo lwe-SSH. Ngokuzenzakalelayo, inani layo lisethelwe kokuthi "Ukugunyazwa" (AUTH).
Note: Kuye ngokuthi I-SysAdmin kanye nezidingo zokuphepha zeplathifomu ngayinye yezobuchwepheshe, ezinye izinketho eziningi zingaba usizo kakhulu noma zidingeke. Njengoba sizobona kokuthunyelwe kwethu okulandelayo nokokugcina kulolu chungechunge, lapho sizogxila emikhubeni emihle (iseluleko nezincomo) ku-SSH, ukusebenzisa usebenzisa konke okubonisiwe kuze kube manje.
Ulwazi oluningi
Futhi kulesi sitolimende sesine, ukuze nwebisa lolu lwazi futhi ufunde ngayinye yezinketho kanye nemingcele etholakalayo ngaphakathi kwe ifayela lokumisa "I-SSHD Config" (sshd_config)Sincoma ukuthi uhlole izixhumanisi ezilandelayo: Ifayela lokumisa le-SSH leseva ye-OpenSSH y Imanyuwali esemthethweni ye-OpenSSH, ngesiNgisi. Futhi njengasezitolimendeni ezintathu ezedlule, hlola okulandelayo okuqukethwe okusemthethweni futhi enokwethenjelwa ku-inthanethi mayelana I-SSH ne-OpenSSH:
- I-Debian Wiki
- Imanuwali Yomlawuli We-Debian: Ukungena Okukude / I-SSH
- Imanuwali Yezokuphepha ye-Debian: Isahluko 5. Izinsizakalo Zokuvikela
Isifingqo
Ngamafuphi, ngalesi sitolimende esisha sivuliwe "Ukufunda i-SSH" cishe sesiqedela okuqukethwe okuyincazelo kukho konke okuhlobene nakho I-OpenSSH, ngokunikeza ulwazi olubalulekile mayelana namafayela okumisa "I-SSHD Config" (sshd_config) y "SSH Config" (ssh_config). Ngakho-ke, sithemba ukuthi iwusizo kwabaningi, ngokomuntu siqu nangokomsebenzi.
Uma ukuthandile lokhu okuthunyelwe, qiniseka ukuthi uyaphawula ngakho futhi wabelane ngakho nabanye. Futhi khumbula, vakashela yethu «ikhasi lasekhaya» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux, ENtshonalanga iqembu ukuze uthole ulwazi olwengeziwe ngesihloko sanamuhla.