Ku-Fedora 23 kungenzeka ukuthi ushintshe imbobo ye-SSH ezenzakalelayo (22) iye kokunye okukhethile okungaphezu kwe-1024, nokuthi okuphambene nalokho ungabeka enye itheku yokuxhuma kwangaphandle.
Lapho uzoshintsha ichweba le-SSH eFedora 23 kufanele sikhumbule imigomo emithathu
- Ukucushwa kwe-sshd daemon okuzonikezwa ethekwini.
- Amasethingi e-firewall ukuze ikwazi ukubopha kulelo chweba elisha.
- Futhi lungiselela i-selinux (uma isebenza) ukulungisa inqubomgomo yokusetshenziswa kwalelo chweba.
Manje-ke, ake sibone ukuthi ichweba liguqulwa kanjani ekucushweni kwe-SSH
Sivula ukuphela bese ku / etc / ssh / sshd_config bese senza okulandelayo
Sinqamula i-port futhi sabela enye inombolo, singabeka namachweba amaningana
ukuze i-sshd ilalele amachweba amaningi>
Ichweba
Ukwakhiwa kwamachweba amaningana kungaba lusizo ekuhlolweni, sishiya itheku 22 naleso esisenzile, ngakho-ke singaqiniseka ukuthi itheku elisha liyasebenza futhi uma itheku elisha lingasebenzi noma lingalungiselelwe kahle, xhuma kabusha imbobo 22.
Manje ukwengeza ushintsho ku-selinux
I-Semanage port -a -t ssh_port_t -p tcp
Manje sihamba nodonga lomlilo
KuFedora 23 i-firewall iphethwe nge i-firewall-cmd.
Uma sidinga ukubona izindawo ezenziwe zasebenza:
firewall-cmd-uhlu-konke
Ngemuva kwalokho izobuyisa into enjengale:
I-FedoraServer (okuzenzakalelayo, esebenzayo) izixhumi ezibonakalayo: imithombo: services: amachweba: ama-protocols: masquerade: forward-port: icmp-blocks: imithetho ecebile:
Kepha uma lokho esikudingayo ukusitshela ukuthi iyiphi indawo ezenzakalelayo, sizobhala lokhu:
i-firewall-cmd -get-default-zone FedoraServer
Ngemuva kwalokhu singangeza itheku elisha ku-firewall
Ukufaka i-port yohlobo tcp kuzoni ye-firewall sizobhala lo mugqa womyalo:
i-firewall-cmd-ehlala njalo-indawo = -Engeza-itheku = / tcp
Kumele sikhumbule ukuthi uma lokho esifuna ukukwenza ukuhlolwa kwesikhashana, sizokuyeka -Ngokwaphakade, kepha uma kungokwesikhashana, akufanele ubone ushintsho lapho ubheka imithetho ye-firewall.
Ake sibheke ukuthi ngabe itheku livulekile ngokuzenzakalela ku-firewall ngalo myalo:
i-firewall-cmd -umbuzo-itheku = / tcp
Uma sikwenze kahle futhi uma kuvuliwe, kuzokukhombisa ngo- "yebo"
Lokhu kumiswa okufanayo kungasetshenziswa kumaseva amaningi we-Apache http.
okuthunyelwe okuhle ngiyabonga ngokwabelana
ngiyabonga ngendatshana yakho enhle
i-tanx kakhulu
ngiyabonga ngokwabelana ngokuthunyelwe…