Ilungiselela i-SSH ku-Ubuntu

Pin
Send
Share
Send

Ubuchwepheshe be-SSH (Safe Shell) bukuvumela ukuthi ulawule ngokuphepha ikhompyutha yakho ngokuxhumeka okuphephile. Ukubethela kwe-SSH wonke amafayela adlulisiwe, kufaka phakathi amaphasiwedi, futhi futhi kudlulisa ngokuphelele noma iyiphi inqubo yenethiwekhi. Ukuze ithuluzi lisebenze kahle, akufanele lifakwe kuphela, kodwa futhi lilungiselelwe. Imayelana nomkhiqizo wokucushwa okukhulu esingathanda ukukhuluma ngakho ngohlaka lwale ndatshana, sithathe njengesibonelo inguqulo yakamuva yohlelo lokusebenza Ubuntu lapho iseva izotholakala khona.

Lungiselela i-SSH ku-Ubuntu

Uma ungakakuqedi ukufakwa kuseva nakuma-PC amaklayenti, kufanele ukwenze lokhu ekuqaleni, ngoba yonke inqubo ilula futhi ayithathi isikhathi esiningi. Ukuthola umhlahlandlela oningiliziwe ngalesi sihloko, bheka esinye isihloko sethu kusixhumanisi esilandelayo. Kubonisa nenqubo yokuhlela ifayili lokucushwa kanye nokuhlola ukusebenza kwe-SSH, ngakho-ke namuhla sizogxila kweminye imisebenzi embalwa.

Funda kabanzi: Ukufaka i-SSH-server ku-Ubuntu

Ukwakha i-RSA Key Pair

I-Ssh esanda kufakwa ayinazo izinkinobho ezicacisiwe zokuxhuma kusuka kuseva iye kwekhasimende kanye okuphambene nalokho. Zonke lezi zinhlaka kufanele zisethwe ngesandla ngokushesha ngemuva kokungeza zonke izingxenye zephrothokholi. Umbhangqwana osemqoka usebenza nge-RSA algorithm (ngamafuphi amagama abathuthukisi i-Rivest, Shamir ne-Adleman). Ngenxa yale-cryptosystem, izinkinobho ezikhethekile zibhalwe ngemfihlo zisebenzisa ama-algorithms akhethekile. Ukuze wakhe izinkinobho zomphakathi, udinga ukufaka imiyalo efanelekile kukhonsoli bese ulandela imiyalo evela.

  1. Iya emsebenzini "Isiginali" noma iyiphi indlela elula, isibonelo, ukuyivula ngemenyu noma inhlanganisela yokhiye I-Ctrl + Alt + T.

  2. Faka umyalossh-keygenbese ucindezela ukhiye Ngena.

  3. Uzokwaziswa ukuba wakhe ifayili lapho izinkinobho zigcinwa khona. Uma ufuna ukubashiya endaweni ezenzakalelayo, vele uchofoze Ngena.

  4. Ukhiye womphakathi ungavikelwa umushwana wokungena. Uma ufuna ukusebenzisa le ndlela, bhala iphasiwedi kulayini ovelayo. Izinhlamvu ezifakiwe ngeke ziboniswe. Kumugqa omusha uzodinga ukuwuphinda.

  5. Okulandelayo, uzobona isaziso sokuthi ukhiye usindisiwe, futhi ungazijwayeza isithombe saso esingahleliwe.

Manje kukhona izikhiye ezidaliwe - eziyimfihlo nezomphakathi, ezizosetshenziselwa ukuxhumana okwengeziwe phakathi kwamakhompyutha. Udinga kuphela ukubeka ukhiye kuseva ukuze ubuqiniso be-SSH bube impumelelo.

Kopisha ukhiye womphakathi kwiseva

Kunezindlela ezintathu zokukopisha okhiye. Ngayinye yazo izoba yinhle kakhulu ezimeni ezahlukahlukene uma, ngokwesibonelo, enye yezindlela ingasebenzi noma ingafanele umsebenzisi othile. Siphakamisa ukuthi ucabangele zonke izindlela ezintathu, ngokuqala ngokulula kakhulu futhi okusebenzayo kakhulu.

Inketho 1: umyalo we-ssh-copy-id

Iqembussh -khophi-idYakhelwe ohlelweni olusebenzayo, ngakho-ke awudingi ukufaka noma yiziphi izinto ezengeziwe ukuze usebenze. Landela i-syntax elula ukukopisha ukhiye. In "Isiginali" kumele ungeneigama lomsebenzisi le-ssh-Cop-id-id @ kude_hostkuphi igama lomsebenzisi @ kude_host igama lekhompyutha eyihlane.

Isikhathi sokuqala uxhuma, uzothola umbhalo wesaziso:

Ubuqiniso bomphathi '203.0.113.1 (203.0.113.1)' abungasungulwa.
Isandla somunwe okhiye we-ECDSA yi-fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Uqinisekile ukuthi ufuna ukuqhubeka nokuxhuma (yebo / cha)? yebo

Kufanele uchaze inketho yebo ukuqhubeka nokuxhumana. Ngemuva kwalokho, lo msebenzi uzozifuna ngokuzimela ukhiye ngendlela yefayelaid_rsa.pubokwadalwa ngaphambili. Uma uphumelele, umphumela olandelayo uzokhonjiswa:

/ usr / bin / ssh-Cop-id: INFO: ukuzama ukungena ngemvume ngokhiye abasha, ukuhlunga noma yikuphi okuvele kufakiwe
/ usr / bin / ssh-Cop-id: INFO: 1 izinkinobho (1) ezisalokhu zifakiwe - uma uyalelwa manje ukuthi ukufaka izinkinobho ezintsha
iphasiwedi [email protected]:

Cacisa i-password evela kumgcini wakude ukuze umsebenzi ukwazi ukungena kuwo. Ithuluzi lizokopisha idatha kusuka kufayela lokhiye womphakathi ~ / .ssh / id_rsa.pub, futhi emva kwalokho kuvela umyalezo esikrinini:

Inani lamakhi / okhiye afakiwe: 1

Manje zama ukungena emshinini, nge: "ssh '[email protected]'"
bese ubheka ukuqiniseka ukuthi wengeza kuphela ukhiye / izihluthulelo ozifunayo.

Ukuvela kombhalo onjalo kusho ukuthi ukhiye ulandwe ngempumelelo kukhompyutha eyihlane, futhi manje ngeke kube nezinkinga zokuxhumeka.

Inketho 2: Kopisha ukhiye womphakathi nge-Ssh

Uma ungakwazi ukusebenzisa umsebenzi oshiwo ngenhla, kepha unephasiwedi yokungena ngemvume kuseva eyi-SSH, ungalayisha ngesandla ukhiye wakho womsebenzisi, ngaleyo ndlela uqinisekise ukufakazela ubuqiniso obuqinile lapho kuxhuma. Kusetshenziselwe lo myalo ikati, ezofunda idatha efayilini, bese izothunyelwa kwiseva. Uzodinga ukufaka umugqa kukhonsoli

ikati ~ / .ssh / id_rsa.pub | igama lomsebenzisi le-ssh @ remote_host "mkdir -p ~ / .ssh && touch ~ / .ssh / Author_keys && chmod -R go = ~ / .ssh && cat >> ~ / .ssh / Author_keys".

Uma kuvela umyalezo

Ubuqiniso bomphathi '203.0.113.1 (203.0.113.1)' abungasungulwa.
Isandla somunwe okhiye we-ECDSA yi-fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Uqinisekile ukuthi ufuna ukuqhubeka nokuxhuma (yebo / cha)? yebo

Qhubeka nokuxhuma uphinde ufake iphasiwedi ukuze ungene kuseva. Ngemuva kwalokho, ukhiye womphakathi uzokopishwa ngokuzenzakalelayo kuze kube sekupheleni kwefayela lokucushwa. abagunyaziwe_abasebenza.

Inketho 3: Incwajana Ukulingisa Ukhiye Womphakathi

Uma kungekho ukufinyelela kwikhompyutha eyihlane ngokusebenzisa iseva ye-SSH, zonke izinyathelo ezingenhla zenziwa ngesandla. Ukuze wenze lokhu, qala uthole ulwazi olusemqoka kwi-PC yeseva ngomyaloikati ~ / .ssh / id_rsa.pub.

Ulayini olandelayo uzokhonjiswa esikrinini:ukhiye wokusetha we-ssh-rsa + = = demo @ test. Emva kwalokho, iya ukusebenza kudivayisi ekude, lapho udala khona isqondisi esishamkdir -p ~ / .ssh. Kwengeza futhi ifayiliabagunyaziwe_abasebenza. Okulandelayo, faka ukhiye ofunde ngawo kuqalaintambo yokhiye womphakathi >> ~ / .ssh / Author_keys. Ngemuva kwalokho, ungazama ukukuqinisekisa neseva ngaphandle kokusebenzisa amaphasiwedi.

Ukufakazelwa ubuqiniso kwiseva usebenzisa ukhiye okhiqiziwe

Esigabeni esedlule, ufunde ngezindlela ezintathu zokukopisha ukhiye wekhompyutha okude kwiseva. Izenzo ezinjalo zizokuvumela ukuthi uxhume ngaphandle kokusebenzisa iphasiwedi. Le nqubo yenziwa ngentambo yomyalo ngokungenashh ssh igama lomsebenzisi @ kude_hostkuphi igama lomsebenzisi @ kude_host - Igama lomsebenzisi kanye nomgcini wekhompyutha oyifunayo. Okokuqala lapho uxhuma, uzokwaziswa ngoxhumano olungaziwa futhi ungaqhubeka ngokukhetha yebo.

Ukuxhumeka kuzokwenzeka ngokuzenzakalelayo uma kungekho magamagama achaziwe ngenkathi kwakhiwa i-key key. Ngaphandle kwalokho, kufanele uqale uyifake ukuze uqhubeke nokusebenza ne-SSH.

Ikhubaza ubuqiniso bephasiwedi

Ukucushwa okuphumelelayo kokukopisha okhiye kubhekwa kusimo lapho kungenzeka ukungena kuseva ngaphandle kokusebenzisa iphasiwedi. Kodwa-ke, amandla okufakazela ngale ndlela avumela abahlaseli ukuba basebenzise amathuluzi wokuqhekeka ngephasiwedi futhi baxhume ukuxhumana okuphephile. Kuzokwazi ukuzivikela emacaleni anjalo ngokukhubaza ngokuphelele ukungena kwe-password kufayela lokucushwa le-SSH. Lokhu kuzodinga:

  1. In "Isiginali" vula ifayela lokumisa ngokusebenzisa umhleli usebenzisa umyalosudo gedit / njll / ssh / sshd_config.

  2. Thola umugqa "Ukuqinisekiswa kwephasiwedi" futhi ususe isibonakaliso # ekuqaleni kokuqaqa ipharamitha.

  3. Shintsha inani libe cha futhi ulondoloze ukucushwa kwamanje.

  4. Vala umhleli bese uqala kabusha isevasudo systemctl qala kabusha ssh.

Ukuqinisekiswa kwephasiwedi kuzokhutshazwa, futhi kuzokwazi ukungena kuseva kuphela usebenzisa izinkinobho ezenzelwe ngokukhethekile lokhu nge-algorithm ye-RSA.

Lungiselela i-firewall ejwayelekile

Ku-Ubuntu, i-firewall ezenzakalelayo yi-Uncomplex Firewall (UFW). Ikuvumela ukuthi uvumele ukuxhumana kwamasevisi akhethiwe. Isicelo ngasinye sakha iphrofayili yaso kuleli thuluzi, bese i-UFW ibaphatha, ivumela noma ikhubaza ukuxhumana. Ukusetha iphrofayili ye-SSH ngokuyengeza kuhlu kungokulandelayo:

  1. Vula uhlu lwamaphrofayili enziwe ngomlilo ngomyalouhlu lohlelo lokusebenza lwe-sudo ufw.

  2. Faka iphasiwedi yakho ye-akhawunti ukubonisa imininingwane.

  3. Uzobona uhlu lwezinhlelo zokusebenza ezitholakalayo, phakathi kwazo kufanele kube yi-OpenSSH.

  4. Manje kufanele uvumele ukuxhumana nge-SSH. Ukuze wenze lokhu, engeza kuhlu lwamaphrofayili avumelekile usebenzisasudo ufw vumela i-OpenSSH.

  5. Vula i-firewall ngokuvuselela imithetho,sudo ufw vumela.

  6. Ukuqinisekisa ukuthi ukuxhumana kuvunyelwe, kufanele unqumeisimo sudo ufw, ngemuva kwalokho uzobona isimo senethiwekhi.

Lokhu kuqeda imiyalo yethu yokucushwa kwe-SSH ku-Ubuntu. Ezinye izilungiselelo zefayela lokucushwa namanye amapharamitha enziwa ngumsebenzisi ngamunye ngaphansi kwezicelo zakhe. Ungajwayelana nesenzo sazo zonke izingxenye ze-SSH kumadokhumenti asemthethweni we-protocol.

Pin
Send
Share
Send

Okuthunyelwe Popular

https://eifeg.com 2024