Njengoko uyazi, itekhnoloji ye-SH evulekileyo ikuvumela ukuba uqhagamshele ngokude kwikhompyuter ethile kwaye udlulisele kwi-protocol ekhuselweyo. Oku kukuvumela ukuba uphumeze kwaye ulawule ngokupheleleyo isixhobo esikhethiweyo, uqinisekisa ukutshintshiselana ngokukhuselekileyo ngolwazi olubalulekileyo kunye neephasiwedi. Ngamanye amaxesha abasebenzisi banemfuno yokunxibelelana nge-SSS, kodwa ukongeza ekufakweni kokufaka izixhobo, kufuneka ukuba kuvelise kwaye kuseto olongezelelweyo. Sifuna ukuthetha ngayo namhlanje, sithathe ukuhanjiswa kwe-Debia kumzekelo.
Yenza ngokwezifiso kwi-Debian
Sahlulahlule inkqubo yoqwalaselo ukuba libe ngamanyathelo aliqela, kuba ngamnye unoxanduva lokuphunyezwa komsebenzi othile kwaye usenokuba luncedo kubasebenzisi abathile, kuxhomekeke kukhetho. Masiqalise ngento yokuba zonke izinto ezenziwayo ziya kwenziwa kwi-console kwaye ziya kufuna ukuqinisekisa amalungelo e-Superuser, ngokulungiselela oku kwangaphambili.Ukufaka i-ssh-server kunye ne-ssh-babemeli
Ngokuzenzekelayo, i-SSH ibandakanyiwe kwiseti yokusebenza esemgangathweni yenkqubo yenkqubo yenkqubo yenkqubo yenkqubo yenkqubo, nangona kunjalo, ngenxa naziphi na izinto, iifayile ezifanelekileyo zinokuba ngumsindo okanye zingekho, xa umsebenzisi wavelisa ngokungathandanganga. Ukuba ufuna ukufaka i-SSH-server kunye ne-SSS-Gxube, Landela le miyalelo ilandelayo:
- Vula imenyu yokuqalisa kwaye uqalise i-terminal ukusuka apho. Oku kungenziwa ngomgangatho yesitshixo Ctrl + Alt + T.
- Apha unomdla kwi-sudo fap faka umthetho weseva onoxanduva lokufaka icandelo leseva. Ngenisa kwaye ucofe kwi-ENTER ukuze usebenze.
- Njengoko sele uyazi, iintshukumo ezenziweyo kunye nengxoxo ye-sudo ziya kufuneka zenziwe ngokuchaza iphasiwedi engaphezulu. Cinga ukuba abalinganiswa abafakwe kulo mgca abonakaliswa.
- Uya kwaziswa ukuba zongezwa okanye zihlaziyiwe. Ukuba i-SSS Server sele ifakiwe kwi-Debian, umyalezo ubonakala kubukho bephakeji echaziweyo.
- Okulandelayo, kuya kufuneka wongeze kwinkqubo kunye nenxalenye yabathengi, kwikhompyuter apho unxibelelwano luya kudityaniswa kwixesha elizayo. Ukwenza oku, sebenzisa i-sudo efanelekileyo yokufumana i-sudo apt-fumana ukufaka i-Opennssh-Guqula.
Akukho macandelo ongezelelweyo ukufaka nayiphi na into eyongezelelweyo, ngoku unokutshintsha ngokukhuselekileyo kulawulo lweseva kunye neefayile zoqwalaselo ukwenza izitshixo kwaye ulungiselele yonke into yokuqhagamshela kwi-desktop ekude.
Ulawulo lweseva kunye nokujonga umsebenzi wakhe
Ngokufutshane masigxile kwindlela iseva efakiweyo ilawulwa ngayo kunye nokujonga umsebenzi wayo. Kufuneka yenziwe ngaphambi kokutshintshela kwiseti ukuqinisekisa ukuba ukusebenza kwezinto ezongeziweyo zichanekile.
- Sebenzisa i-sudo stomputer yenza umyalelo we-SSSshd ukongeza iseva ukuze ilayishe ngokuzenzekelayo, ukuba ayikwenzeke ngokuzenzekelayo. Ukuba ufuna ukurhoxisa ukuqalisela ngenkqubo yokusebenza, sebenzisa inkqubo yokukhubaza i-sshd. Emva koko isiqalo sentsingiselo siyakufuneka sichaze inkqubo yokuqalisa i-sshd.
- Zonke ezo zenzo ezinjalo kufuneka zisoloko zenziwa egameni le-Superuser, ke kufuneka ufake igama lakhe eligqithisiweyo.
- Ngenisa umyalelo we-SHSH ukhangela iseva yokusebenza. Faka endaweni yendawo yokuhlala kwidilesi yekhompyuter yendawo.
- Xa uqala uqhagamshela, uya kwaziswa ukuba umthombo awuqinisekiswanga. Oku kuyenzeka ngenxa yokuba singekabekeli useto lokhuseleko. Ngoku qinisekisa ukuqhubeka konxibelelwano ngokungena Ewe.
Ukongeza amaqhosha eRsa
Ukunxibelelana kwiseva kumthengi kunye ne-vice verda yenziwa ngokufaka igama eligqithisiweyo, nangona kunjalo, kuyacetyiswa ukuba kudale izitshixo ezibini eziza kuphuhliswa nge-algorithms. Olu hlobo lolu hlobo encryption luya kwenza ukuba kudala ukhuseleko olululo, oluya kuba nzima ukujikeleza umhlaseli xa uzama ukukhetha. Ukongeza izitshixo kuphela imizuzu embalwa, kwaye ikhangeleka ngathi le nkqubo:
- Vula "i-terminal" kwaye ufake i-ssh-fosinegen apho.
- Ungazikhetha ngokuzimela indawo ofuna ukuyigcina ikhowudi ukuya kwelona qhosha. Ukuba akukho mnqweno wokuyitshintsha, cinezela iqhosha le-Enter.
- Ngoku isitshixo esivulekileyo senziwe. Inokukhuselwa libinzana lekhowudi. Ngenisa kwintambo ebonisiweyo okanye ushiye ingenanto ukuba awufuni kuvula olu khetho.
- Xa ungena kwibinzana eliphambili kuya kufuneka lichaze kwakhona ukuqinisekisa.
- Isaziso sokudalwa kwesitshixo sikawonke-wonke siya kuvela. Njengoko ubona, wabelwa iseti yeempawu ezingakhethwanga, kwaye umfanekiso wadalwa kwi-algorithms engaqhelekanga.
Enkosi kwi intshukumo yenziwe, isitshixo ngasese kunye noluntu sele yenziwe. Baya kuba inxaxheba loqhakamshelwano phakathi izixhobo. Ngoku kufuneka ukuba ukukhuphela isitshixo sikawonke kumncedisi, kwaye ungenza ukwenza oku ngeendlela ezahlukeneyo.
Khuphela iqhosha ukuvula kumncedisi
E Debian, kukho iindlela ezintathu apho bakope uluntu isitshixo kumncedisi. Sicebisa nangoko wazi nabo bonke ukuze ukhethe ngokupheleleyo kwixesha elizayo. Oku ezifanelekileyo kwezo kwiimeko apho enye iindlela inganeli okanye ukwanelisa iimfuno zomsebenzisi.
Indlela 1: ssh-Copy-ID Team
ekuqaleni Masithethe kunye ukhetho elula ukuba kuthetha ukusetyenziswa umyalelo ssh-IKOPI-ID. Ngokungagqibekanga, le eluncedo sele elakhelwe OS, ngoko akuyomfuneko pre-ufakelo. ezinesintaksi nayo kulula kakhulu kangangoko oku kunokwenzeka, yaye kuya kufuneka ukuba enze izenzo ezinjalo:
- Kulo console, faka umyalelo ssh-Copy-ID kwi lomsebenzisi @ remote_host kwaye uyisebenzise. Tshintsha lomsebenzisi @ remote_host kwidilesi ye computer ekujoliswe ukuze ukuthumela sele kudlule ngempumelelo.
- Xa uqala uzama ukuxhulumana, uya kubona lo myalezo "ukuchana somamkeli 203.0.113.1 (203.0.113.1) 'azinako ukusekwa ECDSA Fingerprints iyi lizuze:. Lizuze: D4: F9: 77: FE: 73 : 84: E1: 55: 00: AD: D6: 6D: 22:. Fe Uqinisekile ukuba ufuna ukuqhubeka Idibanisa (EWE / HAYI) EWE "?. Khetha impendulo omhle ukuqhubeka udibaniso.
- Emva koko, lo eluncedo iya kusebenza ngokuzimeleyo nokukhangela kunye nokukopisha isitshixo. Ngenxa yoko, ukuba yonke into waya ngempumelelo, isaziso "/ usr / bin / ssh-Copy-ID" ziya kuvela iinkcukacha kwiskrini: info: izama ukungena enesitshixo esitsha (s), ukuba Icebo lokucoca ulwelo bonke Alady Kuhlohlwe / usr / Bin / ssh-Copy-ID: info: 1 Key (s) Hlalani ukuba kufakelwe - ukuba uza kuyalelwa ngoku ukufaka igama izitshixo ezintsha [email protected]'s: ". Oku kuthetha ukuba ungafaka igama lokugqitha ukuze sifudukele ukulawula ngqo kwi desktop ekude.
Ngaphezu koko, ndiya cacisa ukuba emva kokuba isigunyaziso yokuqala nempumelelo console, kuya kuvela umlinganiswa elandelayo:
Inani Of Key (S) Added: 1
Ngoku zama ukungena kumatshini, KUNYE: "ssh '[email protected]'"
Kwaye ukhangele ukuze uqinisekise ukuba kuphela I-Key (s) ufuna Ngaba Added.
Ithi ukuba kweqhosha yongezwe ngokunempumelelo ikhompyutha ekude yaye akukho kuphinda kuvela naziphi na iingxaki xa uzama ukudibanisa.
Indlela 2: Export Key nge SSH
Njengoko usazi, ukuthunyelwa umntu onesitshixo sakhe sikawonke uya okuvumela ukuba uxhulumane kumncedisi ethile ngaphandle phambi kokuba ufake ipasiwedi. Ngoku, lo gama isitshixo ayikho kodwa kwikhompyutha setekeni, ungakwazi ukudibanisa nge SSH nghena iphasiwedi ukuze ngesandla ukususa ifayile oyifunayo. Ukuze benze oku, kufuneka kwi console ukuba ufake Cat umyalelo ~ / .ssh / id_rsa.pub | Ssh lomsebenzisi @ Remote_Host "mkdir -p ~ / .ssh && touch ~ / .ssh / authorized_keys && fdopen -R ukuya = ~ / .ssh && Cat >> ~ / .ssh / authorized_keys."
Isaziso kufuneka ukuvela kwiskrini.
Ukuchana somamkeli 203.0.113.1 (203.0.113.1) 'azinako ukusekwa.
ECDSA Fingerprints iyi lizuze: lizuze: D4: F9: 77: FE: 73: 84: E1: 55: 00: AD: D6: 6D: 22: FE.
Uqinisekile ukuba ufuna ukuqhubeka Idibanisa (EWE / HAYI) ?.
Qinisekisa ukuba baqhubeke udibaniso. Isitshixo sikawonke iya ngokuzenzekelayo zikhutshelwa kwi ekupheleni Authorized_keys yoqwalaselo lwefayile. Kule nkqubo ngaphandle, kunokwenzeka ukuba ugqibile.
Indlela 3: Manual Khuphela Key
Le ndlela iza ukuhambelana abo abasebenzisi abangenalo ukukwazi ukwenza unxibelelaniso kwi computer wetekeni, kodwa kukho ufikelelo ngokwasemzimbeni kuyo. Kulo mzekelo, iqhosha kuya kufuneka adluliselwe ngokuzimeleyo. Okokuqala, ukuqinisekisa ulwazi ngayo kwi PC umncedisi nge Cat ~ / .ssh / id_rsa.pub.
I console kufuneka kuvela ssh-RSA umtya + iqhosha njenge iseti ngabalinganiswa == EZIYIMIZEKELO @ TEST. Ngoku uyakwazi ukuya kwenye ikhompyutha, apho kufuneka wenze weefayili omtsha ungena mkdir -p ~ / .ssh yi. Kwakhona ingeza ifayile yokubhaliweyo ebizwa Authorized_keys. Kuhleli kuphela ukuba ufake kukho isitshixo esithile ekuqaleni nge umqolo Echo + of umntu onesitshixo sakhe sikawonke >> ~ / .ssh / authorized_keys. Emva koko, ungqinisiso iya kufumaneka ngaphandle phambi gama eligqithisiweyo. Oku kwenziwa ngokusebenzisa SSH lomsebenzisi @ Remote_Host umyalelo, apho lomsebenzisi @ remote_host kufuneka kufakwe kunye igama host efunekayo.
Ithatyathwa nje iindlela kuvunyelwa ukudlulisela sitshixo sikawonke-wonke isixhobo esitsha ukwenza kube lula ukudibanisa ngaphandle kokungenisa igama eligqithisiweyo eliyingcambu, kodwa ngoku yabonisa ifom kwi-entry. Loo isikhundla izinto kukuvumela abahlaseli ukufikelela kwi desktop ekude, passwording nje. Okulandelayo sinikela ukuqinisekisa ukhuseleko ngokwenza izicwangciso ezithile.
Khubaza ungqinisiso lwephaswedi
Njengoko kuchaziwe ngaphambili, ithuba lwephaswedi ube ikhonkco uswele amandla ukhuseleko unxibelelaniso, ekubeni kukho indlela misracting ezinjalo isitshixo. Sincoma yangasebenzi le khetho ukuba unomdla ukhuselo ubuninzi umncedisi wakho. Ungakwenza oko ngolu hlobo:
- Vula i / etc / ssh / sshd_config yoqwalaselo ifayile nge nayiphi umhleli wokubhaliweyo lula, oko kusenokuba, umzekelo, i-gedit okanye nano.
- Kuludwe ovula, fumana i "passwordauthentication" umtya kwaye susa umqondiso # ukwenza lo myalelo esebenzayo. Tshintsha ixabiso EWE HAYI ukuba khubaza ukhetho.
- Zakuba zigqityiwe ukuzaliswa, cinezela Ctrl + O ukugcina utshintsho.
- Musa ukutshintsha igama lefayile, kodwa nje ucinezele ENTER ukusebenzisa setup.
- Uyakwazi ushiye umhleli wokubhaliweyo ngokucofa kwi Ctrl + X.
- Lonke utshintsho luyakuqala kuphela emva kokuba uqale kwenkonzo Ssh, benza ngoko nangoko nge Sudo SystemCTL Qalisa SSH.
Ngenxa yezenzo, ithuba lwephaswedi neza kukhubazeka, kwaye igalelo iya kufumaneka kuphela emva kokuba isibini indibaniselayezitshixo RSA. Khawucinge oku xa loqwalaselo efanayo.
Kulungiselelwa i parameter firewall
Ekupheleni izinto namhlanje, sifuna ukuxelela malunga uqwalaselo firewall, nto leyo eza kusetyenziswa imvume okanye prohibitations imichiza. Thina siya kuwela kuphela iingongoma eziphambili, ukuthatha ayinzima Firewall (UFW).
- Okokuqala, makhe sijonge uluhlu kweeprofayili ezikhoyo. Ngenisa Sudo UFW App List kwaye nqakraza ku ENTER.
- Qinisekisa isenzo ngokuchaza iphasiwedi ye-Superuser.
- Ssh zisala kuluhlu. Ukuba le layini ukho apho, oko kuthetha ukuba yonke imisebenzi ngokuchanekileyo.
- Vumela uqhagamshelo ngeli eluncedo ngokubhala Sudo UFW Vumela OpenSSh.
- Vula i-firewall ukuhlaziya imithetho. Oku kwenziwa ngokusebenzisa sudo ufw kwenza umyalelo.
- Unga khangela i nesimo esikhoyo ngoku firewall nangaliphi na ixesha ungena Sudo UFW Status yi.
Kule nkqubo, uqwalaselo ssh kwi Debian lugqityiwe. Njengoko ubona, kukho bokuqonda ezininzi ezahlukeneyo kunye nemigaqo kufuneka ukuba bakhelwe umkhanya. Kakade ke, ngaphakathi sikhokelo inqaku mnye, akunakwenzeka ukuba ukulingana ngokupheleleyo lonke ulwazi, ngoko ke wawuthetha inkcazelo esisiseko kuphela. Ukuba unomdla wokufumana kakhulu-nzulu idatha yalo eluncedo, sicebisa ukuba uwazi namaxwebhu yayo esemthethweni.