Njengoba wazi, ubuchwepheshe be-SSH obuvulekile bukuvumela ukuthi uxhumane kude kwikhompyutha ethile bese udlulisa idatha nge-protocol ekhethiwe evikelwe. Lokhu kukuvumela ukuthi usebenzise futhi ulawula ngokugcwele idivaysi ekhethiwe, uqinisekise ukushintshaniswa okuphephile kwemininingwane ebalulekile namaphasiwedi. Kwesinye isikhathi abasebenzisi banesidingo sokuxhuma nge-SSH, kepha ngaphezu kokufaka ukusetshenziswa uqobo, kuyadingeka ukukhiqiza kanye nezilungiselelo ezengeziwe. Sifuna ukukhuluma ngayo namhlanje, sihambisa ukusatshalaliswa kweDebian ngesibonelo.
Yenza ngokwezifiso i-SSH ngesikweletu
Sihlukanisa inqubo yokucushwa ngezinyathelo eziningana, ngoba yilowo nalowo unesibopho sokuqaliswa kokusebenza okuthize futhi angaba nje wusizo kubasebenzisi abathile, okuncike ekuncakheleni komuntu. Ake siqale ngeqiniso lokuthi zonke izenzo zizokwenziwa kwikhonsoli futhi kuzodingeka ziqinisekise amalungelo e-Superuser, ngakho-ke lungiselela lokhu kusengaphambili.Ukufaka iSsh-Server ne-SHS-CLIENT
Ngokuzenzakalelayo, i-SHS ifakiwe kwisethi ye-Standard Debian Operating Instality Set, noma kunjalo, ngenxa yanoma yiziphi izici, amafayela adingekayo angaba yintukuthelo noma umane nje, uma umsebenzisi ekhiqiza ukukhishwa ngesandla. Uma udinga ukufaka kuqala i-SSH-Server kanye ne-SHS-CLIENT, landela imiyalo elandelayo:
- Vula imenyu yokuqala bese uqala ukuphela lapho. Lokhu kungenziwa ngenhlanganisela yokhiye ojwayelekile we-CTRL + ALT + T. T.
- Lapha unentshisekelo ku-Sudo Apt faka umyalo weseva ye-OpenSsh-Server enesibopho sokufaka ingxenye yeseva. Faka bese uqhafaza ku-ENTER ukuze usebenze.
- Njengoba usuvele wazi, izenzo ezenziwa ngengxabano ye-sudo kuzodinga ukwenziwa kusebenze ngokuchaza iphasiwedi ye-superuser. Cabanga ukuthi izinhlamvu ezifakiwe kulomugqa aziboniswanga.
- Uzokwaziswa ukuthi amaphakheji angezwa noma avuselelwa. Uma iseva ye-SHSH isivele ifakwe kwi-Debian, umyalezo ubonakala ngokuba khona kwephakeji ebekiwe.
- Okulandelayo, kuzodingeka ungeze ohlelweni kanye nengxenye yeklayenti, njengekhompyutha lapho ukuxhumana kuzoxhunyaniswa khona ngokuzayo. Ukuze wenze lokhu, sebenzisa i-Sudo Apt-Get Faka umyalo we-OpenSsh-Client.
Azikho ezinye izinto ezingeziwe zokufaka noma yiziphi izinto ezengeziwe, manje usungashintshela ngokuphepha ekuphathweni kweseva namafayela wokucushwa ukudala izinkinobho futhi ulungiselele konke ukuxhuma kwideskithophu ekude.
Ukuphathwa kweseva nokuhlola umsebenzi wakhe
Mafushane ake sigxile ekutheni iseva efakiwe ilawulwa kanjani futhi isheke lokusebenza kwalo. Kufanele kwenziwe ngaphambi kokushintshela ekusethweni ukuze uqiniseke ukuthi ukusebenza kwezakhi ezingeziwe kulungile.
- Sebenzisa i-Sudo SystemctL Nika amandla i-SSSHD Command ukuze ungeze iseva ukuze uthwebula i-autoload, uma kungenzeki ngokuzenzakalelayo. Uma udinga ukukhansela ukwethulwa ngohlelo lokusebenza, sebenzisa uhlelo olukhubaza i-SSHD. Lapho-ke ukuqalwa kwe-Manual kuzodingeka ukucacisa uhlelo lokuqala lwe-SSHD.
- Zonke lezi zenzo ezinjalo kumele zihlale zenziwa egameni le-superuser, ngakho-ke udinga ukufaka iphasiwedi yakhe.
- Faka umyalo we-SSH Local Local ukuze uhlole iseva ukuze usebenze. Faka esikhundleni sendawo yendawo ekhelini lekhompyutha.
- Lapho uqala ukuxhuma, uzokwaziswa ukuthi umthombo awuqinisekiswanga. Lokhu kwenzeka ngoba asikazibeki izilungiselelo zokuphepha. Manje vele uqinisekise ukuqhubeka kokuxhumeka ngokufaka u-Yebo.
Ukungeza ama-pair of RSA Keys
Ukuxhuma kusuka kuseva kuya kwiklayenti kanye okuphambene nalokho nge-SSH kwenziwa ngokufaka iphasiwedi, noma kunjalo, kunconywa ukudala izinkinobho ezimbili ezizothuthukiswa ngama-algorithms e-RSA. Lolu hlobo lokubethela luzokwenza lukwazi ukudala ukuvikela okuphelele, okuzoba nzima ukuzungeza umhlaseli lapho uzama ukugenca. Ukwengeza ama-Key of Keys imizuzu embalwa, futhi kubukeka sengathi le nqubo:
- Vula i- "terminal" bese ufaka i-SHSH-keygen lapho.
- Ungazikhethela ngokuzimela indawo lapho ufuna ukugcina khona indlela eya kukhiye. Uma kungekho sifiso sokuyishintsha, mane ucindezele ukhiye we-ENTER.
- Manje ukhiye ovulekile uyadalwa. Ingavikelwa yigama lekhodi. Faka it kwintambo ekhonjisiwe noma ushiye ungenalutho uma ungafuni ukwenza le nketho.
- Lapho ufaka ibinzana eliyisihluthulelo kuzofanela uphinde uvume futhi ukuze uqinisekise.
- Isaziso sokwakhiwa kokhiye womphakathi kuzovela. Njengoba ubona, wabelwa isethi yezimpawu ezingahleliwe, futhi isithombe sakhiwe kuma-algorithms angahleliwe.
Ngenxa isinyathelo kwenziwe, ukhiye eyimfihlo futhi umphakathi udaliwe. Bayoba ukuhileleka for yokuxhuma phakathi kwamadivayisi. Manje une ukukopisha ukhiye womphakathi kwiseva, futhi ungakwenza lokhu ngezindlela ezahlukene.
Kopisha ukhiye evulekile kuseva
Ngo Debian, kukhona ezintathu ongakhetha ngawo ungakwazi ukukopisha ukhiye womphakathi kwiseva ukuphi. Siphakamisa ngokushesha uzijwayeze bonke ukuze ukhethe kahle kule esizayo. Lena efanele kulezo izimo lapho eyodwa yezindlela ayilingani noma cha ukwanelisa izidingo umsebenzisi.
Indlela 1: ssh-Kopisha-ID Team
Ase isiqalo ukukhetha elula ukuthi kusho ukusetshenziswa umyalo ssh-IKHOPHI-ID. Ngokuzenzakalelayo, lolu Umbuso isivele afakwa OS, ngakho-ke akuveli akudingeki pre-ukufakwa. -syntax layo nalo elula kakhulu ngangokunokwenzeka, futhi uzodinga ukwenza izenzo ezinjalo:
- Ngo-console, faka umyalo ssh-Kopisha-ID ukuze igama lomsebenzisi @'REMOTE_HOST futhi uyisebenzise. Buyisela igama lomsebenzisi @'REMOTE_HOST ekhelini computer target ukuze Ukuthumela isidlulile ngempumelelo.
- Lapho uqala uzama ukuxhumeka, uzobona umlayezo "ubuqiniso Usokhaya '203.0.113.1 (203.0.113.1)' akukwazi ukusungulwa ECDSA KEY zeminwe FD:. FD: D4: F9: 77: FE: 73 : 84: E1: 55: 00: AD: D6: 6D: 22:. Fe Uqinisekile ukuthi Ufuna Qhubeka Ixhuma (YEBO / CHA) YEBO "?. Khetha impendulo omuhle ukuqhubeka uxhumano.
- Ngemva kwalokho, lo Umbuso indawo kuyokwenza ngokuzimela ukusebenza njengoba yokusesha bese ukopisha ukhiye. Ngenxa yalokho, uma konke kwahamba ngempumelelo, isaziso "/ USR / BIN / ssh-Kopisha-ID" izovela esikrinini: info: izama ngemvume ukhiye omusha (s), ukuze Hlunga Out Noma yimuphi Lokho Ingabe Alady Kufakiwe / USR / Bin / ssh-Kopisha-ID: info: 1 Key (s) Hlala Okufanele Kufakiwe - uma ucelwa manje kangakanani ukufaka iphasiwedi okhiye entsha [email protected]'s: ". Lokhu kusho ukuthi ungakwazi faka iphasiwedi kanye ukuthuthela ukulawula ideskithophu yesilawuli kude ngqo.
Ngaphezu kwalokho, I cacisa ukuthi emva ukugunyazwa yimpumelelo lokuqala ku-console, uhlamvu elilandelayo lizovela:
Inombolo Of Key (S) Kwengeziwe: 1
Manje uzame ukungena emshinini, NE: "ssh '[email protected]'"
Futhi uhlole ukuze uqiniseke ukuthi kuphela Isihluthulelo (s) Wena Wanted Were Kwengezwe.
Lithi ukhiye ingezwe ngempumelelo kukhompyutha eqhelile futhi ayisekho kuyovela izinkinga uma uzama ukuxhuma.
Indlela 2: Export Key ngokusebenzisa ssh
Njengoba wazi, nokukhishwa ukhiye zomphakathi kuzokuvumela ukuxhumeka kwiseva eshiwo ngaphandle ngaphambi ufake iphasiwedi yakho. Manje, ngenkathi ukhiye akakabi kukhompyutha target, ungakwazi ukuxhuma nge ssh ngokufaka iphasiwedi ukuze uhambise ngesandla ifayela oyifunayo. Ukuze wenze lokhu, ku-console kuzodingeka ukungena Cat umyalo ~ / .ssh / id_rsa.pub | Ssh Igama lomsebenzisi @'REMOTE_HOST "mkdir -p ~ / .ssh && touch ~ / .ssh / authorized_keys && chmod -R hamba = ~ / .ssh && Cat >> ~ / .ssh / authorized_keys."
Isaziso kumele esibukweni.
Ubuqiniso Usokhaya '203.0.113.1 (203.0.113.1)' akukwazi ukusungulwa.
ECDSA Izigxivizo zeminwe zokhiye IS FD: FD: D4: F9: 77: FE: 73: 84: E1: 55: 00: AD: D6: 6D: 22: FE.
Ingabe uqinisekile ukuthi ufuna Qhubeka Ixhuma (YEBO / CHA) ?.
Qinisekisa ukuthi ukuqhubeka uxhumano. Ukhiye womphakathi zizokopishelwa ngokuzenzakalela ukuze ekupheleni Authorized_keys ifayela ukumisa. Kule nqubo ukuthekelisa, kungenzeka ukuba liphele.
Indlela 3: Manual Kopisha Key
Le ndlela ngeke ivumelane labo basebenzisi abangenalo ikhono ukwakha uxhumano kokukude kwikhompyutha target, kodwa kukhona ukufinyelela ngokomzimba ke. Kulokhu, ukhiye kuyodingeka ukuba idluliselwe ngokuzimela. Okokuqala, ukucacisa ulwazi mayelana nalo ku-PC iseva nge Cat ~ / .ssh / id_rsa.pub.
Console kufanele avele ssh-RSA string + ukhiye njengoba iqoqo izinhlamvu == DEMO @ ISIVIVINYO. Manje ungaya kwenye ikhompyutha, lapho kufanele ukudala lwemibhalo entsha ngokufaka mkdir -p ~ / .ssh. Iphinde unezela lombhalo ngokuthi Authorized_keys. It uhlala kuphela ukufaka khona ukhiye ethile ngaphambili nge-Echo + umugqa ukhiye zomphakathi >> ~ / .ssh / authorized_keys. Ngemva kwalokho, ubuqiniso izotholakala ngaphandle iphasiwedi entry. Lokhu kwenziwa ngokusebenzisa ssh Igama lomsebenzisi @'REMOTE_HOST umyalo, lapho igama lomsebenzisi @'REMOTE_HOST kufanele kufakwe igama host edingekayo.
Kuxoxa izindlela akavunyelwe ukudlulisela ukhiye umphakathi ukuba idivayisi entsha ukuze enze kube nokwenzeka ukuba ukuxhuma ngaphandle kokufaka iphasiwedi, kodwa manje ifomu entry namanje ukuboniswa. sesimweni esinjalo zezinto ivumela abahlaseli ukufinyelela ideskithophu yesilawuli kude, umane passwording. Okulandelayo sinikeza ukuqinisekisa ukuphepha ngokwenza izilungiselelo ezithile.
Khubaza ukuqinisekiswa kwegama lokungena
Njengoba kushiwo ngaphambili, kungenzeka ukuqinisekiswa kwegama lokungena bangaba isixhumanisi buthakathaka ukuphepha uxhumano akude, kwazise ziningi izindlela ka misracting okhiye ezinjalo. Sincoma zikhutshaziwe lolu khetho uma abanesifiso Ukuvikelwa esiphezulu leseva sakho. Ungakwenza kanje:
- Vula / njll / ssh / sshd_config ukumisa ifayela nge iyiphi Umhleli wombhalo elula, kungase kube, isibonelo, gedit noma nano.
- Ohlwini esivula, thola "passwordauthentication" string futhi ususe uphawu # ukwenza lo myalo asebenzayo. Shintsha ukubaluleka YEBO CHA ukukhubaza inketho.
- Lapho beqeda, cindezela u-Ctrl + O ukulondoloza izinguquko.
- Ungaguquli igama fayela, kodwa umane ucindezela ENTER ukusebenzisa isethaphu.
- Ungakwazi ukushiya sombhalo ngokuchofoza Ctrl X.
- Zonke izinguquko zizokwenzeka kuphela emva kabusha inkonzo ssh, ngakho ukukwenza ngokushesha nge Sudo SystemCTL Qala kabusha ssh.
Ngenxa yalokho yezenzo, kungenzeka ukuqinisekiswa kwegama lokungena kuzokhutshazwa, futhi kokufaka izotholakala kuphela ngemva ambalwa RSA okhiye. Cabangela lokhu lapho ukucushwa efanayo.
Ilungiselela ipharamitha lokuvikela
Ekupheleni impahla lanamuhla, sifuna ukukutshela mayelana ukucushwa kwe-firewall, okuyinto izosetshenziselwa izimvume noma prohibitations zezakhi. Sizokwenza ukudlula kuphela amaphuzu ayinhloko, ngokuthatha ayinzima firewall (UFW).
- Okokuqala, ake uhlole lwamaphrofayela ekhona. Faka Sudo UFW App ohlwini bese uchofoze u-ENTER.
- Qinisekisa isenzo ngokucacisa iphasiwedi ye-superuser.
- Ssh Lay ohlwini. Uma lo mugqa likhona khona, kusho ukuthi imisebenzi yonke into ngendlela efanele.
- Vumela uxhumano ngokusebenzisa le Umbuso ngokubhala Sudo UFW Vumela OpenSSh.
- Vula firewall ukuvuselela imithetho. Lokhu kwenziwa ngokusebenzisa sudo ufw unike amandla umyalo.
- Ungahlola isimo samanje firewall nganoma isiphi isikhathi ngokufaka Sudo UFW Isimo.
Kule nqubo, ukucushwa ssh e Debian kuqedile. Njengoba ubona, kukhona umehluko wemisindo nemiqondo yamagama amaningi ahlukahlukene kanye nemithetho ezidinga uyalandelwa. Yiqiniso, ngaphakathi kohlaka Kwesinye isihloko, akunakwenzeka ukuba uvumelane ngokuphelele lonke ulwazi, ngakho kuphela wathinta on ulwazi oluyisisekelo. Uma anentshisekelo ukuthola more ngokujulile idatha ngalokhu Umbuso indawo, sikucebisa ukuthi uzijwayeze nokubhalwa kwayo esemthethweni.