10 SSH ti o wulo (Ikarahun Ailewu) Awọn ibeere Ifọrọwanilẹnuwo ati Awọn Idahun

SSH duro fun Ikarahun Secure jẹ ilana nẹtiwọọki kan, ti a lo lati wọle si ẹrọ latọna jijin lati ṣe awọn iṣẹ nẹtiwọọki laini aṣẹ ati awọn ofin miiran lori Nẹtiwọọki kan. A mọ SSH fun aabo giga rẹ, ihuwasi cryptographic ati pe o jẹ lilo pupọ julọ nipasẹ Awọn Admins Nẹtiwọọki lati ṣakoso awọn olupin ayelujara latọna jijin nipataki.

Eyi ni nkan Awọn ibeere Awọn ibeere Ifọrọwanilẹnuwo, a n ṣe afihan diẹ ninu iwulo Awọn ibeere 10 SSH (Ikarahun Aabo) ati Awọn Idahun wọn.

A le ṣayẹwo nọmba ibudo ti SSH nipa ṣiṣiṣẹ ni isalẹ akosile ikan ikan, taara lori ebute.

# grep Port /etc/ssh/sshd_config		[On Red Hat based systems]

# grep Port /etc/ssh/ssh_config		        [On Debian based systems]

Lati yi ibudo SSH pada, a nilo lati yipada faili iṣeto ti SSH eyiti o wa ni ‘/ ati be be/ssh/sshd_config‘ tabi ‘/ etc/ssh/ssh_config‘.

# nano /etc/ssh/sshd_config	[On Red Hat based systems]

# nano /etc/ssh/ssh_config		[On Debian based systems]

Searh fun Line.

Port 22

Ati ki o rọpo '22' pẹlu eyikeyi ibudo ibudo UN ti o ṣiṣẹ - sọ '1080'. Fipamọ faili naa ki o tun bẹrẹ iṣẹ SSH lati mu awọn ayipada si ipa.

# service sshd restart					[On Red Hat based systems]

# service ssh restart					[On Debian based systems]

Lati mu wiwọle SSH kuro, ṣii faili iṣeto ti o wa ni '/ ati be be/ssh/sshd_config' tabi '/ ati be be/ssh/ssh_config'.

# nano /etc/ssh/sshd_config			[On Red Hat based systems]

# nano Port /etc/ssh/ssh_config			[On Debian based systems]

Yi paramita 'PermitRootLogin' pada si 'ko si' ki o tun bẹrẹ iṣẹ SSH bi ifihan loke.

Ṣẹda ssh-keygen nipa lilo aṣẹ ni isalẹ.

$ ssh-keygen

Daakọ awọn bọtini ita gbangba si alejo latọna jijin nipa lilo aṣẹ ni isalẹ.

$ ssh-copy-id -i /home/USER/.ssh/id_rsa.pub REMOTE-SERVER

Akiyesi: Rọpo OLUMULO pẹlu orukọ olumulo ati REMOTE-SERVER nipasẹ adirẹsi olupin latọna jijin.

Nigbamii ti a ba gbiyanju lati buwolu wọle si olupin SSH, yoo gba aaye wọle laisi beere ọrọ igbaniwọle, ni lilo keygen. Fun awọn itọnisọna alaye diẹ sii, ka bi o ṣe le buwolu wọle olupin SSH latọna jijin laisi ọrọ igbaniwọle.

Nibi lẹẹkansi a nilo lati satunkọ faili iṣeto ni ti iṣẹ SSH. Ṣii faili iṣeto naa ki o ṣafikun awọn olumulo ati awọn ẹgbẹ ni isalẹ bi ifihan ni isalẹ ati lẹhinna, tun bẹrẹ iṣẹ naa.

AllowUsers Tecmint Tecmint1 Tecmint2
AllowGroups group_1 group_2 group_3

# nano /etc/issue

Ati ṣafikun ifiranṣẹ aṣa rẹ ninu faili yii. Wo, ni isalẹ mimu iboju ti o fihan ifiranṣẹ aṣa ni kete ti olumulo ba wọle sinu olupin.

Lẹẹkansi, a nilo lati ṣii faili iṣeto SSH ati ṣafikun/satunkọ awọn ila bi a ṣe han ni isalẹ.

# protocol 2,1

to

Protocol 2

Fipamọ faili iṣeto ni ki o tun bẹrẹ iṣẹ naa.

# cat /var/log/secure | grep “Failed password for”

Akiyesi: A le tẹ aṣẹ grep ni ọna miiran lati ṣe abajade kanna.

Aṣẹ aṣẹ SCP idinwon kan ninu iṣẹ ni a fihan ni isalẹ:

$ scp text_file_to_be_copied [email _Host_server:/Path/To/Remote/Directory

Fun awọn apẹẹrẹ iṣe diẹ sii lori bii o ṣe le daakọ awọn faili/awọn folda nipa lilo pipaṣẹ scp, ka Awọn aṣẹ 10 SCP lati Daakọ Awọn faili/Awọn folda ni Linux.

# ssh [email  < local_file.txt

SSH jẹ koko ti o gbona pupọ lati aaye ijomitoro, ti gbogbo awọn akoko. Awọn ibeere loke yoo ti dajudaju ṣafikun imọ rẹ.

Iyẹn ni gbogbo fun bayi. Emi yoo wa nibi pẹlu nkan miiran ti o nifẹ. Titi lẹhinna Duro aifwy ati sopọ si Tecmint. Maṣe gbagbe lati pese wa pẹlu awọn esi rẹ ti o niyelori ni apakan asọye wa.