Lungiselela i-SSH ku-Ubuntu

Ubuchwepheshe be-SSH (Shell Shell) buvumela ukulawula okude okuphephile kwikhompyutha ngokuxhumeka okuphephile. I-SSH ibhala phansi wonke amafayela adlulisiwe, kufaka phakathi amaphasiwedi, futhi futhi adlulisa ngokuphelele noma iyiphi inqubo yokuxhumana yenethiwekhi. Ukuze ithuluzi lisebenze kahle, akudingeki nje ukulifaka kuphela, kodwa futhi ukulilungisa. Sithanda ukukhuluma ngomkhiqizo wokucushwa okuyinhloko kulesi sihloko, sithatha njengesibonelo inguqulo yakamuva yesistimu yokusebenza ye-Ubuntu lapho iseva izobe khona khona.

Lungiselela i-SSH ku-Ubuntu

Uma ungaqedi ukufakwa kuma-PC namasevisi weklayenti, kufanele uyenze ekuqaleni, ngoba inqubo yonke ilula futhi ayithathi isikhathi esiningi. Ukuze uthole isiqondiso esengeziwe mayelana nalesi sihloko, bheka esinye isihloko sethu kusixhumanisi esilandelayo. Iphinde ibonise inqubo yokuhlela ifayela lokucushwa nokuhlola i-SSH, ngakho-ke namhlanje sizohlala kwenye imisebenzi.

Funda kabanzi: Ukufaka iSSH-server ku-Ubuntu

Ukudala i-RSA key key

I-SSH esanda kufakwa ayinayo okhiye ecacisiwe ukuxhuma kusuka kuseva kuya kuklayenti futhi ngokuphambene nalokho. Yonke le mingcele kufanele isethwe ngesandla ngokushesha ngemuva kokungeza zonke izingxenye zeprotocol. I-pair eyisihluthulelo isebenza ngokusebenzisa i-algorithm ye-RSA (emfushane ngamagama abakhi be-Rivest, Shamir, ne-Adleman). Ngenxa yalesi cryptosystem, ukhiye okhethekile kubhalwe nge-algorithms ekhethekile. Ukwakha izinkinobho zomphakathi, udinga kuphela ukufaka imiyalo efanele ku-console bese ulandela imiyalo evelayo.

  1. Yiya emsebenzini "Isikhumbuzo" noma iyiphi indlela elula, isibonelo, ngokuyivula ngokusebenzisa imenyu noma inhlanganisela yezihluthulelo I-Ctrl + Alt + T.

  2. Faka umyalossh-keygenbese ucindezela ukhiye Ngena.

  3. Uzothunyelwa ukudala ifayela lapho okhiye bazogcinwa khona. Uma ufuna ukuwagcina endaweni ezenzakalelayo, chofoza nje Ngena.

  4. Ukhiye womphakathi ungavikelwa ngombhalo wekhodi. Uma ufuna ukusebenzisa le nketho, kulayini ovele ubhala bhala iphasiwedi. Izinhlamvu ezifakiwe ngeke ziboniswe. Umzila omusha uzodinga ukuwuphinda.

  5. Ngokuqhubekayo uzobona isaziso sokuthi ukhiye usindisiwe, futhi uzokwazi nokujwayela isithombe sakhe esingavamile.

Manje kukhona iqembu elikhiwe okhiye - eliyimfihlo futhi elivulekile, elizosetshenziselwa ukuxhumeka okwengeziwe phakathi kwamakhompyutha. Udinga nje ukubeka ukhiye kuseva ukuze ukuqinisekiswa kwe-SSH kuphumelele.

Ukukopisha ukhiye womphakathi kuseva

Kunezindlela ezintathu zokukopisha okhiye. Ngamunye wabo uzobe esezingeni elihle ezimweni ezihlukahlukene lapho, isibonelo, enye yezindlela ayisebenzi noma ayifanele umsebenzisi othize. Siphakamisa ukucubungula zonke izindlela ezintathu, ngokuqala ngokulula kakhulu futhi okuphumelelayo.

Inketho 1: umyalo we-ssh-copy-id

Ithimbai-ssh-ikhophi-ideyakhelwe ohlelweni lokusebenza, ngakho ukuqaliswa kwalo akudingeki ukufaka noma yiziphi izingxenye ezengeziwe. Landela i-syntax elula ukukopisha ukhiye. Ngaphakathi "Isikhumbuzo" kumele kufakweIgama lomsebenzisi le-ssh-copy-id @ remote_hostkuphi igama lomsebenzisi @ remote_host - igama lekhomputha elikude.

Uma uqala ukuxhuma, uzothola umbhalo wesaziso:

Ubuqiniso bendawo '203.0.113.1 (203.0.113.1)' ayikwazi ukuqiniswa.
I-ECDSA iminwe yeminwe eyinhloko i-fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: isikhangiso: d6: 6d: 22: fe.
Uqinisekile ukuthi ufuna ukuqhubeka ukuxhuma (yebo / cha)? Yebo

Kumele ucacise inketho Yebo ukuqhubeka nokuxhumeka. Ngemuva kwalokhu, lo mbuso uzozimela ngokuzimela ukhiye ngesimo sefayela.id_rsa.pubeyadalwa ekuqaleni. Lapho kutholakala ngempumelelo, umphumela olandelayo uboniswa:

/ usr / bin / ssh-ikhophi-id: INFO: Ngifake kakade
/ usr / bin / ssh-ikhophi-id: INFO: 1 izinkinobho ezihlala zizofakwa
igama [email protected]'s password:

Cacisa iphasiwedi kusuka kumsingcele osuka kude ukuze Umbuso ungene kuwo. Ithuluzi lizokopisha idatha kufayela lekhiye yomphakathi. ~ / .ssh / id_rsa.pubbese umlayezo uzovela esikrinini:

Inombolo yamakhi (s) abangeziwe: 1

Manje zama ukungena kumshini, nge: "ssh '[email protected]'"
hlola.

Ukuvela kombhalo onjalo kusho ukuthi ukhiye ulayishwe ngempumelelo kumakhompuyutha akude, futhi manje ngeke kube nezinkinga ngokuxhumeka.

Option 2: Kopisha ukhiye womphakathi nge-SSH

Uma ungenakusebenzisa isevisi eshiwo ngenhla, kodwa ube nephasiwedi ukungena kwisiphakeli esikude SSH, ungakwazi ukulayisha ngesandla ukhiye wakho womsebenzisi, ngaleyo ndlela uqinisekise ukuqinisekiswa okuqhubekayo okuzinzile uma uxhuma. Isetshenziselwe lo myalo ikatiokuyinto izofunda idatha kusuka efayeleni, bese izothunyelwa kwiseva. Ku-console, kuzodingeka ufake umugqa

cat ~ / .ssh / id_rsa.pub | igama lomsebenzisi we-ssh @ remote_host "mkdir -p ~ / .ssh && touch ~ / .ssh / authorized_keys && chmod -R go = ~ / .ssh && cat >> ~ / .ssh / authorized_keys".

Uma umlayezo uvela

Ubuqiniso bendawo '203.0.113.1 (203.0.113.1)' ayikwazi ukuqiniswa.
I-ECDSA iminwe yeminwe eyinhloko i-fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: isikhangiso: d6: 6d: 22: fe.
Uqinisekile ukuthi ufuna ukuqhubeka ukuxhuma (yebo / cha)? Yebo

qhubeka uxhuma bese ufaka iphasiwedi ukungena ngemvume kuseva. Ngemuva kwalokho, ukhiye womphakathi uzokopishwa ngokuzenzakalelayo ekupheleni kwefayela lokucushwa. igunya_keys.

Indlela yoku-3: Ukukopisha ngesandla ukhiye womphakathi

Uma kungenakho ukufinyelela kwikhompyutha esilawuliwe nge-SSH iseva, zonke izinyathelo ezingenhla zenziwa ngesandla. Ukuze wenze lokhu, qala ukufunda ngekhiye kwi-PC yesiphakeli ngomyalocat ~ / .ssh / id_rsa.pub.

Isikrini sizoveza into enjengale:I-ssh-rsa + ukhiye njengesethi yomlingisi == demo @ test. Ngemuva kwalokho uya emsebenzini kudivayisi eyihlane, lapho udala khona isiqondisi esishamkdir -p ~ / .ssh. Yengeza ngokwengeziwe ifayela.igunya_keys. Okulandelayo, faka ukhiye owawufunde ngaphambiliniqhafaza + izintambo zenethiwekhi yomphakathi >> ~ / .ssh / authorized_keys. Ngemuva kwalokho, ungazama ukuqinisekisa nge-server ngaphandle kokusebenzisa amaphasiwedi.

Ukuqinisekisa kuseva ngokusebenzisa ukhiye owenziwe

Esigabeni esandulele, ufunde ngezindlela ezintathu zokukopisha ukhiye wekhompuyutha eyihlane kuya kuseva. Izenzo ezinjalo zizokuvumela ukuba uxhume ngaphandle kokusebenzisa iphasiwedi. Le nqubo yenziwa kusuka kumlayini wokulayezo ngokuthayiphaIgama lomsebenzisi shh ssh @ remote_hostkuphi igama lomsebenzisi @ remote_host - igama lomsebenzisi ne-host of computer oyifunayo. Uma uqala ukuxhuma, uzokwaziswa ngokuxhumeka okungajwayelekile futhi ungaqhubeka ngokukhetha inketho Yebo.

Ukuxhumeka kuzokwenzeka ngokuzenzekelayo uma ngesikhathi sokubambisana okubalulekile kudalwe igama lokungena. Uma kungenjalo, kumele uqale ukungena ukuze uqhubeke usebenza ne-SSH.

Khubaza ukuqinisekiswa kwephasiwedi

Ukusetha okuphumelelayo kokukopisha okuyinhloko kucatshangwa esimeni lapho ungafaka iseva ngaphandle kokusebenzisa iphasiwedi. Noma kunjalo, ikhono lokuqinisekisa ngale ndlela livumela abahlaseli ukuthi basebenzise amathuluzi ukuthola iphasiwedi futhi bafinyelele ekuxhumaneni okuphephile. Ukuzivikela kumacala anjalo kuzokuvumela ukukhubaza okugcwele kwephasiwedi yokungena ngemvume kufayela lokuhlela le-SSH. Lokhu kuzodinga:

  1. Ngaphakathi "Isikhumbuzo" vula ifayela lokumisa ngokusebenzisa umhleli usebenzisa umyalosudo gedit / njll / ssh / sshd_config.

  2. Thola umugqa I-PasswordAuthentication bese ususa uphawu # ekuqaleni ukuhlupha ipharamitha.

  3. Shintsha inani ku cha bese ulondoloza ukumiswa kwamanje.

  4. Vala umhleli bese uqala kabusha iseva.sart systemctl ukuqalisa kabusha i-ssh.

Ukuqinisekiswa kwephasiwedi kuzokhutshazwa, futhi uzokwazi ukungena ngemvume kuseva kuphela usebenzisa okhiye okwenzelwe lokhu nge-algorithm ye-RSA.

Ukusetha i-firewall ejwayelekile

Ku-Ubuntu, i-firewall ezenzakalelayo yi-Uncomplicated Firewall (UFW). Ikuvumela ukuthi uvumele uxhumano lwezinsizakalo ezikhethiwe. Uhlelo ngalunye ludala iphrofayela yalo siqu kule thuluzi, futhi u-UFW uyayilawula ngokuvumela noma ukuphika ukuxhumana. Ukulungisa iphrofayili ye-SSH ngokuyengeza ohlwini kufezwe kanje:

  1. Vula uhlu lwamaphrofayli e-firewall usebenzisa umyalosudo ufw uhlu lokusebenza.

  2. Faka iphasiwedi yakho ye-akhawunti ukuze ubonise ulwazi.

  3. Uzobona uhlu lwezinhlelo zokusebenza ezikhona, i-OpenSSH kufanele ibe phakathi kwabo.

  4. Manje kufanele uvumele uxhumano ngaphezu kwe-SSH. Ukwenza lokhu, wengeze ohlwini lwamaphrofayli avunyelwe asebenzisasudo ufw avumele i-OpenSSH.

  5. Nika amandla i-firewall ngokubuyekeza imithethosudo ufw ukuvumela.

  6. Ukuze uqinisekise ukuthi ukuxhumeka kuvunyelwe, kufanele ubhalesudo ufw isimo, khona-ke uzobona isimo senethiwekhi.

Lokhu kugcwalisa imiyalo yethu yokuhlela yeSSH ye-Ubuntu. Ukumiswa okuqhubekayo kwefayela lokucushwa kanye neminye imingcele kwenziwa ngumuntu ngamunye ngaphansi kwezicelo zakhe. Ungazijwayeza ukusebenza kwazo zonke izingxenye ze-SSH kumadokhumenti esemthethweni we-protocol.

Okuthunyelwe Popular

https://termotools.com zu.termotools.com © Linux 2024