Kev teeb tsa SSH ntawm Ubuntu

SSH (Lub Plhaub Zoo) cov thev naus laus zis tso cai rau koj tswj hwm koj lub computer los ntawm kev ruaj ntseg sib txuas. SSH encrypts txhua cov ntaub ntawv pauv hloov chaw, suav nrog tus lej zais, thiab tseem xa cov lus tau ntawm lub network. Rau lub cuab yeej rau kev ua haujlwm kom raug, nws yuav tsum tsis yog ntsia xwb, tab sis kuj tau teeb tsa. Nws yog hais txog cov khoom lag luam ntawm lub ntsiab tseem ceeb uas peb xav tau los tham txog hauv lub moj khaum ntawm tsab xov xwm no, ua piv txwv li cov khoos phis tawm tshiab tshaj plaws ntawm Ubuntu kev ua haujlwm ntawm qhov server yuav nyob.

Kho SSH hauv Ubuntu

Yog tias koj tseem tsis tau ua tiav qhov kev teeb tsa ntawm lub server thiab client PCs, koj yuav tsum ua qhov pib no, txij li tus txheej txheem tag nrho yog qhov yooj yim heev thiab tsis siv sijhawm ntau. Yog xav paub cov ncauj lus kom ntxaws ntawm cov ncauj lus no, saib peb lwm tsab xov xwm ntawm qhov txuas hauv qab no. Nws tseem qhia txog cov txheej txheem los kho cov ntaub ntawv teeb tsa thiab kuaj kev ua haujlwm ntawm SSH, yog li hnub no peb yuav tsom mus rau ob peb lwm cov haujlwm.

Nyeem ntxiv: Ua haujlwm txhim kho SSH-server hauv Ubuntu

Tsim Ua RSA Key Pair

SSH tshiab khiv no tseem tsis tau muaj tus yuam sij tshwj tseg rau kev txuas ntawm tus neeg rau zaub mov rau tus neeg siv khoom thiab rov ua haujlwm dua. Tag nrho cov kev ntsuas no yuav tsum tau teeb tsa tam sim ntawd ua ke tom qab ntxiv tag nrho cov txheej txheem kev cai. Cov khub tseem ceeb ua haujlwm siv RSA algorithm (luv rau cov npe ntawm cov neeg tsim khoom Rivest, Shamir thiab Adleman). Ua tsaug rau cov ntawv pov thawj no, cov yuam sij tshwj xeeb tau muab zais nrog siv cov cim tshwj xeeb. Txhawm rau tsim cov khub ntawm cov pej xeem, koj tsuas yog yuav tsum sau cov lus txib tsim nyog rau hauv lub console thiab ua raws cov lus qhia uas tshwm sim.

1. Mus ua hauj lwm nrog "Chaw Nres Tsheb" txhua txoj hauv kev yooj yim, piv txwv, qhib nws los ntawm cov ntawv qhia zaub mov lossis qhov tseem ceeb ua ke Ctrl + kev + T.



2. Sau hais kom uassh-keygenthiab ces nias tus yuam sij Sau.



3. Koj yuav tsum tau kev tshoov siab los tsim cov ntaub ntawv uas cov yuam sij tau txais kev cawmdim. Yog koj xav tawm ntawm lawv mus rau qhov chaw nyob tsis raug, cia li nyem rau ntawm Sau.



4. Tus yuam sij pej xeem tuaj yeem tiv thaiv los ntawm kab lus hla. Yog tias koj xav siv qhov kev xaiv no, sau ib lo lus zais hauv kab ntawv uas tau tshwm sim. Ntaus cov cim yuav tsis ua kom pom. Hauv txoj kab tshiab, koj yuav tsum rov ua nws dua.



5. Tom ntej no, koj yuav pom ib qho kev ceeb toom uas tus yuam sij tau txais kev cawm, thiab koj tuaj yeem tuaj yeem paub koj tus kheej nrog nws cov duab ntawm random.

Tam sim no muaj cov khub tsim ntawm cov yuam sij - zais cia thiab pej xeem, uas yuav siv rau kev sib txuas ntxiv ntawm cov khoos phis tawm. Koj tsuas yog yuav tsum tso tus yuam sij rau tus neeg rau zaub mov rau SSH kev lees paub kom ua tiav.

Luam cov pej xeem yuam rau tus neeg rau zaub mov

Muaj peb txoj hauv kev ntawm kev luam cov yuam sij. Lawv txhua tus yuav zoo tshaj plaws hauv ntau lub sijhawm thaum, piv txwv li, ib txoj hauv kev tsis ua haujlwm lossis tsis haum rau tus neeg siv tshwj xeeb. Peb xav kom xaiv tag nrho peb txoj kev xaiv, pib nrog qhov yooj yim thiab ua haujlwm zoo tshaj.

Qhov Xaiv 1: ssh-copy-id hais kom ua

Pab (team)ssh-copy-idNws tau tsim rau hauv kev ua haujlwm, yog li koj tsis tas yuav nruab cov khoom siv ntxiv los khiav nws. Ua raws li cov lus cim yooj yim txhawm rau luam ib tus yuam sij. Hauv "Chaw Nres Tsheb" yuav tsum nkag musssh-copy-id username @ remote_hostqhov twg username @ remote_host yog lub npe ntawm lub chaw taws teeb koos pis tawj.

Thawj zaug koj txuas, koj yuav tau txais ib tsab ntawv ceeb toom:

Tus qhab nia ntawm lub tuam tsev '203.0.113.1 (203.0.113.1)' tsis tuaj yeem tsim.
ECDSA ntiv tes tseem ceeb yog fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Koj puas paub tseeb tias koj xav txuas txuas ntxiv (yog / tsis yog)? yog lawm

Koj yuav tsum qhia kom meej yog lawm los txuas ntxiv qhov txuas. Tom qab ntawd, cov nqi hluav taws xob yuav ntawm nws tus kheej tshawb nrhiav qhov tseem ceeb hauv daim ntawv ntawm cov ntawvid_rsa.pubuas tau tsim ua ntej. Yog tias ua tiav, qhov tshwm sim hauv qab no yuav tshwm:

/ usr / bin / ssh-copy-id: INFO: sim nkag mus nrog tus yuam sij tshiab, los lim tawm ib qho twg uas twb tau nruab
/ usr / bin / ssh-copy-id: INFO: 1 key (s) nyob twj ywm rau nruab - yog tias koj tam sim no nws yog los nruab tus yuam sij tshiab
[email protected] tus password:

Qhia kom paub lo lus zais los ntawm cov chaw taws teeb kom cov nqi hluav taws xob tuaj yeem nkag mus. Cov cuab yeej yuav luam cov ntaub ntawv los ntawm cov pej xeem cov ntaub ntawv tseem ceeb ~ / .ssh / id_rsa.pub, thiab tom qab ntawd cov lus yuav tshwm ntawm qhov screen:

Tus lej ntawm tus yuam sij ntxiv: 1

Tam sim no sim nkag mus rau hauv lub tshuab, nrog: "ssh '[email protected]'"
thiab tshawb xyuas kom ntseeg tau tias tsuas yog tus yuam sij uas koj xav tau ntxiv xwb.

Cov tsos ntawm cov ntawv nyeem txhais tau hais tias tus yuam sij tau ntse mus rau hauv tej thaj chaw deb lub computer, thiab tam sim no yuav tsis muaj teeb meem kev sib txuas.

Qhov Xaiv 2: Luam qhov tseem ceeb rau pej xeem los ntawm SSH

Yog tias koj tsis tuaj yeem siv tus nqi hluav taws xob uas tau hais los saum toj no, tab sis koj muaj tus password los nkag rau hauv SSH cov chaw taws teeb, koj tuaj yeem tso koj tus yuam sij siv tus kheej, yog li ua kom paub tseeb ntxiv ruaj khov thaum txuas. Siv rau cov lus txib no miv, uas yuav nyeem cov ntaub ntawv los ntawm cov ntawv, thiab tom qab ntawd lawv yuav muab xa mus rau tus neeg rau zaub mov. Koj yuav tsum sau kab nkag hauv lub console

miv ~ / .ssh / id_rsa.pub | ssh username @ remote_host "mkdir -p ~ / .ssh && kov ~ / .ssh / tso cai_key && chmod -R mus = ~ / .ssh && miv >> ~ / .ssh / tso cai_key".

Thaum twg ib lo lus zoo nkaus li

Tus qhab nia ntawm lub tuam tsev '203.0.113.1 (203.0.113.1)' tsis tuaj yeem tsim.
ECDSA ntiv tes tseem ceeb yog fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Koj puas paub tseeb tias koj xav txuas txuas ntxiv (yog / tsis yog)? yog lawm

txuas txuas ntxiv mus thiab ntaus tus password los nkag rau server. Tom qab ntawd, tus yuam sij pej xeem yuav raug muab luam tawm mus txog qhov kawg ntawm cov ntaub ntawv teeb tsa. kev tso cai_key.

Qhov Xaiv 3: Kev Ceev Luam Ntawm Cov Pej Xeem Cov Ntsiab Lus

Yog tias tsis muaj kev nkag mus rau lub khoos phis tawm nyob deb dhau los ntawm SSH server, txhua theem saum toj no yog ua los ntawm tus kheej. Txhawm rau ua qhov no, ua ntej tshaj kom paub cov ntaub ntawv tseem ceeb ntawm server PC los ntawm kev hais kom uamiv ~ / .ssh / id_rsa.pub.

Cov kab hauv qab no yuav tshwm rau ntawm lub vijtsam:ssh-rsa + cim txheej yuam == demo @ xeem ntawvCov. Tom qab ntawd, mus ua haujlwm ntawm cov chaw taws teeb, qhov twg tsim cov ntawv qhia tshiab los ntawmmkdir -p ~ / .sshCov. Nws ntxiv rau tsim cov ntaub ntawvkev tso cai_keyCov. Ntxiv mus, ntxig tus yuam sij uas koj tau kawm dhau losecho + public key hlua >> ~ / .ssh / tso cai_keyCov. Tom qab ntawv, koj tuaj yeem sim sim kuaj xyuas qhov tseeb nrog tus neeg rau zaub mov tsis tas yuav siv cov password.

Kev lees paub ntawm tus neeg siv siv tus yuam sij tsim tawm

Hauv seem yav dhau los, koj tau kawm txog peb txoj hauv kev los luam lub pob tseem ceeb hauv computer mus rau ib lub server. Kev ua li no yuav cia koj txuas tsis tas siv tus password. Tus txheej txheem no yog ua los ntawm kab kev hais kom nkag losshh ssh username @ remote_hostqhov twg username @ remote_host - lub npe thiab tus tswv ntawm lub computer xav tau. Thawj zaug koj txuas, koj yuav tau txais ntawv ceeb toom ntawm qhov kev tsis sib xws thiab koj tuaj yeem txuas ntxiv los ntawm xaiv yog lawm.

Qhov kev sib txuas yuav tshwm sim tau yog tias tsis muaj kab lus zais tshwj xeeb thaum lub sijhawm tsim ntawm khub tseem ceeb. Tsis li, koj yuav tsum xub nkag nws ua ntej txhawm rau txuas ntxiv ua haujlwm nrog SSH.

Kev xiam kev paub lo lus zais

Qhov kev ua tiav zoo ntawm kev luam theej tseem ceeb raug txiav txim siab nyob rau hauv qhov xwm txheej thaum tuaj yeem nkag mus rau lub server tsis tas siv tus password. Txawm li cas los xij, lub peev xwm los txheeb xyuas qhov tseeb hauv txoj kev no tso cai rau cov neeg siv dag zog siv tus password tsoo cov cuab yeej thiab tawg kom muaj kev sib txuas. Nws yuav muaj peev xwm tiv thaiv koj tus kheej los ntawm cov xwm txheej zoo li no los ntawm kev xiam kev nkag lo lus zais nkag rau hauv SSH qhov chaw teeb tsa. Qhov no yuav xav tau:

1. Hauv "Chaw Nres Tsheb" qhib cov ntaub ntawv teeb tsa los ntawm cov ntawv kho siv siv cov lus txibsudo gedit / etc / ssh / sshd_config.



2. Nrhiav txoj kab "PasswordAuthentication" thiab tshem tawm daim paib # thaum pib mus rau uncomment lub parameter.



3. Hloov tus nqi rau tsis muaj thiab txuag lub teeb tsa tam sim no.



4. Kaw cov editor thiab rov pib dua lub serversudo systemctl rov ssh.

Lo lus zais kev txheeb xyuas yuav raug puas tsuaj, thiab nws yuav nkag mus nkag rau cov neeg rau zaub mov tsuas yog siv cov yuam sij tshwj xeeb tau tsim rau qhov no nrog RSA algorithm.

Kho cov txheej txheem hluav taws kub txheem

Nyob rau hauv Ubuntu, lub neej hluav taws xob ua ntej yog Uncomplicated Firewall (UFW). Nws tso cai rau koj kom tso cai sib txuas rau cov kev pabcuam uas tau xaiv. Txhua daim ntawv thov tsim nws tus kheej profile hauv qhov cuab yeej no, thiab UFW tswj hwm lawv, cia lossis tshem tawm kev sib txuas. Kev teeb tsa SSH profile los ntawm kev ntxiv rau hauv daim ntawv yog li hauv qab no:

1. Qhib cov npe ntawm firewall profiles los ntawm cov lus txibsudo ufw app sau.



2. Ntaus koj tus lej cim nyiaj nkag mus saib cov ntaub ntawv.



3. Koj yuav pom cov npe ntawm cov ntawv thov muaj, nrog lawv yuav tsum yog OpenSSH.



4. Tam sim no koj yuav tsum tso cai rau kev sib txuas los ntawm SSH. Ua li no, ntxiv rau nws mus rau daim ntawv teev cov ntaub ntawv tso cai sivsudo ufw cia OpenSSH.



5. Qhib lub foob pob hluav taws los ntawm kev hloov kho cov cai,sudo ufw pab.



6. Txhawm rau kom ntseeg tau tias kev sib txuas tau raug tso cai, koj yuav tsum tau muab tshuajsudo ufw xwm txheej, tom qab uas koj yuav pom cov xwm txheej network.

Qhov no ua tiav peb cov SSH kev teeb tsa cov lus qhia hauv Ubuntu. Ntxiv mus ntawm cov ntaub ntawv configuration thiab lwm yam kev ntsuas tau nqa tawm tus kheej los ntawm txhua tus neeg siv raws li nws qhov kev thov. Koj tuaj yeem paub zoo nrog kev ua ntawm txhua qhov ntawm SSH hauv cov ntaub ntawv ntawm cov qauv ntawm cov kev cai.