Harkokin SSH (Secure Shell) yana ba da damar tsauraran matakan tsaro na kwamfuta ta hanyar haɗin haɗin. SSH ya kulla duk fayilolin da aka canjawa, ciki har da kalmomin shiga, kuma ya watsa dukkanin yarjejeniyar sadarwa. Domin kayan aiki don yin aiki daidai, ba lallai ba ne kawai don shigar da shi ba, amma kuma don saita shi. Muna so muyi magana game da samfurin maganganu na ainihi a cikin wannan labarin, misali misali sabon tsarin tsarin Ubuntu wanda za'a sa uwar garke.
A saita SSH a Ubuntu
Idan ba ka kammala shigarwa a kan uwar garke da kuma kamfanonin PC ɗin ba, ya kamata ka yi shi tun farko, tun lokacin da dukan hanya ya zama mai sauƙi kuma bai dauki lokaci mai yawa ba. Domin cikakkun jagora game da wannan batu, duba shafinmu na gaba a link mai zuwa. Har ila yau yana nuna hanya don gyara fayil ɗin sanyi da gwajin SSH, don haka a yau za mu zauna a kan wasu ayyuka.
Kara karantawa: Shigar SSH-uwar garke a Ubuntu
Samar da maɓallin RSA key
Sabuwar shigar SSH ba ta da mahimman kalmomi don haɗi daga uwar garken zuwa abokin ciniki kuma a madadin. Duk waɗannan sigogi dole ne a saita su da hannu nan da nan bayan daɗa dukkan abubuwan da ke cikin yarjejeniya. Maɓallin maɓalli suna amfani da RSA algorithm (takaice don sunayen masu ci gaba na Rivest, Shamir, da Adleman). Godiya ga wannan cryptosystem, maɓallan musamman suna ɓoye ta amfani da algorithms na musamman. Don ƙirƙirar maɓallai na jama'a, kawai buƙatar shigar da umarnin da aka dace a cikin na'ura kuma bin umarnin da ya bayyana.
- Ku je aiki tare "Ƙaddara" kowane hanya mai dacewa, alal misali, ta buɗe shi ta hanyar menu ko haɗuwa da makullin Ctrl + Alt T.
- Shigar da umurnin
ssh-keygen
sannan kuma danna maballin Shigar. - Za a sa ka ƙirƙiri fayil inda za a ajiye makullin. Idan kana so ka ci gaba da su a wurin da ba a taɓa ba, danna kawai Shigar.
- Ƙungiyar jama'a za a iya kariya ta wata kalma. Idan kana so ka yi amfani da wannan zaɓi, a cikin layin da aka bayyana ya rubuta kalmar sirri. Abubuwan da aka shigar ba za a nuna su ba. Sabon layi zai buƙata maimaita shi.
- Bugu da ari za ku ga sanarwar cewa an ajiye maɓallin, kuma ku ma za ku iya fahimtar siffar hoto mai ban mamaki.
Yanzu akwai nau'ikan maɓalli guda biyu - asiri da kuma bude, wanda za'a yi amfani dashi don haɗin haɗi tsakanin kwakwalwa. Kuna buƙatar sanya maɓallin a kan uwar garken don tabbatar da asirin SSH ya ci nasara.
Kwafa maɓallin jama'a ga uwar garke
Akwai hanyoyi uku don kwashe maɓallan. Kowannensu zai kasance mafi kyau a wasu yanayi inda, alal misali, ɗayan hanyoyin ba ya aiki ko bai dace da mai amfani ba. Muna ba da shawara muyi la'akari da dukkanin zaɓuɓɓuka guda uku, farawa tare da mafi sauki da tasiri.
Zabin 1: umurnin ssh-copy-id
Ƙungiyarssh-copy-id
gina cikin tsarin aiki, don haka don aiwatarwa bazai buƙatar shigar da wasu kayan haɓaka ba. Bi umarnin sauƙi don ƙwaƙwalwa maɓallin. A cikin "Ƙaddara" dole ne a shigarssh-copy-id sunan mai amfani @ remote_host
inda sunan mai amfani @ remote_host - sunan kwamfuta mai nisa.
Lokacin da ka fara haɗawa, za ka karbi rubutun sanarwa:
Babu amincin mai watsa shiri '203.0.113.1 (203.0.113.1)' ba za'a iya kafa ba.
Alamar yatsa ta ECDSA fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Shin kuna tabbatar kuna son ci gaba da haɗawa (a / a'a)? eh
Dole ne ku saka wani zaɓi eh don ci gaba da haɗin. Bayan wannan, mai amfani zai nemi kansa don neman maɓalli a cikin hanyar fayil.id_rsa.pub
An halicce shi a baya. Bayan ganowar nasara, ana nuna sakamakon wannan:
/ usr / bin / ssh-copy-id: INFO: Na riga an shigar
/ usr / bin / ssh-copy-id: INFO: 1 key (s) kasance da za a shigar
[email protected] ta kalmar sirri:
Saka kalmar sirri daga mai karɓa ta tsakiya domin mai amfani zai iya shigar da shi. Wannan kayan aiki zai kwafi bayanai daga fayil ɗin maɓallin jama'a. ~ / .ssh / id_rsa.pubsannan kuma sakon zai bayyana akan allon:
Yanzu kokarin shiga cikin inji, tare da: "ssh '[email protected]'"Lambar maɓalli (s) da aka kara: 1
duba shi.
Bayyana irin wannan rubutu yana nufin cewa an ɗora maɓallin don saukewa zuwa kwamfuta mai ƙaura, kuma yanzu babu matsala tare da haɗi.
Zabin 2: Kwafi maɓallin jama'a ta hanyar SSH
Idan baza ku iya amfani da mai amfani da aka ambata ba, amma kuna da kalmar wucewa don shiga cikin uwar garken SSH mai nĩsa, za ku iya ɗaukar maɓallin mai amfani da hannu, don haka tabbatar da ƙaura ƙirar lokacin da aka haɗa. An yi amfani da shi don wannan umurnin catwanda zai karanta bayanan daga fayil ɗin, sannan a aika su zuwa uwar garke. A cikin kwakwalwa, kuna buƙatar shigar da layin
cat ~ / .ssh / id_rsa.pub | ssh sunan mai amfani @ remote_host "mkdir -p ~ / .ssh && touch ~ / .ssh / permission_keys && chmod -R tafi = ~ / .ssh && cat >> ~ / .ssh / permission_keys"
.
Lokacin da saƙo ya bayyana
Babu amincin mai watsa shiri '203.0.113.1 (203.0.113.1)' ba za'a iya kafa ba.
Alamar yatsa ta ECDSA fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d6: 6d: 22: fe.
Shin kuna tabbatar kuna son ci gaba da haɗawa (a / a'a)? eh
ci gaba da haɗawa da shigar da kalmar shiga don shiga cikin uwar garke. Bayan haka, za a buga maɓallin jama'a ta atomatik zuwa ƙarshen fayil na sanyi. masu izini.
Zabin Na 3: Yin kwafin maɓalli na jama'a
Idan ba'a iya samun dama ga komputa mai nisa ta hanyar uwar garken SSH, duk matakan da ke sama an yi tare da hannu. Don yin wannan, ka fara koya game da maɓallin keɓaɓɓen PC ɗin ta hanyar umarnincat ~ / .ssh / id_rsa.pub
.
Allon zai nuna wani abu kamar haka:ssh-rsa + key a matsayin halayyar sa == demo @ gwajin
. Bayan haka je aiki a kan na'ura mai nisa, inda za a samar da sabon shugabanci ta hanyarmkdir -p ~ / .ssh
. Yana bugu da žari halitta fayil.masu izini
. Next, saka maɓallin da ka koya a bayaKira + maɓallin maɓalli na jama'a "~ / .ssh / permission_keys
. Bayan haka, zaku iya gwadawa tare da uwar garke ba tare da yin amfani da kalmomin shiga ba.
Tabbatarwa akan uwar garke ta hanyar maɓallin da aka samar
A cikin ɓangaren da suka gabata, ka koya game da hanyoyi uku don kwashe maɓallin keɓaɓɓen kwamfuta zuwa uwar garke. Irin waɗannan ayyuka za su ba ka damar haɗi ba tare da amfani da kalmar sirri ba. Anyi wannan hanya daga layin umarni ta bugasunan mai amfani ssh shsh @ remote_host
inda sunan mai amfani @ remote_host - sunan mai amfani da kuma masaukin kwamfutar da ake so. Lokacin da ka fara haɗi, za a sanar da kai game da haɗin da ba a sani ba kuma zaka iya ci gaba ta zabi wannan zaɓi eh.
Haɗin zai faru ta atomatik idan a lokacin maɓallin keɓaɓɓiyar maɓallin halitta fassarar ba a ƙayyade ba. In ba haka ba, dole ne ka fara shigar da shi don ci gaba da aiki tare da SSH.
Kashe maganin kalmar sirri
An yi la'akari da wuri na cike da mahimmin rubutu a halin da ake ciki lokacin da za ka iya shigar da uwar garke ba tare da amfani da kalmar sirri ba. Duk da haka, ƙwarewar yin gaskatawa ta wannan hanya yana bawa damar ƙwaƙwalwa don amfani da kayan aiki don neman kalmar sirri kuma fashe cikin haɗin haɗi. Don kare kanka daga irin waɗannan lokuta zai ba da cikakken damar warware kalmar sirri ta shiga cikin tsarin sanyi na SSH. Wannan zai buƙaci:
- A cikin "Ƙaddara" bude fayil din sanyi ta hanyar editan ta yin amfani da umurnin
sudo gedit / sauransu / ssh / sshd_config
. - Nemo layin PasswordAuthentication kuma cire alamar # a farkon zuwa uncomment da saitin.
- Canja darajar zuwa babu da kuma adana sanyi na yanzu.
- Rufe edita kuma sake farawa uwar garke.
sudo systemctl sake farawa ssh
.
Bayanan kalmar sirri za a kashe, kuma zai yiwu ya shiga cikin uwar garke ta yin amfani da maɓallan musamman akan wannan don tare da RSA algorithm.
Ƙirƙirar tafin wuta
A Ubuntu, tacewar tafin wuta ita ce Tacewar Tace Firewall (UFW). Yana ba ka damar izinin haɗi don ayyukan da aka zaɓa. Kowace aikace-aikacen ya ƙirƙiri bayanin kansa a wannan kayan aiki, kuma UFW ta sarrafa su ta hanyar kyale ko ƙin haɗi. Haɓaka wani bayanin SSH ta ƙara da shi zuwa lissafi an yi kamar haka:
- Bude jerin sunayen bayanan firewall ta amfani da umurnin
sudo ufw app list
. - Shigar da kalmar sirri don nuna bayanin.
- Za ku ga jerin jerin aikace-aikace, OpenSSH ya kasance daga cikinsu.
- Yanzu ya kamata ka bar haɗin kan SSH. Don yin wannan, ƙara da shi zuwa lissafin bayanan martaba da aka yi amfani da su
sudo ufw ba da damar OpenSSH
. - Yarda da Tacewar Taimako ta hanyar sabunta dokoki
sudo ufw damar
. - Don tabbatar da an yarda haɗin haɗi, ya kamata ka rubuta
sudo ufw hali
, to, za ku ga matsayi na cibiyar sadarwa.
Wannan ya kammala umarnin mu na SSH don Ubuntu. Ƙarin cikewar fayil ɗin sanyi da sauran sigogi ana aiwatarwa da kaina ta kowane mai amfani a ƙarƙashin buƙatunsa. Zaka iya fahimtar kanka tare da aiki na dukkan kayan SSH a cikin takardun aikin hukuma na yarjejeniyar.