Configure SSH hauv Ubuntu

SSH (Secure Shell) siv tshuab kev ruaj ntseg hauv chaw taws teeb ntawm lub computer los ntawm kev sib txuas lus ruaj ntseg. SSH encrypts tag nrho cov ntaub ntawv pauv, nrog rau cov passwords, thiab kuj transmits kiag li txhua tus network raws tu qauv. Rau lub cuab tam ua hauj lwm kom raug, nws yog ib qhov tsim nyog tsis yog rau nruab nws, tab sis kuj yuav tsum configure nws. Peb xav tham txog cov khoom ntawm lub ntsiab lus hauv tsab xov xwm no, kev ua ib qho piv txwv qhov tseeb version ntawm Ubuntu operating system uas tus neeg rau zaub mov yuav nyob.

Configure SSH hauv Ubuntu

Yog hais tias koj tsis tau ua tiav qhov kev txhim kho rau tus neeg rau zaub mov thiab tus neeg tau txais PCs, koj yuav tsum ua nws pib, txij thaum tag nrho tus txheej txheem yog yooj yim heev thiab tsis siv sijhawm ntau. Yog xav paub ntxiv txog cov ntsiab lus no, mus saib peb lwm tsab xov xwm ntawm qhov txuas mus ntxiv no. Nws kuj qhia tau hais tias tus txheej txheem rau kev kho cov ntaub ntawv thiab kev soj ntsuam SSH, hnub no peb yuav nyob rau lwm yam dej num.

Nyeem ntxiv: Txhim kho SSH-neeg rau zaub mov hauv Ubuntu

Tsim ib qho khub RSA qhov tseem ceeb

Tus tshiab SSH ntsia tsis muaj cov kev cai tswjhwm rau kev sib txuas los ntawm kev sib txuas lus ntawm tus neeg rau zaub mov thiab lwm tus lwm tus. Tag nrho cov kev txwv no yuav tsum tau teem caij rau tus kheej tam sim tom qab ntxiv tag nrho cov khoom ntawm tus qauv. Lub khub tseem ceeb ua haujlwm siv lub RSA algorithm (luv luv rau cov npe ntawm cov neeg tsim khoom ntawm Rivest, Shamir, thiab Adleman). Tsaug no cryptosystem, tshwj xeeb tuav yog encrypted siv tshwj xeeb algorithms. Kom tsim tau ib nkawm ntawm cov pej xeem hauv lub lag luam, koj tsuas yog yuav tsum nkag rau cov lus txib tsim nyog hauv lub console thiab ua raws li cov lus qhia tshwm.

  1. Mus ua hauj lwm nrog "Terminal" txhua txoj hauv kev yooj yim, piv txwv, qhib qhov ncauj los ntawm cov ntawv qhia zaub mov los yog cov khoom ua ke Ctrl + Alt + T.
  2. Sau cov lus txibssh-keygenthiab tom qab ntawd nias tus yawm sij Sau.
  3. Koj yuav tau txais kev tshau siab kom tsim ib cov ntaub ntawv uas cov yuam sij yuav tau txais kev cawmdim. Yog tias koj xav kom lawv nyob hauv lub neej ntawd, cia li nyem rau Sau.
  4. Tus yuam sij pej xeem tuaj yeem yog kev tiv thaiv los ntawm ib qho kab lus. Yog tias koj xav siv qhov kev xaiv no, hauv kab los ntsib sau tus password. Cov cim kos npe yuav tsis tso tawm kom pom. Cov kab tshiab yuav tau rov hais dua.
  5. Tsis tas li ntawd koj yuav pom ib qho kev ceeb toom tias tus yuam sij tau txais kev cawmdim, thiab koj yuav tau txais cov neeg txawj ntse nrog nws cov duab graphic.

Tam sim no muaj ib tug tsim khub ntawm cov yawm sij - zais cia thiab qhib, uas yuav siv rau kev txuas ntxiv ntawm cov computers. Koj tsuas yog yuav tsum muab tus yuam sij rau tus neeg rau zaub mov kom SSH authentication zoo.

Luam cov pej xeem yuam rau tus neeg rau zaub mov

Nws muaj peb txoj kev luam cov ntawv. Txhua tus yuav tau txais kev pom zoo nyob rau ntau lub sijhawm, piv txwv li, ib qho ntawm txoj kev tsis ua haujlwm lossis tsis haum rau ib tus neeg siv. Peb tshaj tawm los xav txog tag nrho peb kev xaiv, pib nrog cov yooj yim tshaj thiab siv tau.

Qhov Xaiv 1: Kev hais kom ua ssh-copy-id

Pab Neegssh-daim ntawv-idua rau lub operating system, yog li rau qhov kev siv tsis tas yuav nruab ib qho ntxiv cov khoom. Ua raws li cov lus sau yooj yooj yim kom luam qhov tseem ceeb. Nyob rau hauv "Terminal" yuav tsum raug ntausssh-copy-id username @ remote_hostqhov twg username @ remote_host - lub npe ntawm cov chaw taws teeb computer.

Thaum koj thawj zaug txuas, koj yuav tau txais ib tsab ntawv ceeb toom:

Qhov tseeb ntawm tus tswv tsev '203.0.113.1 (203.0.113.1)' tsis tuaj yeem raug tsim.
ECDSA tseem ceeb ntiv tes yog fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d: 6d: 22: fe.
Koj puas paub tseeb tias koj xav txuas ntxiv mus (yog / tsis yog)? yog

Koj yuav tsum hais kom meej yog mus txuas ntxiv mus txuas ntxiv. Tom qab qhov no, lub chaw tso dej taws yuav nrhiav nws tus yawm sij hauv daim ntawv.id_rsa.pubuas tau tsim ua ntej lawm. Thaum pom zoo, qhov tshwm sim hauv qab no tshwm sim:

/ usr / bin / ssh-copy-id: INFO: Kuv twb ntsia lawm
/ usr / bin / ssh-copy-id: INFO: 1 tseem ceeb (s) nyob twj ywm yuav tsum tau ntsia
[email protected] tus password:

Qhia kom meej ntawm tus password los ntawm cov chaw taws teeb sab nraud kom lub chaw tso dej tuaj yeem nkag mus rau nws. Lub cuab yeej yuav luam cov ntaub ntawv los ntawm cov ntaub ntawv rau pej xeem huab hwm. ~ / .ssh / id_rsa.pubthiab ces cov lus yuav tshwm sim ntawm qhov screen:

Xov tooj ntawm tus yuam sij ntxiv: 1

Tam sim no sim logging rau hauv lub tshuab, nrog: "ssh '[email protected]'"
xyuas nws.

Cov tsos ntawm cov ntawv nyeem txhais tau hais tias tus yuam sij tau ntse downloaded mus rau lub chaw taws teeb computer, thiab tam sim no yuav tsis muaj teeb meem nrog kev twb kev txuas.

Qhov Xaiv 2: Luam cov pej xeem yuam ntawm SSH

Yog hais tias koj tsis muaj peev xwm siv lub chaw pabcuam saum toj no, tab sis muaj ib lo lus zais nkag mus rau hauv SSH neeg rau zaub mov, koj tuaj yeem thauj khoom koj tus neeg siv qhov tseem ceeb, ua li no kom ruaj khov ntxiv thaum siv. Siv cov lus txib no mivuas yuav nyeem cov ntaub ntawv los ntawm cov ntaub ntawv, thiab ces lawv yuav muab xa mus rau tus neeg rau zaub mov. Hauv lub console, koj yuav tsum nkag rau kab

miv ~ / .ssh / id_rsa.pub | ssh username @ remote_host "mkdir -p ~ / .ssh && touch ~ / .ssh / author_proved && chmod -R mus = ~ / .ssh & miv >> ~ / .ssh / authored".

Thaum twg cov lus tshwm

Qhov tseeb ntawm tus tswv tsev '203.0.113.1 (203.0.113.1)' tsis tuaj yeem raug tsim.
ECDSA tseem ceeb ntiv tes yog fd: fd: d4: f9: 77: fe: 73: 84: e1: 55: 00: ad: d: 6d: 22: fe.
Koj puas paub tseeb tias koj xav txuas ntxiv mus (yog / tsis yog)? yog

txuas ntxiv mus txuas ntxiv thiab sau tus zauv nkag mus rau hauv tus neeg rau zaub mov. Tom qab ntawd, cov pej xeem tseem ceeb yuav tau txais kev luam mus rau qhov kawg ntawm cov ntaub ntawv ua tiav. authorized_keys.

Qhov Xaiv 3: Manually luam cov pej xeem yuam

Nyob rau hauv cov ntaub ntawv ntawm tsis muaj kev nkag tau mus rau ib tug hauv tej thaj chaw deb lub computer ntawm ib tug SSH neeg rau zaub mov, tag nrho cov saum toj no cov kauj ruam yog tau manually. Ua li no, thawj zaug kawm txog tus yuam sij nyob rau hauv PC los ntawm kev hais kom uamiv ~ / .ssh / id_rsa.pub.

Qhov screen yuav tso tawm tej yam zoo li no:ssh-rsa + tseem ceeb li cim teeb == demo @ test. Tom qab ntawd mus ua hauj lwm nyob rau tej thaj chaw deb khoom, qhov twg tsim ib phau tshiabmkdir -p ~ / .ssh. Nws ntxiv thiab tsim ib daim ntawv.authorized_keys. Ntxiv mus, ntxig qhov tseem ceeb uas koj tau kawm ua ntejecho + pej xeem tseem ceeb txoj hlua >> ~ / .ssh / authorized_keys. Tom qab ntawd, koj tuaj yeem ua tiag tiag nrog cov neeg rau zaub mov uas tsis siv cov passwords.

Muaj tseeb hauv cov neeg rau zaub mov ntawm tus yuam sij generated

Nyob hauv tshooj dhau los, koj tau kawm txog peb txoj kev luam ntawm qhov tseem ceeb ntawm lub computer mus rau ib lub vas sab. Tej yam ntxim yuav tso cai rau koj mus txuas yam tsis tau siv ib lo lus zais. Cov txheej txheem no yog ua los ntawm cov kab hais kom ua los ntawm kev sau ntawvshh ssh username @ remote_hostqhov twg username @ remote_host - tus username thiab tus tswv tsev ntawm lub computer. Thaum koj thawj zaug txuas, koj yuav tau txais ntawv ceeb toom ntawm kev sib txawv tsis zoo thiab koj tuaj yeem txuas ntxiv los ntawm kev xaiv qhov kev xaiv yog.

Cov kev txuas yuav tshwm sim tau yog tias thaum lub sij hawm tseem ceeb ntawm tus tsim ib qho kev sau tsis tau sau tseg. Txwv tsis pub, koj yuav tsum xub nkag mus rau kev ua haujlwm nrog SSH.

Lov tes taw password authentication

Qhov zoo ntawm qhov tseem ceeb muab luam tawm yog pom nyob rau hauv qhov teeb meem thaum koj nkag tau rau cov neeg rau zaub mov uas tsis tau siv ib lo lus zais. Txawm li cas los xij, lub peev xwm los tshawb xyuas nyob rau hauv txoj kev no tso cai rau neeg raug mob siv cov cuab yeej los nrhiav ib lo lus zais thiab so rau hauv kev sib txuas ruaj ntseg. Tiv thaiv koj tus kheej los ntawm cov neeg mob yuav cia qhov kev xiam oob qhab ntawm tus ID nkag mus rau hauv SSH cov ntaub ntawv. Qhov no yuav tsum tau:

  1. Nyob rau hauv "Terminal" qhib cov ntaub ntawv configuration los ntawm tus editor siv qhov kev hais kom uasudo gedit / etc / ssh / sshd_config.
  2. Nrhiav kab PasswordAuthentication thiab tshem tawm cov cim # thaum pib mus ua tsis zoo rau qhov parameter.
  3. Hloov cov nqi rau tsis muaj thiab txuag lub teeb tsa tam sim no.
  4. Kaw cov editor thiab pib dua cov neeg rau zaub mov.sudo systemctl restart ssh.

Qhov password ntawm tus password yuav tsum yog neeg xiam oob qhab, thiab koj yuav nkag mus rau hauv cov neeg rau zaub mov tsuas yog siv cov yawm tshwj xeeb uas tsim rau qhov no nrog RSA algorithm.

Teem ib lub qauv thaiv kev ruaj ntseg

Nyob rau hauv Ubuntu, lub neej ntawd firewall yog Uncomplicated Firewall (UFW) firewall. Nws tso cai rau koj tso cai sib txuas rau cov kev pabcuam xaiv. Txhua daim ntawv sau nws tus kheej profile hauv qhov cuab yeej no, thiab UFW tswj lawv los ntawm kev tso cai lossis tsis sib txuas. Configuring tus SSH profile los ntawm kev ntxiv rau daim ntawv ua tiav raws li nram no:

  1. Qhib cov npe ntawm firewall profiles siv qhov lus txibsudo ufw app sau.
  2. Sau koj tus password kom pom cov ntaub ntawv.
  3. Koj yuav pom cov npe ntawm cov ntawv thov, OpenSSH yuav tsum yog ntawm lawv.
  4. Tam sim no koj yuav tsum tso cai txuas SSH. Ua li no, ntxiv nws mus rau daim ntawv teev cov kev cai pub sivsudo ufw cia OpenSSH.
  5. Txhawb lub firewall los ntawm kev muab kho dua cov caisudo ufw pab.
  6. Kom paub tseeb tias cov kev sib txuas raug tso cai, koj yuav tsum sausudo ufw txheej xwm, ces koj yuav pom cov xwm txheej network.

Qhov no ua tiav peb cov kev qhia SSH rau Ubuntu. Ntxiv configuration ntawm configuration ntaub ntawv thiab lwm yam tsis yog nqa tawm ntaub ntawv los ntawm txhua tus neeg siv raws li nws kev thov. Koj tuaj yeem paub koj tus kheej nrog rau kev ua haujlwm ntawm tag nrho cov khoom ntawm SSH rau hauv cov ntaub ntawv pov thawj ntawm tus qauv.