Sanya SSH don samun damar kalmar sirri

Willy Klew

3 minti

ssh

SSH, ko Secure Shell, amintaccen harsashi ne wanda ake amfani da shi don Samun damar nesa daga kowane irin na'urori zuwa sabobin, ta hanyar wani rami mai rami da kariya ta ɓoyewa, wanda ke ba shi tsaro wanda zai hana, ko kuma aƙalla ya sanya shi mai matukar wahala, cewa wasu kamfanoni na iya katse sunan mai amfani ko kalmar wucewa. Game da * Nix, muna da wannan yarjejeniya ta hanyar OpenSSH, saitin hanyoyin magance uwar garken abokin ciniki wanda ake samu a duk rarraba Linux da dandamali masu alaƙa kamar * BSD.

Yanzu, idan SSH ya ba mu kyakkyawan matakin tsaro, me yasa za mu so mu yi amfani da shi ba tare da buƙatar shigar da kalmar sirri ba? Akwai dalilai da yawa, amma wanda yafi fice kamar janareto shine buƙatar shiga nesa ta hanyar rubutun kuma aiwatar da manyan ayyuka, kuma shine kamar yadda muka sani sarai ba kyau a sanya wannan bayanan a cikin kowane rubutu. Don magance wannan matsalar za mu gani yadda ake samar da mabuɗan SSH don samun damar shiga daga nesa ba tare da buƙatar kalmar sirri ba.

Wannan yana bukatar mu samar da maɓallin jama'a da maɓallin keɓaɓɓu: na farko za'a adana shi akan sabar da zamu shiga kuma kamar yadda sunan ta ya nuna zamu iya aikawa ko raba shi, na biyun kuma za'a adana shi a kan na'urar (computer, smartphone, tablet) daga wacce zamu je iso ga sabar, kuma dole ne ta kasance kiyaye sosai kuma mu kawai muke amfani da shi ko kuma mutanen da muka amince da su.

Saboda abin da aka ambata a sakin layi na baya, yana da mahimmanci a yi sharhi cewa wannan nau'in maganin yana buƙatar babban nauyi a cikin kula da na'urorin da za mu shiga sabar, kuma wannan shine duk wanda ya sami damar za su iya shigar da shi ba tare da bukatar sanin kalmar sirri ba, wanda hakan babban hadari ne ga tsaro. Da wannan ya bayyana, bari mu ga yadda za mu fara, kuma don wannan abu na farko shi ne shigar da SSH daemon akan sabar:

# apt-samu shigar openssh-server

Yanzu dole ne mu ƙirƙiri .ssh kundin adireshi a cikin kundin adireshin mai amfani:

# mkdir -p $ GIDA / .ssh

# chmod 0700 $ GIDA / .ssh

# taba $ HOME / .ssh / izini_akai

Muna shirya fayil din / sauransu / ssh / sshd_config kuma mun tabbatar cewa layuka masu zuwa kamar yadda yake:

Bayani na PubkeyAe

IziniKeysFile% h / .ssh / izini_akai

Yanzu zamu je wurin abokin ciniki mu aiwatar:

ssh -keygen -t rsa

Za a gaya mana cewa ana kirkirar mabuɗin, kuma za a umarce mu da mu shigar da fayil ɗin da za a adana shi (a tsorace zai kasance a cikin gidanmu, a cikin fayil ɗin da ake kira /.ssh/id_rsa). Zamu iya latsa Shigar tunda wannan wurin yana yi mana aiki daidai, sannan kuma mu sake latsa Shigar da sau biyu da aka nema mu shigar da kalmar wucewa tun, tuna, za mu shiga da nisa ba tare da shigar da kowane bayanai ba don haka ba ma son kowace magana ko dai.

Yanzu muna da maɓallin jama'a, dole ne mu raba shi tare da waɗancan kwamfutocin da za mu haɗa su. Fahimtar cewa sabar da muke magana tana da adireshin 192.168.1.100, abin da yakamata kayi shine:

ssh-copy-id -i $ HOME / .ssh / id_rsa.pub root@192.168.1.100

Bayan yin kwafa, za a gayyace mu zuwa yi m login don gwada makullin, kuma dole ne a yi la'akari da hakan a wannan yanayin tushen Asusun ne da za mu iya isa ga sabar, don haka idan za mu so mu yi shi tare da wani mai amfani dole ne mu gyara tushen asusun mai amfani wanda za mu yi aikin da shi. samun dama ta hanyar SSH.

Yanzu kawai zamu sake farawa da sabar SSH don ɗaukar sabon tsari:

# /etc/init.d/ssh sake kunnawa

Daga yanzu, idan muna son samun damar sabar na biyu kuma yin hakan ba tare da shigar da kalmar wucewa ba, dole kawai mu aika da mabuɗin jama'a, wanda kawai muke maimaita matakin ƙarshe, canza mai amfani da adireshin IP kamar yadda ya cancanta:

ssh-copy-id -i $ HOME / .ssh / id_rsa.pub admin@192.168.1.228


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   bushann m
    sa 4 shekaru

    Godiya ga bayanin amma babu komai… babu wata hanya….
    Na kasance ina ƙoƙari duk safiya kuma koyaushe yana neman kalmar sirri.
    Wani lokaci da suka gabata na gwada kuma na barshi da wahala saboda dalili guda for.
    Na ƙirƙiri mabuɗi na akan Macbook ɗina, kwafa shi zuwa rasberi na a ~ / .ssh / iziniKeys
    Na saita sshd.conf tare da tabbatarwa ga jama'a kuma in tabbatar cewa kundin makullin daidai inda mabuɗan suke. Na sake farawa rasberi kuma lokacin da nake haɗa shi yana sake tambayata kalmar sirri
    Me zai iya kasawa?

    Amsa wa dryant
    1.    bushann m
      sa 4 shekaru

      Bayan awowi da yawa ina gwada abubuwa da yawa, na gano cewa tare da wanda na kirkira mai amfani bai taba aiki ba, amma tare da mai amfani da ake kira "ubuntu" yana aiki a karon farko.
      Duk wani bayani kan me yasa hakan na iya faruwa?
      Gaisuwa da godiya

      Amsa wa dryant