La Ingancin abubuwa biyu (2FA) ba wani abu bane na musamman da za'a iya amfani dashi akan kafofin watsa labarun ko a kowane gidan yanar gizo. Hakanan, ana iya aiwatar da wannan matakan tsaro a cikin tsarin aiki.
Abin da ya sa kenan A yau zamu ga yadda ake aiwatar da ingantattun abubuwa biyu a cikin SSH a cikin Ubuntu da kuma abubuwanda suke amfani dasu ta hanyar amfani da sanannen Google Authenticator wanda zai iya inganta tsaron sabarka ta OpenSSH.
A yadda aka saba, kawai kuna buƙatar shigar da kalmar wucewa ko amfani da maɓallin SSH don shiga cikin tsarinku nesa.
Ingancin abubuwa biyu (2FA) yana buƙatar shigar da bayanai guda biyu don shiga.
Sabili da haka, kuna buƙatar shigar da kalmar wucewa ɗaya-lokaci don shiga cikin sabarku ta SSH.
Ana lissafin wannan kalmar wucewa ta lokaci ɗaya ta amfani da algorithm TOTP, wanda shine daidaitaccen IETF.
Girkawa da daidaitawar Mai Tabbatar da Google a cikin Ubuntu da abubuwan ban sha'awa
Mataki na farko da zamu aiwatar shine sanya Google Authenticator a cikin tsarin mu, don haka zamu bude tashar a cikin tsarin (ana iya yin hakan ta hanyar hadewar mabuɗin "Ctrl + Alt + T) kuma a ciki zamu buga wannan umarnin:
sudo apt install libpam-google-authenticator
Girkawa tayi Za mu gudanar da sabon aikace-aikacen da aka shigar tare da umarni mai zuwa:
google-authenticator
Lokacin aiwatar da wannan umarnin, abin da zamu yi shine sanya maɓallin keɓaɓɓe kuma wannan zai tambaye mu idan muna son amfani da alamun bisa lokaci, wanda zamu amsa eh.
Bayan wannan, za su ga lambar QR wanda za su iya yin amfani da su ta hanyar amfani da TOTP a wayar su.
Anan Muna ba da shawarar amfani da aikace-aikacen Gaskiyan Google a wayarku ta hannu.I, saboda haka zaka iya girka aikin ta hanyar Google Play ko Apple App Store a wayarka ta hannu.
Dama kuna da aikace-aikacen akan wayarku, dole ne ku binciki lambar QR tare da shi. Ka tuna cewa kana buƙatar faɗaɗa taga don bincika duka lambar QR.
QR code yana wakiltar maɓallin sirri, wanda kawai sananne ne ga sabar ta SSH da kuma Google Authenticator app.
Da zarar an binciki lambar QR, za su iya ganin wata alama ta lamba shida a wayar su. Ta tsoho wannan alamar tana ɗaukar sakan 30 kuma dole ne a shiga don shiga Ubuntu ta hanyar SSH.
A cikin tashar kuma zaku iya ganin lambar sirrin, da lambar tabbatarwa da lambar farawar gaggawa.
Daga ciki muke ba da shawarar cewa ka ajiye wannan bayanin a cikin amintaccen wuri don amfanin gaba. Daga cikin sauran tambayoyin da ake mana, zamu amsa kawai ta hanyar buga harafin y.
Kafa SSH don amfani tare da Google Authenticator
Tuni mun dogara da abin da ke sama, Yanzu za mu yi daidaitaccen tsari don mu iya amfani da haɗin SSH a cikin tsarinmu tare da Google Authenticator.
A cikin m vZa mu rubuta umarnin mai zuwa
sudo nano /etc/ssh/sshd_config
A cikin fayil din za mu nemi layuka masu zuwa kuma zamu canza waɗannan zuwa "eh", kasancewa kamar haka:
UsePAM yes ChallengeResponseAuthentication yes
Da zarar an canza canje-canje, adana canje-canjen da aka yi tare da Ctrl + O kuma rufe fayil ɗin tare da Ctrl + X.
A cikin wannan tashar za mu sake farawa SSH tare da:
sudo systemctl restart ssh
Ta hanyar tsoho, tabbatarwa yana buƙatar shigar da kalmar wucewa mai amfani don shiga.
Don haka bari mu gyara fayil ɗin dokokin PAM don SSH daemon.
sudo nano /etc/pam.d/sshd
A farkon wannan fayil ɗin, zaku iya ganin layi mai zuwa, wanda ke ba da izinin kalmar sirri
ChallengeResponseAuthentication
Wanda dole ne mu saita shi zuwa eh.
Don inganta ingantaccen kalmar sirri sau ɗaya, ƙara layuka biyu masu zuwa.
@include common-auth #One-time password authentication via Google Authenticator auth required pam_google_authenticator.so
Adana kuma ka rufe fayil ɗin.
Daga yanzu, duk lokacin da suka shiga tsarinka ta hanyar haɗin SSH, za a sa su shigar da kalmar sirri na mai amfani da lambar tabbatarwa (kalmar sirri ta lokaci guda ta Google Authenticator).
Barka dai, koyawa mai sauki, duk da haka, da zarar nayi duk matakan da ba zan iya shiga ta ssh ba, hakan yana jefa min kuskuren kalmar sirri, ba zan iya neman 2FA ba.
Ina da Ubuntu Server 20.04