Maitiro ekugadzirisa maviri echinhu chokwadi muSSH muUbuntu?

Darkcrizt

4 maminitsi

Mbiri-chinhu-Kusimbisa

La Zvinhu zviviri-chokwadi (2FA) hachisi chinhu chakasarudzika chinogona kushandiswa pasocial media kana pane chero imwe webhusaiti. Huye, ichi chiyero chekuchengetedza chinogona zvakare kuitwa mukati meinoshanda system.

Ndokusaka Nhasi tichaona maitiro ekushandisa maviri-chinhu chokwadi muSSH muUbuntu uye zvigadzirwa zvichibva zvinonyatso kuzivikanwa Google Authenticator iyo inowedzera zvakanyanya chengetedzo yeOpenSSH server yako.

Kazhinji, iwe unongoda kuisa password kana kushandisa iyo SSH kiyi kuti upinde mune yako system kure.

Mbiri-chinhu kusimbiswa (2FA) inoda zvidimbu zviviri zveruzivo kuti zvipinde kuti upinde mukati.

Naizvozvo, iwe unozodawo kuisa iyo-nguva-yakavakirwa-imwe-nguva password kuti upinde mune yako SSH server.

Iri-kamwe-password rinowanikwa uchishandisa iyo TOTP algorithm, inova iyo IETF standard.

Kuiswa uye kumisikidzwa kweGoogle Authenticator muUbuntu uye zvigadzirwa

Nhanho yekutanga yatinozoita iko kuiswa kweGoogle Authenticator mune yedu system, saka isu tichaenda kuvhura terminal mune ino system (izvi zvinogona kuitwa nekiyi musanganiswa "Ctrl + Alt + T) uye mairi tichaenda kunyora murairo unotevera:

sudo apt install libpam-google-authenticator

Kuiswa kwaitwa isu ticha mhanyisa iyo ichangobva kuiswa application nemutemo unotevera:

google-authenticator

Kana tichiita uyu murairo, zvatichaita kupa kiyi yakavanzika uye izvi zvichatibvunza kana tichida kushandisa tokeni zvinoenderana nenguva, yatichapindura kuti hongu.

Mushure meizvi, ivo vanozoona QR kodhi iyo yavanogona kuongorora vachishandisa TOTP app pafoni yavo.

Pano Tinokurudzira kushandisa Google Authenticator application panharembozha yako.il, kuti ugone kuisa kunyorera kuburikidza neGoogle Play kana Apple App Store pane yako mbozhanhare.

Watova nechishandiso pafoni yako, unofanirwa tarisa iyo QR kodhi nayo. Ramba uchifunga kuti iwe unofanirwa kuwedzera iyo terminal hwindo kuti utarise iyo yose QR kodhi.

Iyo QR kodhi inomiririra chakavanzika kiyi, iyo inozivikanwa chete kune yayo SSH server uye neayo Google Authenticator app.

Kana iyo kodhi yeQR yaongororwa, vanogona kuona yakasarudzika manhamba matanhatu manhamba pafoni yavo. Nekutadza ichi chiratidzo chinotora masekondi makumi matatu uye chinofanirwa kuiswa kuti upinde muUbuntu kuburikidza neSSH.

google-chokwadi-chakavanzika-kiyi

Mune terminal iwe unozogonawo kuona yakavanzika kodhi, pamwe neiyo yekuongorora kodhi uye yekukurumidza emergency kodhi.

Kubva kwatinokurudzira kuti uchengete ruzivo urwu munzvimbo yakachengeteka kuti ushandise gare gare. Pamimwe mibvunzo yatakabvunzwa, isu tiri kungopindura hongu nekutaipa tsamba y.

Kugadzira SSH yekushandisa neGoogle Authenticator

Ndatove kuverenga pane zvataurwa pamusoro, Iye zvino tava kuzoita gadziriso inodiwa kuti tikwanise kushandisa iyo SSH kubatanidza mune yedu system neGoogle Authenticator.

Mumagetsi vTicha taipa rinotevera rairo

sudo nano /etc/ssh/sshd_config

Mukati mefaira isu tichaenda kutsvaga mitsara inotevera uye isu tichachinja izvi zvive "hongu", kuva zvinotevera:

UsePAM yes

ChallengeResponseAuthentication yes

Kamwe shanduko dzaitwa, chengetedza shanduko dzakaitwa neCtrl + O uye vhara iyo faira neCtrl + X.

Mune imwecheteyo terminal tinotangazve SSH ne:

sudo systemctl restart ssh

Nokusingaperi, kusimbiswa kunoda kuti vapinde mushandisi password kuti vapinde mukati.

Kuti ngatigadzirise iyo PAM inotonga faira yeiyo SSH daemon.

sudo nano /etc/pam.d/sshd

Pakutanga kwefaira iri, unogona kuona inotevera tambo, iyo inogonesa kusimbiswa kwepassword

ChallengeResponseAuthentication

Izvo zvatinofanira kuseta kuti hongu.

Kugonesa zvakare-imwe-nguva password password, wedzera inotevera mitsara miviri.

@include common-auth

#One-time password authentication via Google Authenticator

auth required pam_google_authenticator.so

Sevha uye uvhare iyo faira.

Kubva ikozvino zvichienda mberi, nguva yega yega pavanopinda musystem yako kuburikidza nekubatana kweSSH, vanozokurudzirwa kuisa password yemushandisi uye kodhi yekuongorora (iyo-yenguva imwechete password inogadzirwa neGoogle Authenticator).


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Miguel akadaro
    inoita 3 makore

    Mhoro, dzidziso yakapusa, zvisinei, kana ndangoita nhanho dzese dzandisingakwanise kupinda ne ssh, zvinondikanda iko kukanganisa kwepassword, handikwanise kana kubvunza 2FA.

    Ndine Ubuntu Server 20.04

    Pindura Miguel