La Zvinhu zviviri-chokwadi (2FA) hachisi chinhu chakasarudzika chinogona kushandiswa pasocial media kana pane chero imwe webhusaiti. Huye, ichi chiyero chekuchengetedza chinogona zvakare kuitwa mukati meinoshanda system.
Ndokusaka Nhasi tichaona maitiro ekushandisa maviri-chinhu chokwadi muSSH muUbuntu uye zvigadzirwa zvichibva zvinonyatso kuzivikanwa Google Authenticator iyo inowedzera zvakanyanya chengetedzo yeOpenSSH server yako.
Kazhinji, iwe unongoda kuisa password kana kushandisa iyo SSH kiyi kuti upinde mune yako system kure.
Mbiri-chinhu kusimbiswa (2FA) inoda zvidimbu zviviri zveruzivo kuti zvipinde kuti upinde mukati.
Naizvozvo, iwe unozodawo kuisa iyo-nguva-yakavakirwa-imwe-nguva password kuti upinde mune yako SSH server.
Iri-kamwe-password rinowanikwa uchishandisa iyo TOTP algorithm, inova iyo IETF standard.
Kuiswa uye kumisikidzwa kweGoogle Authenticator muUbuntu uye zvigadzirwa
Nhanho yekutanga yatinozoita iko kuiswa kweGoogle Authenticator mune yedu system, saka isu tichaenda kuvhura terminal mune ino system (izvi zvinogona kuitwa nekiyi musanganiswa "Ctrl + Alt + T) uye mairi tichaenda kunyora murairo unotevera:
sudo apt install libpam-google-authenticator
Kuiswa kwaitwa isu ticha mhanyisa iyo ichangobva kuiswa application nemutemo unotevera:
google-authenticator
Kana tichiita uyu murairo, zvatichaita kupa kiyi yakavanzika uye izvi zvichatibvunza kana tichida kushandisa tokeni zvinoenderana nenguva, yatichapindura kuti hongu.
Mushure meizvi, ivo vanozoona QR kodhi iyo yavanogona kuongorora vachishandisa TOTP app pafoni yavo.
Pano Tinokurudzira kushandisa Google Authenticator application panharembozha yako.il, kuti ugone kuisa kunyorera kuburikidza neGoogle Play kana Apple App Store pane yako mbozhanhare.
Watova nechishandiso pafoni yako, unofanirwa tarisa iyo QR kodhi nayo. Ramba uchifunga kuti iwe unofanirwa kuwedzera iyo terminal hwindo kuti utarise iyo yose QR kodhi.
Iyo QR kodhi inomiririra chakavanzika kiyi, iyo inozivikanwa chete kune yayo SSH server uye neayo Google Authenticator app.
Kana iyo kodhi yeQR yaongororwa, vanogona kuona yakasarudzika manhamba matanhatu manhamba pafoni yavo. Nekutadza ichi chiratidzo chinotora masekondi makumi matatu uye chinofanirwa kuiswa kuti upinde muUbuntu kuburikidza neSSH.
Mune terminal iwe unozogonawo kuona yakavanzika kodhi, pamwe neiyo yekuongorora kodhi uye yekukurumidza emergency kodhi.
Kubva kwatinokurudzira kuti uchengete ruzivo urwu munzvimbo yakachengeteka kuti ushandise gare gare. Pamimwe mibvunzo yatakabvunzwa, isu tiri kungopindura hongu nekutaipa tsamba y.
Kugadzira SSH yekushandisa neGoogle Authenticator
Ndatove kuverenga pane zvataurwa pamusoro, Iye zvino tava kuzoita gadziriso inodiwa kuti tikwanise kushandisa iyo SSH kubatanidza mune yedu system neGoogle Authenticator.
Mumagetsi vTicha taipa rinotevera rairo
sudo nano /etc/ssh/sshd_config
Mukati mefaira isu tichaenda kutsvaga mitsara inotevera uye isu tichachinja izvi zvive "hongu", kuva zvinotevera:
UsePAM yes ChallengeResponseAuthentication yes
Kamwe shanduko dzaitwa, chengetedza shanduko dzakaitwa neCtrl + O uye vhara iyo faira neCtrl + X.
Mune imwecheteyo terminal tinotangazve SSH ne:
sudo systemctl restart ssh
Nokusingaperi, kusimbiswa kunoda kuti vapinde mushandisi password kuti vapinde mukati.
Kuti ngatigadzirise iyo PAM inotonga faira yeiyo SSH daemon.
sudo nano /etc/pam.d/sshd
Pakutanga kwefaira iri, unogona kuona inotevera tambo, iyo inogonesa kusimbiswa kwepassword
ChallengeResponseAuthentication
Izvo zvatinofanira kuseta kuti hongu.
Kugonesa zvakare-imwe-nguva password password, wedzera inotevera mitsara miviri.
@include common-auth #One-time password authentication via Google Authenticator auth required pam_google_authenticator.so
Sevha uye uvhare iyo faira.
Kubva ikozvino zvichienda mberi, nguva yega yega pavanopinda musystem yako kuburikidza nekubatana kweSSH, vanozokurudzirwa kuisa password yemushandisi uye kodhi yekuongorora (iyo-yenguva imwechete password inogadzirwa neGoogle Authenticator).
Mhoro, dzidziso yakapusa, zvisinei, kana ndangoita nhanho dzese dzandisingakwanise kupinda ne ssh, zvinondikanda iko kukanganisa kwepassword, handikwanise kana kubvunza 2FA.
Ndine Ubuntu Server 20.04