Ungaqwalasela njani izinto ezimbini kwi-SSH ku-Ubuntu?

Ubungqina-bezinto ezimbini

La Ukuqinisekiswa kwezinto ezimbini (2FA) ayisiyonto eyahlukileyo enokusetyenziswa kwimidiya yoluntu okanye nakweyiphi na iwebhusayithi. Ewe, eli nyathelo lokhuseleko linokuphunyezwa ngaphakathi kwenkqubo yokusebenza.

Yiyo loo nto Namhlanje siza kubona indlela yokuphumeza ukungqinisisa kwezinto ezimbini kwi-SSH ku-Ubuntu kunye nezinye iimveliso ezisebenzisa iAuthenticator eyaziwayo yeGoogle eya kuthi inyuse kakhulu ukhuseleko kwiseva yakho ye-OpenSSH.

Ngokwesiqhelo, kufuneka ufake nje iphasiwedi okanye usebenzise isitshixo se-SSH ukungena kwinkqubo yakho ukude.

Ukuqinisekiswa kwezinto ezimbini (2FA) kufuna ukuba kungeniswe iziqwenga ezimbini zolwazi ukuze ungene kuzo.

Ke ngoko, kuya kufuneka ufake ipassword yexesha elinye esekwe kwi-SSH server.

Iphasiwedi yexesha elinye ibalwa kusetyenziswa i-TOTP algorithm, esemgangathweni we-IETF.

Ukufakwa kunye noqwalaselo lweAuthenticator kaGoogle ku-Ubuntu nakwiziphumo

Inyathelo lokuqala esiza kuliphumeza kukufaka isiQinisekisi sikaGoogle kwinkqubo yethu, ke siza kuvula i-terminal kwinkqubo (oku kunokwenziwa ngokudityaniswa kwesitshixo "Ctrl + Alt + T) kwaye kuyo siza kuchwetheza lo myalelo ulandelayo:

sudo apt install libpam-google-authenticator

Ufakelo lwenziwe Siza kuqhuba usetyenziso olusanda kufakelwa ngalo myalelo ulandelayo:

google-authenticator

Xa usenza lo myalelo, into esiza kuyenza kukunika isitshixo semfihlo kwaye oku kuya kusibuza ukuba ngaba sifuna ukusebenzisa amathokheni ngokusekwe kwixesha, esiya kuthi ewe.

Emva koku, baya kubona ikhowudi ye-QR abanokuthi bayiskene basebenzise i-app ye-TOTP kwifowuni yabo.

Apha Sicebisa ukuba usebenzise isiQinisekisi sikaGoogle usetyenziso kwifowuni yakho ephathekayo.il, ukuze ufake usetyenziso kwiGoogle Play okanye kwiVenkile yeApple kwifowuni yakho.

Sele unesicelo kwifowuni yakho, kuya kufuneka uskene ikhowudi ye-QR ngayo. Gcina ukhumbula ukuba kuya kufuneka wandise i-terminal yefestile ukuskena yonke ikhowudi ye-QR.

Ikhowudi ye-QR imele isitshixo semfihlo, Eyaziwa kuphela kwiserver yayo ye-SSH kunye ne-Google Authenticator app.

Nje ukuba ikhowudi ye-QR iskenwe, banokubona ithokheni enamanani amathandathu okhethekileyo kwifowuni yabo. Ngokuzenzekelayo lo mqondiso uhlala imizuzwana engama-30 kwaye kufuneka ungeniswe ungene ku-Ubuntu ngeSSH.

Uqinisekiso lwegoogle-isitshixo-semfihlo

Kwisiphelo ungabona ikhowudi eyimfihlo, kunye nekhowudi yokuqinisekisa kunye nekhowudi yokuqala engxamisekileyo.

Ukusuka apho sicebisa ukuba ugcine olu lwazi kwindawo ekhuselekileyo ukuze ulusebenzise kamva. Kweminye imibuzo ebuzwayo, siza kuphendula ngo-ewe ngokuchwetheza unobumba y.

Ukuseta i-SSH ukuze isebenzise isiQinisekisi sikaGoogle

Sele ndibala apha ngasentla, Ngoku siza kwenza ubumbeko oluyimfuneko ukuze sikwazi ukusebenzisa uqhagamshelo lwe-SSH kwinkqubo yethu kunye nesiQinisekisi sikaGoogle.

Kwisiphelo vSiza kuchwetheza lo myalelo ulandelayo

sudo nano /etc/ssh/sshd_config

Ngaphakathi kwifayile Siza kujonga le migca ilandelayo kwaye siya kuyitshintsha ibe ngu "ewe", ngolu hlobo lulandelayo:

UsePAM yes

ChallengeResponseAuthentication yes

Nje ukuba utshintsho lwenziwe, gcina utshintsho olwenziwe ngeCtrl + O kwaye uvale ifayile ngeCtrl + X.

Kwisiphelo esinye siza kuqala iSSH nge:

sudo systemctl restart ssh

Ngokuzenzekelayo, ukungqinisisa kufuna ukuba bangenise ipassword yomsebenzisi ukuze ungene.

Lo nto Makhe sihlele imigaqo yePAM yefayile yedemon ye-SSH

sudo nano /etc/pam.d/sshd

Ekuqaleni kwale fayile, ungabona lo mgca ulandelayo, owenza ukuba kungqinwe igama eligqithisiweyo

ChallengeResponseAuthentication

Oko simele ukusetha ewe.

Ukwenza uqinisekiso lwegama eligqithisiweyo lwexesha elinye, yongeza le migca mibini ilandelayo.

@include common-auth

#One-time password authentication via Google Authenticator

auth required pam_google_authenticator.so

Gcina kwaye uvale ifayile.

Ukusukela ngoku ukuya phambili, ngalo lonke ixesha bengena kwinkqubo yakho ngoqhagamshelo lwe-SSH, baya kucelwa ukuba bangenise igama lokugqitha kunye nekhowudi yokuqinisekisa (iphasiwedi yexesha elinye eveliswe nguGoogle Authenticator).


Izimvo, shiya eyakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   Miguel sitsho

    Molo, isifundo esilula, nangona kunjalo, nje ukuba ndenze onke amanyathelo andisakwazi ukungena nge-ssh, indiphosela ngempazamo yegama eligqithisiweyo, andikwazi nokucela i-2FA.

    Ndine Ubuntu Server 20.04