Ungamisa kanjani ukuqinisekiswa kwezinto ezimbili ku-SSH ku-Ubuntu?

Darkcrizt

Imizuzu ye-4

Ukuqinisekiswa kwezinto ezimbili

La Ukuqinisekiswa kwezinto ezimbili (2FA) akuyona into eyingqayizivele engasetshenziswa ezinkundleni zokuxhumana noma kunoma iyiphi enye iwebhusayithi. Yebo, lesi silinganiso sokuphepha singasetshenziswa ngaphakathi kohlelo lokusebenza.

Kungakho Namuhla sizobona ukuthi singaqalisa kanjani ukuqinisekiswa kwezinto ezimbili ku-SSH ku-Ubuntu kanye nokuphuma kokusebenzisa i-Google Authenticator eyaziwayo ezokwandisa kakhulu ukuphepha kweseva yakho ye-OpenSSH.

Imvamisa, udinga nje ukufaka iphasiwedi noma usebenzise ukhiye we-SSH ukungena kusistimu yakho ukude.

Ukuqinisekiswa kwezinto ezimbili (2FA) kudinga izingcezu ezimbili zolwazi ukuthi zifakwe ukungena ngemvume.

Ngakho-ke, kuzodingeka futhi ufake iphasiwedi yesikhathi esisodwa ukuze ungene kwisiphakeli sakho se-SSH.

Le phasiwedi yesikhathi esisodwa ibalwa kusetshenziswa i-algorithm ye-TOTP, okuyi-standard ye-IETF.

Ukufakwa nokulungiswa kwe-Google Authenticator ku-Ubuntu nakwezinye izinto

Isinyathelo sokuqala esizosenza ukufaka i-Google Authenticator ohlelweni lwethu, ngakho-ke sizovula i-terminal kuhlelo (lokhu kungenziwa ngenhlanganisela yokhiye “Ctrl + Alt + T) futhi kuyo sizothayipha umyalo olandelayo:

sudo apt install libpam-google-authenticator

Ukufaka kuqediwe sizoqalisa uhlelo lokusebenza olusanda kufakwa ngomyalo olandelayo:

google-authenticator

Lapho senza lo myalo, esizokwenza ukwabela ukhiye oyimfihlo futhi lokhu kuzosibuza ukuthi ngabe sifuna ukusebenzisa amathokheni ngokuya ngesikhathi, esizophendula ngaso yebo.

Ngemuva kwalokhu, bazobona ikhodi ye-QR abangayiskena besebenzisa uhlelo lokusebenza lwe-TOTP efonini yabo.

Lapha Sincoma ukusebenzisa uhlelo lokusebenza lwesiqinisekisi seGoogle kuselula yakho.il, ukuze ukwazi ukufaka uhlelo lokusebenza nge-Google Play noma i-Apple App Store kuselula yakho.

Usuvele unohlelo lokusebenza efonini yakho, kufanele uskene ikhodi ye-QR ngayo. Khumbula ukuthi udinga ukukhulisa iwindi lokugcina ukuskena yonke ikhodi ye-QR.

Ikhodi ye-QR imele ukhiye oyimfihlo, eyaziwa kuphela kuseva yayo ye-SSH kanye nohlelo lwayo lesiqinisekisi se-Google.

Uma ikhodi ye-QR iskenwe, bangabona ithokheni enezinombolo eziyisithupha eyingqayizivele ocingweni lwabo. Ngokuzenzakalelayo lolu phawu luthatha imizuzwana engama-30 futhi kufanele lufakwe ukungena ku-Ubuntu ngeSSH.

ukhiye we-google-authenticator-secret-key

Ku-terminal uzokwazi futhi ukubona ikhodi eyimfihlo, kanye nekhodi yokuqinisekisa nekhodi yokuqala yezimo eziphuthumayo.

Ukusuka lapho sincoma ukuthi ugcine lolu lwazi endaweni ephephile ongalusebenzisa kamuva. Kweminye imibuzo esibuzwa yona, sizoyiphendula leyo uma ngokuthayipha uhlamvu y.

Ukusetha i-SSH ozoyisebenzisa ne-Google Authenticator

Usuvele ubala okungenhla, Manje sizokwenza ukucushwa okudingekayo ukuze sikwazi ukusebenzisa ukuxhumana kwe-SSH ohlelweni lwethu ne-Google Authenticator.

Ku-terminal vSizothayipha umyalo olandelayo

sudo nano /etc/ssh/sshd_config

Ngaphakathi kwefayela sizobheka le migqa elandelayo futhi sizoyishintsha ibe ngu "yebo", ngokulandelayo:

UsePAM yes

ChallengeResponseAuthentication yes

Uma izinguquko sezenziwe, gcina izinguquko ezenziwe nge-Ctrl + O bese uvale ifayili nge-Ctrl + X.

Ku-terminal efanayo sizoqala kabusha i-SSH nge:

sudo systemctl restart ssh

Ngokuzenzakalelayo, ukufakazela ubuqiniso kudinga ukuthi bafake iphasiwedi yomsebenzisi ukungena ngemvume.

Ukuze ake sihlele ifayili lemithetho ye-PAM yedayemon ye-SSH.

sudo nano /etc/pam.d/sshd

Ekuqaleni kwaleli fayela, ungabona umugqa olandelayo, onika amandla ukuqinisekiswa kwephasiwedi

ChallengeResponseAuthentication

Okufanele sisethe u-yebo.

Ukuze uphinde unike amandla ukuqinisekiswa kwephasiwedi yesikhathi esisodwa, engeza imigqa emibili elandelayo.

@include common-auth

#One-time password authentication via Google Authenticator

auth required pam_google_authenticator.so

Gcina bese uvale ifayili.

Kusukela manje kuqhubeke, isikhathi ngasinye lapho bengena ohlelweni lwakho ngoxhumano lwe-SSH, bazothunyelwa ukufaka iphasiwedi yomsebenzisi nekhodi yokuqinisekisa (iphasiwedi yesikhathi esisodwa eyenziwe yi-Google Authenticator).


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UMiguel kusho
    kwenza iminyaka 3

    Sawubona, okokufundisa okulula, kepha, uma ngenza zonke izinyathelo angisakwazi ukungena nge-ssh, kungiphosela iphutha lephutha elingalungile, angikwazi ngisho nokucela i-2FA.

    Ngine-Ubuntu Server 20.04

    Phendula uMiguel