La Ukuqinisekiswa kwezinto ezimbili (2FA) akuyona into eyingqayizivele engasetshenziswa ezinkundleni zokuxhumana noma kunoma iyiphi enye iwebhusayithi. Yebo, lesi silinganiso sokuphepha singasetshenziswa ngaphakathi kohlelo lokusebenza.
Kungakho Namuhla sizobona ukuthi singaqalisa kanjani ukuqinisekiswa kwezinto ezimbili ku-SSH ku-Ubuntu kanye nokuphuma kokusebenzisa i-Google Authenticator eyaziwayo ezokwandisa kakhulu ukuphepha kweseva yakho ye-OpenSSH.
Imvamisa, udinga nje ukufaka iphasiwedi noma usebenzise ukhiye we-SSH ukungena kusistimu yakho ukude.
Ukuqinisekiswa kwezinto ezimbili (2FA) kudinga izingcezu ezimbili zolwazi ukuthi zifakwe ukungena ngemvume.
Ngakho-ke, kuzodingeka futhi ufake iphasiwedi yesikhathi esisodwa ukuze ungene kwisiphakeli sakho se-SSH.
Le phasiwedi yesikhathi esisodwa ibalwa kusetshenziswa i-algorithm ye-TOTP, okuyi-standard ye-IETF.
Ukufakwa nokulungiswa kwe-Google Authenticator ku-Ubuntu nakwezinye izinto
Isinyathelo sokuqala esizosenza ukufaka i-Google Authenticator ohlelweni lwethu, ngakho-ke sizovula i-terminal kuhlelo (lokhu kungenziwa ngenhlanganisela yokhiye “Ctrl + Alt + T) futhi kuyo sizothayipha umyalo olandelayo:
sudo apt install libpam-google-authenticator
Ukufaka kuqediwe sizoqalisa uhlelo lokusebenza olusanda kufakwa ngomyalo olandelayo:
google-authenticator
Lapho senza lo myalo, esizokwenza ukwabela ukhiye oyimfihlo futhi lokhu kuzosibuza ukuthi ngabe sifuna ukusebenzisa amathokheni ngokuya ngesikhathi, esizophendula ngaso yebo.
Ngemuva kwalokhu, bazobona ikhodi ye-QR abangayiskena besebenzisa uhlelo lokusebenza lwe-TOTP efonini yabo.
Lapha Sincoma ukusebenzisa uhlelo lokusebenza lwesiqinisekisi seGoogle kuselula yakho.il, ukuze ukwazi ukufaka uhlelo lokusebenza nge-Google Play noma i-Apple App Store kuselula yakho.
Usuvele unohlelo lokusebenza efonini yakho, kufanele uskene ikhodi ye-QR ngayo. Khumbula ukuthi udinga ukukhulisa iwindi lokugcina ukuskena yonke ikhodi ye-QR.
Ikhodi ye-QR imele ukhiye oyimfihlo, eyaziwa kuphela kuseva yayo ye-SSH kanye nohlelo lwayo lesiqinisekisi se-Google.
Uma ikhodi ye-QR iskenwe, bangabona ithokheni enezinombolo eziyisithupha eyingqayizivele ocingweni lwabo. Ngokuzenzakalelayo lolu phawu luthatha imizuzwana engama-30 futhi kufanele lufakwe ukungena ku-Ubuntu ngeSSH.
Ku-terminal uzokwazi futhi ukubona ikhodi eyimfihlo, kanye nekhodi yokuqinisekisa nekhodi yokuqala yezimo eziphuthumayo.
Ukusuka lapho sincoma ukuthi ugcine lolu lwazi endaweni ephephile ongalusebenzisa kamuva. Kweminye imibuzo esibuzwa yona, sizoyiphendula leyo uma ngokuthayipha uhlamvu y.
Ukusetha i-SSH ozoyisebenzisa ne-Google Authenticator
Usuvele ubala okungenhla, Manje sizokwenza ukucushwa okudingekayo ukuze sikwazi ukusebenzisa ukuxhumana kwe-SSH ohlelweni lwethu ne-Google Authenticator.
Ku-terminal vSizothayipha umyalo olandelayo
sudo nano /etc/ssh/sshd_config
Ngaphakathi kwefayela sizobheka le migqa elandelayo futhi sizoyishintsha ibe ngu "yebo", ngokulandelayo:
UsePAM yes ChallengeResponseAuthentication yes
Uma izinguquko sezenziwe, gcina izinguquko ezenziwe nge-Ctrl + O bese uvale ifayili nge-Ctrl + X.
Ku-terminal efanayo sizoqala kabusha i-SSH nge:
sudo systemctl restart ssh
Ngokuzenzakalelayo, ukufakazela ubuqiniso kudinga ukuthi bafake iphasiwedi yomsebenzisi ukungena ngemvume.
Ukuze ake sihlele ifayili lemithetho ye-PAM yedayemon ye-SSH.
sudo nano /etc/pam.d/sshd
Ekuqaleni kwaleli fayela, ungabona umugqa olandelayo, onika amandla ukuqinisekiswa kwephasiwedi
ChallengeResponseAuthentication
Okufanele sisethe u-yebo.
Ukuze uphinde unike amandla ukuqinisekiswa kwephasiwedi yesikhathi esisodwa, engeza imigqa emibili elandelayo.
@include common-auth #One-time password authentication via Google Authenticator auth required pam_google_authenticator.so
Gcina bese uvale ifayili.
Kusukela manje kuqhubeke, isikhathi ngasinye lapho bengena ohlelweni lwakho ngoxhumano lwe-SSH, bazothunyelwa ukufaka iphasiwedi yomsebenzisi nekhodi yokuqinisekisa (iphasiwedi yesikhathi esisodwa eyenziwe yi-Google Authenticator).
Sawubona, okokufundisa okulula, kepha, uma ngenza zonke izinyathelo angisakwazi ukungena nge-ssh, kungiphosela iphutha lephutha elingalungile, angikwazi ngisho nokucela i-2FA.
Ngine-Ubuntu Server 20.04