Ungakumisa kanjani ukuqinisekiswa kwezinyathelo ezimbili ku-SSH usebenzisa i-Google Authenticator

Willy Klew

Imizuzu ye-4

i-authenticator ye-google

Ukusetshenziswa kwe ukuqinisekiswa okuyizinyathelo ezimbili kuyanda njengoba isikhathi sihamba, futhi ingabe leyo ukuphepha Ngokusobala iba yindaba ebaluleke kakhulu kumakhompyutha ethu ngoba inani lemininingwane esiligcina kuwo landa inyanga nenyanga, ngokulingana nesikhathi esichitha kuwo wonke amadivayisi ethu. Futhi yize abaningi becabanga ukuthi iphasiwedi enhle ibasindisa enkingeni, lokhu kuyiqiniso kuphela, ngoba ebusweni bokungenayo okwenziwa ngabaduni ezindaweni eziningi, kuncane futhi akukho okungenziwa uma igama lethu elingukhiye lokungena litholakele.

Ake sibone lapho, ungangeza kanjani ukuqinisekiswa okuzinyathelo ezimbili ku-SSH, okuthile okuzosivumela nikeza ukufinyelela okukude okuphephile kumaseva ethu, kithina nakwalabo abangena kuma-akhawunti abo, ukuze kuqinisekiswe ukuphepha okungaguquguquki. Kulabo abangayazi ngokuphelele le ndlela, yithi iqukethe sebenzisa iphasiwedi bese ikhodi ethunyelwa ngomzila ohlukile (ngokwesibonelo, kuselula yethu) ukuze ngokuhamba kwesikhathi singene kuyo futhi ekugcineni sikwazi ukufinyelela kuma-akhawunti ethu.

Indlela elula yokwengeza ukuqinisekiswa okuyizinyathelo ezimbili nge-Google Athenticator, ithuluzi inkampani yaseMountain View elisungule lezi zinhloso futhi elisuselwa emazingeni avulekile afana ne-HMAP futhi liyatholakala kuzingxenyekazi ezahlukahlukene, iLinux phakathi kwazo. Kepha futhi, njengoba kunamamojula we-PAM waleli thuluzi, singakwazi uyihlanganise nezinye izixazululo zokuphepha njenge-OpenSSH, ngakho-ke yilokhu kanye esizokubona ngokulandelayo.

Akunasidingo sokusho, sizodinga ikhompyutha eneLinux ne-OpenSSH esivele ifakiwe, okuthile esikwenza ku-Ubuntu ngokulandelayo:

sudo apt-get ukufaka i-opensh-server

Ngemuva kwalokho, ukuthola isisombululo seselula sizosuselwa ku-Android ngakho-ke sizodinga ithebhulethi noma i-smartphone ngohlelo lokusebenza lweGoogle, lapho sizofaka khona ithuluzi leGoogle njengoba sizobona ngokuhamba kwesikhathi. Manje sesikulungele ukuqala inqubo.

Okokuqala, kufanele faka isiqinisekisi seGoogle, okuthile esimweni soBuntu kulula njengokusebenzisa okulandelayo kukhonsoli:

sudo apt-get ukufaka libpam-google-authenticator

Uma kukhonjiswa iphutha lapho sixwayiswa khona ngokushoda kwefayela ezokuphepha / pam_appl.h, singayixazulula ngokufaka iphakheji ye-libpam0g-dev:

sudo apt-get ukufaka libpam0g-dev

Manje njengoba isiQinisekisi se-Google sisebenza, singakhiqiza ukhiye wokuqinisekisa ngokwenza:

i-google-authenticator

Ngemuva kokwenza kanjalo sizobona a Ikhodi ye-QR kanye nokhiye wokuphepha ngaphansi kwayo (eceleni kombhalo othi 'Ukhiye wakho omusha oyimfihlo uthi: xxxx', ngaphezu kokhiye wokuqinisekisa namakhodi okuphuthumayo, esiwasebenzisayo uma kwenzeka singenayo i- Idivayisi ye-Android. Siphendula imibuzo ebuzwayo mayelana nokumiswa kweseva, futhi uma singaqiniseki kakhulu ukuthi singaphendula ngoyebo kubo bonke njengoba ukumiswa okuzenzakalelayo kuphephile.

Manje kufika isikhathi setha isiqinisekisi seGoogle ku-Android, esilanda isicelo ku-Google Play Isitolo. Lapho sikwenza, siyabona ukuthi sivunyelwe ukukhetha phakathi kokufaka ibhakhodi noma ukufaka iphasiwedi, esingasebenzisa kuyo ikhodi ye-QR esiyibonayo lapho silungisa leli thuluzi kuseva, noma ukufaka iphasiwedi enezinhlamvu. Okokugcina sikhetha inketho 'ssh ukuqinisekiswa' bese sibhala ikhodi.

Ngemuva kwalokho sizobona isikrini sokuqinisekisa, lapho sichazelwa khona ukuthi inqubo iphumelele nokuthi kusuka kulowo mzuzu kuqhubeke sizokwazi thola amakhodi wokungena ngemvume kulolo hlelo lokusebenza, ngakho-ke manje sizobona isinyathelo sokugcina, okuwukusebenzisa i-Google Authenticator kuseva ye-SSH. Sikhipha:

sudo gedit /etc/pam.d/sshd

futhi sengeza umugqa olandelayo:

i-auth iyadingeka pam_google_authenticator.so

Manje:

Isudo gedit / etc / ssh / sshd_config

Sibheka inketho I-ChallengeResponseUkufakazela ubuqiniso futhi sishintsha inani lalo libe ngu 'yebo'.

Ekugcineni siqala kabusha iseva ye-SSH:

Sudo service ssh qala kabusha

Sikulungele, futhi kusukela manje singakwazi ngena ngemvume kuseva ye-SSH ngokuqinisekiswa okuyizinyathelo ezimbili, esenza inqubo ejwayelekile kepha sizobona ukuthi ngaphambi kokufaka iphasiwedi yethu sicelwa ikhodi yokuqinisekisa; bese sisebenzisa uhlelo lokusebenza ku-Android futhi lapho sibona ikhodi yokuphepha siyifaka kukhompyutha (sinemizuzwana engama-30 yalokhu, ngemuva kwalokho kwenziwa ukhiye omusha) bese sicela ukuthi sifake ukhiye wethu we-SSH impilo yonke.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.