Otu esi eji nyocha ihe abụọ na Ubuntu
Ka oge na-aga, aha njirimara na paswọọdụ ọdịnala egosila na ezughị oke n'inye ngwa na sistemu nchekwa siri ike. Enwere ike ịgbawa aha njirimara na okwuntughe n'ụzọ dị mfe site na iji plethora nke ngwaọrụ hacking, na-ahapụ sistemụ gị ngwa ngwa maka mmebi. Maka nke a, ụlọ ọrụ ma ọ bụ ụlọ ọrụ ọ bụla na-eji nchekwa kpọrọ ihe kwesịrị imejuputa nyocha 2-Factor.
A na-akpọkarị MFA (Nnwale ọtụtụ ihe), njirimara 2-Factor na-enye nchekwa nchekwa ọzọ nke chọrọ ndị ọrụ ịnye nkọwa ụfọdụ dị ka koodu, ma ọ bụ OTP (Password Otu oge) tupu ma ọ bụ mgbe emechara aha njirimara na paswọọdụ mbụ.
N'oge a, ọtụtụ ụlọ ọrụ dị ka Google, Facebook, Twitter, na AWS, ịkọwapụta ole na ole na-enye ndị ọrụ nhọrọ nke ịtọlite MFA iji chebe akaụntụ ha ọzọ.
N'ime ntuziaka a, anyị na-egosi otu ị nwere ike isi jiri nkwenye abụọ na Ubuntu.
Kwụpụ 1: Wụnye ngwugwu PAM nke Google
Nke mbụ, wụnye ngwugwu Google PAM. PAM, ndebiri maka Pluggable Authentication Module, bụ usoro na-enye mgbakwunye nkwenye n'elu ikpo okwu Linux.
A na-akwado ngwugwu ahụ na ebe nchekwa Ubuntu, yabụ gaba n'ihu wee jiri iwu dabara adaba iji wụnye ya dị ka ndị a:
$ sudo apt install libpam-google-authenticator
Mgbe kpaliri, pịa Y wee pịa ENTER ka ịga n'ihu na nrụnye.
Kwụpụ 2: Wụnye ngwa Google Authenticator na ekwentị gị
Na mgbakwunye, ịkwesịrị ịwụnye ngwa Google Authenticator na mbadamba ihe ma ọ bụ ekwentị gị. Ngwa ahụ ga-ewetara gị koodu OTP ọnụọgụ isii nke na-emeghari onwe ya kwa sekọnd 30 ọ bụla.
Kwụpụ 3: Hazie Google PAM na Ubuntu
Site na ngwa Google Authenticator dị, anyị ga-aga n'ihu ma hazie ngwugwu Google PAM na Ubuntu site na ịmegharị faịlụ /etc/pam.d/common-auth dị ka egosiri.
$ sudo vim /etc/pam.d/common-auth
Tinye ahịrị dị n'okpuru na faịlụ dị ka egosiri.
auth required pam_google_authenticator.so
Chekwaa faịlụ wee pụọ.
Ugbu a, gbanye iwu dị n'okpuru ka ịmalite PAM.
$ google-authenticator
Nke a ga-akpalite ajụjụ abụọ na ihuenyo ọnụ gị. Nke mbụ, a ga-ajụ gị ma ịchọrọ ka akara njirimara bụrụ nke dabere na oge.
Ihe nnwale nyocha dabere na oge kubie ume ka oge ụfọdụ gachara. Site na ndabara, nke a bụ ka nkeji iri atọ gachara, ebe a na-ewepụta akara ngosi ọhụrụ. A na-ewere akara ngosi ndị a ka nchekwa karịa akara ndị na-abụghị oge, ya mere, pịnye y maka ee wee pịa ENTER.
Na-esote, a ga-egosipụta koodu QR na ọnụ ọnụ dị ka egosiri n'okpuru na aka nri n'okpuru ya, a ga-egosipụta ụfọdụ ozi. Ozi egosiri gụnyere:
- Igodo nzuzo
- koodu nkwenye
- Koodu ncha ọkụ mberede
Ịkwesịrị ịchekwa ozi a n'ime ebe nchekwa maka ntụnye aka n'ọdịnihu. Koodu ncha ihe mberede ahụ bara uru nke ukwuu ma ọ bụrụ na ngwaọrụ nyocha gị efunahụ gị. Ọ bụrụ na ihe ọ bụla emee ngwaọrụ nyocha gị, jiri koodu ndị ahụ.
Mepee ngwa Google Authenticator na smart ngwaọrụ gị wee họrọ 'Nyochaa koodu QR' ka inyocha koodu QR ewepụtara.
IHE: Ị ga-ebuli elu ọnụ window ka iṅomi dum QR code. Ozugbo enyochara koodu QR ahụ, a ga-egosipụta OTP ọnụọgụ isii nke na-agbanwe kwa sekọnd 30 ọ bụla na ngwa ahụ.
Mgbe nke ahụ gasịrị, họrọ y ka imelite faịlụ nyocha Google n'ime nchekwa ụlọ gị.
Na ngwa ngwa na-esote, machibido nbanye naanị otu log n'ime sekọnd 30 ọ bụla iji gbochie mwakpo ndị nwere ike ibilite n'ihi mwakpo mmadụ na etiti. Yabụ họrọ y
Na ngwa ngwa na-esote, Họrọ n ka jụ ịgbatị oge nke na-akọwa oge-skew n'etiti ihe nkesa na onye ahịa. Nke a bụ nhọrọ kacha echekwabara ọ gwụla ma ị na-enwe ihe ịma aka na oge mmekọrịta na-adịghị mma.
Na n'ikpeazụ, mee ka ọnụego-mmachi naanị 3 mgbalị nbanye.
N'oge a, anyị emechaala mmejuputa njirimara njirimara 2-factor. N'ezie, ọ bụrụ na ị na-agba ọsọ sudo iwu ọ bụla, a ga-akpali gị maka koodu nkwenye nke ị nwere ike nweta na ngwa Google Authenticator.
Ị nwere ike nyochaa nke a site na ịmalitegharị na ozugbo ị rutere na ihuenyo nbanye, a ga-arịọ gị ka ịnye koodu nkwenye gị.
Mgbe ị nwetachara koodu gị site na ngwa Google Authenticator, nye naanị paswọọdụ gị ka ịnweta sistemụ gị.
Kwụpụ 4: Jikọta SSH na Google Authenticator
Ọ bụrụ na ị bu n'obi iji SSH na modul Google PAM, ịkwesịrị ijikọ abụọ ahụ. Enwere ụzọ abụọ ị ga-esi nweta nke a.
Iji mee ka nyocha paswọọdụ SSH maka onye ọrụ oge niile, nke mbụ, mepee faịlụ nhazi SSH ndabara.
$ sudo vim /etc/ssh/sshd_config
Ma tọọ àgwà ndị a ka ọ bụrụ 'ee' dị ka egosiri
Maka onye ọrụ mgbọrọgwụ, tọọ njirimara 'PermitRootLogin' na ee.
PermitRootLogin yes
Chekwaa faịlụ wee pụọ.
Na-esote, gbanwee iwu PAM maka SSH
$ sudo vim /etc/pam.d/sshd
Wee tinye ahịrị na-esonụ
auth required pam_google_authenticator.so
N'ikpeazụ, malitegharịa ọrụ SSH ka mgbanwe ndị ahụ malite.
$ sudo systemctl restart ssh
N'ihe atụ dị n'okpuru, anyị na-abanye na sistemụ Ubuntu site na onye ahịa Putty.
Ọ bụrụ na ị na-eji nyocha igodo ọha, megharịa usoro ndị a dị n'elu wee gbakwunye ahịrị egosiri na ala nke faịlụ /etc/ssh/sshd_config.
AuthenticationMethods publickey,keyboard-interactive
Ọzọkwa, dezie iwu PAM maka SSH daemon.
$ sudo vim /etc/pam.d/sshd
Wee tinye ahịrị na-esonụ.
auth required pam_google_authenticator.so
Chekwaa faịlụ ma malitegharịa ọrụ SSH dịka anyị hụrụ na mbụ.
$ sudo systemctl restart ssh
Gbanyụọ nyocha ihe abụọ na Ubuntu
Ọ bụrụ na ị tufuo ngwaọrụ gị ma ọ bụ igodo nzuzo gị, agbala nke ọma. Ị nwere ike gbanyụọ oyi akwa nyocha 2FA ngwa ngwa wee laghachi na usoro nbanye aha njirimara/paswọọdụ gị dị mfe.
Mbụ, malitegharịa sistemụ gị wee pịa e na ntinye GRUB mbụ.
Pịgharịa gaa chọta ahịrị na-amalite na linux wee mechie na nfesa dị jụụ $vt_handoff. Tinye ahịrị systemd.unit=rescue.target wee pịa ctrl+x ka ịbanye na ọnọdụ nnapụta.
Ozugbo ị nwetara shei ahụ, nye mgbọrọgwụ paswọọdụ wee pịa ENTER.
Na-esote, gaba na hichapụ faịlụ .google-authenticator na ndekọ ụlọ gị dị ka ndị a. Jide n'aka na iji aha njirimara nke gị dochie aha njirimara.
# rm /home/username/.google_authenticator
Mgbe ahụ dezie faịlụ /etc/pam.d/common-auth.
# $ vim /etc/pam.d/common-auth
Kwuo okwu ma ọ bụ hichapụ ahịrị ndị a:
auth required pam_google_authenticator.so
Chekwaa faịlụ ma malitegharịa sistemụ gị. Na ihuenyo nbanye, naanị ị ga-achọ ịnye aha njirimara na paswọọdụ iji nyochaa.
Nke a na-edugakwa anyị na njedebe nke akụkọ a. Obi ga-adị anyị ụtọ ịnụ ka o siri mee.