Otu esi edobe nkwenye ihe abụọ maka SSH na Fedora
Kwa ụbọchị ọ dị ka a na-akọ ọtụtụ mmebi nchekwa ebe data anyị nọ n'ihe egwu. N'agbanyeghị eziokwu ahụ bụ na SSH bụ ụzọ echekwara iji guzobe njikọ dịpụrụ adịpụ na sistemụ Linux, mana ka onye ọrụ amabeghị nwere ike ịnweta igwe Linux gị ma ọ bụrụ na ha zuru igodo SSH gị, ọbụlagodi na ị gbanyụọ okwuntughe ma ọ bụ kwe ka njikọ SSH gafere. igodo ọha na nke nzuzo.
N'isiokwu a, anyị ga-akọwa otu esi edozi nkwenye abụọ (2FA) maka SSH na nkesa Fedora Linux site na iji Google Authenticator iji nweta usoro Linux dịpụrụ adịpụ n'ụzọ dị nchebe site n'inye TOTP (Oge dabeere na otu oge. Paswọdu) nọmba emepụtara na-enweghị usoro site na ngwa nyocha na ngwaọrụ mkpanaka.
Rịba ama na, ị nwere ike iji ngwa nyocha ụzọ abụọ ọ bụla maka ngwaọrụ mkpanaka gị nke dabara na TOTP algọridim. Enwere ọtụtụ ngwa efu dị maka gam akporo ma ọ bụ IOS na-akwado TOTP na Google Authenticator, mana isiokwu a na-eji Google Authenticator dịka ọmụmaatụ.
Ịwụnye Google Authenticator na Fedora
Nke mbụ, wụnye ngwa Google Authenticator na sava Fedora gị site na iji iwu dnf.
$ sudo dnf install -y google-authenticator
Ozugbo Google Authenticator arụnyere, ị nwere ike ịme ngwa ahụ ugbu a.
$ google-authenticator
Ngwa ahụ na-akpali gị ọtụtụ ajụjụ. Mpempe akwụkwọ ndị a na-egosi gị ka ị ga-esi zaa maka ntọlite nwere ezi uche.
Do you want authentication tokens to be time-based (y/n)y
Do you want me to update your "/home/user/.google_authenticator" file (y/n)?y
Ngwa a na-enye gị igodo nzuzo, koodu nkwenye na koodu mgbake. Debe igodo ndị a na ebe nchekwa echekwara, ebe igodo ndị a bụ naanị ụzọ ị ga-esi nweta ihe nkesa gị ma ọ bụrụ na ngwaọrụ mkpanaka gị efunahụ gị.
Ịtọlite njirimara ekwentị mkpanaaka
Na ekwentị mkpanaaka gị, gaa na ụlọ ahịa ngwa Google Play ma ọ bụ iTunes wee chọọ Google Authenticator wee wụnye ngwa ahụ.
Ugbu a mepee ngwa Google Authenticator na ekwentị mkpanaaka gị wee lelee koodu QR egosiri na ihuenyo ọnụ Fedora. Ozugbo nyocha koodu QR zuru, ị ga-enweta nọmba emepụtara na-enweghị usoro site na ngwa nyocha wee jiri nọmba a oge ọ bụla ijikọ na sava Fedora gị ozugbo.
Mechaa nhazi Google Authenticator
Ngwa Google Authenticator na-akpalite ajụjụ ndị ọzọ yana ihe atụ na-egosi otu esi aza ha iji tọọ nhazi echekwara.
Ugbu a ịkwesịrị ịhazi SSH iji jiri nkwenye ụzọ abụọ ọhụrụ dị ka akọwara n'okpuru.
Hazie SSH iji jiri Google Authenticator
Iji hazie SSH ka ọ jiri ngwa nyocha, nke mbụ ị ga-enwerịrị njikọ SSH na-arụ ọrụ site na iji igodo SSH ọha, ebe anyị ga-emebi njikọ okwuntughe.
Mepee faịlụ /etc/pam.d/sshd na sava gị.
$ sudo vi /etc/pam.d/sshd
Kwupụta akara auth substack paswọọdụ-auth
dị na faịlụ ahụ.
#auth substack password-auth
Na-esote, tinye ahịrị na-esonụ na njedebe nke faịlụ ahụ.
auth sufficient pam_google_authenticator.so
Chekwaa ma mechie faịlụ ahụ.
Ọzọ, mepee ma dezie faịlụ /etc/ssh/sshd_config.
$ sudo vi /etc/ssh/sshd_config
Chọọ ahịrị ChallengeResponseAuthentication
wee gbanwee ya ka ọ bụrụ ee
.
ChallengeResponseAuthentication yes
Chọọ ahịrị PasswordAuthentication
wee gbanwee ya ka ọ bụrụ enweghị
.
PasswordAuthentication no
Na-esote, tinye ahịrị na-esonụ na njedebe nke faịlụ ahụ.
AuthenticationMethods publickey,password publickey,keyboard-interactive
Chekwaa ma mechie faịlụ ahụ, wee malitegharịa SSH.
$ sudo systemctl restart sshd
Nnwale nyocha ihe abụọ na Fedora
Ugbu a gbalịa jikọọ na ihe nkesa gị n'ebe dị anya, ọ ga-ajụ gị ka itinye koodu nkwenye.
$ ssh [email Verification code:
Emepụtara koodu nkwenye ahụ na ekwentị mkpanaaka gị site na ngwa nyocha gị. Ebe ọ bụ na koodu emepụtara na-agbanwe kwa sekọnd ole na ole, ịkwesịrị itinye ya ngwa ngwa tupu ọ mepụta nke ọhụrụ.
Ọ bụrụ na itinye koodu nkwenye na-ezighi ezi, ịgaghị enwe ike ijikọ na sistemụ ahụ, ị ga-enwetakwa ikike na-esote njehie agọnarị.
$ ssh [email Verification code: Verification code: Verification code: Permission denied (keyboard-interactive).
Site na itinye nyocha ụzọ abụọ a dị mfe, ị gbakwunyela nchekwa nchekwa na sistemụ gị yana nke a na-eme ka ọ siere onye ọrụ amaghi ama ike ịnweta sava gị.