Otu esi edobe nkwenye ihe abụọ maka SSH na Fedora


Kwa ụbọchị ọ dị ka a na-akọ ọtụtụ mmebi nchekwa ebe data anyị nọ n'ihe egwu. N'agbanyeghị eziokwu ahụ bụ na SSH bụ ụzọ echekwara iji guzobe njikọ dịpụrụ adịpụ na sistemụ Linux, mana ka onye ọrụ amabeghị nwere ike ịnweta igwe Linux gị ma ọ bụrụ na ha zuru igodo SSH gị, ọbụlagodi na ị gbanyụọ okwuntughe ma ọ bụ kwe ka njikọ SSH gafere. igodo ọha na nke nzuzo.

N'isiokwu a, anyị ga-akọwa otu esi edozi nkwenye abụọ (2FA) maka SSH na nkesa Fedora Linux site na iji Google Authenticator iji nweta usoro Linux dịpụrụ adịpụ n'ụzọ dị nchebe site n'inye TOTP (Oge dabeere na otu oge. Paswọdu) nọmba emepụtara na-enweghị usoro site na ngwa nyocha na ngwaọrụ mkpanaka.

Rịba ama na, ị nwere ike iji ngwa nyocha ụzọ abụọ ọ bụla maka ngwaọrụ mkpanaka gị nke dabara na TOTP algọridim. Enwere ọtụtụ ngwa efu dị maka gam akporo ma ọ bụ IOS na-akwado TOTP na Google Authenticator, mana isiokwu a na-eji Google Authenticator dịka ọmụmaatụ.

Ịwụnye Google Authenticator na Fedora

Nke mbụ, wụnye ngwa Google Authenticator na sava Fedora gị site na iji iwu dnf.

$ sudo dnf install -y google-authenticator

Ozugbo Google Authenticator arụnyere, ị nwere ike ịme ngwa ahụ ugbu a.

$ google-authenticator

Ngwa ahụ na-akpali gị ọtụtụ ajụjụ. Mpempe akwụkwọ ndị a na-egosi gị ka ị ga-esi zaa maka ntọlite nwere ezi uche.

Do you want authentication tokens to be time-based (y/n) y Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y

Ngwa a na-enye gị igodo nzuzo, koodu nkwenye na koodu mgbake. Debe igodo ndị a na ebe nchekwa echekwara, ebe igodo ndị a bụ naanị ụzọ ị ga-esi nweta ihe nkesa gị ma ọ bụrụ na ngwaọrụ mkpanaka gị efunahụ gị.

Ịtọlite njirimara ekwentị mkpanaaka

Na ekwentị mkpanaaka gị, gaa na ụlọ ahịa ngwa Google Play ma ọ bụ iTunes wee chọọ Google Authenticator wee wụnye ngwa ahụ.

Ugbu a mepee ngwa Google Authenticator na ekwentị mkpanaaka gị wee lelee koodu QR egosiri na ihuenyo ọnụ Fedora. Ozugbo nyocha koodu QR zuru, ị ga-enweta nọmba emepụtara na-enweghị usoro site na ngwa nyocha wee jiri nọmba a oge ọ bụla ijikọ na sava Fedora gị ozugbo.

Mechaa nhazi Google Authenticator

Ngwa Google Authenticator na-akpalite ajụjụ ndị ọzọ yana ihe atụ na-egosi otu esi aza ha iji tọọ nhazi echekwara.

Ugbu a ịkwesịrị ịhazi SSH iji jiri nkwenye ụzọ abụọ ọhụrụ dị ka akọwara n'okpuru.

Hazie SSH iji jiri Google Authenticator

Iji hazie SSH ka ọ jiri ngwa nyocha, nke mbụ ị ga-enwerịrị njikọ SSH na-arụ ọrụ site na iji igodo SSH ọha, ebe anyị ga-emebi njikọ okwuntughe.

Mepee faịlụ /etc/pam.d/sshd na sava gị.

$ sudo vi /etc/pam.d/sshd

Kwupụta akara auth substack paswọọdụ-auth dị na faịlụ ahụ.

#auth       substack     password-auth

Na-esote, tinye ahịrị na-esonụ na njedebe nke faịlụ ahụ.

auth sufficient pam_google_authenticator.so

Chekwaa ma mechie faịlụ ahụ.

Ọzọ, mepee ma dezie faịlụ /etc/ssh/sshd_config.

$ sudo vi /etc/ssh/sshd_config

Chọọ ahịrị ChallengeResponseAuthentication wee gbanwee ya ka ọ bụrụ ee.

ChallengeResponseAuthentication yes

Chọọ ahịrị PasswordAuthentication wee gbanwee ya ka ọ bụrụ enweghị.

PasswordAuthentication no

Na-esote, tinye ahịrị na-esonụ na njedebe nke faịlụ ahụ.

AuthenticationMethods publickey,password publickey,keyboard-interactive

Chekwaa ma mechie faịlụ ahụ, wee malitegharịa SSH.

$ sudo systemctl restart sshd

Nnwale nyocha ihe abụọ na Fedora

Ugbu a gbalịa jikọọ na ihe nkesa gị n'ebe dị anya, ọ ga-ajụ gị ka itinye koodu nkwenye.

$ ssh [email 

Verification code:

Emepụtara koodu nkwenye ahụ na ekwentị mkpanaaka gị site na ngwa nyocha gị. Ebe ọ bụ na koodu emepụtara na-agbanwe kwa sekọnd ole na ole, ịkwesịrị itinye ya ngwa ngwa tupu ọ mepụta nke ọhụrụ.

Ọ bụrụ na itinye koodu nkwenye na-ezighi ezi, ịgaghị enwe ike ijikọ na sistemụ ahụ, ị ga-enwetakwa ikike na-esote njehie agọnarị.

$ ssh [email 

Verification code:
Verification code:
Verification code:
Permission denied (keyboard-interactive).

Site na itinye nyocha ụzọ abụọ a dị mfe, ị gbakwunyela nchekwa nchekwa na sistemụ gị yana nke a na-eme ka ọ siere onye ọrụ amaghi ama ike ịnweta sava gị.