Yadda ake Amfani da Tabbatar-da Gaske tare da Ubuntu
Bayan lokaci, sunan mai amfani da kalmar wucewa ta asali ya tabbatar da cewa bai isa ba wajen samar da cikakken tsaro ga aikace-aikace da tsarin. Sunaye da kalmomin shiga za a iya fatattakarsu ta amfani da ɗimbin kayan aikin shiga ba tare da izini ba, wanda zai bar tsarinku ya kasance mai saurin fuskantar ɓarna. Saboda wannan dalili, kowane kamfani ko mahaɗan da ke ɗaukar tsaro da mahimmanci suna buƙatar aiwatar da ingantaccen 2-Factor.
Wanda aka fi sani da MFA (Multi-Factor Authentication), 2-Factor authentication yana ba da ƙarin tsaro na tsaro wanda ke buƙatar masu amfani da su su samar da wasu bayanai kamar lambobin, ko OTP (Kalmar wucewa ɗaya) kafin ko bayan tabbatarwa tare da sunan mai amfani da kalmar sirri da aka saba.
A zamanin yau kamfanoni da yawa kamar Google, Facebook, Twitter, da AWS, don ambaton providean wadata masu amfani da zaɓin kafa MFA don ƙara kiyaye asusun su.
A cikin wannan jagorar, muna nuna yadda zaku iya amfani da Tabbatar da Tabbacin-Gaskiya tare da Ubuntu.
Mataki 1: Sanya Google's PAM Package
Da farko kashe, shigar da kunshin Google PAM. PAM, taƙaitawar Module na Tabbatar da Tabbacin isaramar hanya ce, wacce ke samar da ƙarin matakan tabbatarwa akan tsarin Linux.
An shirya kunshin a ajiyar Ubuntu, don haka ci gaba da amfani da umarnin dacewa don girka shi kamar haka:
$ sudo apt install libpam-google-authenticator
Lokacin da aka sa ka, danna Y kuma latsa ENTER don ci gaba da shigarwa.
Mataki 2: Shigar da Google Authenticator App akan Wayar Wayar ka
Ari, kuna buƙatar shigar da aikace-aikacen Google Authenticator akan kwamfutar hannu ko wayoyinku. Manhajar zata gabatar muku da lambar OTP mai lamba 6 wacce zata sake sabunta kowane dakika 30.
Mataki na 3: Sanya Google PAM a cikin Ubuntu
Tare da app Authenticator app a wurin, zamu ci gaba da saita kunshin Google PAM akan Ubuntu ta hanyar gyara /etc/pam.d/common-auth file kamar yadda aka nuna.
$ sudo vim /etc/pam.d/common-auth
Sanya layin da ke ƙasa zuwa fayil ɗin kamar yadda aka nuna.
auth required pam_google_authenticator.so
Adana fayil ɗin kuma fita.
Yanzu, gudanar da umarnin da ke ƙasa don fara PAM.
$ google-authenticator
Wannan zai haifar da wasu tambayoyi akan allon tashar ku. Da farko, za a tambaye ku idan kuna son alamun tabbatarwa su kasance tushen lokaci.
Alamun tantancewar lokaci zasu ƙare bayan wani lokaci. Ta hanyar tsoho, wannan yana bayan secs 30, wanda akan ƙirƙiri sabon saitin alamu. Waɗannan alamun ana ɗaukar su amintattu fiye da alamun da ba na lokaci ba, sabili da haka, buga y don ee kuma buga ENTER.
Na gaba, za a nuna lambar QR a kan tashar kamar yadda aka nuna a ƙasa da dama a ƙasa da shi, za a nuna wasu bayanai. Bayanin da aka nuna ya hada da:
- Mabuɗin sirri
- lambar tabbatarwa
- Lambobin karcewar gaggawa
Kuna buƙatar adana wannan bayanin zuwa rumbun don tunani na gaba. Lambobin karcewar gaggawa suna da matukar amfani a yayin da kuka rasa na'urar mai tantance ku. Idan wani abu ya faru da na'urar tabbatar maka, yi amfani da lambobin.
Kaddamar da Google Authenticator App akan na'urarka ta zamani kuma zaɓi '' Scan QR code 'don bincika lambar QR ɗin da aka gabatar.
NOTE: Kuna buƙatar ƙara girman taga don bincika duka QR code. Da zarar an binciki lambar QR, za a nuna OTP mai lamba shida da ke canza kowane dakika 30 a kan App.
Bayan haka, Zaɓi y don sabunta fayil ɗin mai tantance Google a cikin babban fayil ɗin gidanka.
A cikin sako na gaba, ƙuntata shiga kawai a cikin kowane dakika 30 don hana kai hare-haren da ka iya tasowa saboda hare-haren-cikin-tsakiyar. Don haka zaɓi y
A cikin mai zuwa na gaba, Zaɓi n don ƙin yarda da tsawan lokacin wanda zai magance ƙwanƙwasa lokaci tsakanin uwar garke da abokin ciniki. Wannan shine zaɓin mafi aminci sai dai idan kuna fuskantar ƙalubale tare da aiki tare mara aiki mara kyau.
Kuma a ƙarshe, ba da damar iyakancewar ƙira don yunƙurin shiga 3 kawai.
A wannan gaba, mun gama aiwatar da fasalin ingantaccen fasalin 2-factor. A zahiri, idan kunyi duk wani umarni na sudo, za a sa ku lambar tabbatarwa wanda zaku iya samu daga aikace-aikacen Google Authenticator.
Kuna iya kara tabbatar da wannan ta hanyar sake farawa kuma da zarar kun isa allon shiga, za a nemi ku samar da lambar tabbatarwa.
Bayan ka samar da lambarka daga manhajar Google Authenticator, kawai ka samar da kalmar wucewa dan samun damar tsarin ka.
Mataki na 4: Haɗa SSH tare da Google Authenticator
Idan kuna da niyyar amfani da SSH tare da tsarin Google PAM, kuna buƙatar haɗa waɗannan biyun. Akwai hanyoyi biyu da zaku iya cimma wannan.
Don kunna kalmar sirri ta SSH don mai amfani na yau da kullun, da farko, buɗe tsoho fayil ɗin daidaitawa na SSH.
$ sudo vim /etc/ssh/sshd_config
Kuma saita waɗannan halayen zuwa 'eh' kamar yadda aka nuna
Ga mai amfani da tushen, saita 'PermitRootLogin' sifa ga ee .
PermitRootLogin yes
Adana fayil ɗin kuma fita.
Na gaba, gyara dokar PAM don SSH
$ sudo vim /etc/pam.d/sshd
Sannan a sanya layi mai zuwa
auth required pam_google_authenticator.so
Aƙarshe, sake kunna sabis na SSH don canje-canje su fara aiki.
$ sudo systemctl restart ssh
A cikin misalin da ke ƙasa, muna shiga cikin tsarin Ubuntu daga abokin ciniki na Putty.
Idan kuna amfani da tabbatar da mabuɗin jama'a, maimaita matakan da ke sama kuma ƙara layin da aka nuna a ƙasan fayil ɗin/etc/ssh/sshd_config.
AuthenticationMethods publickey,keyboard-interactive
Har yanzu, shirya dokar PAM don SSH daemon.
$ sudo vim /etc/pam.d/sshd
Sa'an nan kuma ƙara layi mai zuwa.
auth required pam_google_authenticator.so
Adana fayil ɗin kuma sake kunna sabis na SSH kamar yadda muka gani a baya.
$ sudo systemctl restart ssh
Kashe Ingancin Yanayi Biyu a Ubuntu
Idan ka rasa na’urar tantance bayanan ka ko kuma sirrin sirrin ka, kar a tafi kwaya. Kuna iya hana layin tantancewar 2FA a sauƙaƙe ku koma ga hanyar shigar ku mai amfani mai sauƙi/kalmar shiga.
Da farko, sake kunna tsarin kuma latsa e a farkon shigarwar GRUB.
Gungura kuma gano layin da ya fara da Linux kuma ya ƙare da natsuwa a hankali $vt_handoff. Sanya layin systemd.unit = rescue.target kuma latsa ctrl+x don shiga yanayin ceto
Da zarar ka sami harsashi, samar da kalmar sirri ta asali kuma latsa Shigar.
Na gaba, ci gaba da share fayil ɗin .google-ingantacce a cikin kundin adireshin gidanka kamar haka. Tabbatar da maye gurbin sunan mai amfani da sunan mai amfanin ku.
# rm /home/username/.google_authenticator
Sannan gyara fayil /etc/pam.d/common-auth.
# $ vim /etc/pam.d/common-auth
Sharhi ko share layin mai zuwa:
auth required pam_google_authenticator.so
Adana fayil ɗin kuma sake yi tsarin ku. A kan allon shiga, kawai za a buƙaci ka samar da sunan mai amfani da kalmar wucewa don tantancewa.
Kuma wannan ya kawo mu ƙarshen wannan labarin. Za mu yi farin cikin jin yadda abin ya kasance.