Yadda ake Saita Tabbatar da Factor Biyu don SSH akan Fedora
Kowace rana da alama ana samun rahotanni tabarbarewar tsaro da yawa inda bayananmu ke cikin haɗari. Duk da cewa SSH wata amintacciyar hanya ce don kafa haɗin kai daga nesa zuwa tsarin Linux, amma duk da haka, mai amfani da ba a sani ba zai iya samun damar shiga na'urar Linux ɗin ku idan sun sata maɓallan SSH ɗin ku, koda kun kashe kalmomin shiga ko ba da izinin haɗin SSH kawai. maɓallan jama'a da na sirri.
A cikin wannan labarin, zamuyi bayanin yadda ake saita ingantaccen abu biyu (2FA) don SSH akan rarrabawar Fedora Linux ta amfani da Google Authenticator don samun damar tsarin Linux mai nisa ta hanya mafi aminci ta hanyar samar da TOTP (Lokaci ɗaya na tushen lokaci). Kalmar wucewa) lambar da aka ƙirƙira ta hanyar aikace-aikacen tabbatarwa akan na'urar hannu.
Lura cewa, zaku iya amfani da kowane aikace-aikacen tantancewa ta hanyoyi biyu don na'urar tafi da gidanka wacce ta dace da TOTP algorithm. Akwai ƙa'idodi masu yawa na kyauta don Android ko IOS waɗanda ke tallafawa TOTP da Google Authenticator, amma wannan labarin yana amfani da Google Authenticator azaman misali.
Sanya Google Authenticator akan Fedora
Da farko, shigar da aikace-aikacen Authenticator na Google akan sabar Fedora ta amfani da bin umarnin dnf.
$ sudo dnf install -y google-authenticator
Da zarar Google Authenticator ya shigar, yanzu zaku iya gudanar da aikace-aikacen.
$ google-authenticator
Aikace-aikacen yana sa ku da tambayoyi da yawa. Wadannan snippets masu zuwa suna nuna muku yadda ake amsawa don ingantaccen saiti.
Do you want authentication tokens to be time-based (y/n)yDo you want me to update your "/home/user/.google_authenticator" file (y/n)?y
Aikace-aikacen yana ba ku maɓallin sirri, lambar tabbatarwa, da lambobin dawowa. Ajiye waɗannan maɓallan a cikin amintaccen wuri, saboda waɗannan maɓallan sune kawai hanyar samun damar uwar garken idan ka rasa na'urarka ta hannu.
Saita Tabbatar da Wayar Hannu
A kan wayar hannu, je zuwa app store Google Play ko iTunes kuma ku nemo Google Authenticator kuma shigar da aikace-aikacen.
Yanzu buɗe aikace-aikacen Authenticator na Google akan wayar hannu kuma bincika lambar QR da aka nuna akan allon tashar ta Fedora. Da zarar an kammala binciken lambar QR, za ku sami lambar da aka ƙirƙira ta hanyar aikace-aikacen tabbatarwa kuma ku yi amfani da wannan lambar duk lokacin da kuka haɗa zuwa sabar Fedora ɗinku daga nesa.
Kammala Kanfigareshan Tabbacin Google
Aikace-aikacen Authenticator na Google yana haifar da ƙarin tambayoyi kuma misalin mai zuwa yana nuna yadda ake amsa su don saita amintaccen tsari.
Yanzu kuna buƙatar saita SSH don amfani da sabon tabbaci na hanyoyi biyu kamar yadda aka bayyana a ƙasa.
Sanya SSH don Amfani da Google Authenticator
Don saita SSH don amfani da aikace-aikacen tantancewa, da farko kuna buƙatar samun haɗin SSH mai aiki ta amfani da maɓallan SSH na jama'a, kamar yadda za mu kashe haɗin kalmar sirri.
Bude /etc/pam.d/sshd fayil akan sabar ku.
$ sudo vi /etc/pam.d/sshd
Yi sharhi da layin auth substack kalmar sirri-auth a cikin fayil ɗin.
#auth substack password-auth
Na gaba, sanya layin da ke gaba zuwa ƙarshen fayil ɗin.
auth sufficient pam_google_authenticator.so
Ajiye kuma rufe fayil ɗin.
Na gaba, buɗe kuma shirya fayil ɗin /etc/ssh/sshd_config.
$ sudo vi /etc/ssh/sshd_config
Nemo layin ChallengeResponseAuthentication kuma canza shi zuwa e.
ChallengeResponseAuthentication yes
Nemo layin PasswordAuthentication kuma canza shi zuwa no.
PasswordAuthentication no
Na gaba, sanya layin da ke gaba zuwa ƙarshen fayil ɗin.
AuthenticationMethods publickey,password publickey,keyboard-interactive
Ajiye kuma rufe fayil ɗin, sannan sake kunna SSH.
$ sudo systemctl restart sshd
Gwajin Tabbatar da Factor Biyu akan Fedora
Yanzu gwada haɗi zuwa uwar garken ku daga nesa, zai tambaye ku shigar da lambar tantancewa.
$ ssh [email Verification code:
An samar da lambar tabbatarwa ba da gangan ba a kan wayar hannu ta aikace-aikacen tantancewar ku. Tun da code ɗin da aka ƙirƙira yana canzawa kowane ƴan daƙiƙa, kuna buƙatar shigar da shi da sauri kafin ya ƙirƙiri wata sabuwa.
Idan kun shigar da lambar tabbatarwa mara kuskure, ba za ku iya haɗawa da tsarin ba, kuma za ku sami kuskuren hana izini mai zuwa.
$ ssh [email Verification code: Verification code: Verification code: Permission denied (keyboard-interactive).
Ta hanyar aiwatar da wannan ingantaccen tabbaci ta hanyoyi biyu, kun ƙara ƙarin ƙarin tsaro ga tsarin ku kuma hakan yana ƙara wahala ga mai amfani da ba a sani ba don samun damar shiga sabar ku.