Yadda ake Sanya Tabbatar da kalmar wucewa ta SSH akan RHEL 9

Short for Secure Shell, SSH amintacciyar ka'idar cibiyar sadarwa ce wacce ke ɓoye zirga-zirga tsakanin wuraren ƙarshe biyu. Yana ba masu amfani damar haɗawa da/ko canja wurin fayiloli ta hanyar hanyar sadarwa amintattu.

Ana amfani da SSH galibi ta hanyar hanyar sadarwa da masu gudanar da tsarin don samun amintaccen shiga da sarrafa kadarorin nesa kamar sabar da na'urorin cibiyar sadarwa akan hanyar sadarwa. Yana amfani da hanyoyin ɓoye ƙarfi kamar AES da hashing algorithms kamar SHA-2 da ECDSA don ɓoye zirga-zirgar da aka yi musayar tsakanin abokin ciniki da tsarin nesa.

[Za ku iya kuma son: Yadda ake Aminta da Harden OpenSSH Server]

SSH yana aiwatar da hanyoyin tabbatarwa guda biyu; tushen kalmar sirri da tantance maɓalli na jama'a. An fi so na ƙarshe tunda yana ba da ingantaccen tsaro ta amfani da ingantaccen maɓalli na jama'a wanda ke kare tsarin daga hare-haren ƙarfi.

Tare da wannan a zuciyarmu, zamu nuna yadda zaku iya saita ingantaccen tushen maɓalli na SSH akan RHEL 9.

Wannan shine yadda saitin mu yayi kama

    Tsarin Linux/UNIX (tushen Ubuntu ko RHEL) wanda akansa za mu samar da maɓalli biyu. Don wannan jagorar, ina amfani da rarrabawar Ubuntu.
  • Misali na RHEL 9 (Wannan gajimare ya zama kan-gida ko girgije VPS).

Mataki 1: Ƙirƙirar ECDSA SSH Key Pair

Shiga tsarin Linux ɗin ku kuma samar da maɓalli na SSH kamar haka. A cikin wannan jagorar, za mu samar da maɓallan biyu ta amfani da ECDSA algorithm wanda ke ba da mafi kyawun ɓoyewa da tsaro.

Don haka, don samar da maɓalli na ECDSA, gudanar da umarni:

$ ssh-keygen -t ecdsa

Umurnin zai bi ku ta cikin jerin faɗakarwa.

Ta hanyar tsohuwa, ana adana maɓallan biyu a cikin kundin adireshin gida na mai amfani a cikin directory ~/.ssh. Kuna iya karɓar wannan azaman makoma na biyu maɓallan SSH ta latsa ENTER akan madannai, in ba haka ba, zaku iya tantance hanyar da kuka fi so. A cikin wannan jagorar, mun yanke shawarar tafiya tare da tsohuwar hanyar.

Na gaba, za a umarce ku don samar da kalmar wucewa. Wannan ainihin kalmar sirri ce da za a buƙaci ka samar da ita yayin kafa haɗin kai tare da tsarin RHEL 9 mai nisa. Yana ba da ƙarin ƙarin kariya a saman ɓoyewar da maɓallan SSH ke bayarwa.

Koyaya, idan shirin ku shine sarrafa matakai akan kariyar SSH ko saita ingantaccen kalmar sirri, ana ba da shawarar barin wannan fanko. Sabili da haka, za mu bar wannan fanko ta hanyar, sake buga ENTER.

A ƙasa akwai fitarwa na lokacin gudu na umarni.

Kuna iya samun kallo a maɓallan SSH ta amfani da umarnin ls kamar yadda aka nuna.

$ ls -l ~/.ssh

id_ecdsa shine maɓalli na sirri yayin da id_ecdsa.pub shine maɓallin jama'a. Keɓaɓɓen maɓalli ya kamata koyaushe ya kasance sirri kuma kada a raba shi ko bayyana wa kowa. A gefe guda, kuna da 'yanci don raba jama'a tare da kowane tsarin nesa wanda kuke son haɗawa da shi.

Mataki 2: Kwafi Maɓallin SSH na Jama'a zuwa RHEL 9 mai nisa

Mataki na gaba shine kwafi maɓallin jama'a zuwa misalin RHEL 9 mai nisa. Kuna iya yin wannan ta hanyar hannu ko amfani da ssh-copy-id umurnin-line kayan aiki. Tun da na ƙarshen ya fi sauƙi kuma ya fi dacewa don amfani, kira shi ta amfani da ma'auni mai zuwa.

$ ssh-copy-id [email 

A cikin yanayinmu, umarnin zai kasance kamar haka inda tecmint shine mai amfani na yau da kullun kuma 192.168.254.129 shine adireshin IP na mai amfani mai nisa.

$ ssh-copy-id [email 

Rubuta eh don ci gaba da haɗawa. Sannan samar da kalmar wucewa ta mai amfani kuma danna ENTER.

Za a kwafi maɓallin jama'a zuwa fayil ɗin izini_keys a cikin kundin adireshin ~/.ssh na gidan mai amfani mai nisa. Da zarar an kwafi maɓalli, yanzu zaku iya shiga cikin misalin RHEL 9 mai nisa ta amfani da ingantaccen maɓalli na jama'a.

NOTE: A cikin RHEL 9, tushen shiga kan SSH ba shi da rauni ko an hana shi ta tsohuwa. Wannan saboda dalilai masu kyau - yana hana maharin shiga ta amfani da asusun tushen wanda zai ba shi duk gata akan tsarin. Don haka kwafi maɓallin jama'a zuwa tsarin RHEL azaman tushen zai gaza.

Idan kana buƙatar shiga a matsayin tushen, kana buƙatar gyara tsohuwar tsarin SSH kamar haka.

$ sudo vim /etc/ssh/sshd_config

Na gaba, saita sifa ta PermitRootLogin zuwa ye kuma adana canje-canje kuma fita fayil ɗin.

Don amfani da canje-canjen da aka yi, sake kunna sabis na SSH.

$ sudo systemctl restart ssh

Mataki 3: Tabbatar da Tabbatar da Maɓallin Jama'a na SSH

Yanzu bari mu tabbatar da ingantaccen maɓalli na jama'a. Don yin wannan, shiga kamar haka.

$ ssh [email 

A wannan karon, ba za a nemi kalmar sirri ba kuma za ku sauke kai tsaye zuwa harsashi na RHEL 9 mai nisa kamar yadda aka nuna. Hakanan kuna iya tabbatar da kasancewar fayil ɗin izini_keys kamar yadda aka ambata a baya.

$ ls -l ~/.ssh

Hakanan zaka iya duba fayil ɗin maɓalli na jama'a ta amfani da umarnin cat.

$ cat ~/.ssh/authorized_keys

A kan tebur na Linux wanda muka ƙirƙira maɓallan SSH, an samar da fayil da ake kira sanannun_hosts a cikin ~/.ssh directory. Wannan yana ƙunshe da sawun yatsa na duk sabar nesa da tsarin ya haɗa su.

A cikin wannan jagorar, mun sami nasarar daidaita ingantaccen tushen maɓalli na SSH akan RHEL 9. Ana maraba da ra'ayoyin ku.