Yadda ake saita SSH Passwordless Login akan openSUSE 15.3

Ɗaya daga cikin sanannun kuma gabaɗaya yarda da mafi kyawun ayyukan tsaro na OpenSSH shine saitawa da amfani da ingantaccen maɓalli na jama'a aka tabbatar mara kalmar sirri. Ko da yake wannan hanya ta asali ce don tsaro, a kan ƙaramin bayani, tana kuma ba da damar sauƙin amfani saboda rashin rubuta kalmar sirri a duk lokacin da kuka yi ƙoƙarin shiga uwar garken ku.

Wannan jagorar za ta bi ku ta matakan da ake buƙata don saita ingantaccen kalmar sirri ta SSH tare da kashe amincin kalmar sirri akan openSUSE 15.3.

  • Ubuntu na gida tare da abokin ciniki ssh - 192.168.56.1
  • Sabar buɗaɗɗen SUSE 15.3 - 192.168.56.101

Mataki 1: Ƙirƙirar SSH Jama'a/Maɓalli Mai zaman kansa

Don ƙirƙirar maɓalli biyu, yi amfani da umarnin ssh-keygen tare da alamar -t don tantance nau'in maɓallin. Idan aka yi amfani da shi ba tare da wata gardama ba, za a samar da maɓallin RSA 2048-bit. Ta hanyar tsoho, maɓallin keɓaɓɓen za a adana a ƙarƙashin ~/.ssh/id_rsa directory da maɓallin jama'a a ƙarƙashin ~/.ssh/id_rsa.pub.

Lura cewa zaku iya ƙirƙirar maɓalli na biyu tare da suna na al'ada. Bugu da ƙari, idan kuna da niyyar amfani da maɓallan biyu don shiga cikin hulɗa, zaku iya saita kalmar wucewa (mai kama da kalmar sirri don shiga da amfani da maɓalli) yayin samar da maɓallin biyu.

$ ssh-keygen

Yanzu tabbatar da cewa an ƙirƙiri maɓallin biyu a ƙarƙashin directory ~/.ssh ta amfani da umarnin ls kamar yadda aka nuna.

$ ls -la .ssh/my_key*

Mataki 2: Loda SSH Key zuwa Nesa OpenSUSE Server

Na gaba, loda maɓallin jama'a zuwa uwar garken buɗe SUSE mai nisa ta amfani da umarnin ssh-copy-id kamar haka. Yi amfani da tutar -i don tantance hanyar zuwa maɓallin jama'a kuma shigar da kalmar wucewa ta ssh lokacin da aka sa:

$ ssh-copy-id -i .ssh/my_key.pub  [email 

Tukwici: Idan kun sami cire haɗin da aka karɓa daga 192.168.56.101 tashar jiragen ruwa 22:2: gazawar tantancewa da yawa, An cire haɗin daga 192.168.56.101 tashar jiragen ruwa 22 kuskure, yi amfani da zaɓin IdentitiesOnly=ye kamar yadda aka bayyana a ciki. umarni mai zuwa.

$ ssh-copy-id -i .ssh/my_key.pub -o IdentitiesOnly=yes  [email 

Mataki 3: Haɗa zuwa openSUSE Ba tare da SSH Passwordless ba

Yanzu tabbatar da shiga mara kalmar sirri mai nisa zuwa uwar garken openSUSE. Yi ƙoƙarin shiga tare da maɓalli na sirri kamar haka. Shigar da kalmar wucewar ku a duk lokacin da aka sa ku samar da shi.

$ ssh -i .ssh/my_key [email 

Mataki 4: Kashe Tabbatar da Kalmar wucewa ta SSH

Tsanaki: Tabbatar cewa kun saita kuma kun yi nasarar gwada ingantaccen kalmar sirri kafin musaki amincin kalmar sirri, in ba haka ba kuna haɗarin kulle kanku daga sabar openSUSE.

Don musaki tantance kalmar sirri, tabbatar an saita ƙa'idodin daidaitawa na kalmar wucewa da ChallangeResponseAuthentication zuwa no kuma an saita UsePAM zuwa e kamar yadda aka nuna a cikin hoton hoto mai zuwa.

Ajiye saitunan kwanan nan kuma sake kunna sshd daemon/sabis kamar yadda aka nuna.

$ sudo systemctl restart sshd

Daga yanzu, duk wani mai amfani a kan uwar garken openSUSE wanda yayi ƙoƙarin shiga tare da tantance kalmar sirri zai gamu da kuskuren da aka nuna a hoton da ke biyo baya.

Shi ke nan a yanzu. Don neman ƙarin bayani game da wannan batu, tuntuɓe mu ta hanyar amsa tambayoyin da ke ƙasa.