Yadda Ake Saita Madaidaicin Izinin Jagorar SSH a cikin Linux
Don SSH yayi aiki da kyau, yana buƙatar izini daidai akan ~/.ssh ko/gida/sunan mai amfani/.ssh directory: wurin tsoho don duk ƙayyadaddun ƙayyadaddun ssh mai amfani da fayilolin tantancewa. Ana karanta/rubuta/ aiwatar da izini don mai amfani, kuma dole ne ƙungiyar da wasu ba za su iya samun damar yin amfani da su ba.
Bayan haka, ssh kuma yana buƙatar cewa fayilolin da ke cikin kundin adireshi yakamata su sami izinin karantawa/rubutu don mai amfani, kuma kada wasu su sami damar yin amfani da su. In ba haka ba, mai amfani zai iya fuskantar kuskure mai zuwa:
Authentication refused: bad ownership or modes for directory
Wannan jagorar yana bayanin yadda ake saita izini daidai akan kundin adireshin .ssh da fayilolin da aka adana a ciki, akan tsarin Linux.
Saita Madaidaicin Izinin Jagorar SSH a cikin Linux
Idan kun taɓa cin karo da kuskuren da ke sama, zaku iya saita madaidaicin izini na ssh akan directory ɗin .ssh ta amfani da umarnin chmod.
# chmod u+rwx,go-rwx ~/.ssh OR # chmod 0700 ~/.ssh
Don duba izini akan directory ~/.ssh, yi amfani da umarnin ls tare da alamar -l da -d, kamar haka:
# ls -ld .ssh/
Waɗannan su ne wasu fayilolin da za ku samu a cikin directory ~/.ssh:
- fayil ɗin maɓalli na sirri (misali id_rsa) - maɓallin keɓaɓɓen don tantancewa, wanda ya ƙunshi mahimman bayanai masu mahimmanci, don haka, dole ne ya karanta da rubuta izini ga mai shi kuma ba za a samu ta hanyar rukuni da wasu ba, in ba haka ba, ssh zai ƙi. gama.
- Maɓalli na jama'a (misali fayil ɗin pub) - maɓallin jama'a don tantancewa, wanda kuma ya ƙunshi mahimman bayanai don haka yakamata ya karanta da rubuta izini ga mai shi, izinin karantawa kawai ta rukuni, da sauransu.
- maɓallai masu izini - ya ƙunshi jerin maɓallan jama'a waɗanda za a iya amfani da su don shiga a matsayin wannan mai amfani. Ba shi da hankali sosai amma yakamata ya karanta da rubuta izini ga mai shi kuma ba za a iya samunsa ta rukuni da sauran mutane ba.
- sani_hosts - yana adana jerin maɓallan runduna don duk rundunonin da mai amfani da ssh ya shiga. Kamata ya yi ya karanta da rubuta izini ga mai shi kuma kada ƙungiyoyi da sauran su samu damar yin hakan.
- config – fayil ɗin daidaitawar kowane mai amfani kuma yakamata ya karanta da rubuta izini ga mai shi kuma bai kamata ƙungiyar da sauran su samu damar shiga ba.
Ta hanyar tsoho, fayilolin da ke ƙarƙashin directory ~/.ssh an ƙirƙira su tare da saita izini daidai. Don duba izininsu, gudanar da umarni mai zuwa a cikin kundin adireshin gidanku:
# ls -l .ssh/
Idan ssh ya yi korafin kuskuren izini akan kowane ɗayan fayilolin da ke sama, zaku iya saita izini daidai ga kowane fayiloli kamar haka:
# chmod u+rw,go-rwx .ssh/id_rsa # chmod u+rw,go-rwx .ssh/id_rsa.pub # chmod u+rw,go-rwx .ssh/authorized_keys # chmod u+rw,go-rwx .ssh/known_hosts # chmod u+rw,go-rwx .ssh/config OR # chmod 600 .ssh/id_rsa # chmod 600 .ssh/id_rsa.pub # chmod 600 .ssh/authorized_keys # chmod 600 .ssh/known_hosts # chmod 600 .ssh/config
Bugu da kari, kundin adireshin gida na mai amfani bai kamata kungiyar ko wasu su iya rubutawa ba, kamar yadda aka nuna a hoton da ke biyowa.
# ls -ld ~
Don cire izini na rubuto don rukuni da wasu akan kundin adireshin gida, gudanar da wannan umarni:
# chmod go-w ~ OR # chmod 755 ~
Hakanan kuna iya son karanta labarai masu alaƙa da SSH masu zuwa:
- Yadda ake Aminta da Harden OpenSSH Server
- 5 Mafi kyawun Sabar OpenSSH Mafi Kyawun Ayyukan Tsaro
- Yadda ake Saita SSH Passwordless Login in Linux [3 Easy Matakai]
- Yadda Ake Toshe Hare-haren Ƙarfin Ƙarfi na SSH Ta Amfani da SSHGUARD
- Yadda ake Amfani da Knocking Port Don Aminta Sabis na SSH a Linux
- Yadda ake Canja tashar SSH a Linux
Shi ke nan a yanzu! Yi amfani da sashin sharhin da ke ƙasa don yin tambayoyi ko ƙara ra'ayoyin ku ga wannan batu.