5 Mafi kyawun Sabar OpenSSH Mafi kyawun Ayyukan Tsaro


SSH (Secure Shell) wata ka'idar cibiyar sadarwa ce ta bude tushen wacce ake amfani da ita don haɗa sabar Linux na gida ko na nesa don canja wurin fayiloli, yin madadin nesa, aiwatar da umarni mai nisa, da sauran ayyuka masu alaƙa da hanyar sadarwa ta hanyar sftp umarni tsakanin sabobin biyu waɗanda ke haɗa kan amintaccen tashar kan hanyar sadarwa.

A cikin wannan labarin, zan nuna muku wasu kayan aiki masu sauƙi da dabaru waɗanda zasu taimake ku don ƙarfafa tsaro na uwar garken ssh. Anan zaku sami wasu bayanai masu fa'ida akan yadda ake kiyayewa da hana sabar ssh daga mummunan ƙarfi da harin ƙamus.

1. DenyHosts

DenyHosts shine rubutun tsaro na kariya na kutsawa tushen tushen tushen log don sabar SSH wanda aka rubuta a cikin yaren shirye-shiryen Python wanda masu gudanar da tsarin Linux da masu amfani da tsarin za su gudanar don saka idanu da kuma nazarin rajistan shiga sabar SSH don gazawar yunƙurin shiga ya sani. hare-hare na tushen ƙamus da hare-haren ƙarfi.

Rubutun yana aiki ta hanyar hana adiresoshin IP bayan adadin adadin yunƙurin shiga da ya gaza kuma ya hana irin waɗannan hare-hare samun damar shiga uwar garken.

  • Ana kiyaye /var/log/amince don nemo duk ƙoƙarin shiga cikin nasara da gazawa da kuma tace su.
  • Ya sa ido kan duk yunƙurin shiga da mai amfani ya yi da rashin nasara.
  • Ya ci gaba da kallon kowane mai amfani da ke wanzu da wanda babu shi (misali xyz) lokacin da aka gaza yin ƙoƙarin shiga.
  • Kiyaye kowane mai amfani da laifi, mai masaukin baki, da yunƙurin shiga da ake tuhuma (Idan yawan gazawar shiga) yana hana mai karɓar adireshin IP ta ƙara shigarwa cikin fayil /etc/hosts.deny.
  • Saboda zaɓin aika sanarwar imel na sabbin katange runduna da shiga masu tuhuma.
  • Hakanan yana kiyaye duk ingantattun yunƙurin shiga mai amfani da mara inganci a cikin fayiloli daban-daban domin ya sauƙaƙa gano mai inganci ko mara inganci da ake kaiwa hari. Don haka, don mu iya share wannan asusun ko canza kalmar sirri, ko musaki harsashi don mai amfani.

[Za ku iya kuma so: Yadda ake Toshe Hare-Harewar Ƙarfin Ƙarfin SSH ta Amfani da DenyHosts]

2. Kasa2Ban

Fail2ban yana ɗaya daga cikin shahararren buɗaɗɗen tushen kutse/tsarin rigakafi da aka rubuta a cikin yaren shirye-shiryen Python. Yana aiki ta hanyar bincika fayilolin log kamar /var/log/secure, /var/log/auth.log, /var/log/pwdfail da sauransu. don yunƙurin shiga da yawa da suka gaza.

Ana amfani da Fail2ban don sabunta Netfilter/iptables ko TCP Wrapper's hosts.deny file, don ƙin adireshin IP na maharin na ƙayyadadden adadin lokaci. Hakanan yana da ikon cire katange adireshin IP na wani ɗan lokaci da masu gudanarwa suka saita. Koyaya, wani ɗan mintuna na cirewa ya fi isa don dakatar da irin waɗannan munanan hare-hare.

  • Multi-threaded kuma Mai iya daidaitawa sosai.
  • Taimako don jujjuya fayilolin log kuma yana iya ɗaukar ayyuka da yawa kamar (sshd, vsftpd, apache, da sauransu).
  • Mai lura da fayilolin log kuma a nemo sanannun da ba a san su ba.
  • Yana amfani da Netfilter/Iptables da TCP Wrapper (/etc/hosts.deny) tebur don hana maharan IP.
  • Yana gudanar da rubutun lokacin da aka gano tsarin da aka bayar don adireshin IP iri ɗaya fiye da sau X.

[ Hakanan kuna iya son: Yadda ake Amfani da Fail2ban don Amintar da Sabar Linux ɗin ku]

3. Kashe Tushen Login

Ta hanyar tsoho tsarin Linux an riga an tsara su don ba da damar shiga cikin nesa na ssh ga kowa da kowa ciki har da tushen mai amfani da kanta, wanda ke ba kowa damar shiga cikin tsarin kai tsaye kuma samun tushen tushen. Duk da gaskiyar cewa uwar garken ssh yana ba da hanya mafi aminci don musaki ko kunna tushen shiga, yana da kyau koyaushe don musaki tushen tushen, kiyaye sabobin amintacce.

Akwai mutane da yawa da ke ƙoƙarin lalata tushen asusun ta hanyar hare-haren SSH ta hanyar ba da sunaye daban-daban da kalmomin shiga, ɗaya bayan ɗaya. Idan kun kasance mai gudanar da tsarin, zaku iya bincika rajistan ayyukan uwar garken ssh, inda zaku sami adadin yunƙurin shiga da suka gaza. Babban dalilin da ya haifar da gazawar yunƙurin shiga shine samun isassun kalmomin sirri kuma hakan yana da ma'ana ga hackers/mahara suyi gwadawa.

Idan kuna da kalmomin sirri masu ƙarfi, to tabbas kuna da lafiya, duk da haka, yana da kyau a kashe tushen shiga kuma ku sami asusun daban na yau da kullun don shiga, sannan amfani da sudo ko su don samun tushen tushen duk lokacin da ake buƙata.

[Za ku iya kuma so: Yadda ake kashe SSH Tushen Login da iyakance damar SSH a Linux]

4. Nuna SSH Banner

Wannan yana ɗaya daga cikin tsoffin abubuwan da ake samu tun farkon aikin ssh, amma ban taɓa ganin kowa yana amfani da shi ba. Duk da haka dai, Ina jin yana da mahimmanci kuma mai amfani sosai wanda na yi amfani da shi don duk sabar Linux na.

Wannan ba don wata manufa ta tsaro ba ce, amma babbar fa'idar wannan tuta ita ce ana amfani da ita don nuna saƙon gargaɗin ssh zuwa damar samun izini na Majalisar Dinkin Duniya da kuma maraba da saƙon ga masu amfani da izini kafin shigar da kalmar wucewa da kuma bayan mai amfani ya shiga.

[Kila kuma son: Yadda ake Kare SSH Logins tare da Saƙonnin SSH & MOTD Banner]

5. Shigar da kalmar wucewa ta SSH

Ƙaddamar da kalmar wucewa ta SSH tare da maɓallin SSH zai kafa dangantaka ta aminci tsakanin sabar Linux guda biyu wanda ke sa canja wurin fayil da aiki tare da sauƙi.

Wannan yana da fa'ida sosai idan kuna ma'amala da ma'amala da ma'amala ta atomatik na nesa, aiwatar da rubutun nesa, canja wurin fayil, sarrafa rubutun nesa, da sauransu ba tare da shigar da kalmar wucewa ba kowane lokaci.

[ Hakanan kuna iya son: Yadda ake Saita Shigar da kalmar wucewa ta SSH a cikin Linux [3 Easy Matakai]]

Don ƙara amintar uwar garken SSH ɗin ku, karanta labarin mu akan Yadda ake Aminta da Harden OpenSSH Server