ProHoster > ΠΠ»ΠΎΠ³ > Kev tswj hwm > Ob-factor authentication ntawm lub xaib siv lub cim USB. Tam sim no kuj rau Linux
Ob-factor authentication ntawm lub xaib siv lub cim USB. Tam sim no kuj rau Linux
Π ib qho ntawm peb cov ntawv dhau los peb tau tham txog qhov tseem ceeb ntawm ob qhov kev lees paub qhov tseeb ntawm cov tuam txhab portals ntawm cov tuam txhab. Lub sijhawm dhau los peb tau qhia yuav ua li cas teeb tsa kev lees paub tseeb hauv IIS lub vev xaib.
Hauv cov lus hais, peb tau hais kom sau cov lus qhia rau cov vev xaib uas muaj ntau tshaj plaws rau Linux - nginx thiab Apache.
Koj nug - peb sau.
Koj xav tau dab tsi los pib?
Ib qho kev faib tawm Linux niaj hnub. Kuv tau sim teeb tsa ntawm MX Linux 18.2_x64. Qhov no yog qhov tseeb tsis yog server faib, tab sis tsis zoo li yuav muaj qhov sib txawv rau Debian. Rau lwm qhov kev faib tawm, txoj hauv kev mus rau cov tsev qiv ntawv teeb tsa yuav txawv me ntsis.
Txhawm rau ua haujlwm nrog lub token hauv Linux, koj yuav tsum nruab cov pob hauv qab no:
libccid libpcsclite1 pcscd pcsc-cov cuab yeej opensc
Tshaj tawm daim ntawv pov thawj
Hauv cov ntawv dhau los, peb tso siab rau qhov tseeb tias cov neeg rau zaub mov thiab cov ntawv pov thawj yuav raug muab siv Microsoft CA. Tab sis txij li thaum peb tab tom teeb tsa txhua yam hauv Linux, peb tseem yuav qhia koj txog lwm txoj hauv kev los tawm cov ntawv pov thawj no - yam tsis tau tawm hauv Linux.
Peb yuav siv XCA li CA (https://hohnstaedt.de/xca/), uas muaj nyob rau ntawm txhua qhov kev faib tawm Linux niaj hnub. Txhua qhov kev ua uas peb yuav ua hauv XCA tuaj yeem ua tiav hauv hom kab hais kom ua siv OpenSSL thiab pkcs11-cov cuab yeej siv, tab sis kom yooj yim dua thiab meej dua, peb yuav tsis nthuav tawm lawv hauv kab lus no.
Pib
Nruab:
$ apt-get install xca
Thiab peb khiav:
$ xca
Peb tsim peb cov ntaub ntawv rau CA - /root/CA.xdb
Peb pom zoo kom khaws daim ntawv pov thawj Authority database nyob rau hauv ib daim nplaub tshev uas tsuas yog tus thawj coj nkag tau. Qhov no yog qhov tseem ceeb los tiv thaiv tus yuam sij ntiag tug ntawm cov ntawv pov thawj hauv paus, uas yog siv los kos npe rau tag nrho lwm daim ntawv pov thawj.
Tsim cov yuam sij thiab hauv paus CA daim ntawv pov thawj
Lub hauv paus tseem ceeb ntawm pej xeem (PKI) yog ua raws li cov txheej txheem hierarchical. Qhov tseem ceeb hauv qhov system no yog lub hauv paus ntawv pov thawj txoj cai lossis hauv paus CA. Nws daim ntawv pov thawj yuav tsum tau tsim ua ntej.
Peb tsim RSA-2048 tus yuam sij ntiag tug rau CA. Txhawm rau ua qhov no, ntawm lub tab Cov yuam sij ntiag tug Kev lag luam Tshiab tus yuam sij thiab xaiv hom tsim nyog.
Teem lub npe rau tus khub tseem ceeb tshiab. Kuv hu nws CA Key.
Peb muab daim ntawv pov thawj CA nws tus kheej, siv tus khub tseem ceeb tsim. Txhawm rau ua qhov no, mus rau lub tab Daim ntawv pov thiab thawb Daim ntawv pov thawj tshiab.
Txhawm rau txheeb xyuas tias daim ntawv pov thawj pom, koj tuaj yeem mus rau Certificate Manager. Koj yuav raug ceeb toom kom nkag mus rau koj tus PIN. Tom qab cov tswv yim raug lawm, koj tuaj yeem tshawb xyuas dab tsi ntawm lub tab Koj Daim Ntawv Pov Thawj peb daim ntawv pov thawj los ntawm lub token tshwm sim.
Tam sim no cia peb mus nrog lub token. Firefox qhia koj xaiv daim ntawv pov thawj uas yuav raug xaiv rau lub server. Xaiv peb daim ntawv pov thawj.
TSWV YIM!
Kev teeb tsa tau ua tiav ib zaug, thiab raws li koj tuaj yeem pom hauv daim ntawv thov qhov rai, peb tuaj yeem txuag tau peb cov kev xaiv. Tom qab no, txhua zaus peb nkag mus rau hauv lub portal, peb tsuas yog yuav tsum tau ntxig lub token thiab nkag mus rau tus neeg siv tus lej PIN uas tau teev tseg thaum lub sijhawm formatting. Tom qab xws li authentication, tus neeg rau zaub mov twb paub tus neeg siv tau nkag rau hauv thiab koj tsis tuaj yeem tsim cov qhov rai ntxiv rau kev txheeb xyuas, tab sis tam sim ntawd cia tus neeg siv rau hauv nws tus kheej tus account.
Apache
Ib yam li nrog nginx, tsis muaj leej twg yuav tsum muaj teeb meem txhim kho apache. Yog tias koj tsis paub yuav ua li cas rau nruab qhov web server, tsuas yog siv cov ntaub ntawv raug cai.
Thiab peb pib teeb tsa peb HTTPS thiab ob-factor authentication:
Ua ntej koj yuav tsum qhib mod_ssl:
$ a2enmod ssl
Thiab tom qab ntawd qhib lub vev xaib raws li HTTPS teeb tsa:
$ a2ensite default-ssl
Tam sim no peb hloov kho cov ntaub ntawv teeb tsa: /etc/apache2/sites-enabled/default-ssl.conf:
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/apache2/sites-enabled/Server.crt
SSLCertificateKeyFile /etc/apache2/sites-enabled/ServerKey.pem
SSLCACertificateFile /etc/apache2/sites-enabled/CA.crt
SSLVerifyClient require
SSLVerifyDepth 10
Raws li koj tuaj yeem pom, cov npe ntawm cov kev txwv tsis sib xws nrog cov npe ntawm cov tsis muaj nyob hauv nginx, yog li kuv yuav tsis piav qhia lawv. Ib zaug ntxiv, leej twg txaus siab rau cov ntsiab lus yog txais tos rau cov ntaub ntawv.
Tam sim no peb rov pib dua peb lub server:
$ service apache2 reload
$ service apache2 restart
Raws li koj tuaj yeem pom, teeb tsa ob qhov kev lees paub tseeb ntawm txhua lub vev xaib server, txawm tias nyob rau Windows lossis Linux, yuav siv sijhawm ntev tshaj li ib teev. Thiab teeb tsa browsers yuav siv sijhawm li 5 feeb. Ntau tus neeg xav tias kev teeb tsa thiab ua haujlwm nrog ob qhov kev lees paub tseeb yog qhov nyuaj thiab tsis meej. Kuv vam tias peb tsab xov xwm debunks cov dab neeg no, tsawg kawg yog me ntsis.
Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. Kos npe rau hauvthov.
Koj puas xav tau cov lus qhia rau kev teeb tsa TLS nrog daim ntawv pov thawj raws li GOST 34.10-2012: