Niaj hnub no, tsa tus neeg rau zaub mov ntawm lub hosting yog qhov teeb meem ntawm ob peb feeb thiab ob peb nas clicks. Tab sis tam sim ntawd tom qab tso tawm, nws pom nws tus kheej nyob rau hauv ib tug hostile ib puag ncig, vim hais tias nws yog qhib rau tag nrho Internet zoo li ib tug dawb huv ntxhais nyob rau hauv lub rocker disco. Cov scanners yuav pom nws sai sai thiab tshawb xyuas ntau txhiab tus ntawv sau cia bots uas cuam tshuam lub network nrhiav qhov tsis zoo thiab kev teeb tsa tsis raug. Muaj ob peb yam uas koj yuav tsum ua tam sim tom qab tso tawm kom ntseeg tau tias muaj kev tiv thaiv yooj yim.
Thawj kauj ruam yog los tsim cov neeg siv tsis yog hauv paus rau koj tus kheej. Lub ntsiab lus yog tus neeg siv root Cov cai tshwj xeeb hauv lub kaw lus, thiab yog tias koj tso cai rau nws tswj hwm chaw taws teeb, ces koj yuav ua ib nrab ntawm kev ua haujlwm rau tus neeg nyiag nkas, tawm hauv lub npe siv tau rau nws.
Yog li, koj yuav tsum tsim lwm tus neeg siv, thiab lov tes taw kev tswj hwm chaw taws teeb ntawm SSH rau hauv paus.
Tus neeg siv tshiab yog pib los ntawm cov lus txib useradd:
useradd [options] <username>
Tom qab ntawd tus password ntxiv rau nws nrog cov lus txib passwd:
passwd <username>
Thaum kawg, tus neeg siv no yuav tsum tau ntxiv rau ib pab pawg uas muaj txoj cai los ua cov lus hais kom siab sudo. Nyob ntawm Linux faib, cov no yuav yog pawg sib txawv. Piv txwv li, hauv CentOS thiab Red Hat, tus neeg siv tau ntxiv rau pawg wheel:
usermod -aG wheel <username>
Hauv Ubuntu nws tau ntxiv rau pawg sudo:
usermod -aG sudo <username>
Cov yuam sij hloov SSH passwords
Brute quab yuam los yog lo lus zais xau yog tus qauv tawm tsam vector, yog li nws yog qhov zoo tshaj rau lov tes taw lo lus zais authentication hauv SSH (Secure Plhaub) thiab siv qhov tseem ceeb authentication hloov.
Muaj ntau yam kev pab cuam rau kev siv SSH raws tu qauv, xws li lsh ua ΠΈ Txij Nkawm Txoj Kev Ntshaw, tab sis qhov nrov tshaj plaws yog OpenSSH. Txhim kho OpenSSH tus thov kev pab ntawm Ubuntu:
sudo apt install openssh-client
Server installation:
sudo apt install openssh-server
Pib lub SSH daemon (sshd) ntawm Ubuntu server:
sudo systemctl start sshd
Pib lub daemon ntawm txhua lub khau raj:
sudo systemctl enable sshd
Nws yuav tsum raug sau tseg tias tus neeg rau zaub mov feem ntawm OpenSSH suav nrog cov neeg siv khoom. Uas yog, dhau openssh-server koj tuaj yeem txuas rau lwm cov servers. Ntxiv mus, los ntawm koj lub tshuab neeg siv khoom, koj tuaj yeem pib qhov SSH qhov los ntawm cov chaw taws teeb chaw taws teeb mus rau lwm tus tswv tsev, thiab tom qab ntawd tus tswv tsev thib peb yuav xav txog cov chaw taws teeb tswj hwm qhov chaw thov. Ib qho yooj yim heev rau kev npog koj lub cev. Saib kab lus kom paub meej "Cov tswv yim tswv yim, piv txwv, thiab SSH qhov".
Ntawm lub tshuab neeg siv khoom, nws feem ntau ua rau tsis muaj kev nkag siab rau nruab ib lub server uas muaj tag nrho txhawm rau tiv thaiv qhov muaj peev xwm ntawm cov chaw taws teeb sib txuas rau lub khoos phis tawj (rau kev ruaj ntseg).
Yog li, rau koj tus neeg siv tshiab, koj yuav tsum xub tsim cov yuam sij SSH ntawm lub computer uas koj yuav nkag mus rau lub server:
ssh-keygen -t rsa
Tus yuam sij pej xeem tau muab khaws cia rau hauv cov ntaub ntawv .pub thiab zoo li ib txoj hlua ntawm cov cim random uas pib nrog ssh-rsa.
Tam sim no koj tuaj yeem nkag mus rau hauv lub server hauv qab lub npe siv siv tus yuam sij no:
ssh [username]@hostname
Tom qab kev tso cai, koj tuaj yeem siv cov lus txib scp los luam cov ntaub ntawv, cov nqi hluav taws xob sshfs ua mus remotely mount ib cov ntaub ntawv system los yog directory.
Nws raug nquahu kom ua ob peb daim ntawv theej ntawm tus yuam sij ntiag tug, vim tias yog tias koj lov tes taw lo lus zais authentication thiab poob nws, ces koj yuav tsis muaj txoj hauv kev nkag mus rau koj tus kheej server txhua.
Raws li tau hais los saum toj no, hauv SSH koj yuav tsum lov tes taw kev lees paub rau hauv paus (qhov no yog vim li cas peb pib tus neeg siv tshiab).
Tom qab paub tseeb tias tus neeg siv tshiab tau lees paub nrog lawv tus yuam sij, koj tuaj yeem lov tes taw lo lus zais authentication kom tshem tawm qhov kev pheej hmoo ntawm lo lus zais nkag lossis brute quab yuam. Tam sim no, txhawm rau nkag mus rau lub server, tus neeg tawm tsam yuav tsum tau txais tus yuam sij ntiag tug.
kev pab cuam Fail2Ban txheeb xyuas cov ntawv teev npe ntawm tus neeg rau zaub mov thiab suav cov lej nkag mus los ntawm txhua tus IP chaw nyob. Cov chaw teeb tsa qhia cov kev cai rau ntau npaum li cas kev sim nkag tau tso cai rau qee lub sijhawm - tom qab ntawd qhov chaw nyob IP no raug txwv rau lub sijhawm teev tseg. Piv txwv li, cia peb tso cai 5 ua tsis tiav SSH authentication sim nyob rau hauv 2 teev, ces thaiv tus IP chaw nyob rau 12 teev.
SSH tau tsim nyob rau xyoo 1995 los hloov telnet (chaw nres nkoj 23) thiab ftp (chaw nres nkoj 21), yog li tus sau qhov program, Tatu Iltonen xaiv chaw nres nkoj 22 los ntawm lub neej ntawd, thiab tau pom zoo los ntawm IANA.
Lawm, txhua tus neeg tawm tsam paub txog qhov chaw nres nkoj SSH tab tom ua haujlwm - thiab luam theej nws nrog rau cov chaw nres nkoj txheem kom paub cov software version, txhawm rau txheeb xyuas tus qauv hauv paus passwords, thiab lwm yam.
Hloov cov qauv chaw nres nkoj - obfuscation - ob peb zaug txo cov nqi ntawm cov khib nyiab tsheb, qhov loj ntawm cov cav thiab cov load ntawm lub server, thiab kuj txo qhov chaw nres. Txawm tias ib txhia thuam txoj kev no ntawm "kev tiv thaiv los ntawm kev tsis meej pem" (kev ruaj ntseg los ntawm obscurity). Yog vim li cas yog tias cov txheej txheem no tawm tsam cov hauv paus kev tiv thaiv architectural. Yog li, piv txwv li, US National Institute of Standards and Technology in "Server Security Guide" qhia txog qhov xav tau rau kev qhib server architecture: "Kev ruaj ntseg ntawm lub kaw lus yuav tsum tsis txhob cia siab rau qhov zais cia ntawm kev siv nws cov khoom," cov ntaub ntawv hais.
Raws li txoj cai, hloov cov chaw nres nkoj default yog tawm tsam kev coj ua ntawm qhib architecture. Tab sis nyob rau hauv kev xyaum, tus nqi ntawm kev phem tsheb yog tiag tiag txo, yog li qhov no yog ib qho yooj yim thiab zoo ntsuas.
Parameter -p <port> tuaj yeem siv los qhia tus lej chaw nres nkoj thaum txuas nrog cov lus txib ssh hauv linux. IN sftp ΠΈ scp parameter yog siv -P <port> (Capital P). Cov lus qhia kab hais kom dhau ib qho nqi hauv cov ntaub ntawv teeb tsa.
Yog tias muaj ntau lub servers, yuav luag tag nrho cov haujlwm no los tiv thaiv Linux server tuaj yeem ua haujlwm hauv ib tsab ntawv. Tab sis yog tias tsuas muaj ib tus neeg rau zaub mov xwb, ces nws yog qhov zoo dua los tswj cov txheej txheem manually.
Rau Txoj Cai Kev Tshaj Tawm
Order thiab pib tam sim ntawd! Tsim VDS ib qho kev teeb tsa thiab nrog txhua qhov kev ua haujlwm hauv ib feeb. Qhov siab tshaj plaws configuration yuav tso cai rau koj tawm mus rau tag nrho - 128 CPU cores, 512 GB RAM, 4000 GB NVMe. Epic ua π