"Chigoba Chotetezedwa" SSH ndi ndondomeko yapaintaneti yokhazikitsa kulumikizana kotetezeka pakati pa makamu, mokhazikika padoko 22 (omwe ali bwino kusintha). Makasitomala a SSH ndi ma seva a SSH amapezeka pamakina ambiri ogwiritsira ntchito. Pafupifupi protocol ina iliyonse ya netiweki imagwira ntchito mkati mwa SSH, ndiye kuti, mutha kugwira ntchito patali pakompyuta ina, kufalitsa ma audio kapena makanema panjira yobisidwa, ndi zina zambiri. Komanso, mutha kulumikizana ndi olandila ena m'malo mwa olandila akutali.
Kutsimikizira kumachitika pogwiritsa ntchito mawu achinsinsi, koma opanga ndi oyang'anira makina nthawi zambiri amagwiritsa ntchito makiyi a SSH. Vuto ndilakuti kiyi yachinsinsi imatha kubedwa. Kuwonjezera mawu ofotokozera kumateteza ku kubedwa kwa kiyi yachinsinsi, koma pochita, potumiza makiyi ndi caching, iwo. . Kutsimikizika kwazinthu ziwiri kumathetsa vutoli.
Momwe mungagwiritsire ntchito kutsimikizika kwazinthu ziwiri
Madivelopa ochokera ku Chisa chasindikizidwa posachedwa , momwe mungakhazikitsire maziko oyenerera pa kasitomala ndi seva.
Malangizowo akuganiza kuti muli ndi wolandila wina wotsegulira pa intaneti (bastion). Mukufuna kulumikizana ndi wolandirayo kuchokera pa laputopu kapena makompyuta kudzera pa intaneti, ndikupeza zida zina zonse zomwe zili kumbuyo kwake. 2FA imawonetsetsa kuti wowukira sangathe kuchita zomwezo ngakhale atapeza laputopu yanu, mwachitsanzo pakuyika pulogalamu yaumbanda.
Njira yoyamba ndi OTP
OTP - mapasiwedi a digito anthawi imodzi, omwe pakadali pano adzagwiritsidwa ntchito potsimikizira SSH pamodzi ndi kiyi. Madivelopa amalemba kuti iyi si njira yabwino, chifukwa wowukira atha kukweza malo abodza, kusokoneza OTP yanu ndikuigwiritsa ntchito. Koma ndi bwino kuposa kanthu.
Pamenepa, kumbali ya seva, mizere yotsatirayi yalembedwa mu Chef config:
metadata.rbattributes/default.rb(yaattributes.rb)files/sshdrecipes/default.rb(kopera kuchokerarecipe.rb)templates/default/users.oath.erb
Ntchito iliyonse ya OTP imayikidwa kumbali ya kasitomala: Google Authenticator, Authy, Duo, Lastpass, yayikidwa brew install oath-toolkit kapena apt install oathtool openssl, ndiye kuti chingwe cha base16 (kiyi) chimapangidwa. Imasinthidwa kukhala mawonekedwe a Base32 omwe otsimikizira mafoni amagwiritsa ntchito ndikulowetsa mwachindunji mu pulogalamuyi.
Zotsatira zake, mutha kulumikiza ku Bastion ndikuwona kuti tsopano ikufunika osati mawu achinsinsi, komanso nambala ya OTP yotsimikizira:
β ssh -A bastion
Enter passphrase for key '[snip]':
One-time password (OATH) for '[user]':
Welcome to Ubuntu 18.04.1 LTS...Njira yachiwiri ndikutsimikizira kwa hardware
Pankhaniyi, wosuta sakufunika kuti alowe mu code ya OTP nthawi zonse, popeza chinthu chachiwiri chimakhala chipangizo cha hardware kapena biometrics.
Apa kasinthidwe ka Chef ndizovuta kwambiri, ndipo kasinthidwe ka kasitomala kamadalira OS. Koma mukamaliza masitepe onse, makasitomala pa MacOS amatha kutsimikizira kutsimikizika mu SSH pogwiritsa ntchito mawu ofotokozera ndikuyika chala pa sensa (chachiwiri).
Eni ake a iOS ndi Android amatsimikizira kulowa . Iyi ndi teknoloji yapadera yochokera ku Krypt.co, yomwe ili yotetezeka kwambiri kuposa OTP.
Pa Linux/ChromeOS pali mwayi wogwira ntchito ndi ma tokeni a YubiKey USB. Zachidziwikire, wowukira akhoza kuba chizindikiro chanu, koma samadziwabe mawu ofotokozera.
Source: www.habr.com