SSH rugsatsyz ulanyjylara duýduryş habaryny nädip görkezmeli

Kompaniýalar ýa-da guramalar rugsatsyz ulanyjylaryň Linux serwerine girmeginiň öňüni almak üçin berk duýduryş habaryny görkezmek islänlerinde SSH banner duýduryşlary möhümdir.

Bu SSH banner duýduryş habarlary, SSH parol soramagynyň öň ýanynda görkezilýär, girmek isleýän rugsatsyz ulanyjylar munuň netijelerinden habarly bolarlar. Adatça, bu duýduryşlar serwere girmek kararyna gelse, rugsatsyz ulanyjylaryň ejir çekip biljek kanuny netijeleri bolup durýar.

Banner duýduryşynyň rugsatsyz ulanyjylaryň girmeginiň öňüni almajakdygyna üns beriň. Duýduryş banneri diňe birugsat ulanyjylaryň girmegini duýdurmak üçin duýduryşdyr. Eger birugsat ulanyjylaryň girmegini gadagan etmek isleseňiz, goşmaça SSH konfigurasiýalary talap edilýär.

SSH bannerinde käbir howpsuzlyk duýduryş maglumatlary ýa-da umumy maglumatlar bar. Aşakda Linux serwerlerimde ulanýan SSH banner habarlary bar.

Mysal SSH Banner habary 1:

#################################################################
#                   _    _           _   _                      #
#                  / \  | | ___ _ __| |_| |                     #
#                 / _ \ | |/ _ \ '__| __| |                     #
#                / ___ \| |  __/ |  | |_|_|                     #
#               /_/   \_\_|\___|_|   \__(_)                     #
#                                                               #
#  You are entering into a secured area! Your IP, Login Time,   #
#   Username has been noted and has been sent to the server     #
#                       administrator!                          #
#   This service is restricted to authorized users only. All    #
#            activities on this system are logged.              #
#  Unauthorized access will be fully investigated and reported  #
#        to the appropriate law enforcement agencies.           #
#################################################################

Mysal SSH Banner habary 2:

ALERT! You are entering a secured area! Your IP, Login Time, and Username have been noted and have been sent to the server administrator!
This service is restricted to authorized users only. All activities on this system are logged.
Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

Habarlary görkezmegiň iki usuly bar, biri issue.net faýly, ikinjisi MOTD faýly.

  • /etc/issue.net - Parolyň giriş soragyndan öň duýduryş banner habaryny görkeziň.
  • /etc/motd - Ulanyjy gireninden soň hoş geldiňiz banner habaryny görkeziň.

Şeýlelik bilen, ähli ulgam dolandyryjylaryna ulanyjylara ulgamlara girmezden ozal banner habarlaryny görkezmegi maslahat berdim. SSH giriş habarlaryny işjeňleşdirmek üçin diňe ýönekeý ädimleri ýerine ýetiriň.

Girişden ozal ulanyjylara SSH duýduryş habaryny görkeziň

Rhli rugsatsyz ulanyjylara SSH duýduryş habarlaryny görkezmek üçin /etc/issue.net faýlyna, islän tekst redaktoryňyzy ulanyp banner habarlaryny görkezmek üçin girmeli.

$ sudo vi /etc/issue.net
Or
$ sudo nano /etc/issue.net

Aşakdaky banner nusga habaryny goşuň we faýly ýazdyryň. Bu faýla islendik banner habaryny goşup bilersiňiz.

#################################################################
#                   _    _           _   _                      #
#                  / \  | | ___ _ __| |_| |                     #
#                 / _ \ | |/ _ \ '__| __| |                     #
#                / ___ \| |  __/ |  | |_|_|                     #
#               /_/   \_\_|\___|_|   \__(_)                     #
#                                                               #
#  You are entering into a secured area! Your IP, Login Time,   #
#   Username has been noted and has been sent to the server     #
#                       administrator!                          #
#   This service is restricted to authorized users only. All    #
#            activities on this system are logged.              #
#  Unauthorized access will be fully investigated and reported  #
#        to the appropriate law enforcement agencies.           #
#################################################################

Ondan soň/etc/ssh/sshd_config konfigurasiýa faýlyny açyň.

$ sudo vi /etc/ssh/sshd_config
Or
$ sudo nano /etc/ssh/sshd_config

“Banner” sözüni gözläň we faýly ýazdyryň.

#Banner /some/path

Bu şeýle bolmaly.

Banner /etc/issue.net (you can use any path you want)

Ondan soň, täze üýtgeşmeleri görkezmek üçin SSH daemonyny täzeden açyň.

$ sudo systemctl restart sshd
Or
$ sudo service restart sshd

Indi serwere birikmäge synanyşyň, aşakda meňzeş banner habaryny görersiňiz.

Girişden soň ulanyjylara SSH hoş habaryny görkeziň

Girişden soň SSH garşy banner habarlaryny görkezmek üçin, girişden soň banner habarlaryny görkezmek üçin ulanylýan/etc/motd faýly ulanýarys.

$ sudo vi /etc/motd
Or
$ sudo nano /etc/motd

Aşakdaky hoş geldiňiz banner nusga habaryny ýerleşdiriň we faýly ýazdyryň.

###############################################################
#                        TECMINT.COM                          #
###############################################################
#                  Welcome to TecMint.com!                    #
#       All connections are monitored and recorded.           #
#  Disconnect IMMEDIATELY if you are not an authorized user!  #
###############################################################

Indi serwere girmäge synanyşyň, iki banner habaryny alarsyňyz. Aşakdaky skrinshoty görüň.

Ine. Rugsat berilmedik ulanyjylara ulgama girmezlik barada duýduryş bermek üçin indi serweriňize öz şahsy SSH banner habarlaryňyzy goşup bilersiňiz diýip umyt edýäris.