{"id":2554,"date":"2022-12-13T20:24:46","date_gmt":"2022-12-13T20:24:46","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=2554"},"modified":"2023-04-16T21:00:57","modified_gmt":"2023-04-16T21:00:57","slug":"centos-rhel-sunucularda-ssh-iki-faktorlu-kimlik-dogrulama-2fa-kurulumu","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/centos-rhel-sunucularda-ssh-iki-faktorlu-kimlik-dogrulama-2fa-kurulumu\/","title":{"rendered":"CentOS\/RHEL Sunucularda SSH \u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama (2FA) Kurulumu"},"content":{"rendered":"<p>Bu makale sizlere Google Authenticator&#8217;\u0131 kullanarak CentOS\/RHEL sunucusunda SSH iki fakt\u00f6rl\u00fc kimlik do\u011frulaman\u0131n nas\u0131l kurulaca\u011f\u0131n\u0131 g\u00f6sterecektir. Bu kurulum CentOS\/RHEL sunucunuzdaki SSH hizmetinin g\u00fcvenli\u011fini b\u00fcy\u00fck \u00f6l\u00e7\u00fcde art\u0131racakt\u0131r.<\/p>\n<p>\u00d6ncelikle..<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Makale \u0130\u00e7eri\u011fi<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunucucozumleri.com\/blog\/centos-rhel-sunucularda-ssh-iki-faktorlu-kimlik-dogrulama-2fa-kurulumu\/#Iki_Faktorlu_Kimlik_Dogrulama_Nasil_Calisir\" >\u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunucucozumleri.com\/blog\/centos-rhel-sunucularda-ssh-iki-faktorlu-kimlik-dogrulama-2fa-kurulumu\/#1_Adim_Google_Authenticatori_CentOSRHEL_Sunucusunda_Kurun_ve_Yapilandirin\" >1. Ad\u0131m: Google Authenticator&#8217;\u0131 CentOS\/RHEL Sunucusunda Kurun ve Yap\u0131land\u0131r\u0131n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunucucozumleri.com\/blog\/centos-rhel-sunucularda-ssh-iki-faktorlu-kimlik-dogrulama-2fa-kurulumu\/#2_Adim_SSH_Daemonu_Google_Authenticatori_Kullanacak_Sekilde_Yapilandirin\" >2. Ad\u0131m: SSH Daemon&#8217;u Google Authenticator&#8217;\u0131 Kullanacak \u015eekilde Yap\u0131land\u0131r\u0131n<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Iki_Faktorlu_Kimlik_Dogrulama_Nasil_Calisir\"><\/span><span class=\"\">\u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span class=\"\">Uzak CentOS\/RHEL sunucunuzda oturum a\u00e7mak i\u00e7in\u00a0<\/span><span class=\"\">genellikle yaln\u0131zca bir <a href=\"https:\/\/sunucucozumleri.com\/blog\/parola-saklama-uygulamalari-ve-karsilastirmalari\/\">parola<\/a> girmeniz veya\u00a0<\/span><span class=\"\">SSH anahtar\u0131n\u0131 kullanman\u0131z gerekir.\u00a0<\/span>\u0130ki fakt\u00f6rl\u00fc kimlik do\u011frulama (2FA), oturum a\u00e7mak i\u00e7in iki par\u00e7a bilgi girmenizi gerektirir, dolay\u0131s\u0131yla SSH sunucunuzda oturum a\u00e7mak i\u00e7in zamana dayal\u0131 tek seferlik bir \u015fifre de girmeniz gerekecektir.\u00a0Bu tek seferlik parola,\u00a0bir IETF standard\u0131 olan\u00a0TOTP algoritmas\u0131 kullan\u0131larak hesaplan\u0131r.\u00a0G\u00fcn\u00fcm\u00fczde pek \u00e7ok web sitesi ve hizmet (Facebook, Google, Twitter, vb.) kullan\u0131c\u0131lar\u0131n hesaplar\u0131n\u0131 g\u00fcvenceye almalar\u0131 i\u00e7in 2FA sunmaktad\u0131r ve SSH sunucunuz i\u00e7in 2FA&#8217;y\u0131 etkinle\u015ftirmek iyi bir fikirdir.<\/p>\n<p>Not : Bu yaz\u0131da kullanaca\u011f\u0131m\u0131z a\u00e7\u0131k kaynak <a href=\"https:\/\/sunucucozumleri.com\/blog\/frontpage\/\">sunucu<\/a> yaz\u0131l\u0131m\u0131 google-authenticator EPEL deposundan kuruludur. Google \u015firketi, kimlik do\u011frulama s\u00fcrecine hi\u00e7bir \u015fekilde dahil olmaz. Sunucu yaz\u0131l\u0131m\u0131 ve mobil uygulaman\u0131n a\u011f eri\u015fimine ihtiyac\u0131 yoktur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"1_Adim_Google_Authenticatori_CentOSRHEL_Sunucusunda_Kurun_ve_Yapilandirin\"><\/span><span class=\"\">1. Ad\u0131m: Google Authenticator&#8217;\u0131 CentOS\/RHEL Sunucusunda Kurun ve Yap\u0131land\u0131r\u0131n<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CentOS\/RHEL sunucunuzda oturum a\u00e7\u0131n ve Google Authenticator&#8217;\u0131 EPEL (Extra Package for Enterprise Linux) deposundan y\u00fcklemek i\u00e7in a\u015fa\u011f\u0131daki komutlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131n. <code>qrencode<\/code>komut sat\u0131r\u0131nda QR kodu olu\u015fturmak i\u00e7in kullan\u0131l\u0131r.<\/p>\n<pre><mark>sudo yum install -y epel-release<\/mark>\r\n<mark>\r\nsudo yum install -y google-authenticator qrencode qrencode-libs<\/mark><\/pre>\n<p>SSH komut sat\u0131r\u0131nda google-authenticator kodunu \u00e7al\u0131\u015ft\u0131rarak kurulumu ba\u015flatabilirsiniz.<\/p>\n<p><span class=\"\">&#8220;Kimlik do\u011frulama belirte\u00e7lerinin zamana dayal\u0131 olmas\u0131n\u0131 istiyor musunuz?&#8221; sorusuna y ile evet cevab\u0131 verin<\/span><\/p>\n<p><span class=\"\">Ard\u0131ndan, telefonunuzdaki Google Authenticator uygulamas\u0131n\u0131 kullanarak taraman\u0131z gereken bir QR kodu g\u00f6receksiniz.<\/span><\/p>\n<p><span class=\"\">QR kodu, yaln\u0131zca SSH sunucunuz ve TOTP mobil uygulaman\u0131z taraf\u0131ndan bilinen gizli anahtar\u0131 temsil eder.\u00a0<\/span>QR taratt\u0131ktan sonra uygulamada alt\u0131 haneli tek sat\u0131r kodu g\u00f6rebilirsiniz. Varsay\u0131lan olarak, her 30 saniyede bir de\u011fi\u015fir. Uygulama eri\u015fimini veya telefonunuzu kaybetme riskine acil durumlar i\u00e7in olu\u015fturulan kodlar\u0131 g\u00fcvenli bir yere not etmeyi unutmay\u0131n.<\/p>\n<p>Bir sonraki soruda kullan\u0131mda hemen sonra 6 haneli kodun ge\u00e7ersiz k\u0131lmay\u0131 etkinle\u015ftirmek i\u00e7in y bas\u0131p devam edin. Ard\u0131ndan ilerleyen ilk 4 dakikada acil durum kodlar\u0131n\u0131n \u015fu an kullan\u0131labilir olmas\u0131n\u0131 hay\u0131r (n) diyerek deva ediyoruz. En son k\u0131s\u0131mda ise rate limit yani deneme s\u0131n\u0131r\u0131n\u0131 etkinle\u015ftirerek <a href=\"https:\/\/sunucucozumleri.com\/blog\/brute-force-nedir-brute-forcedan-korunma-yontemleri\/\">brute force<\/a> ataklar\u0131n\u0131n \u00f6n\u00fcne ge\u00e7ebilirsiniz.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2_Adim_SSH_Daemonu_Google_Authenticatori_Kullanacak_Sekilde_Yapilandirin\"><\/span><span class=\"\">2. Ad\u0131m: SSH Daemon&#8217;u Google Authenticator&#8217;\u0131 Kullanacak \u015eekilde Yap\u0131land\u0131r\u0131n<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>2FA ile \u015fifre do\u011frulama<\/li>\n<li>2FA ile ortak anahtar kimlik do\u011frulamas\u0131<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>SSH sunucu yap\u0131land\u0131rma dosyas\u0131n\u0131 a\u00e7\u0131n.<\/p>\n<pre><span class=\"\"><mark>sudo nano \/etc\/ssh\/sshd_config<\/mark><\/span><\/pre>\n<p><span class=\"\">Dosyada a\u015fa\u011f\u0131daki iki parametreyi bulun ve her dosyada de\u00a0<\/span><strong><span class=\"\">yes<\/span><\/strong><span class=\"\">\u00a0olarak ayarlad\u0131\u011f\u0131n\u0131zdan emin olun.<\/span><\/p>\n<p>UsePAM yes<\/p>\n<pre><span class=\"goog-text-highlight\">ChallengeResponseAuthentication yes<\/span><\/pre>\n<p>Bu ad\u0131mddan sonra ssh yap\u0131land\u0131rma dosyas\u0131n\u0131 d\u00fczenleyece\u011fiz.<\/p>\n<p><mark>nano \/etc\/pam.d\/sshd<\/mark><\/p>\n<p>kodunu \u00e7al\u0131\u015ft\u0131rarak en son sat\u0131ra a\u015fa\u011f\u0131daki kodu ekleyin.<\/p>\n<p>auth required pam.google_authenticator.so nullok<\/p>\n<p>Dosyay\u0131 kaydedip kapat\u0131n.<\/p>\n<p>Daha sonras\u0131nda yap\u0131land\u0131rma dosyalar\u0131ndaki de\u011fi\u015fikliklerin ge\u00e7erli olmas\u0131 i\u00e7in ssh servisini yeniden ba\u015flat\u0131n.<\/p>\n<p>&nbsp;<\/p>\n<p><mark>systemctl <a href=\"https:\/\/sunucucozumleri.com\/blog\/reboot-ve-restart-arasindaki-farklar-nedir\/\">restart<\/a> sshd.service<\/mark><\/p>\n<p>\u00d6nemli not: bu ad\u0131mdan sonra kurulumun \u00e7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 test edece\u011fiz. Test esnas\u0131nda <a href=\"https:\/\/sunucucozumleri.com\/sunucu\/bulut-sunucu\/\">bulut sunucu<\/a> ile ssh ba\u011flant\u0131n\u0131z\u0131n kopmamas\u0131 i\u00e7in ba\u015fka bir pencerede yeni bir ba\u011flant\u0131 a\u00e7man\u0131z her ihtimale kar\u015f\u0131 \u015fiddetle \u00f6nerilir.<\/p>\n<p>&nbsp;<\/p>\n<p>Yeni ba\u011flant\u0131da <a href=\"https:\/\/sunucucozumleri.com\/sunucu\/bulut-sunucu\/\">bulut sunucunuz<\/a> sizden paroladan sonra Verification Code isteyecektir sunucu. E\u011fer istediyse uygulamada olu\u015fan ge\u00e7ici 6 haneli kodu yazarak <a href=\"https:\/\/sunucucozumleri.com\/sunucu\/bulut-sunucu\/\">bulut sunucu<\/a>nuza girebilirsiniz. Kurulum ba\u015far\u0131yla tamamlanm\u0131\u015ft\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bu makale sizlere Google Authenticator&#8217;\u0131 kullanarak CentOS\/RHEL sunucusunda SSH iki fakt\u00f6rl\u00fc kimlik do\u011frulaman\u0131n nas\u0131l kurulaca\u011f\u0131n\u0131 g\u00f6sterecektir. Bu kurulum CentOS\/RHEL sunucunuzdaki SSH hizmetinin g\u00fcvenli\u011fini b\u00fcy\u00fck \u00f6l\u00e7\u00fcde art\u0131racakt\u0131r. \u00d6ncelikle.. \u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama Nas\u0131l \u00c7al\u0131\u015f\u0131r? Uzak CentOS\/RHEL sunucunuzda oturum a\u00e7mak i\u00e7in\u00a0genellikle yaln\u0131zca bir parola girmeniz veya\u00a0SSH anahtar\u0131n\u0131 kullanman\u0131z gerekir.\u00a0\u0130ki fakt\u00f6rl\u00fc kimlik do\u011frulama (2FA), oturum a\u00e7mak i\u00e7in iki &hellip;<\/p>\n","protected":false},"author":2,"featured_media":1762,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[28,5],"tags":[],"class_list":["post-2554","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","category-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/2554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=2554"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/2554\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/1762"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=2554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=2554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=2554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}