Merge remote-tracking branch 'LCTT/master'

This commit is contained in:
Xingyu.Wang 2019-03-20 08:07:15 +08:00
commit bda64d740a
6 changed files with 210 additions and 224 deletions

View File

@ -1,8 +1,8 @@
[#]: collector: (lujun9972)
[#]: translator: (FSSlc)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-10635-1.html)
[#]: subject: (How To Find Available Network Interfaces On Linux)
[#]: via: (https://www.ostechnix.com/how-to-find-available-network-interfaces-on-linux/)
[#]: author: (SK https://www.ostechnix.com/author/sk/)
@ -18,9 +18,9 @@
我们可以使用下面的这些方法来找到可用的网络接口。
**方法 1 —— 使用 `ifconfig` 命令:**
#### 方法 1 使用 ifconfig 命令
使用 **`ifconfig`** 命令来查看网络接口仍然是最常使用的方法。我相信还有很多 Linux 用户仍然使用这个方法。
使用 `ifconfig` 命令来查看网络接口仍然是最常使用的方法。我相信还有很多 Linux 用户仍然使用这个方法。
```
$ ifconfig -a
@ -30,39 +30,39 @@ $ ifconfig -a
```
enp5s0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 24:b6:fd:37:8b:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ether 24:b6:fd:37:8b:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 171420 bytes 303980988 (289.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 171420 bytes 303980988 (289.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 171420 bytes 303980988 (289.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 171420 bytes 303980988 (289.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.225.37 netmask 255.255.255.0 broadcast 192.168.225.255
inet6 2409:4072:6183:c604:c218:85ff:fe50:474f prefixlen 64 scopeid 0x0<global>
inet6 fe80::c218:85ff:fe50:474f prefixlen 64 scopeid 0x20<link>
ether c0:18:85:50:47:4f txqueuelen 1000 (Ethernet)
RX packets 564574 bytes 628671925 (599.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 299706 bytes 60535732 (57.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
inet 192.168.225.37 netmask 255.255.255.0 broadcast 192.168.225.255
inet6 2409:4072:6183:c604:c218:85ff:fe50:474f prefixlen 64 scopeid 0x0<global>
inet6 fe80::c218:85ff:fe50:474f prefixlen 64 scopeid 0x20<link>
ether c0:18:85:50:47:4f txqueuelen 1000 (Ethernet)
RX packets 564574 bytes 628671925 (599.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 299706 bytes 60535732 (57.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
```
如上面的输出所示,在我的 Linux 机子上有两个网络接口,它们分别叫做 **enp5s0**(主板上的有线网卡)和 **wlp9s0**(无线网卡)。其中的 **lo** 是环回网卡,被用来访问本地的网络的服务,通常它的 IP 地址为 127.0.0.1。
如上面的输出所示,在我的 Linux 机器上有两个网络接口,它们分别叫做 `enp5s0`(主板上的有线网卡)和 `wlp9s0`(无线网卡)。其中的 `lo` 是环回网卡,被用来访问本地的网络的服务,通常它的 IP 地址为 `127.0.0.1`
我们也可以在许多 UNIX 变种例如 **FreeBSD** 中使用相同的 `ifconfig` 来列出可用的网卡。
我们也可以在许多 UNIX 变种例如 FreeBSD 中使用相同的 `ifconfig` 来列出可用的网卡。
**方法 2 —— 使用 `ip` 命令:**
#### 方法 2 使用 ip 命令
在最新的 Linux 版本中, `ifconfig` 命令已经被弃用了。你可以使用 **`ip`** 命令来罗列出网络接口,正如下面这样:
在最新的 Linux 版本中, `ifconfig` 命令已经被弃用了。你可以使用 `ip` 命令来罗列出网络接口,正如下面这样:
```
$ ip link show
@ -72,11 +72,11 @@ $ ip link show
```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 24:b6:fd:37:8b:29 brd ff:ff:ff:ff:ff:ff
link/ether 24:b6:fd:37:8b:29 brd ff:ff:ff:ff:ff:ff
3: wlp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
link/ether c0:18:85:50:47:4f brd ff:ff:ff:ff:ff:ff
link/ether c0:18:85:50:47:4f brd ff:ff:ff:ff:ff:ff
```
![](https://www.ostechnix.com/wp-content/uploads/2019/02/ip-command.png)
@ -91,15 +91,15 @@ $ ip addr
$ ip -s link
```
你注意到了吗?这些命令同时还显示出了已经连接的网络接口的状态。假如你仔细查看上面的输出,你将注意到我的有线网卡并没有跟网络线缆连接(从上面输出中的 **DOWN** 可以看出)。另外,我的无线网卡已经连接了(从上面输出中的 **UP** 可以看出)。想知晓更多的细节,可以查看我们先前的指南 [**在 Linux 中查看网络接口的已连接状态**][1]。
你注意到了吗?这些命令同时还显示出了已经连接的网络接口的状态。假如你仔细查看上面的输出,你将注意到我的有线网卡并没有跟网络线缆连接(从上面输出中的 `DOWN` 可以看出)。另外,我的无线网卡已经连接了(从上面输出中的 `UP` 可以看出)。想知晓更多的细节,可以查看我们先前的指南 [在 Linux 中查看网络接口的已连接状态][1]。
这两个命令ifconfig 和 ip已经足够在你的 LInux 系统中查看可用的网卡了。
这两个命令(`ifconfig``ip`)已经足够在你的 LInux 系统中查看可用的网卡了。
然而,仍然有其他方法来列出 Linux 中的网络接口,下面我们接着看。
**方法 3**
#### 方法 3 使用 /sys/class/net 目录
Linux 内核将网络接口的详细信息保存在 **/sys/class/net** 目录中,你可以通过查看这个目录的内容来检验可用接口的列表是否和前面的结果相符。
Linux 内核将网络接口的详细信息保存在 `/sys/class/net` 目录中,你可以通过查看这个目录的内容来检验可用接口的列表是否和前面的结果相符。
```
$ ls /sys/class/net
@ -111,9 +111,9 @@ $ ls /sys/class/net
enp5s0 lo wlp9s0
```
**方法 4**
#### 方法 4 使用 /proc/net/dev 目录
在 Linux 操作系统中,文件 **/proc/net/dev** 中包含有关网络接口的信息。
在 Linux 操作系统中,文件 `/proc/net/dev` 中包含有关网络接口的信息。
要查看可用的网卡,只需使用下面的命令来查看上面文件的内容:
@ -131,9 +131,9 @@ enp5s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 303980988 171420 0 0 0 0 0 0 303980988 171420 0 0 0 0 0 0
```
**方法 5 使用 `netstat` 命令*
#### 方法 5 使用 netstat 命令
**netstat** 命令可以列出各种不同的信息,例如网络连接、路由表、接口统计信息、伪装连接和多播成员等。
`netstat` 命令可以列出各种不同的信息,例如网络连接、路由表、接口统计信息、伪装连接和多播成员等。
```
$ netstat -i
@ -150,11 +150,11 @@ wlp9s0 1500 565625 0 0 0 300543 0 0 0 BMRU
请注意 `netstat` 被弃用了, `netstat -i` 的替代命令是 `ip -s link`。另外需要注意的是这个方法将只列出激活的接口,而不是所有可用的接口。
**方法 6 使用 `nmcli` 命令**
#### 方法 6 使用 nmcli 命令
`nmcli` 是一个用来控制 `NetworkManager` 和报告网络状态的命令行工具。它可以被用来创建、展示、编辑、删除、激活、停用网络连接和展示网络状态。
`nmcli` 是一个用来控制 NetworkManager 和报告网络状态的命令行工具。它可以被用来创建、展示、编辑、删除、激活、停用网络连接和展示网络状态。
假如你的 Linux 系统中安装了 `Network Manager`,你便可以使用下面的命令来使用 `nmcli` 列出可以的网络接口:
假如你的 Linux 系统中安装了 NetworkManager你便可以使用下面的命令来使用 `nmcli` 列出可以的网络接口:
```
$ nmcli device status
@ -168,13 +168,10 @@ $ nmcli connection show
现在你知道了如何在 Linux 中找到可用网络接口的方法,接下来,请查看下面的指南来知晓如何在 Linux 中配置 IP 地址吧。
[如何在 Linux 和 Unix 中配置静态 IP 地址][2]
[如何在 Ubuntu 18.04 LTS 中配置 IP 地址][3]
[如何在 Arch Linux 中配置静态和动态 IP 地址][4]
[如何在 Linux 中为单个网卡分配多个 IP 地址][5]
- [如何在 Linux 和 Unix 中配置静态 IP 地址][2]
- [如何在 Ubuntu 18.04 LTS 中配置 IP 地址][3]
- [如何在 Arch Linux 中配置静态和动态 IP 地址][4]
- [如何在 Linux 中为单个网卡分配多个 IP 地址][5]
假如你知道其他快捷的方法来在 Linux 中找到可用的网络接口,请在下面的评论部分中分享出来,我将检查你们的评论并更新这篇指南。
@ -189,7 +186,7 @@ via: https://www.ostechnix.com/how-to-find-available-network-interfaces-on-linux
作者:[SK][a]
选题:[lujun9972][b]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,3 +1,5 @@
hankchow translating
Building tiny container images
======

View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (ustblixin)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (FSSlc)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
@ -211,7 +211,7 @@ via: https://www.2daygeek.com/four-methods-to-change-the-hostname-in-linux/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

View File

@ -1,170 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up two-factor authentication for SSH on Fedora)
[#]: via: (https://fedoramagazine.org/two-factor-authentication-ssh-fedora/)
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
Set up two-factor authentication for SSH on Fedora
======
![](https://fedoramagazine.org/wp-content/uploads/2019/02/twofactor-auth-ssh-816x345.png)
Every day there seems to be a security breach reported in the news where our data is at risk. Despite the fact that SSH is a secure way to connect remotely to a system, you can still make it even more secure. This article will show you how.
Thats where two-factor authentication (2FA) comes in. Even if you disable passwords and only allow SSH connections using public and private keys, an unauthorized user could still gain access to your system if they steal your keys.
With two-factor authentication, you cant connect to a server with just your SSH keys. You also need to provide the randomly generated number displayed by an authenticator application on a mobile phone.
The Time-based One-time Password algorithm (TOTP) is the method shown in this article. [Google Authenticator][1] is used as the server application. Google Authenticator is available by default in Fedora.
For your mobile phone, you can use any two-way authentication application that is compatible with TOTP. There are numerous free applications for Android or IOS that work with TOTP and Google Authenticator. This article uses [FreeOTP][2] as an example.
### Install and set up Google Authenticator
First, install the Google Authenticator package on your server.
```
$ sudo dnf install -y google-authenticator
```
Run the application.
```
$ google-authenticator
```
The application presents you with a series of questions. The snippets below show you how to answer for a reasonably secure setup.
```
Do you want authentication tokens to be time-based (y/n) y
Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y
```
The app provides you with a secret key, verification code, and recovery codes. Keep these in a secure, safe location. The recovery codes are the **only** way to access your server if you lose your mobile phone.
### Set up mobile phone authentication
Install the authenticator application (FreeOTP) on your mobile phone. You can find it in Google Play if you have an Android phone, or in the iTunes store for an Apple iPhone.
A QR code is displayed on the screen. Open up the FreeOTP app on your mobile phone. To add a new account, select the QR code shaped tool at the top on the app, and then scan the QR code. After the setup is complete, youll have to provide the random number generated by the authenticator application every time you connect to your server remotely.
### Finish configuration
The application asks further questions. The example below shows you how to answer to set up a reasonably secure configuration.
```
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens).
Do you want to do so? (y/n) n
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y
```
Now you have to set up SSH to take advantage of the new two-way authentication.
### Configure SSH
Before completing this step, **make sure youve already established a working SSH connection** using public SSH keys, since well be disabling password connections. If there is a problem or mistake, having a connection will allow you to fix the problem.
On your server, use [sudo][3] to edit the /etc/pam.d/sshd file.
```
$ sudo vi /etc/pam.d/ssh
```
Comment out the auth substack password-auth line:
```
#auth       substack     password-auth
```
Add the following line to the bottom of the file.
```
auth sufficient pam_google_authenticator.so
```
Save and close the file. Next, edit the /etc/ssh/sshd_config file.
```
$ sudo vi /etc/ssh/sshd_config
```
Look for the ChallengeResponseAuthentication line and change it to yes.
```
ChallengeResponseAuthentication yes
```
Look for the PasswordAuthentication line and change it to no.
```
PasswordAuthentication no
```
Add the following line to the bottom of the file.
```
AuthenticationMethods publickey,password publickey,keyboard-interactive
```
Save and close the file, and then restart SSH.
```
$ sudo systemctl restart sshd
```
### Testing your two-factor authentication
When you attempt to connect to your server youre now prompted for a verification code.
```
[user@client ~]$ ssh user@example.com
Verification code:
```
The verification code is randomly generated by your authenticator application on your mobile phone. Since this number changes every few seconds, you need to enter it before it changes.
![][4]
If you do not enter the verification code, you wont be able to access the system, and youll get a permission denied error:
```
[user@client ~]$ ssh user@example.com
Verification code:
Verification code:
Verification code:
Permission denied (keyboard-interactive).
[user@client ~]$
```
### Conclusion
By adding this simple two-way authentication, youve now made it much more difficult for an unauthorized user to gain access to your server.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/two-factor-authentication-ssh-fedora/
作者:[Curt Warfield][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/Google_Authenticator
[2]: https://freeotp.github.io/
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://fedoramagazine.org/wp-content/uploads/2019/02/freeotp-1.png

View File

@ -0,0 +1,157 @@
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up two-factor authentication for SSH on Fedora)
[#]: via: (https://fedoramagazine.org/two-factor-authentication-ssh-fedora/)
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
在 Fedora 上为 SSH 设置双因素验证
======
![](https://fedoramagazine.org/wp-content/uploads/2019/02/twofactor-auth-ssh-816x345.png)
每天似乎都有一个安全漏洞的新闻报道,说我们的数据会因此而存在风险。尽管 SSH 是一种远程连接系统的安全方式,但你仍然可以使它更安全。本文将向你展示如何做到这一点。
此时双因素验证2FA就有用武之地了。即使你禁用密码并只允许使用公钥和私钥进行 SSH 连接,但如果未经授权的用户偷窃了你的密钥,他仍然可以借此访问系统。
使用双因素验证,你不能仅使用 SSH 密钥连接到服务器,你还需要提供手机上验证器应用程序随机生成的数字。
本文展示的方法是基于时间的一次性密码算法TOTP。[Google Authenticator][1] 用作服务器应用程序。默认情况下Google Authenticator 在 Fedora 中是可用的。
至于手机,你可以使用与 TOTP 兼容的任何可以双向验证的应用程序。Andorid 或 IOS 有许多可以与 TOTP 和 Google Authenticator 配合使用的免费应用程序。本文与 [FreeOTP][2] 为例。
### 安装并设置 Google Authenticator
首先,在你的服务器上安装 Google Authenticator。
```
$ sudo dnf install -y google-authenticator
```
运行应用程序:
```
$ google-authenticator
```
该应用程序提供了一系列问题。下面的片段展示了如何进行合理的安全设置:
```
Do you want authentication tokens to be time-based (y/n) y
Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y
```
这个应用程序为你提供一个密钥,验证码和恢复码。把它们放在安全的地方。如果你丢失了手机,恢复码是访问服务器的**唯一**方式。
### 设置手机验证
在你的手机上安装 authenticator 应用程序FreeOTP。如果你有一台安卓手机那么你可以在 Google Play 中找到它,也可以在苹果 iPhone 的 iTunes 商店中找到它。
Google Authenticator 会在屏幕上显示一个二维码。打开手机上的 FreeOTP 应用程序,选择添加新账户,在应用程序顶部选择二维码形状工具,然后扫描二维码即可。设置完成后,在每次远程连接服务器时,你必须提供 authenticator 应用程序生成的随机数。
### 完成配置
应用程序会向你询问更多的问题。下面示例展示了如何设置合理的安全配置。
```
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens).
Do you want to do so? (y/n) n
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y
```
现在,你必须设置 SSH 来利用新的双向验证。
### 配置 SSH
在完成此步骤之前,**确保你已使用公钥建立了一个可用的 SSH 连接**,因为我们将禁用密码连接。如果出现问题或错误,一个已经建立的连接将允许你修复问题。
在你的服务器上,使用 [sudo][3] 编辑 /etc/pam.d/sshd 文件。
```
$ sudo vi /etc/pam.d/ssh
```
注释掉 auth substack password-auth 这一行:
```
#auth       substack     password-auth
```
将以下行添加到文件底部。
```
auth sufficient pam_google_authenticator.so
```
保存并关闭文件。然后编辑 /etc/ssh/sshd_config 文件。
```
$ sudo vi /etc/ssh/sshd_config
```
找到 ChallengeResponseAuthentication 这一行并将其更改为 yes。
```
ChallengeResponseAuthentication yes
```
找到 PasswordAuthentication 这一行并将其更改为 no。
```
PasswordAuthentication no
```
将以下行添加到文件底部。
```
AuthenticationMethods publickey,password publickey,keyboard-interactive
```
保存并关闭文件,然后重新启动 SSH。
```
$ sudo systemctl restart sshd
```
### 测试双因素验证
当你尝试连接到服务器时,系统会提示你输入验证码:
```
[user@client ~]$ ssh user@example.com
Verification code:
```
验证码由你手机上的 authenticator 应用程序随机生成。由于这个数字每隔几秒就会发生变化,因此你需要在它变化之前输入它。
![][4]
如果你不输入验证码,你将无法访问系统,你会收到一个权限被拒绝的错误:
```
[user@client ~]$ ssh user@example.com
Verification code:
Verification code:
Verification code:
Permission denied (keyboard-interactive).
[user@client ~]$
```
### 结论
通过添加这种简单的双向验证,现在未经授权的用户访问你的服务器将变得更加困难。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/two-factor-authentication-ssh-fedora/
作者:[Curt Warfield][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/Google_Authenticator
[2]: https://freeotp.github.io/
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://fedoramagazine.org/wp-content/uploads/2019/02/freeotp-1.png