Nā laʻana maʻamau , ka mea e lawe i kāu mau mākau ma ke ʻano he luna ʻōnaehana mamao i kahi pae hou. E kōkua nā kauoha a me nā ʻōlelo aʻoaʻo i ka hoʻohana wale ʻana SSH, akā hoʻokele maikaʻi i ka pūnaewele.
ʻO ka ʻike i kekahi mau mea hoʻopunipuni ssh pono i kekahi luna hoʻoponopono, ʻenekinia pūnaewele a i ʻole loea palekana.
Nā Laʻana SSH Practical
ʻO ka mua nā kumu
Hoʻopili i ka laina kauoha SSH
Hoʻohana ka laʻana ma lalo i nā ʻāpana maʻamau i ʻike pinepine ʻia i ka wā e hoʻopili ai i kahi kikowaena mamao SSH.
localhost:~$ ssh -v -p 22 -C neo@remoteserver-v: He mea maikaʻi loa ka wehe ʻana i ka hoʻopuka i ka wā e nānā ana i nā pilikia hōʻoia. Hiki ke hoʻohana i nā manawa he nui e hōʻike i ka ʻike hou aku.- p 22: awa pili i kahi kikowaena SSH mamao. ʻAʻole pono e kuhikuhi ʻia ʻo 22, no ka mea ʻo ia ka waiwai paʻamau, akā inā aia ka protocol ma kekahi awa ʻē aʻe, a laila kuhikuhi mākou iā ia me ka hoʻohana ʻana i ka parameter.-p. Ua kuhikuhi ʻia ke awa hoʻolohe i ka failasshd_configi ka ʻanoPort 2222.-C: Hoʻopili no ka hoʻohui. Inā loaʻa iā ʻoe kahi pilina lohi a nānā paha i nā kikokikona he nui, hiki i kēia ke wikiwiki i ka pilina.neo@: Hōʻike ka laina ma mua o ka hōʻailona @ i ka inoa inoa no ka hōʻoia ʻana ma ke kikowaena mamao. Inā ʻaʻole ʻoe e wehewehe, e hoʻopaʻa ʻia ia i ka inoa inoa o ka moʻokāki āu e komo nei i kēia manawa (~$whoami). Hiki ke kuhikuhi ʻia ka mea hoʻohana me ka hoʻohana ʻana i ka parameter-l.remoteserver: inoa o ka mea hookipa e hoopili aku aissh, hiki i kēia ke lilo i inoa kikowaena kūpono piha, kahi helu IP, a i ʻole kekahi mea hoʻokipa ma ka faila hoʻokipa kūloko. No ka hoʻohui ʻana i kahi mea hoʻokipa e kākoʻo ana iā IPv4 a me IPv6, hiki iā ʻoe ke hoʻohui i ka ʻāpana i ka laina kauoha-4ai ole ia,-6no ka hoʻoholo kūpono.
ʻO nā ʻāpana āpau ma luna he koho wale nō koe remoteserver.
Ke hoʻohana nei i ka faila hoʻonohonoho
ʻOiai he nui ka poʻe i kamaʻāina i ka faila sshd_config, aia kekahi faila hoʻonohonoho mea kūʻai aku no ke kauoha ssh. Waiwai paʻamau ~/.ssh/config, akā hiki ke wehewehe ʻia he ʻāpana no kahi koho -F.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_keyʻElua mau mea hoʻokomo i loko o ka waihona hoʻonohonoho ssh ma luna. 'O ka mea mua, 'o ia ho'i nā pū'ali a pau, me ka ho'ohana 'ana i ka palena ho'onohonoho Port 2222. 'Ōlelo ka lua no ka mea ho'okipa. kikowaena mamao pono e hoʻohana ʻia kahi inoa inoa ʻokoʻa, port, FQDN a me IdentityFile.
Hiki i kahi faila hoʻonohonoho ke mālama i ka nui o ka manawa paʻi ma ka ʻae ʻana i ka hoʻonohonoho kiʻekiʻe e hoʻopili ʻia i ka wā e hoʻopili ai i nā pūʻali kikoʻī.
Ke kope ʻana i nā faila ma SSH me SCP
Hele mai ka mea kūʻai aku SSH me ʻelua mau mea hana lima ʻē aʻe no ke kope ʻana i nā faila pili ssh i hoʻopili ʻia. E nānā ma lalo no kahi laʻana o ka hoʻohana maʻamau o nā kauoha scp a me sftp. E hoʻomaopopo he nui nā koho ssh e pili ana i kēia mau kauoha.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.pngMa kēia hiʻohiʻona ka faila mypic.png kope i kikowaena mamao i ka waihona /media/ʻikepili a kapa hou ia mypic_2.png.
Mai poina e pili ana i ka ʻokoʻa o ka ʻāpana awa. ʻO kēia kahi e loaʻa ai nā poʻe he nui ke hoʻomaka lākou scp mai ka laina kauoha. Eia ka palena awa -P,ʻaʻole -p, e like me ka mea kūʻai aku ssh! E poina ana ʻoe, akā, mai hopohopo, poina nā mea a pau.
No ka poʻe i kamaʻāina i ka console ftp, ua like ka nui o na kauoha ma sftp. Hiki iā ʻoe ke hana pale wale, kau и lse like me ka makemake o ka naau.
sftp neo@remoteserverNā laʻana maʻamau
I ka nui o kēia mau laʻana, hiki ke loaʻa nā hopena me ka hoʻohana ʻana i nā ʻano hana like ʻole. E like me kā mākou a pau a me nā laʻana, hāʻawi ʻia ka makemake i nā hiʻohiʻona kūpono e hana wale i kā lākou hana.
1. SSH socks proxy
ʻO ka hiʻohiʻona SSH Proxy ka helu 1 no ke kumu maikaʻi. ʻOi aku ka ikaika ma mua o ka ʻike a ka poʻe he nui a hāʻawi iā ʻoe i ke komo i kekahi ʻōnaehana i loaʻa i ke kikowaena mamao, me ka hoʻohana ʻana i kekahi noi. Hiki i ka mea kūʻai aku ssh ke hoʻokaʻawale i nā kaʻa ma o kahi koho SOCKS me hoʻokahi kauoha maʻalahi. He mea nui e hoʻomaopopo i ka hele ʻana i nā ʻōnaehana mamao mai kahi kikowaena mamao, e hōʻike ʻia kēia i nā log server pūnaewele.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/sshMaanei mākou e holo ai i kahi koho socks ma TCP port 8888, ʻo ke kauoha ʻelua e nānā i ka hana o ke awa ma ke ʻano hoʻolohe. Hōʻike ka 127.0.0.1 e holo ka lawelawe ma localhost wale nō. Hiki iā mākou ke hoʻohana i kahi kauoha ʻokoʻa iki e hoʻolohe ai i nā pili āpau, me ka ethernet a i ʻole wifi, e ʻae kēia i nā noi ʻē aʻe (nā mea nānā, a me nā mea ʻē aʻe) ma kā mākou pūnaewele e hoʻopili i ka lawelawe proxy ma o ka ssh socks proxy.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserverI kēia manawa hiki iā mākou ke hoʻonohonoho i ka polokalamu kele pūnaewele e hoʻopili i ka proxy socks. Ma Firefox, koho Nā hoʻonohonoho | kumu | Nā hoʻonohonoho pūnaewele. E wehewehe i ka IP address a me ke awa e hoʻohui ai.
E ʻoluʻolu e hoʻomaopopo i ke koho ma lalo o ka palapala e loaʻa ai nā noi DNS o kāu polokalamu kele pūnaewele e hele ma kahi koho SOCKS. Inā ʻoe e hoʻohana nei i kahi kikowaena proxy no ka hoʻopili ʻana i nā kaʻa pūnaewele ma kāu pūnaewele kūloko, makemake paha ʻoe e koho i kēia koho i hiki ke hoʻopili ʻia nā noi DNS ma o ka pilina SSH.
Ke hoʻā ʻana i ka proxy socks ma Chrome
ʻO ka hoʻokuʻu ʻana iā Chrome me kekahi mau ʻāpana laina kauoha e hiki ai i ka socks proxy, a me ka tunneling DNS noi mai ka polokalamu kele pūnaewele. E hilinaʻi akā e nānā. Hoʻohana e nānā ʻaʻole ʻike hou ʻia nā nīnau DNS.
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"Ke hoʻohana nei i nā noi ʻē aʻe me kahi proxy
E hoʻomanaʻo i hiki i nā noi ʻē aʻe ke hoʻohana i nā proxes socks. ʻO ka polokalamu kele pūnaewele ka mea kaulana loa o lākou a pau. Loaʻa i kekahi mau polokalamu nā koho hoʻonohonoho e hiki ai i kahi kikowaena proxy. Pono nā poʻe ʻē aʻe i kahi kōkua liʻiliʻi me kahi papahana kōkua. ʻo kahi laʻana, hiki iā ʻoe ke holo ma waena o kahi socks proxy Microsoft RDP, etc.
localhost:~$ proxychains rdesktop $RemoteWindowsServerHoʻonohonoho ʻia nā ʻāpana hoʻonohonoho proxy socks i ka faila hoʻonohonoho proxychains.
Manaʻo: inā ʻoe e hoʻohana i ka pākaukau mamao mai Linux ma Windows? E ho'āʻo i ka mea kūʻai aku . He hoʻokō hou kēia ma mua o
rdesktop, me ka ʻike maʻalahi.
Ke koho e hoʻohana i ka SSH ma o nā socks proxy
Ke noho nei ʻoe i kahi cafe a i ʻole hōkele - a koi ʻia e hoʻohana i ka WiFi pono ʻole. Hoʻomaka mākou i kahi proxy ssh ma ka ʻāina mai kahi kamepiula a hoʻokomo i kahi tunnel ssh i loko o ka pūnaewele home ma kahi Rasberry Pi kūloko. Ke hoʻohana nei i kahi polokalamu kele pūnaewele a i ʻole nā noi ʻē aʻe i hoʻonohonoho ʻia no kahi koho socks, hiki iā mākou ke komo i nā lawelawe pūnaewele ma kā mākou pūnaewele home a i ʻole ke komo i ka Pūnaewele ma o kā mākou pili home. ʻO nā mea a pau ma waena o kāu kamepiula a me kāu kikowaena home (ma o Wi-Fi a me ka pūnaewele i kou home) ua hoʻopili ʻia i loko o kahi tunnel SSH.
2. SSH tunnel (port forwarding)
Ma kona ʻano maʻalahi, wehe wale kahi tunnel SSH i kahi awa ma kāu ʻōnaehana kūloko e pili ana i kahi awa ʻē aʻe ma kēlā ʻaoʻao o ka tunnel.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
E nana kakou i ka palena -L. Hiki ke noʻonoʻo ʻia ʻo ia ka ʻaoʻao kūloko o ka hoʻolohe. No laila ma ka laʻana ma luna, ke hoʻolohe nei ke awa 9999 ma ka ʻaoʻao localhost a hoʻouna ʻia ma o ke awa 80 i remoteserver. E ʻoluʻolu e hoʻomaopopo ʻo 127.0.0.1 e pili ana i ka localhost ma ke kikowaena mamao!
E piʻi kāua i ka ʻanuʻu. Hōʻike kēia laʻana i nā awa hoʻolohe me nā mea hoʻokipa ʻē aʻe ma ka pūnaewele kūloko.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserverMa kēia mau hiʻohiʻona, ke hoʻohui nei mākou i kahi awa ma ka kikowaena pūnaewele, akā hiki ke lilo i kahi kikowaena proxy a i ʻole kekahi lawelawe TCP ʻē aʻe.
3. SSH tunnel i kahi hoʻokipa ʻaoʻao ʻekolu
Hiki iā mākou ke hoʻohana i nā ʻāpana like no ka hoʻopili ʻana i kahi tunnel mai kahi kikowaena mamao i kahi lawelawe ʻē aʻe e holo ana ma kahi ʻōnaehana ʻekolu.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserverMa kēia hiʻohiʻona, ke hoʻihoʻi nei mākou i kahi tunnel mai remoteserver i kahi kikowaena pūnaewele e holo ana ma 10.10.10.10. ʻO ke kaʻa mai kahi kikowaena mamao a 10.10.10.10 ʻaʻole i loko o ka tunnel SSH. E noʻonoʻo ka pūnaewele pūnaewele ma 10.10.10.10 i ka remoteserver ke kumu o nā noi pūnaewele.
4. Hoʻohuli i ka pūniu SSH
Ma ʻaneʻi e hoʻonohonoho mākou i kahi awa hoʻolohe ma ka kikowaena mamao e hoʻopili hou i ke awa kūloko ma kā mākou localhost (a i ʻole nā pūnaewele ʻē aʻe).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserverHoʻokumu kēia kau SSH i kahi pilina mai ke awa 1999 ma kahi kikowaena mamao a i ke awa 902 ma kā mākou mea kūʻai kūloko.
5. SSH Reverse Proxy
I kēia hihia, ke hoʻonohonoho nei mākou i kahi koho socks ma kā mākou pili ssh, akā ke hoʻolohe nei ka mea koho ma ka ʻaoʻao mamao o ke kikowaena. Hōʻike ʻia nā pilina i kēia proxy mamao mai ka tunnel e like me ke kaʻa mai kā mākou localhost.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserverHoʻoponopono i nā pilikia me nā tunnel SSH mamao
Inā loaʻa iā ʻoe nā pilikia me nā koho SSH mamao e hana ana, e nānā me netstat, he aha nā pilina ʻē aʻe i hoʻopili ʻia ai ke awa hoʻolohe. ʻOiai ua hōʻike mākou i ka 0.0.0.0 i nā hiʻohiʻona, akā inā ka waiwai ʻApuka ʻApuka в sshd_config hoʻonoho i ʻaʻole, a laila e hoʻopaʻa ʻia ka mea hoʻolohe iā localhost (127.0.0.1).
Hoʻolaha palekana
E ʻoluʻolu e hoʻomaopopo ma ka wehe ʻana i nā tunnels a me nā proxies socks, hiki ke loaʻa nā kumuwaiwai kūloko i nā pūnaewele hilinaʻi ʻole (e like me ka Pūnaewele!). He pilikia koʻikoʻi kēia no ka palekana, no laila e hoʻomaopopo pono ʻoe i ke ʻano o ka mea hoʻolohe a me ka mea i loaʻa iā lākou.
6. Ke hoʻouka ʻana iā VPN ma o SSH
ʻO ka huaʻōlelo maʻamau i waena o nā loea i nā ʻano hoʻouka kaua (pentesters, etc.) ʻo ia "he fulcrum i ka pūnaewele." Ke hoʻokumu ʻia kahi pilina ma kahi ʻōnaehana hoʻokahi, lilo ia ʻōnaehana i ʻīpuka no ke komo hou ʻana i ka pūnaewele. He fulcrum e hiki ai iā ʻoe ke neʻe i ka laulā.
No kēlā ʻano foothold hiki iā mākou ke hoʻohana i kahi proxy SSH a nā kaulahao koho, aia naʻe kekahi mau palena. No ka laʻana, ʻaʻole hiki ke hana pololei me nā kumu, no laila ʻaʻole hiki iā mākou ke nānā i nā awa i loko o ka pūnaewele ma o SYN.
Ke hoʻohana nei i kēia koho VPN ʻoi aku ka holomua, hoʻemi ʻia ka pilina i pae 3. A laila hiki iā mākou ke hoʻokele maʻalahi i ke kaʻa ma o ka tunnel me ka hoʻohana ʻana i ka routing network maʻamau.
Hoʻohana ke ʻano ssh, iptables, tun interfaces a me ke alahele.
Pono mua ʻoe e hoʻonohonoho i kēia mau ʻāpana sshd_config. No ka mea ke hana nei mākou i nā hoʻololi i nā pilina o nā ʻōnaehana mamao a me nā mea kūʻai aku, mākou pono nā kuleana kumu ma nā ʻaoʻao ʻelua.
PermitRootLogin yes
PermitTunnel yesA laila e hoʻokumu mākou i kahi pilina ssh me ka hoʻohana ʻana i ka ʻāpana e noi ana i ka hoʻomaka ʻana o nā polokalamu tun.
localhost:~# ssh -v -w any root@remoteserver
Pono mākou i kēia manawa i kahi hāmeʻa tun ke hōʻike i nā interface (# ip a). ʻO ka hana aʻe e hoʻohui i nā helu IP i nā loulou tunnel.
ʻaoʻao mea kūʻai aku SSH:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 upʻaoʻao kikowaena SSH:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
I kēia manawa he ala pololei mākou i kahi hoʻokipa ʻē aʻe (route -n и ping 10.10.10.10).
Hiki iā ʻoe ke hoʻokele i kekahi subnet ma o kahi hoʻokipa ma kēlā ʻaoʻao.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
Ma ka ʻaoʻao mamao pono ʻoe e hoʻā ip_forward и iptables.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADEBoom! VPN ma luna o SSH tunnel ma ka pae pūnaewele 3. I kēia manawa he lanakila kēlā.
Inā loaʻa kekahi pilikia, hoʻohana и pinge hoʻoholo i ke kumu. No ka mea e pāʻani ana mākou ma ka papa 3, e hele kā mākou mau ʻeke icmp ma kēia tunnel.
7. E kope i ke kī SSH (ssh-copy-id)
Nui nā ala e hana ai i kēia, akā mālama kēia kauoha i ka manawa ma ke kope ʻole ʻana i nā faila me ka lima. Hoʻopili wale ia i ~/.ssh/id_rsa.pub (a i ʻole ke kī paʻamau) mai kāu ʻōnaehana i ~/.ssh/authorized_keys ma kahi kikowaena mamao.
localhost:~$ ssh-copy-id user@remoteserver
8. Hoʻokō kauoha mamao (ʻaʻole pili)
hui ssh Hiki ke hoʻopili ʻia i nā kauoha ʻē aʻe no kahi mea hoʻohana maʻamau. E hoʻohui wale i ke kauoha āu e makemake ai e holo ma ka host mamao e like me ka palena hope loa i nā ʻōlelo.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
Ma keia laana grep hana ʻia ma ka ʻōnaehana kūloko ma hope o ka lawe ʻia ʻana o ka log ma o ke kahawai ssh. Inā nui ka faila, ʻoi aku ka maʻalahi o ka holo grep ma ka ʻaoʻao mamao ma ka hoʻopili wale ʻana i nā kauoha ʻelua i nā huaʻōlelo pālua.
Hana kekahi laʻana i ka hana like me ssh-copy-id mai ka laʻana 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Hoʻopaʻa a nānā ʻana i ka ʻeke mamao ma Wireshark
Ua lawe au i kekahi o mākou . E hoʻohana iā ia e hopu mamao i nā ʻeke a hōʻike pololei i nā hopena i ka GUI Wireshark kūloko.
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Ke kope ʻana i kahi waihona kūloko i kahi kikowaena mamao ma o SSH
ʻO kahi hoʻopunipuni maikaʻi e hoʻopaʻa i kahi waihona me ka hoʻohana ʻana bzip2 (ʻo kēia ke koho -j i ke kauoha tar), a laila hoʻihoʻi i ke kahawai bzip2 ma ka ʻaoʻao ʻē aʻe, e hana ana i kahi waihona kope ma ke kikowaena mamao.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Nā noi GUI mamao me SSH X11 Forwarding
Inā hoʻokomo ʻia ʻo X ma ka mea kūʻai aku a me ke kikowaena mamao, a laila hiki iā ʻoe ke hoʻokō mamao i kahi kauoha GUI me ka pukaaniani ma kāu pākaukau kūloko. Ua puni kēia hiʻohiʻona no ka manawa lōʻihi, akā pono nō naʻe. E hoʻokuʻu i kahi polokalamu kele pūnaewele mamao a i ʻole ka console VMWawre Workstation e like me kaʻu e hana nei i kēia hiʻohiʻona.
localhost:~$ ssh -X remoteserver vmware
Pono ke kaula X11Forwarding yes ma ka waihona sshd_config.
12. Ke kope kope mamao me ka rsync a me SSH
rsync ʻoi aku ka maʻalahi scp, inā makemake ʻoe i nā hoʻihoʻi manawa o kahi papa kuhikuhi, nā faila nui, a i ʻole nā faila nui loa. Aia kahi hana no ka hoʻihoʻi ʻana mai ka hāʻule ʻana o ka hoʻololi ʻana a me ke kope ʻana i nā faila i hoʻololi wale ʻia, e mālama ai i ke kaʻa a me ka manawa.
Ke hoʻohana nei kēia laʻana i ka hoʻoemi gzip (-z) a me ke ʻano waihona (-a), hiki ke kope hou.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH ma luna o ka pūnaewele Tor
Hiki i ka pūnaewele Tor inoa ʻole ke hoʻokaʻawale i ka lele SSH me ka hoʻohana ʻana i ke kauoha torsocks. ʻO kēia kauoha e hāʻawi i ka ssh proxy ma o Tor.
localhost:~$ torsocks ssh myuntracableuser@remoteservere hoʻohana i ka port 9050 ma localhost no ke koho. E like me ka manawa mau, i ka wā e hoʻohana ai iā Tor pono ʻoe e nānā koʻikoʻi i ke ʻano o ke kaʻa a me nā pilikia palekana hana (opsec). Ma hea e hele ai kāu mau nīnau DNS?
14. SSH i EC2 laʻana
No ka hoʻopili ʻana i kahi laʻana EC2, pono ʻoe i kahi kī pilikino. Hoʻoiho iā ia (.pem extension) mai ka Amazon EC2 control panel a hoʻololi i nā ʻae (chmod 400 my-ec2-ssh-key.pem). E mālama i ke kī ma kahi palekana a i ʻole e waiho i loko o kāu waihona ponoʻī ~/.ssh/.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
ʻO ka pākuhi -i e haʻi wale aku i ka mea kūʻai aku ssh e hoʻohana i kēia kī. waihona ~/.ssh/config He kūpono no ka hoʻonohonoho pono ʻana i ka hoʻohana kī i ka wā e hoʻopili ai i kahi host ec2.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Hoʻoponopono i nā faila kikokikona me ka hoʻohana ʻana iā VIM ma o ssh/scp
No nā mea aloha a pau vim Mālama kēia ʻōlelo aʻoaʻo i kekahi manawa. Ma ka hoʻohana ʻana vim hoʻoponopono ʻia nā faila ma o scp me hoʻokahi kauoha. Hoʻokumu wale kēia ʻano hana i ka faila i loko /tmpa laila kope hou i ka manawa a mākou i mālama ai vim.
localhost:~$ vim scp://user@remoteserver//etc/hosts
Nānā: ʻokoʻa iki ke ʻano mai ka mea maʻamau scp. Ma hope o ka mea hoʻokipa, loaʻa iā mākou pālua //. He kuhikuhi ala loa kēia. E hōʻike ana kekahi slash i kahi ala e pili ana i kāu waihona home users.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])Inā ʻike ʻoe i kēia hewa, e nānā pālua i ke ʻano kauoha. ʻO kēia ka manaʻo maʻamau he hewa syntax.
16. Ke kau ʻana i kahi SSH mamao ma ke ʻano he waihona kūloko me SSHFS
Me ke kōkuaʻana o sshfs - mea kūʻai pūnaewele waihona ssh - hiki iā mākou ke hoʻohui i kahi papa kuhikuhi kūloko i kahi wahi mamao me nā pilina faila āpau i kahi kau i hoʻopili ʻia ssh.
localhost:~$ apt install sshfs
E hoʻouka i ka pūʻolo ma Ubuntu a me Debian sshfs, a laila kau wale i ka wahi mamao i kā mākou ʻōnaehana.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. SSH Multiplexing me ControlPath
Ma ka paʻamau, inā loaʻa kahi pilina i kahi kikowaena mamao e hoʻohana ana ssh pili lua e hoʻohana ana ssh ai ole ia, scp hoʻokumu i kahi kau hou me ka hōʻoia hou. Koho ControlPath hiki ke hoʻohana ʻia ke kau e noho nei no nā pili hope a pau. E wikiwiki loa kēia i ke kaʻina hana: ʻike ʻia ka hopena ma kahi pūnaewele kūloko, a ʻoi aku hoʻi i ka wā e pili ana i nā kumuwaiwai mamao.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
Hōʻike ʻo ControlPath i ke kumu e nānā ai i nā pilina hou e ʻike ai inā aia kahi kau hana ssh. ʻO ke koho hope loa ʻo ia hoʻi ma hope o kou haʻalele ʻana i ka console, e wehe ʻia ka hālāwai e noho nei no 10 mau minuke, no laila i kēia manawa hiki iā ʻoe ke hoʻohui hou i ke kumu i loaʻa. No ka ʻike hou aku, e ʻike i ke kōkua. ssh_config man.
18. E kahe wikiō ma luna o SSH me VLC a me SFTP
ʻOiai nā mea hoʻohana lōʻihi ssh и vlc (Video Lan Client) ʻaʻole ʻike mau i kēia koho kūpono inā pono ʻoe e nānā i kahi wikiō ma luna o ka pūnaewele. Ma nā hoʻonohonoho Waihona | E wehe i ke kahawai pūnaewele papahana vlc hiki iā ʻoe ke komo i kahi e like me sftp://. Inā makemake ʻia kahi ʻōlelo huna, e ʻike ʻia kahi ʻōkuhi.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Hōʻoia ʻelua kumu
ʻO ka hōʻoia ʻelua ʻelua e like me kāu moʻokāki a i ʻole moʻokāki Google e pili ana i ka lawelawe SSH.
ʻOiai, ssh i ka mua he hana hōʻoia ʻelua kumu, ʻo ia hoʻi he ʻōlelo huna a me kahi kī SSH. ʻO ka pōmaikaʻi o kahi hōʻailona hāmeʻa a i ʻole Google Authenticator app ʻo ia ka mea maʻamau he mea kino kino ʻē aʻe.
E ʻike i kā mākou alakaʻi no 8 mau minuke .
20. Lelele pū me ka ssh a me -J
Inā ʻo ka hoʻokaʻawale ʻana o ka pūnaewele, pono ʻoe e lele ma waena o nā pūʻali ssh he nui e hiki ai i ka pūnaewele hopena hope loa, ʻo ka pōkole -J e mālama iā ʻoe i ka manawa.
localhost:~$ ssh -J host1,host2,host3 [email protected]
ʻO ka mea nui e hoʻomaopopo ma ʻaneʻi ʻaʻole like kēia me ke kauoha ssh host1alaila user@host1:~$ ssh host2 etc. Hoʻohana akamai ka koho -J i ka hoʻouna ʻana e hoʻoikaika i ka localhost e hoʻokumu i kahi hālāwai me ka mea hoʻokipa aʻe i ke kaulahao. No laila i ka laʻana i luna, ua hōʻoia ʻia kā mākou localhost i host4. ʻO ia hoʻi, hoʻohana ʻia kā mākou mau kī localhost, a ua hoʻopili piha ʻia ka hālāwai mai localhost a host4.
No ia hiki i ssh_config e kuhikuhi i ke koho hoʻonohonoho Hoʻokuʻu. Inā pono ʻoe e hele ma waena o nā pūʻali, a laila e mālama ka automation ma o ka config i ka manawa nui.
21. Kāohi i nā ho'āʻo ikaika SSH me ka hoʻohana ʻana i nā iptables
ʻO ka mea nāna i mālama i kahi lawelawe SSH a nānā i nā lāʻau, ʻike ʻo ia e pili ana i ka nui o nā hoʻāʻo ʻino e hana ʻia i kēlā me kēia hola o kēlā me kēia lā. ʻO kahi ala wikiwiki e hōʻemi ai i ka walaʻau i nā lāʻau, ʻo ia ka neʻe ʻana iā SSH i kahi awa maʻamau. E hoʻololi i ka faila sshd_config ma o ka hoʻonohonoho hoʻonohonoho Awa##.
Me ke kōkuaʻana o iptables Hiki iā ʻoe ke pale maʻalahi i nā hoʻāʻo e hoʻopili i kahi awa ke hiki i kekahi paepae. ʻO kahi ala maʻalahi e hana ai i kēia ka hoʻohana , no ka mea, ʻaʻole ia e poloka wale i ka SSH, akā hana i kahi pūʻulu o nā ʻano hana ʻike intrusion detection (HIDS).
22. Pakele SSH e hoʻololi i ka hoʻouna ʻana i ke awa
A ʻo kā mākou hiʻohiʻona hope ssh i hoʻolālā ʻia e hoʻololi i ka hoʻouna ʻana i ke awa ma ka lele i loko o kahi kau e kū nei ssh. E noʻonoʻo i kēia hiʻohiʻona. Aia ʻoe i loko o ka ʻupena; Ua lele paha ma luna o ka hapalua o nā pūʻali koa a makemake i kahi awa kūloko ma ke kahua hana i hoʻouna ʻia i ka Microsoft SMB o kahi ʻōnaehana Windows 2003 kahiko (e hoʻomanaʻo kekahi iā ms08-67?).
Kaomi enter, e ho'āʻo e komo i loko o ka console ~C. He kaʻina hoʻomalu kau kēia e hiki ai ke hoʻololi i kahi pilina e kū nei.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
Maanei hiki iā ʻoe ke ʻike ua hoʻouna mākou i kā mākou awa kūloko 1445 i kahi Windows 2003 host i loaʻa iā mākou ma ka pūnaewele kūloko. I kēia manawa holo wale msfconsole, a hiki iā ʻoe ke neʻe (manaʻo ʻoe e hoʻolālā e hoʻohana i kēia host).
Ka pauʻana
ʻO kēia mau laʻana, nā ʻōlelo aʻoaʻo a me nā kauoha ssh pono e hāʻawi i kahi hoʻomaka; Loaʻa ka ʻike hou aʻe e pili ana i kēlā me kēia kauoha a me nā mana ma nā ʻaoʻao kanaka (man ssh, man ssh_config, man sshd_config).
Ua hauʻoli mau wau i ka hiki ke komo i nā ʻōnaehana a hoʻokō i nā kauoha ma nā wahi āpau o ka honua. Ma ka hoʻomohala ʻana i kāu mau akamai me nā mea hana like ssh e lilo ʻoe i ʻoi aku ka maikaʻi ma nā pāʻani āu e pāʻani ai.
Source: www.habr.com