ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Cov tswv yim tswv yim, piv txwv thiab SSH qhov

Cov tswv yim tswv yim, piv txwv thiab SSH qhov

Cov tswv yim tswv yim, piv txwv thiab SSH qhov
Cov piv txwv zoo SSH, uas yuav coj koj cov kev txawj ntse los ua tus thawj tswj hwm chaw taws teeb rau qib tshiab. Cov lus txib thiab cov lus qhia yuav pab tsis tau tsuas yog siv xwb SSH, tab sis kuj navigate lub network ntau competently.

Paub txog ob peb lub tswv yim ssh pab tau rau txhua tus thawj tswj hwm, network engineer lossis tus kws tshaj lij kev ruaj ntseg.

Cov piv txwv siv tau SSH

  1. SSH thom khwm npe
  2. SSH qhov (port forwarding)
  3. SSH qhov mus rau tus tswv thib peb
  4. Rov qab SSH qhov
  5. SSH rov qab npe
  6. Txhim kho VPN ntawm SSH
  7. Luam theej SSH key (ssh-copy-id)
  8. Remote command execution (non-interactive)
  9. Tej thaj chaw deb pob ntawv ntes thiab saib hauv Wireshark
  10. Luam ib daim nplaub tshev hauv zos rau cov chaw taws teeb tswj ntawm SSH
  11. Tej thaj chaw deb GUI daim ntawv thov nrog SSH X11 Forwarding
  12. Kev luam cov ntaub ntawv nyob deb siv rsync thiab SSH
  13. SSH ntawm Tor network
  14. SSH rau EC2 piv txwv
  15. Kho cov ntawv nyeem siv VIM ntawm ssh/scp
  16. Mount tej thaj chaw deb SSH li hauv zos nplaub tshev nrog SSHFS
  17. Multiplexing SSH nrog ControlPath
  18. kwj video hla SSH siv VLC thiab SFTP
  19. Ob-factor authentication
  20. Dhia hosts nrog SSH thiab -J
  21. Thaiv SSH brute quab yuam sim siv iptables
  22. SSH Escape hloov chaw nres nkoj xa mus

Basics ua ntej

Parsing SSH kab hais kom ua

Cov piv txwv hauv qab no siv cov kev tsis sib xws uas feem ntau ntsib thaum txuas mus rau cov chaw taws teeb chaw taws teeb SSH.

localhost:~$ ssh -v -p 22 -C neo@remoteserver

  • -v: Debugging tso zis yog tshwj xeeb tshaj yog pab tau thaum soj ntsuam cov teeb meem authentication. Yuav siv tau ntau zaus los tso saib cov ntaub ntawv ntxiv.
  • - p 22: kev sib txuas chaw nres nkoj mus rau qhov chaw taws teeb SSH server. 22 tsis tas yuav tsum tau teev tseg, vim tias qhov no yog tus nqi qub, tab sis yog tias tus txheej txheem nyob ntawm qee qhov chaw nres nkoj, ces peb qhia nws siv qhov ntsuas. -p. Lub mloog pob ntseg yog teev nyob rau hauv cov ntaub ntawv sshd_config nyob rau hauv hom ntawv Port 2222.
  • -C: Compression rau kev sib txuas. Yog tias koj muaj kev sib txuas qeeb lossis saib cov ntawv nyeem ntau, qhov no tuaj yeem ua kom qhov kev sib txuas ceev.
  • neo@: Cov kab ua ntej @ cim qhia tus neeg siv lub npe rau kev lees paub ntawm cov chaw taws teeb server. Yog tias koj tsis teev nws, nws yuav ua rau tus neeg siv lub npe ntawm tus as khauj koj tam sim no nkag rau hauv (~$whoami). Tus neeg siv kuj tuaj yeem teev tau siv qhov parameter -l.
  • remoteserver: lub npe ntawm tus tswv tsev txuas rau ssh, qhov no tuaj yeem yog lub npe tsim nyog, tus IP chaw nyob, lossis ib tus tswv tsev hauv cov ntaub ntawv hosts hauv zos. Txhawm rau txuas mus rau tus tswv tsev uas txhawb nqa IPv4 thiab IPv6, koj tuaj yeem ntxiv qhov ntsuas rau kab hais kom ua -4 los yog -6 rau kev daws teeb meem kom raug.

Tag nrho cov kev ntsuas saum toj no yog xaiv tau tshwj tsis yog remoteserver.

Siv cov ntaub ntawv configuration

Txawm tias muaj coob tus paub txog cov ntaub ntawv sshd_config, kuj tseem muaj cov neeg siv khoom configuration file rau cov lus txib ssh. Default tus nqi ~/.ssh/config, tab sis nws tuaj yeem txhais tau tias yog parameter rau kev xaiv -F.

Host *
     Port 2222

Host remoteserver
     HostName remoteserver.thematrix.io
     User neo
     Port 2112
     IdentityFile /home/test/.ssh/remoteserver.private_key

Muaj ob lub tswv yim nkag hauv qhov piv txwv ssh configuration file saum toj no. Qhov thib ib txhais tau hais tias tag nrho cov tswv, txhua tus siv qhov chaw nres nkoj 2222 configuration parameter. Qhov thib ob hais tias rau tus tswv tsev. remoteserver yuav tsum siv lub npe sib txawv, chaw nres nkoj, FQDN thiab IdentityFile.

Cov ntaub ntawv teeb tsa tuaj yeem txuag tau ntau lub sijhawm ntaus ntawv los ntawm kev tso cai rau kev teeb tsa siab heev kom tau txais kev thov thaum txuas rau cov tswv tshwj xeeb.

Luam cov ntaub ntawv hla SSH siv SCP

Tus neeg siv SSH tuaj nrog ob lwm cov cuab yeej siv tau yooj yim rau kev luam cov ntaub ntawv dhau encrypted ssh kev twb kev txuas. Saib hauv qab no rau ib qho piv txwv ntawm kev siv tus qauv ntawm cov lus txib scp thiab sftp. Nco ntsoov tias ntau qhov kev xaiv ssh siv rau cov lus txib no thiab.

localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png

Hauv qhov piv txwv no cov ntaub ntawv mypic.png luam rau remoteserver rau nplaub tshev /media/data thiab renamed rau mypic_2.png.

Tsis txhob hnov ​​qab txog qhov txawv ntawm qhov chaw nres nkoj parameter. Qhov no yog qhov uas ntau tus neeg raug ntes thaum lawv tso tawm scp los ntawm kab hais kom ua. Ntawm no yog qhov chaw nres nkoj parameter -Pthiab tsis -p, ib yam li hauv ssh tus neeg siv khoom! Koj yuav hnov ​​qab, tiam sis tsis txhob txhawj, sawv daws tsis nco qab.

Rau cov neeg uas paub txog console ftp, ntau cov lus txib zoo sib xws hauv sftp. Koj ua tau laub, Muab tso ΠΈ lsraws li lub siab xav.

sftp neo@remoteserver

Cov piv txwv zoo

Hauv ntau qhov piv txwv no, cov txiaj ntsig tuaj yeem ua tiav siv ntau txoj hauv kev. Raws li peb txhua tus paub phau ntawv thiab piv txwv, nyiam yog muab rau cov piv txwv uas tsuas yog ua lawv txoj haujlwm.

1. SSH thom khwm npe

SSH Proxy feature yog tus naj npawb 1 rau qhov laj thawj zoo. Nws muaj zog dua li ntau tus paub thiab muab rau koj nkag mus rau txhua qhov system uas cov chaw taws teeb tswj tau nkag mus rau, siv txhua daim ntawv thov. Tus neeg siv khoom ssh tuaj yeem nkag mus los ntawm SOCKS npe nrog ib qho lus txib yooj yim. Nws yog ib qho tseem ceeb kom nkag siab tias kev khiav mus rau tej thaj chaw deb systems yuav los ntawm cov chaw taws teeb server, qhov no yuav raug qhia hauv web server cav.

localhost:~$ ssh -D 8888 user@remoteserver

localhost:~$ netstat -pan | grep 8888
tcp        0      0 127.0.0.1:8888       0.0.0.0:*               LISTEN      23880/ssh

Ntawm no peb tab tom khiav ib lub thom khwm tso cai ntawm TCP chaw nres nkoj 8888, qhov thib ob hais kom kuaj xyuas tias qhov chaw nres nkoj ua haujlwm hauv hom mloog. 127.0.0.1 qhia tias qhov kev pabcuam tsuas yog khiav ntawm localhost. Peb tuaj yeem siv cov lus txib sib txawv me ntsis los mloog ntawm txhua qhov sib cuam tshuam, suav nrog ethernet lossis wifi, qhov no yuav tso cai rau lwm cov ntawv thov (browsers, thiab lwm yam) ntawm peb lub network txuas rau qhov kev pabcuam npe los ntawm ssh socks npe.

localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver

Tam sim no peb tuaj yeem teeb tsa qhov browser txuas mus rau cov thom khwm npe. Hauv Firefox, xaiv Chaw | Basic | Network nqis. Qhia tus IP chaw nyob thiab chaw nres nkoj kom txuas.

Cov tswv yim tswv yim, piv txwv thiab SSH qhov

Thov nco ntsoov qhov kev xaiv hauv qab ntawm daim ntawv kom tseem muaj koj tus browser qhov kev thov DNS mus dhau ntawm SOCKS npe. Yog tias koj siv lub npe neeg rau zaub mov los encrypt lub vev xaib ntawm koj lub network hauv zos, tej zaum koj yuav xav xaiv qhov kev xaiv no kom cov kev thov DNS tau dhau los ntawm kev sib txuas SSH.

Ua kom cov thom khwm tso cai hauv Chrome

Launching Chrome nrog qee cov kab hais kom ua yuav ua rau cov thom khwm npe, nrog rau kev thov DNS los ntawm qhov browser. Ntseeg tab sis kos. Siv tcp pom txhawm rau xyuas tias cov lus nug DNS tsis pom lawm.

localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"

Siv lwm daim ntawv thov nrog lub npe

Nco ntsoov tias ntau lwm daim ntawv thov kuj tseem siv cov thom khwm npe. Lub web browser tsuas yog nrov tshaj plaws ntawm lawv txhua tus. Qee daim ntawv thov muaj cov kev xaiv teeb tsa los ua kom muaj lub npe server. Lwm tus xav tau kev pab me me nrog ib qho kev pab cuam. Piv txwv li, proxychains tso cai rau koj khiav los ntawm cov thom khwm npe Microsoft RDP, thiab lwm yam.

localhost:~$ proxychains rdesktop $RemoteWindowsServer

Socks proxy configuration parameters yog teem rau hauv proxychains configuration file.

Lus Cim: Yog tias koj siv tej thaj chaw deb desktop los ntawm Linux ntawm Windows? Sim tus neeg siv khoom FreeRDP. Qhov no yog kev siv niaj hnub ntau dua li rdesktop, nrog kev paub ntau dua.

Kev xaiv siv SSH ntawm thom khwm npe

Koj zaum hauv tsev noj mov lossis tsev so - thiab raug yuam kom siv WiFi tsis muaj kev ntseeg siab. Peb tso lub npe ssh hauv zos los ntawm lub laptop thiab teeb tsa ssh qhov rau hauv lub tsev network ntawm Rasberry Pi hauv zos. Siv lub browser lossis lwm daim ntawv thov teeb tsa rau lub npe thom khwm, peb tuaj yeem nkag mus rau txhua qhov kev pabcuam hauv peb lub tsev network lossis nkag hauv Is Taws Nem los ntawm peb lub tsev txuas. Txhua yam ntawm koj lub laptop thiab koj lub tsev neeg rau zaub mov (ntawm Wi-Fi thiab internet rau koj lub tsev) yog encrypted hauv SSH qhov.

2. SSH qhov (port forwarding)

Hauv nws daim ntawv yooj yim tshaj plaws, SSH qhov tsuas yog qhib qhov chaw nres nkoj ntawm koj lub hauv zos uas txuas mus rau lwm qhov chaw nres nkoj ntawm lwm qhov kawg ntawm lub qhov.

localhost:~$ ssh  -L 9999:127.0.0.1:80 user@remoteserver

Cia peb saib cov parameter -L. Nws tuaj yeem xav tias yog sab hauv zos ntawm kev mloog. Yog li hauv qhov piv txwv saum toj no, chaw nres nkoj 9999 tau mloog nyob rau sab hauv lub zos thiab xa mus los ntawm chaw nres nkoj 80 mus rau remoteserver. Thov nco ntsoov tias 127.0.0.1 yog hais txog localhost ntawm cov chaw taws teeb server!

Cia peb nce qib. Cov piv txwv hauv qab no sib txuas lus mloog cov chaw nres nkoj nrog lwm tus tswv ntawm lub network hauv zos.

localhost:~$ ssh  -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver

Hauv cov piv txwv no peb tab tom txuas mus rau qhov chaw nres nkoj ntawm lub vev xaib server, tab sis qhov no tuaj yeem yog tus neeg rau npe npe lossis lwm yam kev pabcuam TCP.

3. SSH qhov mus rau tus tswv tsev thib peb

Peb tuaj yeem siv tib qhov tsis sib xws los txuas lub qhov los ntawm cov chaw taws teeb tswj mus rau lwm qhov kev pabcuam uas khiav ntawm peb qhov system.

localhost:~$ ssh  -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver

Hauv qhov piv txwv no, peb tab tom redirecting ib qhov los ntawm remoteserver mus rau lub web server khiav ntawm 10.10.10.10. Tsheb khiav los ntawm remoteserver mus rau 10.10.10.10 tsis nyob hauv SSH qhov. Lub web server ntawm 10.10.10.10 yuav txiav txim siab remoteserver los ua qhov chaw thov web.

4. Rov qab SSH qhov

Ntawm no peb yuav teeb tsa lub mloog pob ntseg ntawm cov chaw taws teeb chaw taws teeb uas yuav txuas rov qab mus rau qhov chaw nres nkoj hauv zos ntawm peb lub localhost (lossis lwm qhov system).

localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver

Qhov kev sib tham SSH no tsim kev sib txuas los ntawm chaw nres nkoj 1999 ntawm remoteserver mus rau chaw nres nkoj 902 ntawm peb cov neeg siv khoom hauv zos.

5. SSH Reverse Proxy

Hauv qhov no, peb tab tom teeb tsa lub npe thom khwm ntawm peb qhov kev sib txuas ssh, tab sis tus neeg sawv cev tau mloog ntawm qhov kawg ntawm lub server. Kev sib txuas rau cov chaw taws teeb tswj tam sim no tshwm sim los ntawm qhov av raws li kev khiav tsheb los ntawm peb lub zos.

localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver

Kev daws teeb meem nrog tej thaj chaw deb SSH qhov

Yog tias koj muaj teeb meem nrog tej thaj chaw deb SSH kev xaiv ua haujlwm, kos nrog netstat, dab tsi lwm yam interfaces lub mloog pob ntseg txuas nrog. Txawm hais tias peb qhia 0.0.0.0 hauv cov piv txwv, tab sis yog tias tus nqi GatewayPorts Π² sshd_config teem rau tsis muaj, ces tus mloog yuav raug khi rau localhost (127.0.0.1).

Ceeb toom kev ruaj ntseg

Thov nco ntsoov tias los ntawm kev qhib tunnels thiab thom khwm proxies, cov kev pabcuam hauv network tuaj yeem nkag mus rau cov tes hauj lwm tsis ntseeg siab (xws li Internet!). Qhov no tuaj yeem ua rau muaj kev pheej hmoo nyab xeeb loj, yog li xyuas kom koj nkag siab tias tus mloog yog dab tsi thiab lawv tau nkag mus rau dab tsi.

6. Txhim kho VPN ntawm SSH

Lub ntsiab lus ntawm cov kws tshaj lij hauv txoj kev tawm tsam (pentesters, thiab lwm yam) yog "kev ua haujlwm hauv lub network." Thaum ib qho kev sib txuas tau tsim los ntawm ib qho system, qhov system ntawd dhau los ua lub qhov rooj rau kev nkag mus rau lub network ntxiv. Lub fulcrum uas tso cai rau koj mus rau hauv dav.

Rau qhov foothold no peb tuaj yeem siv SSH npe thiab proxychains, txawm li cas los xij muaj qee qhov kev txwv. Piv txwv li, nws yuav tsis tuaj yeem ua haujlwm ncaj qha nrog cov qhov (sockets), yog li peb yuav tsis tuaj yeem luam theej duab cov chaw nres nkoj hauv lub network ntawm Nmap SYN.

Siv qhov kev xaiv VPN siab dua no, qhov kev sib txuas raug txo rau qib 3. Tom qab ntawd peb tuaj yeem yooj yim txoj kev tsheb khiav los ntawm qhov av siv cov txheej txheem network routing.

Txoj kev siv ssh, iptables, tun interfaces thiab routing.

Ua ntej koj yuav tsum tau teeb tsa cov kev txwv no sshd_config. Txij li thaum peb tab tom hloov pauv mus rau qhov cuam tshuam ntawm cov chaw taws teeb thiab cov neeg siv khoom, peb xav tau cov cai hauv ob sab.

PermitRootLogin yes
PermitTunnel yes

Tom qab ntawd peb yuav tsim kom muaj kev sib txuas ssh siv qhov ntsuas uas thov qhov pib ntawm tun li.

localhost:~# ssh -v -w any root@remoteserver

Peb yuav tsum tam sim no muaj ib tug tun ntaus ntawv thaum uas qhia interfaces (# ip a). Cov kauj ruam tom ntej yuav ntxiv IP chaw nyob rau hauv qhov kev sib tshuam.

SSH tus neeg siv khoom sab:

localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up

SSH Server Sab:

remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up

Tam sim no peb muaj txoj kev ncaj qha mus rau lwm tus tswv tsev (route -n ΠΈ ping 10.10.10.10).

Koj tuaj yeem xa cov subnet los ntawm ib tus tswv tsev ntawm sab nraud.

localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

Nyob rau sab tej thaj chaw deb koj yuav tsum enable ip_forward ΠΈ iptables.

remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE

Boom! VPN hla SSH qhov ntawm lub network txheej 3. Tam sim no uas yog yeej.

Yog tias muaj teeb meem tshwm sim, siv tcp pom ΠΈ pinglos txiav txim qhov ua rau. Txij li thaum peb tab tom ua si ntawm txheej 3, peb cov pob ntawv icmp yuav dhau los ntawm qhov av no.

7. Luam tus yuam sij SSH (ssh-copy-id)

Muaj ntau ntau txoj hauv kev los ua qhov no, tab sis cov lus txib no txuag lub sijhawm los ntawm kev tsis luam cov ntaub ntawv manually. Nws tsuas luam tawm ~/.ssh/id_rsa.pub (los yog tus yuam sij default) los ntawm koj lub cev rau ~/.ssh/authorized_keys nyob rau hauv tej thaj chaw deb server.

localhost:~$ ssh-copy-id user@remoteserver

8. Tej thaj chaw deb hais kom ua (tsis sib tham sib)

pab neeg ssh Nws tuaj yeem txuas mus rau lwm cov lus txib rau kev sib koom ua ke, tus neeg siv tus phooj ywg interface. Tsuas yog ntxiv cov lus txib koj xav khiav ntawm cov chaw taws teeb tswj hwm raws li qhov kawg tsis nyob hauv quotes.

localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php

Hauv qhov piv txwv no grep tua nyob rau hauv lub zos system tom qab lub cav tau raug downloaded ntawm ssh channel. Yog tias cov ntaub ntawv loj, nws yooj yim dua los khiav grep nyob rau sab tej thaj chaw deb los ntawm tsuas yog kaw ob lub commands nyob rau hauv ob quotes.

Lwm qhov piv txwv ua haujlwm tib yam li ssh-copy-id ua eg7.

localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'

9. Tej thaj chaw deb pob ntawv ntes thiab saib hauv Wireshark

Kuv coj ib tug ntawm peb tcpdump piv. Siv nws los ntes cov pob ntawv nyob deb thiab tso saib cov txiaj ntsig ncaj qha hauv Wireshark GUI hauv zos.

:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -

10. Luam ib daim nplaub tshev hauv zos rau cov chaw taws teeb tswj ntawm SSH

Ib tug zoo ua kom yuam kev uas compresses ib tug nplaub tshev siv bzip2 (qhov no yog qhov kev xaiv -j hauv cov lus txib tar), thiab tom qab ntawd retrieves tus kwj bzip2 nyob rau sab nraud, tsim ib daim nplaub tshev duplicate ntawm cov chaw taws teeb server.

localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"

11. Tej thaj chaw deb GUI daim ntawv thov nrog SSH X11 Forwarding

Yog tias X tau nruab rau ntawm tus neeg siv khoom thiab cov chaw taws teeb tswj, ces koj tuaj yeem ua qhov kev hais kom ua GUI nrog lub qhov rais ntawm koj lub desktop. Cov yam ntxwv no tau nyob ib puag ncig ntev, tab sis tseem muaj txiaj ntsig zoo. Tua tawm lub web browser tej thaj chaw deb lossis txawm tias VMWawre Workstation console zoo li kuv ua hauv qhov piv txwv no.

localhost:~$ ssh -X remoteserver vmware

Yuav tsum tau txoj hlua X11Forwarding yes hauv cov ntaub ntawv sshd_config.

12. Tej thaj chaw deb luam cov ntaub ntawv siv rsync thiab SSH

rsync yooj yim dua scp, yog tias koj xav tau ib ntus thaub qab ntawm cov npe, ntau cov ntaub ntawv, lossis cov ntaub ntawv loj heev. Muaj kev ua haujlwm rau kev rov qab los ntawm kev hloov pauv tsis ua haujlwm thiab luam tawm cov ntaub ntawv hloov pauv nkaus xwb, uas txuag tsheb thiab sijhawm.

Qhov piv txwv no siv compression gzip (-z) thiab archiving hom (-a), uas tso cai rau kev luam rov ua dua.

:~$ rsync -az /home/testuser/data remoteserver:backup/

13. SSH hla Tor network

Tus tsis qhia npe Tor network tuaj yeem tunnel SSH kev khiav tsheb siv cov lus txib torsocks. Cov lus txib hauv qab no yuav dhau lub npe ssh los ntawm Tor.

localhost:~$ torsocks ssh myuntracableuser@remoteserver

Torsocks yuav siv chaw nres nkoj 9050 ntawm localhost rau npe. Raws li ib txwm muaj, thaum siv Tor koj yuav tsum tau tshawb xyuas qhov kev khiav tsheb mus los thiab lwm yam teeb meem kev nyab xeeb (opsec). Koj cov lus nug DNS mus qhov twg?

14. SSH rau EC2 piv txwv

Txhawm rau txuas rau EC2 piv txwv, koj xav tau tus yuam sij ntiag tug. Rub tawm nws (.pem txuas ntxiv) los ntawm Amazon EC2 tswj vaj huam sib luag thiab hloov cov kev tso cai (chmod 400 my-ec2-ssh-key.pem). Khaws tus yuam sij rau hauv qhov chaw nyab xeeb lossis muab tso rau hauv koj tus kheej daim nplaub tshev ~/.ssh/.

localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public

Parameter -i tsuas yog qhia tus neeg siv ssh siv tus yuam sij no. Cov ntaub ntawv ~/.ssh/config Qhov zoo tshaj plaws rau kev teeb tsa kev siv tseem ceeb thaum txuas mus rau ec2 party.

Host my-ec2-public
   Hostname ec2???.compute-1.amazonaws.com
   User ubuntu
   IdentityFile ~/.ssh/my-ec2-key.pem

15. Kho cov ntawv nyeem siv VIM ntawm ssh/scp

Rau txhua tus nyiam vim Cov lus qhia no yuav txuag tau qee lub sijhawm. Los ntawm kev siv vim cov ntaub ntawv raug kho los ntawm scp nrog ib qho lus txib. Txoj kev no tsuas yog tsim cov ntaub ntawv hauv zos /tmpthiab tom qab ntawd luam nws rov qab thaum peb tau txais kev cawmdim los ntawm vim.

localhost:~$ vim scp://user@remoteserver//etc/hosts

Nco tseg: hom ntawv txawv me ntsis los ntawm qhov qub scp. Tom qab tus tswv tsev peb muaj ob npaug //. Qhov no yog ib qho kev siv kiag li. Ib qho slash yuav qhia txog txoj hauv kev txheeb ze rau koj lub tsev ntawv tais ceev tseg users.

**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])

Yog tias koj pom qhov yuam kev no, muab ob npaug rau kos cov ntawv hais kom ua. Qhov no feem ntau txhais tau hais tias qhov yuam kev syntax.

16. Mounting SSH tej thaj chaw deb ua ib lub zos nplaub tshev nrog SSHFS

Nrog kev pab los ntawm sshfs - cov ntaub ntawv system neeg siv ssh - Peb tuaj yeem txuas cov npe hauv zos mus rau qhov chaw nyob deb nrog txhua cov ntaub ntawv sib cuam tshuam hauv kev sib tham encrypted ssh.

localhost:~$ apt install sshfs

Nruab pob ntawm Ubuntu thiab Debian sshfs, thiab tom qab ntawd tsuas yog mount qhov chaw nyob deb ntawm peb qhov system.

localhost:~$ sshfs user@remoteserver:/media/data ~/data/

17. SSH Multiplexing nrog ControlPath

Los ntawm lub neej ntawd, yog tias muaj kev sib txuas uas twb muaj lawm rau cov chaw taws teeb tswj siv ssh thib ob kev sib txuas siv ssh los yog scp tsim kom muaj kev sib kho tshiab nrog kev lees paub ntxiv. Kev xaiv ControlPath tso cai rau kev sib kho uas twb muaj lawm siv rau txhua qhov kev sib txuas tom ntej. Qhov no yuav ua kom cov txheej txheem nrawm dua: cov txiaj ntsig tau pom txawm tias nyob hauv lub network hauv zos, thiab ntau dua li thaum txuas mus rau cov chaw nyob deb.

Host remoteserver
        HostName remoteserver.example.org
        ControlMaster auto
        ControlPath ~/.ssh/control/%r@%h:%p
        ControlPersist 10m

ControlPath qhia lub qhov (socket) los kuaj xyuas cov kev sib txuas tshiab kom pom tias puas muaj kev sib kho ssh. Qhov kev xaiv kawg txhais tau hais tias txawm tias tom qab koj tawm ntawm lub console, qhov kev sib kho uas twb muaj lawm yuav nyob twj ywm qhib rau 10 feeb, yog li lub sijhawm no koj tuaj yeem rov txuas rau ntawm lub qhov (socket) uas twb muaj lawm. Yog xav paub ntxiv, saib cov kev pab. ssh_config man.

18. kwj video hla SSH siv VLC thiab SFTP

Txawm tias cov neeg siv sijhawm ntev ssh ΠΈ vlc (Video Lan Client) tsis yog ib txwm paub txog qhov kev xaiv yooj yim no thaum koj xav tau saib cov yees duab hauv lub network tiag tiag. Hauv kev teeb tsa Cov ntaub ntawv | Qhib Network Stream cov kev pab cuam vlc koj tuaj yeem nkag mus rau qhov chaw raws li sftp://. Yog tias xav tau tus password, qhov kev ceeb toom yuav tshwm sim.

sftp://remoteserver//media/uploads/myvideo.mkv

19. Ob qhov kev lees paub tseeb

Qhov kev lees paub thib ob tib yam li koj tus account hauv txhab nyiaj lossis Google account siv rau SSH cov kev pabcuam.

Ntawm chav kawm, ssh pib muaj ob qhov kev lees paub qhov tseeb, uas txhais tau hais tias tus password thiab tus yuam sij SSH. Qhov kom zoo dua ntawm hardware token lossis Google Authenticator app yog tias nws feem ntau yog cov khoom siv lub cev sib txawv.

Saib peb cov lus qhia 8-feeb rau siv Google Authenticator thiab SSH.

20. dhia hosts nrog ssh thiab -J

Yog tias kev sib cais hauv lub network txhais tau tias koj yuav tsum tau dhia dhau los ntawm ntau tus tswv tsev ssh kom tau mus rau qhov chaw kawg network, -J shortcut yuav txuag koj lub sijhawm.

localhost:~$ ssh -J host1,host2,host3 [email protected]

Lub ntsiab kom nkag siab ntawm no yog qhov no tsis yog tib yam li cov lus txib ssh host1ces user@host1:~$ ssh host2 thiab lwm yam. Qhov kev xaiv -J cleverly siv forwarding los yuam localhost los tsim kev sib tham nrog tus tswv tsev tom ntej hauv cov saw hlau. Yog li hauv qhov piv txwv saum toj no, peb lub localhost yog authenticated rau host4. Ntawd yog, peb cov yuam sij localhost tau siv, thiab kev sib kho los ntawm localhost mus rau host4 yog encrypted kiag li.

Rau xws li ib tug tau nyob rau hauv ssh_config qhia kev xaiv configuration ProxyJump. Yog tias koj tsis tu ncua mus dhau ntau tus tswv, ces automation los ntawm config yuav txuag tau ntau lub sijhawm.

21. Thaiv SSH brute quab yuam sim siv iptables

Tus neeg twg uas tau tswj hwm qhov kev pabcuam SSH thiab saib cov ntawv teev lus paub txog tus lej ntawm qhov kev sim siab phem uas tshwm sim txhua teev ntawm txhua hnub. Txoj hauv kev ceev kom txo cov suab nrov hauv cov cav yog txav SSH mus rau qhov chaw nres nkoj tsis yog tus qauv. Hloov cov ntaub ntawv sshd_config ntawm configuration parameter Chaw nres nkoj ##.

Nrog kev pab los ntawm iptables Koj tuaj yeem yooj yim thaiv kev sim txuas mus rau qhov chaw nres nkoj thaum ncav cuag qhov pib. Ib txoj hauv kev yooj yim ua qhov no yog siv OSSEC, vim tias nws tsis tsuas yog thaiv SSH, tab sis ua ntau pawg ntawm lwm lub npe hostname-based intrusion detection (HIDS) ntsuas.

22. SSH Escape hloov chaw nres nkoj xa mus

Thiab peb qhov piv txwv kawg ssh tsim los hloov chaw nres nkoj xa mus rau ya hauv ib qho kev sib kho uas twb muaj lawm ssh. Xav txog qhov xwm txheej no. Koj tob hauv lub network; tej zaum hopped tshaj ib nrab lub kaum os tus tswv thiab xav tau ib lub zos chaw nres nkoj ntawm lub chaw ua hauj lwm uas yog xa mus rau Microsoft SMB ntawm ib tug qub Windows 2003 system (ib tug neeg nco ntsoov ms08-67?).

Nyem enter, sim nkag mus rau hauv lub console ~C. Qhov no yog ib qho kev tswj xyuas ntu uas tso cai rau kev hloov pauv mus rau qhov kev sib txuas uas twb muaj lawm.

localhost:~$ ~C
ssh> -h
Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KL[bind_address:]port                 Cancel local forward
      -KR[bind_address:]port                 Cancel remote forward
      -KD[bind_address:]port                 Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.

Ntawm no koj tuaj yeem pom tias peb tau xa peb qhov chaw nres nkoj hauv zos 1445 mus rau Windows 2003 tus tswv tsev uas peb pom hauv lub network sab hauv. Tam sim no cia li khiav msfconsole, thiab koj tuaj yeem txav mus rau (piv txwv tias koj npaj yuav siv tus tswv tsev no).

Ua tiav

Cov piv txwv no, cov lus qhia thiab cov lus txib ssh yuav tsum muab qhov chaw pib; Xav paub ntau ntxiv txog txhua yam ntawm cov lus txib thiab lub peev xwm muaj nyob rau ntawm nplooj ntawv txiv neej (man ssh, man ssh_config, man sshd_config).

Kuv ib txwm tau txaus siab los ntawm kev muaj peev xwm nkag mus rau cov tshuab thiab ua cov lus txib nyob txhua qhov chaw hauv ntiaj teb. Los ntawm kev txhim kho koj cov kev txawj ntse nrog cov cuab yeej zoo li ssh koj yuav ua tau zoo dua hauv txhua qhov kev ua si uas koj ua si.

Tau qhov twg los: www.hab.com

Ntxiv ib saib