å®è·µäŸ SSH
ã ãã§ãªãããããã¯ãŒã¯ãããæèœã«ããã²ãŒãããããšãã§ããŸãã
ããã€ãã®ã³ããç¥ãããšã§ ssh
ã·ã¹ãã 管çè
ããããã¯ãŒã¯ ãšã³ãžãã¢ããŸãã¯ã»ãã¥ãªãã£ã®å°é家ã«ãšã£ãŠåœ¹ç«ã¡ãŸãã
å®çšç㪠SSH ã®äŸ
SSHãœãã¯ã¹ãããã· SSHãã³ãã«ïŒããŒããã©ã¯ãŒãã£ã³ã°ïŒ XNUMX çªç®ã®ãã¹ããžã® SSH ãã³ãã« ãªããŒã¹ SSH ãã³ãã« SSHãªããŒã¹ãããã· SSH çµç±ã® VPN ã®ã€ã³ã¹ããŒã« SSH ã㌠(ssh-copy-id) ã®ã³ã㌠ãªã¢ãŒãã³ãã³ãå®è¡ïŒé察話åïŒ Wireshark ã§ã®ãªã¢ãŒã ãã±ãã ãã£ããã£ãšè¡šç€º SSHçµç±ã§ããŒã«ã«ãã©ã«ããŒããªã¢ãŒããµãŒããŒã«ã³ããŒãã SSH X11 転éã䜿çšãããªã¢ãŒã GUI ã¢ããªã±ãŒã·ã§ã³ rsync ãš SSH ã䜿çšãããªã¢ãŒã ãã¡ã€ã« ã³ã㌠Tor ãããã¯ãŒã¯çµç±ã® SSH EC2ã€ã³ã¹ã¿ã³ã¹ãžã®SSH ssh/scp çµç±ã§ VIM ã䜿çšããŠããã¹ã ãã¡ã€ã«ãç·šéãã SSHFS ã䜿çšããŠãªã¢ãŒã SSH ãããŒã«ã« ãã©ã«ããŒãšããŠããŠã³ãããŸã ControlPath ã«ãã SSH ã®å€éå VLC ãš SFTP ã䜿çšã㊠SSH çµç±ã§ãããªãã¹ããªãŒãã³ã°ãã äºèŠçŽ èªèšŒ SSH ãš -J ã䜿çšãããã¹ãã®ãžã£ã³ã iptables ã䜿çšãã SSH ãã«ãŒã ãã©ãŒã¹è©Šè¡ã®ããã㯠SSHãšã¹ã±ãŒãããŠããŒã転éãå€æŽãã
ãŸãã¯åºæ¬
SSHã³ãã³ãã©ã€ã³ã®è§£æ
次ã®äŸã§ã¯ããªã¢ãŒã ãµãŒããŒã«æ¥ç¶ãããšãã«ããçºçããäžè¬çãªãã©ã¡ãŒã¿ã䜿çšããŠããŸãã SSH
.
localhost:~$ ssh -v -p 22 -C neo@remoteserver
-v
: ãããã°åºåã¯ãèªèšŒã®åé¡ãåæããå Žåã«ç¹ã«åœ¹ç«ã¡ãŸãã è¿œå æ å ±ã衚瀺ããããã«è€æ°å䜿çšã§ããŸãã- p 22
: æ¥ç¶ããŒã ãªã¢ãŒã SSH ãµãŒããŒã«æ¥ç¶ããŸãã 22 ã¯ããã©ã«ãå€ã§ããããæå®ããå¿ èŠã¯ãããŸãããããããã³ã«ãä»ã®ããŒãã«ããå Žåã¯ããã©ã¡ãŒã¿ã䜿çšããŠæå®ããŸãã-p
ã ãªã¹ãã³ã°ããŒãã¯ãã¡ã€ã«ã§æå®ãããŸãsshd_config
圢åŒã§Port 2222
.-C
ïŒæ¥ç¶æã®å§çž®ã æ¥ç¶ãé ãå ŽåããŸãã¯å€§éã®ããã¹ãã衚瀺ããå Žåãããã«ããæ¥ç¶ãé«éåãããå¯èœæ§ããããŸããneo@
: @ èšå·ã®åã®è¡ã¯ããªã¢ãŒã ãµãŒããŒã§ã®èªèšŒçšã®ãŠãŒã¶ãŒåã瀺ããŸãã æå®ããªãå Žåãããã©ã«ãã§çŸåšãã°ã€ã³ããŠããã¢ã«ãŠã³ãã®ãŠãŒã¶ãŒå (~$whoami) ã䜿çšãããŸãã ãŠãŒã¶ãŒã¯ãã©ã¡ãŒã¿ã䜿çšããŠæå®ããããšãã§ããŸã-l
.remoteserver
: æ¥ç¶ãããã¹ãã®ååssh
ãå®å šä¿®é£Ÿãã¡ã€ã³åãIP ã¢ãã¬ã¹ããŸãã¯ããŒã«ã« ãã¹ã ãã¡ã€ã«å ã®ä»»æã®ãã¹ããæå®ã§ããŸãã IPv4 ãš IPv6 ã®äž¡æ¹ããµããŒããããã¹ãã«æ¥ç¶ããã«ã¯ãã³ãã³ã ã©ã€ã³ã«ãã©ã¡ãŒã¿ãè¿œå ããŸãã-4
ãŸãã¯-6
é©åãªè§£æ±ºã®ããã«ã
äžèšã®ãã©ã¡ãŒã¿ã¯ãã¹ãŠãªãã·ã§ã³ã§ãã remoteserver
.
èšå®ãã¡ã€ã«ã®äœ¿çš
å€ãã®äººããã®ãã¡ã€ã«ã«ç²ŸéããŠããŸããã sshd_config
ãã³ãã³ãçšã®ã¯ã©ã€ã¢ã³ãæ§æãã¡ã€ã«ããããŸãã ssh
ã ããã©ã«ãå€ ~/.ssh/config
ãã ãããªãã·ã§ã³ã®ãã©ã¡ãŒã¿ãšããŠå®çŸ©ã§ããŸãã -F
.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_key
äžèšã® ssh èšå®ãã¡ã€ã«ã®äŸã«ã¯ã2222 ã€ã®ãã¹ã ãšã³ããªããããŸãã æåã®ãã®ã¯ããã¹ãŠã®ãã¹ããããŒã XNUMX æ§æãã©ã¡ãŒã¿ã䜿çšããŠããããšãæå³ããŸããXNUMX ã€ç®ã¯ããã¹ãã«å¯ŸããŠããã瀺ããŸãã ãªã¢ãŒããµãŒã㌠å¥ã®ãŠãŒã¶ãŒåãããŒããFQDNãããã³ IdentityFile ã䜿çšããå¿ èŠããããŸãã
æ§æãã¡ã€ã«ã䜿çšãããšãç¹å®ã®ãã¹ãã«æ¥ç¶ãããšãã«é«åºŠãªæ§æãèªåçã«é©çšã§ãããããå ¥åæéãå€§å¹ ã«ç¯çŽã§ããŸãã
SCP ã䜿çšãã SSH çµç±ã§ã®ãã¡ã€ã«ã®ã³ããŒ
SSH ã¯ã©ã€ã¢ã³ãã«ã¯ããã¡ã€ã«ãã³ããŒããããã®éåžžã«äŸ¿å©ãªããŒã«ãä»ã« XNUMX ã€ä»å±ããŠããŸãã æå·åããã SSH æ¥ç¶ã scp ããã³ sftp ã³ãã³ãã®æšæºçãªäœ¿çšäŸã«ã€ããŠã¯ã以äžãåç §ããŠãã ããã ssh ãªãã·ã§ã³ã®å€ãã¯ãããã®ã³ãã³ãã«ãé©çšãããããšã«æ³šæããŠãã ããã
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png
ãã®äŸã§ã¯ããã¡ã€ã« ãã€ãã¯.png ã«ã³ããŒãããŸãã ãªã¢ãŒããµãŒã㌠ãã©ã«ãã« /ã¡ãã£ã¢/ããŒã¿ ã«ååãå€æŽãããŸãã mypic_2.png.
ããŒããã©ã¡ãŒã¿ã®éããå¿ããªãã§ãã ããã èµ·åæã«å€ãã®äººãåŒã£ãããã®ã¯ããã§ã scp
ã³ãã³ãã©ã€ã³ããã ãããããŒããã©ã¡ãŒã¿ã§ã -P
ãšããªã -p
ãsshã¯ã©ã€ã¢ã³ããšåãããã«ïŒ ããªãã¯å¿ããŠããŸããŸãããå¿é
ããªãã§ãã ããã誰ããå¿ããŸãã
ã³ã³ãœãŒã«ã«è©³ãã人åã ftp
ãã³ãã³ãã®å€ãã¯é¡äŒŒããŠããŸãã sftp
ã ã§ããã ããã·ã¥, 眮ããŸã О lså¿ã®æããŸãŸã«ã
sftp neo@remoteserver
å®è·µäŸ
ãããã®äŸã®å€ãã§ã¯ãããŸããŸãªæ¹æ³ã䜿çšããŠçµæãåŸãããšãã§ããŸãã ç§ãã¡ã®ãã¹ãŠãšåãããã«ã
1. SSHãœãã¯ã¹ãããã·
SSH ãããã·æ©èœããã³ã㌠1 ã§ããã®ã«ã¯ååãªçç±ããããŸãã ããã¯å€ãã®äººãæã£ãŠããããã匷åã§ãäºå®äžããããã¢ããªã±ãŒã·ã§ã³ã䜿çšããŠããªã¢ãŒã ãµãŒããŒãã¢ã¯ã»ã¹ã§ããããããã·ã¹ãã ã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã SSH ã¯ã©ã€ã¢ã³ãã¯ãXNUMX ã€ã®ç°¡åãªã³ãã³ã㧠SOCKS ãããã·ãä»ããŠãã©ãã£ãã¯ããã³ããªã³ã°ã§ããŸãã ãªã¢ãŒã ã·ã¹ãã ãžã®ãã©ãã£ãã¯ã¯ãªã¢ãŒã ãµãŒããŒããéä¿¡ããããã㯠Web ãµãŒããŒã®ãã°ã«ç€ºãããããšãç解ããããšãéèŠã§ãã
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/ssh
ããã§ã¯ãTCP ããŒã 8888 㧠Socks ãããã·ãå®è¡ããŸãã127.0.0.1 çªç®ã®ã³ãã³ãã¯ãããŒãããªã¹ãã³ã° ã¢ãŒãã§ã¢ã¯ãã£ãã§ããããšã確èªããŸãã XNUMX ã¯ããµãŒãã¹ãããŒã«ã«ãã¹ãäžã§ã®ã¿å®è¡ãããããšã瀺ããŸãã å°ãç°ãªãã³ãã³ãã䜿çšããŠãã€ãŒãµãããã Wi-Fi ãå«ããã¹ãŠã®ã€ã³ã¿ãŒãã§ã€ã¹ããªãã¹ã³ããããšãã§ããŸããããã«ããããããã¯ãŒã¯äžã®ä»ã®ã¢ããªã±ãŒã·ã§ã³ (ãã©ãŠã¶ãªã©) ã ssh Socks ãããã·ãä»ããŠãããã· ãµãŒãã¹ã«æ¥ç¶ã§ããããã«ãªããŸãã
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver
ããã§ãSocks ãããã·ã«æ¥ç¶ããããã«ãã©ãŠã¶ãèšå®ã§ããããã«ãªããŸããã Firefox ã§ã次ãéžæããŸãã èšå® | åºæ¬ | ãããã¯ãŒã¯èšå®ã æ¥ç¶ããIPã¢ãã¬ã¹ãšããŒããæå®ããŸãã
ãã©ãŠã¶ã® DNS ãªã¯ãšã¹ãã SOCKS ãããã·ãçµç±ããããã«ããã«ã¯ããã©ãŒã ã®äžéšã«ãããªãã·ã§ã³ã«æ³šæããŠãã ããã ãããã· ãµãŒããŒã䜿çšããŠããŒã«ã« ãããã¯ãŒã¯äžã® Web ãã©ãã£ãã¯ãæå·åããŠããå Žåã¯ãDNS ãªã¯ãšã¹ãã SSH æ¥ç¶ãä»ããŠãã³ããªã³ã°ãããããã«ããã®ãªãã·ã§ã³ãéžæããããšããå§ãããŸãã
Chromeã§ãœãã¯ã¹ãããã·ãã¢ã¯ãã£ãåãã
ç¹å®ã®ã³ãã³ãã©ã€ã³ ãã©ã¡ãŒã¿ãæå®ã㊠Chrome ãèµ·åãããšããœãã¯ã¹ ãããã·ãæå¹ã«ãªãããã©ãŠã¶ããã® DNS ãªã¯ãšã¹ãã®ãã³ããªã³ã°ãå¯èœã«ãªããŸãã ä¿¡é ŒããŸããã確èªããŠãã ããã 䜿çš
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"
ãããã·ã䜿çšããŠä»ã®ã¢ããªã±ãŒã·ã§ã³ã䜿çšãã
ä»ã®å€ãã®ã¢ããªã±ãŒã·ã§ã³ã§ã Socks ãããã·ã䜿çšãããå¯èœæ§ãããããšã«æ³šæããŠãã ããã Web ãã©ãŠã¶ã¯ããã®äžã§æã人æ°ã®ãããã®ã§ãã äžéšã®ã¢ããªã±ãŒã·ã§ã³ã«ã¯ããããã· ãµãŒããŒãæå¹ã«ããæ§æãªãã·ã§ã³ããããŸãã ãã«ã㌠ããã°ã©ã ã«ããå°ãã®å©ããå¿
èŠãªå ŽåããããŸãã äŸãã°ã
localhost:~$ proxychains rdesktop $RemoteWindowsServer
Socks ãããã·æ§æãã©ã¡ãŒã¿ã¯ããããã·ãã§ãŒã³æ§æãã¡ã€ã«ã§èšå®ãããŸãã
ãã³ã: Windows äžã® Linux ãããªã¢ãŒã ãã¹ã¯ãããã䜿çšããå Žåã¯ã©ãããã°ããã§ãã? ã¯ã©ã€ã¢ã³ããè©ŠããŠã¿ã
ç¡æRDP ã ããã¯ãããæ°ããå®è£ ã§ããrdesktop
ãããã¹ã ãŒãºãªãšã¯ã¹ããªãšã³ã¹ãåŸãããŸãã
Socks ãããã·çµç±ã§ SSH ã䜿çšãããªãã·ã§ã³
ããªãã¯ã«ãã§ãããã«ã«åº§ã£ãŠããŠãããªãä¿¡é Œæ§ã®äœã WiFi ã䜿çšããããšãäœåãªããããŠããŸãã ã©ãããããããããŒã«ã«ã§ ssh ãããã·ãèµ·åããããŒã«ã«ã® Rasberry Pi äžã®ããŒã ãããã¯ãŒã¯ã« ssh ãã³ãã«ãã€ã³ã¹ããŒã«ããŸãã Socks ãããã·çšã«æ§æããããã©ãŠã¶ãŒãŸãã¯ãã®ä»ã®ã¢ããªã±ãŒã·ã§ã³ã䜿çšãããšãããŒã ãããã¯ãŒã¯äžã®ãããã¯ãŒã¯ ãµãŒãã¹ã«ã¢ã¯ã»ã¹ããããããŒã æ¥ç¶ãä»ããŠã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ãããã§ããŸãã ã©ããããããšããŒã ãµãŒããŒã®é (Wi-Fi ãšèªå® ãžã®ã€ã³ã¿ãŒãããçµç±) ã¯ãã¹ãŠ SSH ãã³ãã«ã§æå·åãããŸãã
2. SSHãã³ãã«ïŒããŒããã©ã¯ãŒãã£ã³ã°ïŒ
æãåçŽãªåœ¢åŒã§ã¯ãSSH ãã³ãã«ã¯ããŒã«ã« ã·ã¹ãã äžã§ããŒããéãããã³ãã«ã®å察åŽã®å¥ã®ããŒãã«æ¥ç¶ããŸãã
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
ãã©ã¡ãŒã¿ãèŠãŠã¿ãŸããã -L
ã ããã¯ãªã¹ãã³ã°ã®ããŒã«ã«ãªåŽé¢ãšèããããšãã§ããŸãã ãããã£ãŠãäžèšã®äŸã§ã¯ãããŒã 9999 ãããŒã«ã«ãã¹ãåŽã§ãªãã¹ã³ããããŒã 80 çµç±ã§ãªã¢ãŒããµãŒããŒã«è»¢éãããŸãã 127.0.0.1 ã¯ãªã¢ãŒã ãµãŒããŒã®ããŒã«ã«ãã¹ããåç
§ããŠããããšã«æ³šæããŠãã ããã
é段ãäžãã£ãŠã¿ãŸãããã 次ã®äŸã§ã¯ããªã¹ãã³ã° ããŒããããŒã«ã« ãããã¯ãŒã¯äžã®ä»ã®ãã¹ããšéä¿¡ããŸãã
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver
ãããã®äŸã§ã¯ Web ãµãŒããŒäžã®ããŒãã«æ¥ç¶ããŠããŸãããããã¯ãããã· ãµãŒããŒãŸãã¯ãã®ä»ã® TCP ãµãŒãã¹ã§ããå¯èœæ§ããããŸãã
3. ãµãŒãããŒãã£ãã¹ããžã® SSH ãã³ãã«
åããã©ã¡ãŒã¿ã䜿çšããŠããªã¢ãŒã ãµãŒããŒãã XNUMX çªç®ã®ã·ã¹ãã ã§å®è¡ãããŠããå¥ã®ãµãŒãã¹ã«ãã³ãã«ãæ¥ç¶ã§ããŸãã
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver
ãã®äŸã§ã¯ããªã¢ãŒããµãŒããŒãã 10.10.10.10 ã§å®è¡ãããŠãã Web ãµãŒããŒã«ãã³ãã«ããªãã€ã¬ã¯ãããŠããŸãã ãªã¢ãŒããµãŒããŒãã 10.10.10.10 ãžã®ãã©ãã£ã㯠ãã SSH ãã³ãã«ã«ã¯ååšããŸããã 10.10.10.10 äžã® Web ãµãŒããŒã¯ããªã¢ãŒããµãŒããŒã Web ãªã¯ãšã¹ãã®ãœãŒã¹ãšèŠãªããŸãã
4. ãªããŒã¹ SSH ãã³ãã«
ããã§ã¯ãããŒã«ã«ãã¹ã (ãŸãã¯ä»ã®ã·ã¹ãã ) ã®ããŒã«ã« ããŒãã«æ¥ç¶ãçŽããªã¢ãŒã ãµãŒããŒäžã®ãªã¹ãã³ã° ããŒããæ§æããŸãã
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver
ãã® SSH ã»ãã·ã§ã³ã¯ããªã¢ãŒããµãŒããŒã®ããŒã 1999 ãââãããŒã«ã«ã¯ã©ã€ã¢ã³ãã®ããŒã 902 ãžã®æ¥ç¶ã確ç«ããŸãã
5. SSH ãªããŒã¹ãããã·
ãã®å ŽåãSSH æ¥ç¶äžã« Socks ãããã·ãèšå®ããŠããŸããããããã·ã¯ãµãŒããŒã®ãªã¢ãŒã ãšã³ãã§ãªãã¹ã³ããŠããŸãã ãã®ãªã¢ãŒã ãããã·ãžã®æ¥ç¶ã¯ãããŒã«ã«ãã¹ãããã®ãã©ãã£ãã¯ãšããŠãã³ãã«ãã衚瀺ãããŸãã
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver
ãªã¢ãŒã SSH ãã³ãã«ã«é¢ããåé¡ã®ãã©ãã«ã·ã¥ãŒãã£ã³ã°
ãªã¢ãŒã SSH ãªãã·ã§ã³ã®åäœã«åé¡ãããå Žåã¯ã次ã®ç¹ã確èªããŠãã ããã netstat
ããªã¹ãã³ã°ããŒããæ¥ç¶ãããŠããä»ã®ã€ã³ã¿ãŒãã§ã€ã¹ã äŸã§ã¯ 0.0.0.0 ãæå®ããŸããããå€ã ã²ãŒããŠã§ã€ããŒã в sshd_config ã«èšå® ãããã®å Žåããªã¹ããŒã¯ããŒã«ã«ãã¹ã (127.0.0.1) ã«ã®ã¿ãã€ã³ããããŸãã
ã»ãã¥ãªãã£èŠå
ãã³ãã«ãšãœãã¯ã¹ ãããã·ãéããšãå éšãããã¯ãŒã¯ ãªãœãŒã¹ãä¿¡é Œã§ããªããããã¯ãŒã¯ (ã€ã³ã¿ãŒããããªã©) ã«ã¢ã¯ã»ã¹ã§ããå¯èœæ§ãããããšã«æ³šæããŠãã ããã ããã¯é倧ãªã»ãã¥ãªã㣠ãªã¹ã¯ãšãªãå¯èœæ§ãããããããªã¹ããŒãäœã§ããããããã³ãªã¹ããŒãäœã«ã¢ã¯ã»ã¹ã§ããã®ããå¿ ãç解ããŠãã ããã
6. SSHçµç±ã§VPNãã€ã³ã¹ããŒã«ãã
æ»æææ³ã®å°é家ïŒãã³ãã¹ã¿ãŒãªã©ïŒã®éã§ãã䜿ãããçšèªã¯ããããã¯ãŒã¯ã®æ¯ç¹ãã§ãã XNUMX ã€ã®ã·ã¹ãã ã§æ¥ç¶ã確ç«ããããšããã®ã·ã¹ãã ã¯ãããã¯ãŒã¯ãžã®ãããªãã¢ã¯ã»ã¹ã®ããã®ã²ãŒããŠã§ã€ã«ãªããŸãã åºç¯å²ã«åãããã®æ¯ç¹ã
ãã®ãããªè¶³å ŽãšããŠãSSH ãããã·ã䜿çšã§ããŸãã ãããã·ãã§ãŒã³ãã ããããã€ãã®å¶éããããŸãã ããšãã°ããœã±ãããçŽæ¥æäœããããšã¯ã§ããªãããããããã¯ãŒã¯å
ã®ããŒããã¹ãã£ã³ããããšã¯ã§ããŸããã SYN
.
ãã®ããé«åºŠãª VPN ãªãã·ã§ã³ã䜿çšãããšãæ¥ç¶ã¯æ¬¡ã®ããã«åæžãããŸãã 3ã¬ãã«ã ãã®åŸãæšæºã®ãããã¯ãŒã¯ ã«ãŒãã£ã³ã°ã䜿çšããŠããã©ãã£ãã¯ããã³ãã«çµç±ã§ã«ãŒãã£ã³ã°ããã ãã§ãã
ãã®æ¹æ³ã§ã¯ã ssh
, iptables
, tun interfaces
ãããŠã«ãŒãã£ã³ã°ã
ãŸãããããã®ãã©ã¡ãŒã¿ãèšå®ããå¿
èŠããããŸã sshd_config
ã ãªã¢ãŒã ã·ã¹ãã ãšã¯ã©ã€ã¢ã³ã ã·ã¹ãã ã®äž¡æ¹ã®ã€ã³ã¿ãŒãã§ã€ã¹ã«å€æŽãå ããŠããããã äž¡åŽã«ã«ãŒãæš©éãå¿
èŠã§ã.
PermitRootLogin yes
PermitTunnel yes
次ã«ãtun ããã€ã¹ã®åæåãèŠæ±ãããã©ã¡ãŒã¿ãŒã䜿çšã㊠ssh æ¥ç¶ã確ç«ããŸãã
localhost:~# ssh -v -w any root@remoteserver
ã€ã³ã¿ãŒãã§ã€ã¹ã衚瀺ãããšãã« tun ããã€ã¹ãå¿
èŠã«ãªããŸã (# ip a
ïŒã 次ã®ã¹ãããã§ã¯ããã³ãã« ã€ã³ã¿ãŒãã§ã€ã¹ã« IP ã¢ãã¬ã¹ãè¿œå ããŸãã
SSH ã¯ã©ã€ã¢ã³ãåŽ:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up
SSHãµãŒããŒåŽ:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
ããã§ãå¥ã®ãã¹ããžã®çŽæ¥ã«ãŒããã§ããŸãã (route -n
О ping 10.10.10.10
).
å察åŽã®ãã¹ããä»ããŠä»»æã®ãµãããããã«ãŒãã£ã³ã°ã§ããŸãã
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
ãªã¢ãŒãåŽã§æå¹ã«ããå¿
èŠããããŸã ip_forward
О iptables
.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE
ããŒã ïŒ ãããã¯ãŒã¯å±€ 3 ã® SSH ãã³ãã«çµç±ã® VPNã ããã§åå©ã§ãã
åé¡ãçºçããå Žåã¯ã䜿çšããŠãã ãã ping
åå ãç¹å®ããããã ã¬ã€ã€ 3 ã§åçããŠãããããicmp ãã±ããã¯ãã®ãã³ãã«ãééããŸãã
7. SSH ã㌠(ssh-copy-id) ãã³ããŒããŸãã
ãããè¡ãã«ã¯ããã€ãã®æ¹æ³ããããŸããããã®ã³ãã³ãã䜿çšãããšããã¡ã€ã«ãæåã§ã³ããŒããå¿
èŠããªããããæéãç¯çŽã§ããŸãã ~/.ssh/id_rsa.pub (ãŸãã¯ããã©ã«ãã®ããŒ) ãã·ã¹ãã ããã³ããŒããã ãã§ãã ~/.ssh/authorized_keys
ãªã¢ãŒããµãŒããŒäžã§ã
localhost:~$ ssh-copy-id user@remoteserver
8. ãªã¢ãŒãã³ãã³ãå®è¡ïŒé察話åïŒ
ããŒã ssh
ä»ã®ã³ãã³ãã«ãªã³ã¯ããŠãå
±éã®äœ¿ããããã€ã³ã¿ãŒãã§ã€ã¹ãå®çŸã§ããŸãã ãªã¢ãŒã ãã¹ãã§å®è¡ããã³ãã³ããåŒçšç¬Šã§å²ãã æåŸã®ãã©ã¡ãŒã¿ãŒãšããŠè¿œå ããã ãã§ãã
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
ãã®äŸã§ã¯ grep
ãã°ã SSH ãã£ãã«çµç±ã§ããŠã³ããŒããããåŸãããŒã«ã« ã·ã¹ãã äžã§å®è¡ãããŸãã ãã¡ã€ã«ã倧ããå Žåã¯ãå®è¡ããæ¹ã䟿å©ã§ãã grep
ãªã¢ãŒãåŽã§ã¯ãäž¡æ¹ã®ã³ãã³ããäºéåŒçšç¬Šã§å²ãã ãã§ãã
å¥ã®äŸã§ã¯ã次ãšåãæ©èœãå®è¡ããŸãã ssh-copy-id
äŸ7ããã
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Wireshark ã§ã®ãªã¢ãŒã ãã±ãã ãã£ããã£ãšè¡šç€º
ç§ãã¡ã®ãã¡ã®XNUMXã€ãåããŸãã
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. SSH çµç±ã§ããŒã«ã« ãã©ã«ããŒããªã¢ãŒã ãµãŒããŒã«ã³ããŒãã
ã䜿çšããŠãã©ã«ããŒãå§çž®ããçŽ æŽãããããªã㯠bzip2
(ããã¯ã³ãã³ãã® -j ãªãã·ã§ã³ã§ã tar
)ãã¹ããªãŒã ãååŸããŸã bzip2
ããäžæ¹ã§ã¯ããªã¢ãŒã ãµãŒããŒäžã«è€è£œãã©ã«ããŒãäœæããŸãã
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. SSH X11 転éã䜿çšãããªã¢ãŒã GUI ã¢ããªã±ãŒã·ã§ã³
X ãã¯ã©ã€ã¢ã³ããšãªã¢ãŒã ãµãŒããŒã«ã€ã³ã¹ããŒã«ãããŠããå Žåã¯ãããŒã«ã« ãã¹ã¯ãããäžã®ãŠã£ã³ããŠã䜿çšã㊠GUI ã³ãã³ãããªã¢ãŒãã§å®è¡ã§ããŸãã ãã®æ©èœã¯ããªãåããååšããŠããŸãããä»ã§ãéåžžã«äŸ¿å©ã§ãã ãã®äŸã®ããã«ããªã¢ãŒã Web ãã©ãŠã¶ãèµ·åããããVMWawre Workstation ã³ã³ãœãŒã«ãèµ·åããŸãã
localhost:~$ ssh -X remoteserver vmware
å¿
é ã®æåå X11Forwarding yes
ãã¡ã€ã«å
sshd_config
.
12. rsync ãš SSH ã䜿çšãããªã¢ãŒã ãã¡ã€ã« ã³ããŒ
rsync
ã¯ããã«äŸ¿å©ã§ã scp
ããã£ã¬ã¯ããªãå€æ°ã®ãã¡ã€ã«ããŸãã¯éåžžã«å€§ããªãã¡ã€ã«ã®å®æçãªããã¯ã¢ãããå¿
èŠãªå Žåã 転é倱ææã®ãªã«ããªæ©èœããå€æŽããããã¡ã€ã«ã®ã¿ãã³ããŒããæ©èœããããéä¿¡éãšæéãç¯çŽã§ããŸãã
ãã®äŸã§ã¯å§çž®ã䜿çšããŸã gzip
(-z) ããã³ã¢ãŒã«ã€ã ã¢ãŒã (-a)ãååž°çã³ããŒãæå¹ã«ããŸãã
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. Tor ãããã¯ãŒã¯çµç±ã® SSH
å¿å Tor ãããã¯ãŒã¯ã¯ãã³ãã³ãã䜿çšã㊠SSH ãã©ãã£ãã¯ããã³ããªã³ã°ã§ããŸã torsocks
ã 次ã®ã³ãã³ãã¯ãSSH ãããã·ã Tor çµç±ã§æž¡ããŸãã
localhost:~$ torsocks ssh myuntracableuser@remoteserver
14. EC2 ã€ã³ã¹ã¿ã³ã¹ãžã® SSH
EC2 ã€ã³ã¹ã¿ã³ã¹ã«æ¥ç¶ããã«ã¯ãç§å¯ããŒãå¿
èŠã§ãã Amazon EC2 ã³ã³ãããŒã« ããã«ããããŠã³ããŒã (æ¡åŒµå .pem) ããã¢ã¯ã»ã¹èš±å¯ãå€æŽããŸã (chmod 400 my-ec2-ssh-key.pem
ïŒã ããŒã¯å®å
šãªå Žæã«ä¿ç®¡ããããèªåã®ãã©ã«ããŒã«ä¿ç®¡ããŠãã ããã ~/.ssh/
.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
ãã©ã¡ãŒã¿ãŒ -i ssh ã¯ã©ã€ã¢ã³ãã«ãã®ããŒã䜿çšããããã«æ瀺ããã ãã§ãã ãã¡ã€ã« ~/.ssh/config
EC2 ãã¹ãã«æ¥ç¶ãããšãã«ããŒã®äœ¿çšãèªåçã«æ§æããã®ã«æé©ã§ãã
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. ssh/scpçµç±ã®VIMã䜿çšããããã¹ããã¡ã€ã«ã®ç·šé
ãã¹ãŠã®æ人ãã¡ãž vim
ãã®ãã³ãã«ããæéãç¯çŽã§ããŸãã ã䜿çšããããšã§ vim
ãã¡ã€ã«ã¯ scp çµç±ã§ XNUMX ã€ã®ã³ãã³ãã§ç·šéãããŸãã ãã®ã¡ãœããã¯åã«ãã¡ã€ã«ãããŒã«ã«ã«äœæããŸãã /tmp
ä¿åãããã³ããŒããŠæ»ããŸã vim
.
localhost:~$ vim scp://user@remoteserver//etc/hosts
泚ïŒåœ¢åŒãéåžžãšã¯å°ãç°ãªããŸã scp
ã ãã¹ãã®åŸã«ã¯XNUMXåã«ãªããŸã //
ã ããã¯çµ¶å¯Ÿãã¹åç
§ã§ãã XNUMX ã€ã®ã¹ã©ãã·ã¥ã¯ãããŒã ãã©ã«ããŒããã®çžå¯Ÿãã¹ã瀺ããŸãã users
.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])
ãã®ãšã©ãŒã衚瀺ãããå Žåã¯ãã³ãã³ãã®åœ¢åŒãå確èªããŠãã ããã ããã¯éåžžãæ§æãšã©ãŒãæå³ããŸãã
16. SSHFS ã䜿çšããŠãªã¢ãŒã SSH ãããŒã«ã« ãã©ã«ããŒãšããŠããŠã³ããã
çšã㊠sshfs
- ãã¡ã€ã«ã·ã¹ãã ã¯ã©ã€ã¢ã³ã ssh
- æå·åãããã»ãã·ã§ã³ã§ã®ãã¹ãŠã®ãã¡ã€ã«å¯Ÿè©±ã«ãããããŒã«ã« ãã£ã¬ã¯ããªããªã¢ãŒãã®å Žæã«æ¥ç¶ã§ããŸãã ssh
.
localhost:~$ apt install sshfs
Ubuntu ãš Debian ã«ããã±ãŒãžãã€ã³ã¹ããŒã«ãã sshfs
ãã¯ãªãã¯ãããªã¢ãŒãã®å Žæãã·ã¹ãã ã«ããŠã³ãããã ãã§ãã
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. ControlPath ã«ãã SSH å€éå
ããã©ã«ãã§ã¯ã次ã䜿çšããŠãªã¢ãŒã ãµãŒããŒãžã®æ¢åã®æ¥ç¶ãããå Žåã ssh
ã䜿çšãã XNUMX çªç®ã®æ¥ç¶ ssh
ãŸã㯠scp
è¿œå ã®èªèšŒã䜿çšããŠæ°ããã»ãã·ã§ã³ã確ç«ããŸãã ãªãã·ã§ã³ ControlPath
æ¢åã®ã»ãã·ã§ã³ãåŸç¶ã®ãã¹ãŠã®æ¥ç¶ã«äœ¿çšã§ããããã«ããŸãã ããã«ãããããã»ã¹ã倧å¹
ã«é«éåãããŸãããã®å¹æã¯ããŒã«ã« ãããã¯ãŒã¯äžã§ãé¡èã§ããããªã¢ãŒã ãªãœãŒã¹ã«æ¥ç¶ããå Žåã¯ããã«é¡èã«ãªããŸãã
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
ControlPath ã¯ãæ°ããæ¥ç¶ããã§ãã¯ããŠã¢ã¯ãã£ããªã»ãã·ã§ã³ããããã©ããã確èªãããœã±ãããæå®ããŸãã ssh
ã æåŸã®ãªãã·ã§ã³ã¯ãã³ã³ãœãŒã«ãçµäºããåŸã§ããæ¢åã®ã»ãã·ã§ã³ã¯ 10 åééãããŸãŸã«ãªãããããã®éã¯æ¢åã®ãœã±ããã§åæ¥ç¶ã§ããããšãæå³ããŸãã 詳现ã«ã€ããŠã¯ããã«ããåç
§ããŠãã ããã ssh_config man
.
18. VLC ãš SFTP ã䜿çšã㊠SSH çµç±ã§ãããªãã¹ããªãŒãã³ã°ãã
é·å¹Žã®ãŠãŒã¶ãŒã§ã ssh
О vlc
(ãã㪠Lan ã¯ã©ã€ã¢ã³ã) ã¯ããããã¯ãŒã¯çµç±ã§ãããªãèŠèŽããå¿
èŠãããå Žåããã®äŸ¿å©ãªãªãã·ã§ã³ãåžžã«èªèããŠããããã§ã¯ãããŸããã èšå®ã§ ãã¡ã€ã« | ãªãŒãã³ãããã¯ãŒã¯ã¹ããªãŒã ããã°ã©ã vlc
å Žæã次ã®ããã«å
¥åã§ããŸã sftp://
ã ãã¹ã¯ãŒããå¿
èŠãªå Žåã¯ãããã³ããã衚瀺ãããŸãã
sftp://remoteserver//media/uploads/myvideo.mkv
19. äºèŠçŽ èªèšŒ
SSH ãµãŒãã¹ã«ã¯ãéè¡å£åº§ã Google ã¢ã«ãŠã³ããšåã XNUMX èŠçŽ èªèšŒãé©çšãããŸãã
ãã¡ããã ssh
åæç¶æ
ã§ã¯ããã¹ã¯ãŒããš SSH ããŒã® XNUMX èŠçŽ èªèšŒæ©èœãåãã£ãŠããŸãã ããŒããŠã§ã¢ ããŒã¯ã³ãŸã㯠Google èªèšŒã¢ããªã®å©ç¹ã¯ãéåžžã¯ç°ãªãç©çããã€ã¹ã§ããããšã§ãã
8 åéã®ã¬ã€ããã芧ãã ããã
20. ssh ãš -J ã䜿çšãããã¹ãã®ãžã£ã³ã
ãããã¯ãŒã¯ã®ã»ã°ã¡ã³ãåã«ãããæçµçãªå®å ãããã¯ãŒã¯ã«å°éããããã«è€æ°ã® SSH ãã¹ããçµç±ããå¿ èŠãããå Žåã¯ã-J ã·ã§ãŒãã«ããã䜿çšãããšæéãç¯çŽã§ããŸãã
localhost:~$ ssh -J host1,host2,host3 [email protected]
ããã§ç解ãã¹ãäž»ãªç¹ã¯ãããã¯ã³ãã³ããšåãã§ã¯ãªããšããããšã§ãã ssh host1
ããã®åŸ user@host1:~$ ssh host2
-J ãªãã·ã§ã³ã¯ã転éãå·§ã¿ã«äœ¿çšããŠããã§ãŒã³å
ã®æ¬¡ã®ãã¹ããšã®ã»ãã·ã§ã³ãããŒã«ã«ãã¹ãã«åŒ·å¶çã«ç¢ºç«ãããŸãã ãããã£ãŠãäžèšã®äŸã§ã¯ãããŒã«ã«ãã¹ã㯠host4 ã«å¯ŸããŠèªèšŒãããŸãã ã€ãŸããlocalhost ããŒã䜿çšãããlocalhost ãã host4 ãžã®ã»ãã·ã§ã³ã¯å®å
šã«æå·åãããŸãã
ãã®ãããªå¯èœæ§ã«ã€ããŠã¯ã ssh_config
æ§æãªãã·ã§ã³ãæå®ãã ãããã·ãžã£ã³ãã å®æçã«è€æ°ã®ãã¹ããçµç±ããå¿
èŠãããå Žåã¯ãæ§æã«ããèªååã«ããæéã倧å¹
ã«ç¯çŽã§ããŸãã
21. iptables ã䜿çšã㊠SSH ãã«ãŒã ãã©ãŒã¹è©Šè¡ããããã¯ãã
SSH ãµãŒãã¹ã管çãããã°ã確èªããããšããã人ãªããæ¯æ¥ XNUMX æéããšã«çºçãããã«ãŒã ãã©ãŒã¹è©Šè¡ã®æ°ãç¥ã£ãŠããŸãã ãã°å
ã®ãã€ãºãæžããç°¡åãªæ¹æ³ã¯ãSSH ãéæšæºããŒãã«ç§»åããããšã§ãã ãã¡ã€ã«ã«å€æŽãå ãã sshd_config
æ§æãã©ã¡ãŒã¿çµç± ããŒãïŒïŒ.
ãšãšãââã« iptables
ç¹å®ã®ãããå€ã«éãããšãã«ããŒããžã®æ¥ç¶ã®è©Šè¡ãç°¡åã«ãããã¯ããããšãã§ããŸãã ãããè¡ãç°¡åãªæ¹æ³ã¯ã
22. SSH ãšã¹ã±ãŒãã«ããããŒã転éã®å€æŽ
ãããŠæåŸã®äŸ ssh
æ¢åã®ã»ãã·ã§ã³å
ã§ããŒã転éããªã³ã¶ãã©ã€ã§å€æŽããããã«èšèšãããŠããŸã ssh
ã ãã®ã·ããªãªãæ³åããŠã¿ãŠãã ããã ããªãã¯ãããã¯ãŒã¯ã®å¥¥æ·±ãã«ããŸãã ããããã2003 å°ã®ãã¹ããé£ã³è¶ããå€ã Windows 08 ã·ã¹ãã ã® Microsoft SMB ã«è»¢éãããã¯ãŒã¯ã¹ããŒã·ã§ã³äžã®ããŒã«ã« ããŒããå¿
èŠã§ã (ms67-XNUMX ãèŠããŠãã人ã¯ããŸãã?)ã
ã¯ãªãã¯ãã enter
ãã³ã³ãœãŒã«ã«å
¥åããŠã¿ãŠãã ãã ~C
ã ããã¯ãæ¢åã®æ¥ç¶ã«å€æŽãå ããããšãã§ããã»ãã·ã§ã³å¶åŸ¡ã·ãŒã±ã³ã¹ã§ãã
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
ããã§ã¯ãããŒã«ã« ããŒã 1445 ãå
éšãããã¯ãŒã¯äžã§èŠã€ãã£ã Windows 2003 ãã¹ãã«è»¢éããŠããããšãããããŸãã ããããã èµ°ã£ãŠãã ãã msfconsole
ãã¯ãªãã¯ãã次ã«é²ãããšãã§ããŸã (ãã®ãã¹ãã䜿çšããäºå®ã§ãããšä»®å®ããŸã)ã
ÐавеÑÑеМОе
ãããã®äŸããã³ããã³ãã³ã ssh
åºçºç¹ãäžããå¿
èŠããããŸãã åã³ãã³ããšæ©èœã®è©³çŽ°ã«ã€ããŠã¯ãããã¥ã¢ã« ããŒãž (man ssh
, man ssh_config
, man sshd_config
).
ç§ã¯ãäžçäžã®ã©ãã«ããŠãã·ã¹ãã ã«ã¢ã¯ã»ã¹ããã³ãã³ããå®è¡ã§ããæ©èœã«åžžã«é
äºãããŠããŸããã ã®ãããªããŒã«ã䜿çšããŠã¹ãã«ãéçºããããšã§ã ssh
ã©ã®ã²ãŒã ã§ãããå¹æçã«ãã¬ã€ã§ããããã«ãªããŸãã
åºæïŒ habr.com