ProHoster > Блог > Whakahaerenga > Nga tohutohu whaitake, nga tauira me nga huarahi SSH

Nga tohutohu whaitake, nga tauira me nga huarahi SSH

Nga tohutohu whaitake, nga tauira me nga huarahi SSH
Nga tauira mahi SSH, ka kawe i o pukenga hei kaiwhakahaere punaha mamao ki te taumata hou. Ko nga whakahau me nga tohutohu ka awhina i te kore anake ki te whakamahi SSH, engari kia kaha ake te whakatere i te whatunga.

Te mohio ki etahi tinihanga ssh whai hua ki tetahi kaiwhakahaere punaha, miihini whatunga, tohunga mo te haumarutanga ranei.

Tauira SSH Practical

  1. Takawaenga tokena SSH
  2. Kohanga SSH (tauranga whakamua)
  3. Ko te kauhanga SSH ki te kaihautu tuatoru
  4. Whakamuri te kauhanga SSH
  5. SSH takawaenga whakamuri
  6. Tāuta VPN ki runga SSH
  7. Kei te tārua i te kī SSH (ssh-copy-id)
  8. Mahi whakahau mamao (kore-pahekoheko)
  9. Te hopu me te tiro i nga paatete mamao i Wireshark
  10. Te tārua i tētahi kōpaki paetata ki tētahi tūmau mamao mā SSH
  11. Nga tono GUI Mamao me te SSH X11 Whakamua
  12. Ko te kape i te konae mamao ma te whakamahi i te rsync me te SSH
  13. SSH i runga i te whatunga Tor
  14. SSH ki EC2 tauira
  15. Te whakatika i nga konae tuhinga ma te whakamahi VIM ma te ssh/scp
  16. Maunga SSH mamao hei kōpaki rohe me SSHFS
  17. Whakamaha SSH me te ManaPath
  18. Rere ataata ki runga SSH mā te whakamahi i te VLC me te SFTP
  19. Motuhēhēnga-rua
  20. Nga kaihautu peke me SSH me -J
  21. Te aukati i te SSH ngana ki te whakamahi iptables
  22. SSH Escape ki te huri i te tauranga whakamua

Tuatahi ko nga mea timatanga

Te tarai i te raina whakahau SSH

Ko te tauira e whai ake nei ka whakamahi i nga tawhā noa ka kitea i te wa e hono ana ki te tūmau mamao SSH.

localhost:~$ ssh -v -p 22 -C neo@remoteserver

  • -v: He tino whai hua te whakaputanga patuiro ina wetewete i nga raru motuhēhēnga. Ka taea te whakamahi i nga wa maha hei whakaatu i etahi atu korero.
  • - p 22: tauranga hononga ki te tūmau SSH mamao. 22 kaore e tika kia tohua, na te mea koinei te uara taunoa, engari mena kei runga te kawa i etahi atu tauranga, ka tohua ma te whakamahi i te tawhā. -p. Kua tohua te tauranga whakarongo ki te konae sshd_config i roto i te whakatakotoranga Port 2222.
  • -C: Kōpeketanga mō te tūhononga. Mena he puhoi to hononga, he tiro ranei i te maha o nga tuhinga, ka tere ake te hononga.
  • neo@: Ko te raina i mua i te tohu @ e tohu ana i te ingoa kaiwhakamahi mo te motuhēhēnga i runga i te tūmau mamao. Ki te kore koe e whakapūtā, ka taunoa ki te ingoa kaiwhakamahi o te pūkete e takiuru ana koe (~$whoami). Ka taea hoki te tautuhi i te kaiwhakamahi ma te whakamahi i te tawhā -l.
  • remoteserver: ingoa o te kaihautu hei hono atu ssh, he ingoa rohe tino tohu tenei, he wahitau IP, he kaihautu ranei kei roto i te konae kaihautu rohe. Hei hono atu ki tetahi kaihautu e tautoko ana i te IPv4 me te IPv6, ka taea e koe te taapiri i te tawhā ki te raina whakahau -4 ranei -6 mo te whakatau tika.

Katoa nga tawhā o runga ake nei he mea whiriwhiri engari remoteserver.

Ma te whakamahi i te konae whirihoranga

Ahakoa he tokomaha e waia ana ki te konae sshd_config, kei reira ano he konae whirihoranga kiritaki mo te whakahau ssh. Uara taunoa ~/.ssh/config, engari ka taea te tautuhi hei tawhā mo tetahi whiringa -F.

Host *
     Port 2222

Host remoteserver
     HostName remoteserver.thematrix.io
     User neo
     Port 2112
     IdentityFile /home/test/.ssh/remoteserver.private_key

E rua nga whakaurunga kaihautu i te tauira ssh whirihoranga konae kei runga ake nei. Ko te tuatahi ko nga kaihautu katoa, kei te whakamahi katoa i te tawhā whirihoranga Port 2222. Ko te tuarua e kii ana mo te kaihautu tūmau mamao me whakamahi he ingoa kaiwhakamahi rereke, tauranga, FQDN me te Kōnae Tuakiri.

Ka taea e te konae whirihoranga te penapena i te waa patopato ma te tuku i te whirihoranga matatau ki te tono aunoa ina hono ana ki nga kaihautu motuhake.

Te kape i nga konae ki runga i te SSH ma te whakamahi i te SCP

Ka tae mai te kiritaki SSH me etahi atu taputapu tino pai mo te kape i nga konae hononga ssh whakamunatia. Tirohia i raro nei mo te tauira o te whakamahinga paerewa o nga whakahau scp me sftp. Kia mahara he maha nga whiringa ssh e pa ana ki enei whakahau.

localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png

I tenei tauira ko te konae mypic.png i kapea ki tūmau mamao ki te kōpaki /media/raraunga ka whakaingoatia ki mypic_2.png.

Kaua e wareware ki te rereketanga o te tawhā tauranga. Koinei te waahi ka mau te maha o nga tangata i te wa e whakarewahia ana scp mai i te rarangi whakahau. Anei te tawhā tauranga -Pa kaore -p, he rite tonu ki te kiritaki ssh! Ka wareware koe, engari kaua e manukanuka, ka wareware katoa.

Mo te hunga e mohio ana ki te papatohu ftp, he rite te maha o nga whakahau i roto sftp. Ka taea e koe pana, hoatu и lsko ta te ngakau i hiahia ai.

sftp neo@remoteserver

Nga tauira mahi

I roto i te maha o enei tauira, ka taea te whakatutuki i nga hua ma te whakamahi i nga tikanga rereke. Ka rite ki o taatau katoa pukapuka ako me nga tauira, he pai ki nga tauira mahi e mahi noa ana i a raatau mahi.

1. SSH takawaenga tokena

Ko te waahanga Takawaenga SSH he nama 1 mo te take pai. He kaha ake i ta te nuinga e mohio ana ka hoatu ki a koe te uru ki tetahi punaha ka taea e te tūmau mamao te uru ma te whakamahi tata ki tetahi tono. Ka taea e te kiritaki ssh te tarai i nga waka ma te takawaenga SOCKS me te whakahau ngawari. He mea nui kia mohio ko nga waka ki nga punaha mamao ka puta mai i te tūmau mamao, ka tohuhia tenei i roto i nga raarangi tūmau tukutuku.

localhost:~$ ssh -D 8888 user@remoteserver

localhost:~$ netstat -pan | grep 8888
tcp        0      0 127.0.0.1:8888       0.0.0.0:*               LISTEN      23880/ssh

I konei ka whakahaerehia e matou he takawaenga tokena i runga i te tauranga TCP 8888, ka tirohia e te whakahau tuarua kei te kaha te tauranga ki te aratau whakarongo. Ko te 127.0.0.1 e tohu ana ka rere te ratonga ki te localhost anake. Ka taea e tatou te whakamahi i te whakahau paku rereke ki te whakarongo ki nga atanga katoa, tae atu ki te ethernet, wifi ranei, ka taea e etahi atu tono (kaitirotiro, me etahi atu) i runga i to taatau whatunga ki te hono atu ki te ratonga takawaenga ma te takawaenga ssh socks takawaenga.

localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver

Inaianei ka taea e tatou te whirihora i te kaitirotiro kia hono atu ki te takawaenga tokena. I Firefox, tohua Tautuhinga | Taketake | Tautuhinga whatunga. Tauwhāitihia te wāhitau IP me te tauranga hei hono.

Nga tohutohu whaitake, nga tauira me nga huarahi SSH

Kia mahara ki te kowhiringa kei raro o te puka kia haere hoki nga tono DNS a to kaitirotiro ma te takawaenga SOCKS. Mēnā kei te whakamahi koe i tētahi tūmau takawaenga ki te whakamuna i te hokohoko tukutuku i runga i to whatunga paetata, ka hiahia pea koe ki te kowhiri i tenei whiringa kia uru nga tono DNS ma te hononga SSH.

Whakahohe takawaenga tokena i Chrome

Ko te whakarewatanga o Chrome me etahi tawhā raina whakahau ka taea te takawaenga tokena, me te tuku tono DNS mai i te tirotiro. Whakawhirinaki engari tirohia. Whakamahi tcpdump ki te tirotiro kua kore e kitea nga patai DNS.

localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"

Te whakamahi i etahi atu tono me te takawaenga

Kia maumahara he maha atu nga tono ka whakamahi ano i nga takawaenga tokena. Ko te kaitirotiro paetukutuku te mea rongonui o era katoa. Ko etahi o nga tono he whiringa whirihoranga hei whakahohe i te tūmau takawaenga. Ko etahi e hiahia ana he awhina iti mo te kaupapa awhina. Hei tauira, mekameka takawaenga ka taea e koe te whakahaere i roto i te takawaenga tokena Microsoft RDP, etc.

localhost:~$ proxychains rdesktop $RemoteWindowsServer

Kua whakaritea nga tawhā whirihoranga takawaenga tokena ki roto i te konae whirihoranga mekameka takawaenga.

Tohu: mena kei te whakamahi koe i te papamahi mamao mai i Linux ki Windows? Whakamātauria te kiritaki FreeRDP. He whakatinanatanga hou ake tenei i te rdesktop, me te wheako tino maeneene.

Kōwhiringa ki te whakamahi SSH mā te takawaenga tōkena

Kei te noho koe i roto i te kawhe, i te hotera ranei - ka kaha ki te whakamahi i te WiFi kore pono. Ka whakarewahia e matou he takawaenga ssh i te rohe mai i te pona me te whakauru i tetahi kohanga ssh ki te whatunga kaainga i runga i te Rasberry Pi o te rohe. Ma te whakamahi i te kaitirotiro me etahi atu tono kua whirihorahia mo te takawaenga tokena, ka taea e tatou te uru atu ki nga ratonga whatunga i runga i to tatou whatunga kaainga, te uru atu ranei ki te Ipurangi ma te hononga kaainga. Ko nga mea katoa i waenga i to pona me to kaimau kaainga (ma te Wi-Fi me te ipurangi ki to kaainga) kua whakamunatia ki roto i te kohanga SSH.

2. Kohanga SSH (tauranga whakamua)

I roto i tona ahua ngawari, ka whakatuwherahia e te kohanga SSH tetahi tauranga i runga i to punaha rohe e hono ana ki tetahi atu tauranga i tera pito o te kohanga.

localhost:~$ ssh  -L 9999:127.0.0.1:80 user@remoteserver

Kia titiro tatou ki te tawhā -L. Ka taea te whakaaro ko te taha rohe o te whakarongo. Na i te tauira i runga ake nei, ka whakarongohia te tauranga 9999 ki te taha localhost ka tukuna ma te tauranga 80 ki te mamao. Kia mahara ko te 127.0.0.1 e tohu ana ki te localhost i runga i te tūmau mamao!

Kia piki ake te hikoi. Ko te tauira e whai ake nei e korero ana i nga tauranga whakarongo me etahi atu kaihautu i te whatunga rohe.

localhost:~$ ssh  -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver

I roto i enei tauira e hono ana matou ki tetahi tauranga i runga i te tūmau tukutuku, engari he tūmau takawaenga, he ratonga TCP kē rānei.

3. Kohanga SSH ki tetahi kaihautu tuatoru

Ka taea e tatou te whakamahi i nga tawhā rite ki te hono i te kauhanga mai i te tūmau mamao ki tetahi atu ratonga e whakahaere ana i runga i te punaha tuatoru.

localhost:~$ ssh  -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver

I roto i tenei tauira, kei te anga ano e matou he kauhanga mai i te tūmau mamao ki te tūmau tukutuku e rere ana i te 10.10.10.10. Te waka mai i te tūmau mamao ki te 10.10.10.10 kua kore i roto i te kauhanga SSH. Ko te tūmau tukutuku i runga i te 10.10.10.10 ka whakaaro ko te tūmau mamao te puna o nga tono tukutuku.

4. Whakamuri te kauhanga SSH

I konei ka whirihorahia e matou he tauranga whakarongo i runga i te tūmau mamao ka hono atu ki te tauranga rohe i runga i to tatou localhost (tetahi atu punaha ranei).

localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver

Ko tenei huihuinga SSH ka whakatuu hononga mai i te tauranga 1999 i runga i te tuumau mamao ki te tauranga 902 i runga i to taatau kiritaki rohe.

5. Takawaenga Whakamuri SSH

I tenei keehi, kei te whakarite matou i tetahi takawaenga tokena i runga i to maatau hononga ssh, engari kei te whakarongo te takawaenga i te pito mamao o te tūmau. Ko nga hononga ki tenei takawaenga mamao ka puta mai i te kauhanga hei hokohoko mai i to tatou localhost.

localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver

Raparongoā raruraru ki nga kauhanga SSH mamao

Mena kei a koe nga raru ki nga whiringa SSH mamao e mahi ana, tirohia netstat, he aha etahi atu atanga e hono ana te tauranga whakarongo. Ahakoa i tohuhia e matou te 0.0.0.0 i roto i nga tauira, engari mena ko te uara Tauranga Puwaha в sshd_config whakaturia ki no, katahi ka herea te kaiwhakarongo ki te localhost (127.0.0.1).

Whakatupato Haumarutanga

Kia mahara, ma te whakatuwhera i nga kauhanga me nga toka takawaenga, ka taea te uru atu nga rauemi whatunga o roto ki nga whatunga kore pono (penei i te Ipurangi!). He raruraru haumarutanga nui tenei, na kia mohio koe he aha te kaiwhakarongo me te aha e uru atu ana ki a raatau.

6. Tāuta VPN mā SSH

Ko te kupu noa i waenga i nga tohunga mo nga tikanga whakaeke (pentesters, me etahi atu) he "tuinga i roto i te whatunga." Kia tau te hononga ki tetahi punaha, ka noho taua punaha hei huarahi mo te uru atu ki te whatunga. He poupou e taea ai e koe te neke whanui.

Mo taua turanga ka taea e tatou te whakamahi i te takawaenga SSH me te mekameka takawaenga, heoi ano etahi here. Hei tauira, kare e taea te mahi tika me nga turanga, no reira kare e taea e matou te matawai i nga tauranga i roto i te whatunga ma te Nmap SYN.

Ma te whakamahi i tenei whiringa VPN matatau ake, ka whakahekehia te hononga ki taumata 3. Ka taea e taatau te arai waka ma te kauhanga ma te whakamahi ararere whatunga paerewa.

Ka whakamahia e te tikanga ssh, iptables, tun interfaces me te ararere.

Tuatahi me whakauru e koe enei tawhā ki roto sshd_config. I te mea kei te whakarereketia e matou nga hononga o nga punaha mamao me nga punaha kiritaki, ko matou Me whai mana pakiaka ki nga taha e rua.

PermitRootLogin yes
PermitTunnel yes

Na ka whakapumautia e matou he hononga ssh ma te whakamahi i te tawhā e tono ana i te arawhitinga o nga taputapu tun.

localhost:~# ssh -v -w any root@remoteserver

Me whai taputapu tun inaianei ka whakaatu atanga (# ip a). Ko te taahiraa e whai ake nei ka taapirihia nga wahitau IP ki nga atanga kauhanga.

taha kiritaki SSH:

localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up

Taha Tūmau SSH:

remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up

Inaianei he huarahi tika taatau ki tetahi atu kaihautu (route -n и ping 10.10.10.10).

Ka taea e koe te arahi i tetahi kupengaroto ma tetahi kaihautu i tera taha.

localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

I te taha mamao me taea e koe ip_forward и iptables.

remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE

Boom! VPN i runga i te kauhanga SSH i te paparanga whatunga 3. Inaianei he wikitoria tera.

Mena ka puta he raruraru, whakamahia tcpdump и pingki te whakatau i te take. I te mea kei te takaro matou i te paparanga 3, ka haere a matou paakete icmp ki roto i tenei kohanga.

7. Tāruatia te kī SSH (ssh-copy-id)

He maha nga huarahi hei mahi i tenei, engari ko tenei whakahau ka whakaora i te waa ma te kore e kape i nga konae a-ringa. Ka kape noa i te ~/.ssh/id_rsa.pub (te kī taunoa ranei) mai i to punaha ki ~/.ssh/authorized_keys i runga i te tūmau mamao.

localhost:~$ ssh-copy-id user@remoteserver

8. Mahinga whakahau mamao (kore-pahekoheko)

kapa ssh Ka taea te hono ki etahi atu whakahau mo te atanga noa, ratarata-kaiwhakamahi. Me taapiri noa te whakahau e hiahia ana koe ki te whakahaere i runga i te kaihautu mamao hei tawhā whakamutunga i roto i nga korukī.

localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php

I tenei tauira grep ka mahia ki te punaha o te rohe i muri i te tangohanga o te raarangi ma te hongere ssh. Mena he nui te konae, he pai ake te whakahaere grep i te taha mamao ma te whakauru noa i nga whakahau e rua ki nga korukī rua.

Ko tetahi atu tauira e mahi ana i te mahi rite ssh-copy-id mai i te tauira 7.

localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'

9. Te hopu me te tiro i nga paatete mamao i Wireshark

I tangohia e ahau tetahi o taatau tauira tcpdump. Whakamahia hei hopu i nga paatete me te whakaatu tika i nga hua ki te GUI Wireshark rohe.

:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -

10. Te tārua i tētahi kōpaki paetata ki tētahi tūmau mamao mā SSH

He tinihanga pai e kōpeke kōpaki whakamahi bzip2 (koinei te whiringa -j i te whakahau tar), ka tikina i te awa bzip2 i tera taha, te hanga i tetahi kōpaki takirua i runga i te tūmau mamao.

localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"

11. Nga tono GUI Mamao me te SSH X11 Whakamua

Mena kua whakauruhia a X ki runga i te kiritaki me te tūmau mamao, ka taea e koe te whakahaere i tetahi whakahau GUI me te matapihi i runga i to papamahi rohe. Kua roa tenei ahuatanga, engari he tino whai hua tonu. Whakarewahia he kaitirotiro paetukutuku mamao me te papatohu VMWawre Workstation penei i ahau i tenei tauira.

localhost:~$ ssh -X remoteserver vmware

Te aho e hiahiatia ana X11Forwarding yes i roto i te kōnae sshd_config.

12. Te kape i te konae mamao ma te whakamahi i te rsync me te SSH

rsync nui atu watea scp, ki te hiahia koe ki te taapiri i ia wa o te whaiaronga, te maha o nga konae, nga konae tino nui ranei. He mahi mo te whakaora mai i te rahunga whakawhiti me te kape i nga konae kua whakarereke noa, e whakaora ana i nga waka me te wa.

Ko tenei tauira ka whakamahi i te pupuhi gzip (-z) me te aratau whakarangatira (-a), e taea ai te kape tukurua.

:~$ rsync -az /home/testuser/data remoteserver:backup/

13. SSH i runga i te whatunga Tor

Ka taea e te whatunga Tor ingoamuna te tarai i nga hokohoko SSH ma te whakamahi i te whakahau torsocks. Ko te whakahau e whai ake nei ka tukuna te takawaenga ssh ma Tor.

localhost:~$ torsocks ssh myuntracableuser@remoteserver

Nga toka ka whakamahi i te tauranga 9050 i runga i te localhost mo te takawaenga. I nga wa katoa, i te wa e whakamahi ana koe i a Tor me tino tirotiro koe he aha nga waka e taraihia ana me etahi atu take haumarutanga whakahaere (opsec). Kei hea o patai DNS?

14. SSH ki EC2 tauira

Hei hono atu ki tetahi tauira EC2, me hiahia koe ki tetahi kii motuhake. Tikiakehia (.pem toronga) mai i te paewhiri mana Amazon EC2 ka huri i nga whakaaetanga (chmod 400 my-ec2-ssh-key.pem). Puritia te kī ki te wāhi haumaru, waiho rānei ki tō ake kōpaki ~/.ssh/.

localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public

Taumahi -i korero noa ki te kiritaki ssh ki te whakamahi i tenei matua. Kōnae ~/.ssh/config He pai mo te whirihora aunoa i te whakamahinga matua ina hono ana ki te kaihautu ec2.

Host my-ec2-public
   Hostname ec2???.compute-1.amazonaws.com
   User ubuntu
   IdentityFile ~/.ssh/my-ec2-key.pem

15. Te whakatika i nga konae tuhinga ma te whakamahi i te VIM ma te ssh/scp

Mo nga hoa aroha katoa vim Ko tenei tohu ka whakaora i etahi wa. Ma te whakamahi vim ka whakatikahia nga konae ma te scp me te whakahau kotahi. Ko tenei tikanga ka hanga noa i te konae ki roto /tmpkatahi ka kape ano ina tiakina e matou vim.

localhost:~$ vim scp://user@remoteserver//etc/hosts

Tuhipoka: he rereke te ahua o te whakatakotoranga mai i te ahua o mua scp. Whai muri i te kaihautu he takirua //. He tohutoro ara tino tenei. Ma te rītaha e tohu he ara e pā ana ki tō kōpaki kāinga users.

**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])

Mena ka kite koe i tenei hapa, tirohia rua te whakatakotoranga whakahau. Ko te tikanga he hapa wetereo tenei.

16. Whakaeke SSH mamao hei kōpaki rohe me SSHFS

Ma te awhina o sshfs - kiritaki pūnaha kōnae ssh - ka taea e tatou te hono atu i tetahi raarangi rohe ki tetahi waahi mamao me nga taunekeneke katoa o nga konae i roto i te huihuinga whakamunatia ssh.

localhost:~$ apt install sshfs

Tāutahia te mōkihi ki runga Ubuntu me Debian sshfs, katahi ka whakairihia te waahi mamao ki to maatau punaha.

localhost:~$ sshfs user@remoteserver:/media/data ~/data/

17. SSH Multiplexing me te Ara Mana

Ma te taunoa, mena he hononga o naianei ki tetahi tūmau mamao ma te whakamahi ssh hononga tuarua te whakamahi ssh ranei scp ka whakatuu he hui hou me te motuhēhēnga atu. Kōwhiringa ControlPath ka taea te whakamahi i te waahi o mua mo nga hononga katoa o muri mai. Ma tenei ka tino tere ake te mahi: ka kitea te paanga ki runga i te whatunga rohe, me te nui atu i te wa e hono ana ki nga rauemi mamao.

Host remoteserver
        HostName remoteserver.example.org
        ControlMaster auto
        ControlPath ~/.ssh/control/%r@%h:%p
        ControlPersist 10m

Ka tohua e ControlPath te turanga hei tirotiro mo nga hononga hou ki te kite mena he waahi hohe ssh. Ko te tikanga o te whiringa whakamutunga ahakoa ka puta koe i te papatohu, ka noho tuwhera tonu te waahi o mua mo te 10 meneti, na i tenei waa ka taea e koe te hono ano ki te turanga o mua. Mo etahi atu korero, tirohia te awhina. ssh_config man.

18. Rere ataata i runga i SSH whakamahi VLC me SFTP

Ahakoa nga kaiwhakamahi roa ssh и vlc (Kaitaki Ataata Lan) kaore i te mohio ki tenei waahanga watea ina hiahia koe ki te matakitaki i tetahi ataata i runga i te whatunga. I roto i nga tautuhinga Kōnae | Whakatuwherahia te awa Whatunga hōtaka vlc ka taea e koe te whakauru i te waahi hei sftp://. Mena ka hiahiatia he kupuhipa, ka puta he tohu.

sftp://remoteserver//media/uploads/myvideo.mkv

19. Motuhēhēnga-rua

Ko te whakamotuhēhēnga-rua e rite ana ki to putea putea, putea Google ranei e pa ana ki te ratonga SSH.

Ko te tikanga, ssh i te tuatahi he mahi motuhēhēnga-rua, ko te tikanga he kupuhipa me te kī SSH. Ko te painga o te tohu taputapu me te taupānga Authenticator Google ko te tikanga he taputapu tinana rereke.

Tirohia ta maatau aratohu 8 meneti ki whakamahi Google Authenticator me SSH.

20. Peke ope ki te ssh me -J

Mena ko te wehewehenga whatunga ko te tikanga me peke koe i roto i nga kaihautu ssh maha kia tae atu ki te whatunga ūnga whakamutunga, ko te pokatata -J ka whakaora koe i te wa.

localhost:~$ ssh -J host1,host2,host3 [email protected]

Ko te mea nui ki te maarama i konei kaore tenei i te rite ki te whakahau ssh host1, ka user@host1:~$ ssh host2 me etahi atu. Ko te whiringa -J he maamaa te whakamahi whakamua ki te akiaki i te localhost ki te whakatu i tetahi huihuinga me te kaihautu e whai ake nei i roto i te mekameka. Na i roto i te tauira i runga ake nei, kua whakamotuhēhēhia to tatou localhost ki te host4. Arā, ka whakamahia a tatou kī localhost, ka whakamunatia te wahanga mai i te localhost ki te host4.

Mo tera pea i roto ssh_config whakapūtā kōwhiringa whirihoranga TakawaengaJump. Mena ka haere tonu koe ki te maha o nga kaihautu, katahi ka nui te wa e ora ai te aunoatanga ma te whirihora.

21. Poraka SSH ngana ki te whakamahi iptables

Ko te tangata kua whakahaere i tetahi ratonga SSH me te titiro ki nga raarangi e mohio ana mo te maha o nga ngana kaha nanakia ka puta ia haora o ia ra. Ko te huarahi tere ki te whakaiti i te ngangau i roto i nga rakau ko te neke SSH ki te tauranga kore-paerewa. Hangaia nga huringa ki te konae sshd_config mā te tawhā whirihoranga Tauranga##.

Ma te awhina o iptables Ka taea hoki te aukati i nga nganatanga ki te hono atu ki tetahi tauranga ina eke ki tetahi paepae. He huarahi ngawari ki te mahi i tenei ko te whakamahi OSSEC, na te mea ehara i te mea ka aukati noa i te SSH, engari he paihere o etahi atu tikanga whakamohiotanga i runga i te ingoa o te kaihautu (HIDS).

22. Mawhiti SSH ki te huri i te tauranga whakamua

Na to tatou tauira whakamutunga ssh i hangaia hei huri i te tauranga whakamua i runga i te rere i roto i te waahi o mua ssh. Whakaarohia tenei ahuatanga. Kei te hohonu koe i roto i te whatunga; kua neke atu pea i te haurua tekau ma rua nga kaihautu me te hiahia ki tetahi tauranga rohe i runga i te teihana mahi ka tukuna atu ki te Microsoft SMB o te punaha Windows 2003 tawhito (kotahi ka mahara ki a ms08-67?).

Pāwhiri enter, ngana ki te whakauru ki te papatohu ~C. He raupapa mana hui tenei e taea ai te whakarereke ki tetahi hononga o naianei.

localhost:~$ ~C
ssh> -h
Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KL[bind_address:]port                 Cancel local forward
      -KR[bind_address:]port                 Cancel remote forward
      -KD[bind_address:]port                 Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.

I konei ka kite koe kua tukuna e matou to matou tauranga rohe 1445 ki te kaihautu Windows 2003 i kitea e matou i te whatunga o roto. Inaianei rere noa msfconsole, a ka taea e koe te haere tonu (mehemea kei te whakamahere koe ki te whakamahi i tenei kaihautu).

Whakaoti

Ko enei tauira, tohutohu me nga whakahau ssh me hoatu he timatanga; Ko etahi atu korero mo ia o nga whakahau me nga kaha kei nga wharangi tangata (man ssh, man ssh_config, man sshd_config).

I nga wa katoa ka miharo ahau ki te kaha ki te uru atu ki nga punaha me te whakahaere whakahau ki nga waahi katoa o te ao. Ma te whakawhanake i o pukenga me nga taputapu penei ssh ka whai hua ake koe i roto i tetahi keemu ka takaro koe.

Source: will.com

Tāpiri i te kōrero