Zitsanzo zothandiza , zomwe zidzatengere luso lanu monga woyang'anira dongosolo lakutali ku mlingo watsopano. Malamulo ndi malangizo zidzakuthandizani osati ntchito SSH, komanso fufuzani maukonde mwaluso kwambiri.
Kudziwa zidule zingapo ssh zothandiza kwa woyang'anira dongosolo aliyense, injiniya wamanetiweki kapena katswiri wachitetezo.
Zitsanzo Zothandiza za SSH
Choyamba zoyambira
Kujambula mzere wa SSH
Chitsanzo chotsatirachi chimagwiritsa ntchito magawo omwe nthawi zambiri amakumana nawo akamalumikizana ndi seva yakutali SSH.
localhost:~$ ssh -v -p 22 -C neo@remoteserver-v: Kuchotsa zolakwika kumakhala kothandiza kwambiri pakuwunika zovuta zotsimikizira. Itha kugwiritsidwa ntchito kangapo kuti muwonetse zambiri.- p 22: doko lolumikizira ku seva yakutali ya SSH. 22 sichiyenera kutchulidwa, chifukwa ichi ndi mtengo wokhazikika, koma ngati protocol ili pa doko lina, ndiye timayitchula pogwiritsa ntchito parameter.-p. Doko lomvera likufotokozedwa mu fayilosshd_configmu mawonekedwePort 2222.-C: Kuphatikizika kwa kulumikizana. Ngati muli ndi kulumikizana pang'onopang'ono kapena kuwona zolemba zambiri, izi zitha kufulumizitsa kulumikizanako.neo@: Mzere womwe usanachitike chizindikiro cha @ ukuwonetsa dzina lolowera kuti litsimikizire pa seva yakutali. Ngati simunatchule, zidzasintha ku dzina la akaunti yomwe mwalowamo (~$whoami). Wogwiritsanso akhoza kufotokozedwa pogwiritsa ntchito parameter-l.remoteserver: dzina la wolandira kuti mulumikizikessh, ili likhoza kukhala dzina lachidziwitso loyenerera bwino, adilesi ya IP, kapena wolandira aliyense mufayilo ya makamu akomweko. Kuti mulumikizane ndi wolandila omwe amathandizira IPv4 ndi IPv6, mutha kuwonjezera parameter pamzere wolamula-4kapena-6pakukonza koyenera.
Zonse zomwe zili pamwambapa ndizosankha kupatula remoteserver.
Kugwiritsa ntchito fayilo yosintha
Ngakhale ambiri amadziwa bwino fayilo sshd_config, palinso fayilo yosinthira kasitomala yalamulo ssh. Mtengo wofikira ~/.ssh/config, koma ikhoza kufotokozedwa ngati gawo lachisankho -F.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_keyPali zolembedwa ziwiri zomwe zili mufayilo yosinthira ya ssh pamwambapa. Yoyamba imatanthawuza makamu onse, onse pogwiritsa ntchito mawonekedwe a Port 2222. Yachiwiri ikunena kuti kwa wolandirayo. remoteserver dzina lolowera, doko, FQDN ndi IdentityFile ziyenera kugwiritsidwa ntchito.
Fayilo yokonzekera ikhoza kusunga nthawi yochuluka yolembera polola kuti masinthidwe apamwamba agwiritsidwe ntchito polumikizana ndi makamu enieni.
Kukopera mafayilo pa SSH pogwiritsa ntchito SCP
Makasitomala a SSH amabwera ndi zida zina ziwiri zothandiza kwambiri kukopera mafayilo kugwirizana kwa ssh. Onani m'munsimu chitsanzo cha momwe mungagwiritsire ntchito malamulo a scp ndi sftp. Dziwani kuti zambiri mwazosankha za ssh zimagwiranso ntchito pamalamulo awa.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.pngMu chitsanzo ichi file mypic.png kukopera ku remoteserver ku folda /media/data ndi kusinthidwa ku mypic_2.png.
Musaiwale za kusiyana kwa parameter ya doko. Apa ndi pamene anthu ambiri amagwidwa pamene akuyambitsa scp kuchokera pamzere wolamula. Nayi parameter ya port -P, osati -p, monga mu kasitomala wa ssh! Mudzaiwala, koma osadandaula, aliyense amaiwala.
Kwa omwe akudziwa bwino console ftp, malamulo ambiri ndi ofanana mu sftp. Mukhoza kuchita Kankhani, Ikani ΠΈ lsmonga mtima ufunira.
sftp neo@remoteserverZitsanzo zothandiza
Zambiri mwa zitsanzozi, zotsatira zake zikhoza kutheka pogwiritsa ntchito njira zosiyanasiyana. Monga m'miyoyo yathu yonse ndi zitsanzo, zokonda zimaperekedwa ku zitsanzo zothandiza zomwe zimangochita ntchito yawo.
1. SSH socks proxy
Mbali ya SSH Proxy ndi nambala 1 pazifukwa zomveka. Ndi yamphamvu kuposa momwe ambiri amaganizira ndipo imakupatsani mwayi wogwiritsa ntchito makina aliwonse omwe seva yakutali imatha kugwiritsa ntchito, pogwiritsa ntchito pulogalamu iliyonse. Makasitomala a ssh amatha kuyendetsa magalimoto kudzera pa SOCKS proxy ndi lamulo limodzi losavuta. Ndikofunika kumvetsetsa kuti magalimoto opita ku machitidwe akutali adzachokera ku seva yakutali, izi zidzawonetsedwa muzitsulo za seva ya intaneti.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/sshApa tikuyendetsa socks proxy pa TCP port 8888, lamulo lachiwiri limayang'ana kuti doko likugwira ntchito pomvetsera. 127.0.0.1 ikuwonetsa kuti ntchitoyi imangogwira pa localhost. Titha kugwiritsa ntchito lamulo losiyana pang'ono kuti timvetsere pazolumikizana zonse, kuphatikiza ethernet kapena wifi, izi zitha kulola mapulogalamu ena (osatsegula, ndi zina) pamaneti athu kulumikizana ndi seva ya proxy kudzera pa ssh socks proxy.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserverTsopano titha kukonza msakatuli kuti agwirizane ndi proxy ya masokosi. Mu Firefox, sankhani Zokonda | Basic | Zokonda pa netiweki. Tchulani adilesi ya IP ndi doko kuti mulumikizane.
Chonde dziwani njira yomwe ili pansi pa fomuyi kuti zopempha za DNS za msakatuli wanu zidutse pa SOCKS proxy. Ngati mukugwiritsa ntchito seva ya proxy kubisa kuchuluka kwa anthu pa intaneti pa netiweki yanu, mungafune kusankha njirayi kuti zopempha za DNS zipitirire kudzera pa intaneti ya SSH.
Kutsegula masokosi a proxy mu Chrome
Kukhazikitsa Chrome ndi magawo ena a mzere wolamula kumathandizira woyimira masokosi, komanso kuwongolera zopempha za DNS kuchokera kwa osatsegula. Khulupirirani koma fufuzani. Gwiritsani ntchito kuti muwone ngati mafunso a DNS sakuwonekanso.
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"Kugwiritsa ntchito mapulogalamu ena okhala ndi proxy
Kumbukirani kuti mapulogalamu ena ambiri angagwiritsenso ntchito ma proxies a masokosi. Msakatuli amangodziwika kwambiri kuposa onse. Mapulogalamu ena ali ndi njira zosinthira kuti atsegule seva yolandirira. Ena amafunikira thandizo pang'ono ndi pulogalamu yothandizira. Mwachitsanzo, imakupatsani mwayi wodutsa pa sokisi ya projekiti ya Microsoft RDP, ndi zina.
localhost:~$ proxychains rdesktop $RemoteWindowsServerZosintha za masinthidwe a sokisi za sokisi zimayikidwa mu fayilo yosinthira ya proxychains.
Malangizo: ngati mugwiritsa ntchito kompyuta yakutali kuchokera ku Linux pa Windows? Yesani kasitomala . Uku ndikukhazikitsa kwamakono kuposa
rdesktop, ndi chokumana nacho chosavuta.
Njira yogwiritsira ntchito SSH kudzera pa proxy ya masokosi
Mukukhala mu cafe kapena hotelo - ndipo mukukakamizidwa kugwiritsa ntchito WiFi yosadalirika. Timakhazikitsa ssh proxy kwanuko kuchokera pa laputopu ndikuyika ssh tunnel mu network yakunyumba pa Rasberry Pi yakomweko. Pogwiritsa ntchito msakatuli kapena mapulogalamu ena opangira projekiti ya masokosi, titha kupeza ma netiweki aliwonse pa netiweki yathu yakunyumba kapena kugwiritsa ntchito intaneti kudzera pa intaneti yathu. Chilichonse pakati pa laputopu yanu ndi seva yanu yakunyumba (kudzera pa Wi-Fi ndi intaneti kunyumba kwanu) chimasungidwa mumsewu wa SSH.
2. Ngalande ya SSH (kutumiza padoko)
Mwanjira yake yosavuta, msewu wa SSH umangotsegula doko pamakina anu am'deralo omwe amalumikizana ndi doko lina kumapeto kwina kwa ngalandeyo.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
Tiyeni tiwone parameter -L. Itha kuganiziridwa ngati mbali yakumvetsera. Chifukwa chake mu chitsanzo pamwambapa, port 9999 ikumvetsera kumbali yakumaloko ndikutumizidwa kudzera pa port 80 kupita ku remoteserver. Chonde dziwani kuti 127.0.0.1 imatanthawuza localhost pa seva yakutali!
Tiyeni tikwere masitepe. Chitsanzo chotsatirachi chimalumikizana ndi madoko omvera ndi ena omwe ali pa netiweki yakomweko.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserverMuzitsanzo izi tikulumikiza ku doko pa seva ya intaneti, koma iyi ikhoza kukhala seva ya proxy kapena ntchito ina iliyonse ya TCP.
3. Msewu wa SSH kwa wolandira wina
Titha kugwiritsa ntchito magawo omwewo kuti tilumikizane ndi ngalande kuchokera pa seva yakutali kupita ku ntchito ina yomwe ikuyenda pa dongosolo lachitatu.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserverMuchitsanzo ichi, tikulozeranso ngalande kuchokera ku remoteserver kupita ku seva yapaintaneti yomwe ikuyenda pa 10.10.10.10. Magalimoto kuchokera kutali seva kupita ku 10.10.10.10 palibenso mumsewu wa SSH. Seva yapaintaneti pa 10.10.10.10 idzatenga remoteserver kukhala gwero la zopempha zapaintaneti.
4. Njira yosinthira SSH
Apa tidzakonza malo omvera pa seva yakutali yomwe idzalumikizanso ku doko lapafupi pa localhost (kapena dongosolo lina).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserverGawo ili la SSH limakhazikitsa kulumikizana kuchokera ku doko 1999 pa remoteserver kupita ku doko 902 pa kasitomala wathu wakomweko.
5. SSH Reverse Proxy
Pankhaniyi, tikukhazikitsa proxy ya masokosi pa ssh kugwirizana kwathu, koma wothandizira akumvetsera kumapeto kwa seva. Malumikizidwe ku projekiti yakutaliyi tsopano akuwoneka kuchokera mumsewu ngati kuchuluka kwa magalimoto kuchokera komwe timakhala.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserverKuthetsa mavuto ndi tunnel zakutali za SSH
Ngati muli ndi vuto ndi zosankha zakutali za SSH zikugwira ntchito, fufuzani ndi netstat, ndi njira zina zotani zomwe doko lomvera limalumikizidwa. Ngakhale ife anasonyeza 0.0.0.0 mu zitsanzo, koma ngati mtengo Zithunzi za GatewayPorts Π² alireza set ku ayi, ndiye womvera adzamangidwa kokha kwa localhost (127.0.0.1).
Chenjezo la Chitetezo
Chonde dziwani kuti potsegula ma tunnel ndi ma proxies a masokosi, zida zamkati zamaneti zitha kupezeka pamanetiweki osadalirika (monga intaneti!). Izi zitha kukhala chiwopsezo chachikulu chachitetezo, kotero onetsetsani kuti mukumvetsetsa zomwe omvera ali ndi zomwe ali nazo.
6. Kuyika VPN kudzera pa SSH
Mawu ofala pakati pa akatswiri a njira zowukira (pentesters, ndi zina zotero) ndi "fulcrum in network." Kulumikizana kukakhazikitsidwa pa dongosolo limodzi, kachitidweko kamakhala chipata chopitira ku netiweki. Fulcrum yomwe imakulolani kuti musunthe m'lifupi.
Pamalo oterowo titha kugwiritsa ntchito projekiti ya SSH ndi ma proxychains, komabe pali zolepheretsa. Mwachitsanzo, sizingatheke kugwira ntchito mwachindunji ndi sockets, kotero sitingathe kusanthula madoko mkati mwa netiweki kudzera. SYN.
Pogwiritsa ntchito njira yapamwamba kwambiri ya VPN iyi, kulumikizana kumachepetsedwa gawo 3. Titha kungoyendetsa magalimoto mumsewu pogwiritsa ntchito ma network okhazikika.
Njira yogwiritsira ntchito ssh, iptables, tun interfaces ndi mayendedwe.
Choyamba muyenera kukhazikitsa ma parameter awa sshd_config. Popeza tikupanga kusintha kwa ma interfaces akutali ndi kasitomala kachitidwe, ife amafunikira ufulu wa mizu mbali zonse ziwiri.
PermitRootLogin yes
PermitTunnel yesKenako tidzakhazikitsa kulumikizana kwa ssh pogwiritsa ntchito gawo lomwe limapempha kukhazikitsidwa kwa zida za tun.
localhost:~# ssh -v -w any root@remoteserver
Tiyenera kukhala ndi chipangizo cha tun powonetsa zolumikizira (# ip a). Chotsatira chidzawonjezera ma adilesi a IP pamakina olowera.
SSH kasitomala mbali:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 upSSH Server Side:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
Tsopano tili ndi njira yolunjika yopita ku wolandira wina (route -n ΠΈ ping 10.10.10.10).
Mutha kuyendetsa subnet iliyonse kudzera pagulu lomwe lili mbali inayo.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
Pa mbali yakutali muyenera kuyatsa ip_forward ΠΈ iptables.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADEBomu! VPN panjira ya SSH pa network layer 3. Tsopano ndicho chigonjetso.
Ngati pali mavuto, gwiritsani ntchito ΠΈ pingkuti adziwe chifukwa chake. Popeza tikusewera pagawo 3, mapaketi athu a icmp adutsa mumsewuwu.
7. Lembani kiyi ya SSH (ssh-copy-id)
Pali njira zingapo zochitira izi, koma lamuloli limapulumutsa nthawi posatengera mafayilo pamanja. Imangokopera ~/.ssh/id_rsa.pub (kapena kiyi yokhazikika) kuchokera pakompyuta yanu kupita ~/.ssh/authorized_keys pa seva yakutali.
localhost:~$ ssh-copy-id user@remoteserver
8. Kukhazikitsa kwakutali (kosagwirizana)
timu ssh Itha kulumikizidwa ndi malamulo ena amtundu wamba, wosavuta kugwiritsa ntchito. Ingowonjezerani lamulo lomwe mukufuna kuti mugwiritse ntchito pamtundu wakutali ngati gawo lomaliza muzolemba.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
Mu chitsanzo ichi grep kuchitidwa pamakina akomweko chipikacho chikatsitsidwa kudzera pa ssh channel. Ngati fayiloyo ndi yayikulu, ndiyosavuta kuyendetsa grep kumbali yakutali mwa kungotsekereza malamulo onse awiri m'mawu apawiri.
Chitsanzo china chimagwira ntchito yofanana ndi ssh-copy-id pa chitsanzo 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Kujambula ndi kuwona paketi yakutali mu Wireshark
Ndinatenga mmodzi wathu . Gwiritsani ntchito kujambula mapaketi patali ndikuwonetsa zotsatira mwachindunji mu Wireshark GUI yakomweko.
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Kukopera foda yapafupi ku seva yakutali kudzera pa SSH
Chinyengo chabwino chomwe chimakanikiza chikwatu pogwiritsa ntchito bzip2 (iyi ndi -j njira mu lamulo tar), kenako ndikubweza mtsinjewo bzip2 mbali inayo, kupanga chibwereza chikwatu pa seva yakutali.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Mapulogalamu akutali a GUI okhala ndi SSH X11 Forwarding
Ngati X yayikidwa pa kasitomala ndi seva yakutali, ndiye kuti mutha kuyika patali lamulo la GUI ndi zenera pa desktop yanu. Izi zakhala zikuchitika kwa nthawi yayitali, komabe ndi zothandiza kwambiri. Yambitsani msakatuli wakutali kapena VMWawre Workstation console monga ndikuchitira pachitsanzo ichi.
localhost:~$ ssh -X remoteserver vmware
Chingwe chofunikira X11Forwarding yes mu file sshd_config.
12. Kukopera mafayilo akutali pogwiritsa ntchito rsync ndi SSH
rsync yabwino kwambiri scp, ngati mukufuna zosunga zobwezeretsera nthawi ndi nthawi, mafayilo ambiri, kapena mafayilo akulu kwambiri. Pali ntchito yobwezeretsanso kulephera kosinthira ndikukopera mafayilo osinthidwa okha, omwe amapulumutsa magalimoto ndi nthawi.
Chitsanzochi chimagwiritsa ntchito compression gzip (-z) ndi archiving mode (-a), yomwe imathandizira kukopera kobwerezabwereza.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH pa netiweki ya Tor
Network yosadziwika ya Tor imatha kuwongolera kuchuluka kwa SSH pogwiritsa ntchito lamulo torsocks. Lamulo lotsatirali lidzadutsa ssh proxy kudzera mu Tor.
localhost:~$ torsocks ssh myuntracableuser@remoteserveradzagwiritsa ntchito port 9050 pa localhost kwa proxy. Monga nthawi zonse, mukamagwiritsa ntchito Tor muyenera kuyang'ana mozama momwe magalimoto akuyendetsedwera komanso zovuta zina zachitetezo (opsec). Kodi mafunso anu a DNS amapita kuti?
14. SSH ku EC2 chitsanzo
Kuti mulumikizane ndi chochitika cha EC2, mukufuna kiyi yachinsinsi. Tsitsani (.pem extension) kuchokera pagulu lowongolera la Amazon EC2 ndikusintha zilolezo (chmod 400 my-ec2-ssh-key.pem). Sungani kiyi pamalo otetezeka kapena ikani mufoda yanu ~/.ssh/.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
chizindikiro -i amangouza kasitomala wa ssh kuti agwiritse ntchito kiyi iyi. Fayilo ~/.ssh/config Ndibwino kuti mungodzipangira zokha kugwiritsa ntchito makiyi polumikizana ndi ec2 host.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Kusintha mafayilo amawu pogwiritsa ntchito VIM kudzera pa ssh/scp
Kwa onse okonda vim Malangizowa apulumutsa nthawi. Pogwiritsa ntchito vim mafayilo amasinthidwa kudzera pa scp ndi lamulo limodzi. Njira iyi imangopanga fayilo kwanuko /tmpndiyeno nkumakoperanso titasungako vim.
localhost:~$ vim scp://user@remoteserver//etc/hosts
Zindikirani: mawonekedwe ake ndi osiyana pang'ono ndi nthawi zonse scp. Pambuyo pa khamu timakhala ndi kawiri //. Ichi ndi chitsimikiziro cha njira. Kudula kumodzi kudzawonetsa njira yolumikizana ndi chikwatu chakunyumba kwanu users.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])Ngati muwona cholakwika ichi, fufuzani kawiri mtundu wa lamulo. Izi nthawi zambiri zimatanthawuza cholakwika cha syntax.
16. Kuyika SSH yakutali ngati foda yapafupi ndi SSHFS
Ndi chithandizo cha sshfs - kasitomala wamafayilo ssh - titha kulumikiza chikwatu chakumalo komwe kuli kutali ndi mafayilo onse mugawo lobisika ssh.
localhost:~$ apt install sshfs
Ikani phukusi pa Ubuntu ndi Debian sshfs, ndiyeno ingoyikani malo akutali ku dongosolo lathu.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. SSH Multiplexing ndi ControlPath
Mwachikhazikitso, ngati pali kulumikizana komwe kulipo ku seva yakutali pogwiritsa ntchito ssh kugwirizana kachiwiri ntchito ssh kapena scp imakhazikitsa gawo latsopano ndi kutsimikizika kowonjezera. Njira ControlPath imalola gawo lomwe lilipo kuti ligwiritsidwe ntchito pazolumikizana zonse zotsatira. Izi zidzafulumizitsa ndondomekoyi: zotsatira zake zimawonekera ngakhale pa intaneti yapafupi, ndipo makamaka pamene mukugwirizanitsa ndi zinthu zakutali.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
ControlPath imatchula socket kuti muwone zolumikizira zatsopano kuti muwone ngati pali gawo lokhazikika ssh. Njira yomaliza imatanthawuza kuti ngakhale mutatuluka pa console, gawo lomwe lilipo likhala lotseguka kwa mphindi 10, kotero panthawiyi mukhoza kugwirizanitsanso pazitsulo zomwe zilipo. Kuti mudziwe zambiri, onani chithandizo. ssh_config man.
18. Sungani kanema pa SSH pogwiritsa ntchito VLC ndi SFTP
Ngakhale ogwiritsa ntchito nthawi yayitali ssh ΠΈ vlc (Video Lan Client) samadziwa nthawi zonse za njira yabwinoyi mukafunika kuwonera kanema pa intaneti. Muzokonda Fayilo | Tsegulani Network Stream mapulogalamu vlc mukhoza kulowa malo monga sftp://. Ngati mawu achinsinsi akufunika, chidziwitso chidzawonekera.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Kutsimikizika kwazinthu ziwiri
Kutsimikizika kwazinthu ziwiri komweko monga akaunti yanu yakubanki kapena akaunti ya Google kumagwira ntchito pa SSH.
Inde, ssh poyamba ili ndi ntchito yotsimikizira zinthu ziwiri, zomwe zikutanthauza mawu achinsinsi ndi kiyi ya SSH. Ubwino wa chizindikiro cha hardware kapena pulogalamu ya Google Authenticator ndikuti nthawi zambiri imakhala chipangizo chosiyana.
Onani kalozera wathu wamphindi 8 kuti .
20. Magulu odumpha ndi ssh ndi -J
Ngati magawo a netiweki akutanthauza kuti muyenera kudumphadumpha ma ssh angapo kuti mufike pa netiweki yomaliza, njira yachidule ya -J idzakupulumutsirani nthawi.
localhost:~$ ssh -J host1,host2,host3 [email protected]
Chinthu chachikulu kumvetsetsa apa ndikuti izi sizili zofanana ndi lamulo ssh host1ndiye user@host1:~$ ssh host2 ndi zina zotero. Njira ya -J imagwiritsa ntchito kutumiza mochenjera kukakamiza wolandirayo kuti akhazikitse gawo ndi wolandila wina mu tcheni. Chifukwa chake mu chitsanzo chapamwambachi, localhost yathu imatsimikiziridwa kukhala host4. Ndiye kuti, makiyi athu am'deralo amagwiritsidwa ntchito, ndipo gawolo kuchokera ku localhost kupita ku host4 lidasindikizidwa kwathunthu.
Kwa mwayi wotero mu ssh_config tchulani njira yosinthira Pulogalamu ya ProxyJump. Ngati nthawi zonse mumayenera kudutsa makamu angapo, ndiye kuti makina osinthika amapulumutsa nthawi yambiri.
21. Letsani kuyesa kwamphamvu kwa SSH pogwiritsa ntchito ma iptables
Aliyense amene wayendetsa ntchito ya SSH ndikuyang'ana zipika amadziwa za kuchuluka kwa zoyesayesa zankhanza zomwe zimachitika ola lililonse tsiku lililonse. Njira yofulumira yochepetsera phokoso muzitsulo ndikusuntha SSH ku doko losavomerezeka. Sinthani fayilo sshd_config kudzera configuration parameter Port##.
Ndi chithandizo cha iptables Muthanso kuletsa mosavuta kuyesa kulumikizana ndi doko mukafika pachiwopsezo china. Njira yosavuta yochitira izi ndikugwiritsa ntchito , chifukwa sikuti imangotchinga SSH, koma imapanganso miyeso ina yodziwiratu yolowera m'dzina la alendo (HIDS).
22. SSH Escape kuti musinthe kutumiza kwa doko
Ndipo chitsanzo chathu chomaliza ssh idapangidwa kuti isinthe kutumiza kwa madoko pa ntchentche mkati mwa gawo lomwe lilipo ssh. Tangoganizirani izi. Ndinu mozama mu network; mwina adadumphira makamu opitilira theka la khumi ndi awiri ndipo amafunikira doko lapafupi pamalo ogwirira ntchito omwe amatumizidwa ku Microsoft SMB yakale ya Windows 2003 system (aliyense akukumbukira ms08-67?).
Kudina enter, yesani kulowa mu console ~C. Iyi ndi njira yoyendetsera gawo yomwe imakupatsani mwayi wosintha maulalo omwe alipo.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
Apa mutha kuwona kuti tatumiza doko lakwathu 1445 kwa Windows 2003 host yomwe tidapeza pa netiweki yamkati. Tsopano ingothamangani msfconsole, ndipo mutha kupitilira (poganiza kuti mukukonzekera kugwiritsa ntchito wolandirayo).
Kukwanitsa
Zitsanzo, malangizo ndi malamulo awa ssh ayenera kupereka poyambira; Zambiri zokhudzana ndi lamulo lililonse ndi kuthekera zilipo pamasamba amunthu (man ssh, man ssh_config, man sshd_config).
Nthawi zonse ndakhala ndikuchita chidwi ndi kuthekera kofikira machitidwe ndikuchita malamulo kulikonse padziko lapansi. Pokulitsa luso lanu ndi zida monga ssh mudzakhala ogwira mtima pamasewera aliwonse omwe mumasewera.
Source: www.habr.com