Mienzaniso inoshanda SSH
, asi zvakare fambisa network zvine hunyanzvi.
Kuziva maitiro mashoma ssh
inobatsira kune chero system administrator, network injinjini kana kuchengetedza nyanzvi.
Inoshanda SSH Mienzaniso
SSH masokisi proxy SSH mugero (chiteshi kutumira) SSH mugero kune wechitatu mugamuchiri Reverse SSH mugero SSH reverse proxy Kuisa VPN pamusoro peSSH Kutevedzera kiyi yeSSH (ssh-copy-id) Remote command execution (isina-interactive) Remote packet kubatwa uye kuona muWireshark Kukopa folda yemunharaunda kune iri kure server kuburikidza neSSH Remote GUI Applications ine SSH X11 Forwarding Remote faira kukopa uchishandisa rsync uye SSH SSH pamusoro peTor network SSH kune EC2 muenzaniso Kugadzirisa mafaera emavara uchishandisa VIM kuburikidza ne ssh/scp Mount kure SSH senzvimbo folda ine SSHFS Multiplexing SSH ine ControlPath Ridza vhidhiyo pamusoro peSSH uchishandisa VLC uye SFTP Zvinhu zviviri-chokwadi Kusvetuka mauto ane SSH uye -J Kuvhara SSH brute simba kuedza kushandisa iptables SSH Escape kuti uchinje kutumira pachiteshi
Kutanga zvinokosha
Kuisa mutsara wemirairo weSSH
Muenzaniso unotevera unoshandisa maparamendi akajairwa anowanzo sangana kana uchibatanidza kune iri kure server SSH
.
localhost:~$ ssh -v -p 22 -C neo@remoteserver
-v
: Debugging inobuda inonyanya kubatsira kana uchiongorora matambudziko echokwadi. Inogona kushandiswa kakawanda kuratidza rumwe ruzivo.- p 22
: chiteshi chekubatanidza kune iri kure SSH server. 22 haifanirwe kutaurwa, nekuti iyi ndiyo yakasarudzika kukosha, asi kana protocol iri pane imwe chiteshi, isu tinoitsanangura tichishandisa parameter.-p
. Nzvimbo yekuteerera inotsanangurwa mufairasshd_config
muchimiroPort 2222
.-C
: Compression yekubatanidza. Kana uine chinongedzo chinononoka kana kuona zvinyorwa zvakawanda, izvi zvinogona kukurumidzira kubatana.neo@
: Mutsetse uri pamberi pe @ chiratidzo unoratidza zita rekushandisa rechokwadi pane iri kure server. Kana iwe ukasazvitsanangura, inozomira kune zita rekushandisa reakaundi yawakapinda pari zvino (~$whoami). Mushandisi anogona zvakare kutsanangurwa uchishandisa iyo parameter-l
.remoteserver
: zita remugamuchiri wekubatanidza kwaarissh
, iyi inogona kunge iri zita rakazara rinonyatsokodzera, kero yeIP, kana chero muenzi mune yemuno faira faira. Kuti ubatanidze kune muenzi anotsigira ese IPv4 uye IPv6, unogona kuwedzera parameter kumutsetse wekuraira-4
kana-6
kuitira kugadzirisa kwakakodzera.
Ese ari pamusoro apa parameters ane sarudzo kunze kwekunge remoteserver
.
Kushandisa configuration file
Kunyangwe vazhinji vachiziva faira sshd_config
, kune zvakare mutengi gadziriso faira yekuraira ssh
. Default value ~/.ssh/config
, asi inogona kutsanangurwa separameter yesarudzo -F
.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_key
Pane maviri mapindiro emuenzi mumuenzaniso ssh yekumisikidza faira pamusoro. Yekutanga inoreva vese vanogamuchira, vese vachishandisa iyo Port 2222 configuration parameter. remoteserver zita rekushandisa rakasiyana, chiteshi, FQDN uye IdentityFile inofanira kushandiswa.
Iyo faira yekumisikidza inogona kuchengetedza yakawanda yenguva yekutaipa nekubvumira dhizaini yekumisikidza kuti ishandiswe otomatiki kana ichibatanidza kune chaiwo mauto.
Kukopa mafaera pamusoro peSSH uchishandisa SCP
Iyo SSH mutengi inouya nemamwe maviri anobatsira maturusi ekukopa mafaera pamusoro encrypted ssh yekubatanidza. Ona pazasi muenzaniso wekushandiswa kwakajairwa kwemirairo yescp uye sftp. Ziva kuti mazhinji emasarudzo e ssh anoshanda kune iyi mirairo zvakare.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png
Mumuenzaniso uyu faira mypic.png kukopwa ku remoteserver kufolder /media/data ndokupiwa zita rekuti mypic_2.png.
Usakanganwa nezve musiyano muchiteshi chechiteshi. Apa ndipo panobatwa vanhu vazhinji kana vatanga scp
kubva pamutsetse wemirairo. Heino iyo port parameter -P
asi kwete -p
, sezvakangoita mune ssh mutengi! Iwe uchakanganwa, asi usanetseka, munhu wese anokanganwa.
Kune avo vanoziva console ftp
, mizhinji yemirairo yakafanana mu sftp
. Unogona kuita kusunda, Isa ΠΈ lssokuda kwomwoyo.
sftp neo@remoteserver
Mienzaniso inoshanda
Mune yakawanda yeiyi mienzaniso, mhedzisiro inogona kuwanikwa uchishandisa nzira dzakasiyana. Sezvakaita mune yedu yese
1. SSH socks proxy
Iyo SSH Proxy chimiro inhamba 1 nechikonzero chakanaka. Iyo ine simba kupfuura izvo zvinozivikanwa nevakawanda uye inokupa iwe kupinda kune chero system iyo iri kure server inokwanisa kuwana, uchishandisa chero application. Mutengi we ssh anogona kuchinjisa traffic kuburikidza neSOCKS proxy nemurairo mumwe wakapusa. Izvo zvakakosha kuti unzwisise kuti traffic kune ari kure masisitimu achauya kubva kure server, izvi zvicharatidzwa muwebhu server matanda.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/ssh
Pano isu tinomhanyisa socks proxy paTCP port 8888, wechipiri murairo unotarisa kuti chiteshi chiri kushanda mukuteerera maitiro. 127.0.0.1 inoratidza kuti sevhisi inomhanya chete pane localhost. Tinogona kushandisa murairo wakasiyana zvishoma kuti titeerere pane zvese zvinopindirana, kusanganisira ethernet kana wifi, izvi zvinobvumira mamwe maapplication (mabhurawuza, nezvimwewo) pane network yedu kuti abatanidze kune proxy sevhisi kuburikidza ne ssh socks proxy.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver
Iye zvino isu tinokwanisa kugadzirisa browser kuti ibatane kune socks proxy. MuFirefox, sarudza Settings | Basic | Network marongero. Taura IP kero uye chiteshi chekubatanidza.
Ndokumbira utarise sarudzo iri pazasi pefomu kuti zvakare bhurawuza yako DNS zvikumbiro zviende kuburikidza neSOCKS proxy. Kana uri kushandisa proxy server encrypt web traffic pane yako yemunharaunda network, iwe ungangoda kusarudza iyi sarudzo kuitira kuti DNS zvikumbiro zvitariswe kuburikidza neSSH yekubatanidza.
Kushanda socks proxy muChrome
Kuvhura Chrome nemamwe mitsara yemirairo inogonesa socks proxy, pamwe nekugadzirisa zvikumbiro zveDNS kubva kubrowser. Vimba asi tarisa. Shandisa
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"
Kushandisa mamwe maapplication ane proxy
Ramba uchifunga kuti mamwe akawanda maapplication anogona zvakare kushandisa masokisi proxies. Webhurawuza ndiyo inonyanya kufarirwa pane ese. Mamwe maapplication ane magadzirirwo esarudzo kugonesa proxy server. Vamwe vanoda rubatsiro ruduku nepurogiramu yekubatsira. Semuyenzaniso,
localhost:~$ proxychains rdesktop $RemoteWindowsServer
Socks proxy configuration parameters akaiswa muproxychains configuration file.
Zano: kana ukashandisa kure desktop kubva kuLinux paWindows? Edza mutengi
FreeRDP . Uku kuita kwemazuva ano kupfuurardesktop
, nechinoitika chakapfava zvikuru.
Sarudzo yekushandisa SSH kuburikidza nemasokisi proxy
Iwe wakagara mune cafe kana hotera - uye unomanikidzwa kushandisa kwete isingavimbike WiFi. Isu tinotangisa ssh proxy munharaunda kubva palaptop uye nekuisa ssh tunnel mukati metiweki yekumba pane yemuno Rasberry Pi. Tichishandisa browser kana mamwe maapplication akagadzirirwa socks proxy, tinokwanisa kuwana chero masevhisi etiweki pane network yedu yekumba kana kuwana Internet kuburikidza nekubatana kwedu kumba. Zvese zviri pakati pelaptop yako neserver yako yekumba (kuburikidza neWi-Fi uye internet kumba kwako) yakavharirwa mugero reSSH.
2. SSH mugero (port forwarding)
Mune chimiro chayo chakareruka, mugero weSSH unongovhura chiteshi pane yako yemunharaunda system inobatanidza kune imwe chiteshi kune imwe magumo enzira.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
Ngatitarisei parameter -L
. Inogona kurangarirwa sorutivi rwomunzvimbomo rwokuteerera. Saka mumuenzaniso uri pamusoro, port 9999 iri kuteerera padivi renzvimbo uye inotumirwa kuburikidza nechiteshi 80 kune remoteserver. Ndapota cherechedza kuti 127.0.0.1 inoreva localhost pane server iri kure!
Ngatikwire nhanho. Muenzaniso unotevera unotaurirana zviteshi zvekuteerera nevamwe vanotambira panetiweki yemuno.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver
Mune iyi mienzaniso tiri kubatanidza kune chiteshi pawebhu server, asi iyi inogona kunge iri proxy server kana chero imwe TCP sevhisi.
3. SSH tunnel kune wechitatu-party host
Tinogona kushandisa maparamendi akafanana kubatanidza tunnel kubva kune iri kure server kune imwe sevhisi inoshanda pane yechitatu system.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver
Mumuenzaniso uyu, tiri kutungamira nzira kubva kuremoteserver kuenda kuwebhu server inoshanda pa10.10.10.10. Traffic kubva kureserver kusvika 10.10.10.10 haisisiri mugero reSSH. Sevha yewebhu pa10.10.10.10 ichatora remoteserver senzvimbo yezvikumbiro zvewebhu.
4. Reverse SSH tunnel
Pano isu tichagadzirisa chiteshi chekuteerera pane iri kure server iyo inozobatanidza kumashure kuchiteshi chenzvimbo pane yedu localhost (kana imwe system).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver
Ichi chikamu cheSSH chinomisikidza chinongedzo kubva pachiteshi 1999 pane remoteserver kuenda kuchiteshi 902 pamutengi wedu wepanzvimbo.
5. SSH Reverse Proxy
Muchiitiko ichi, tiri kumisikidza socks proxy pane yedu ssh yekubatanidza, asi proxy iri kuteerera kumucheto kwesevha. Zvekubatanidza kune iyi proxy iri kure zvino zvinoonekwa kubva mugero se traffic kubva kune yedu localhost.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver
Kugadzirisa matambudziko ane kure SSH tunnels
Kana uine matambudziko nekure SSH sarudzo dziri kushanda, tarisa nayo netstat
, ndezvipi zvimwe zvinopindirana iyo chiteshi chekuteerera chakabatana nacho. Kunyangwe isu takaratidza 0.0.0.0 mumienzaniso, asi kana kukosha GatewayPorts Π² sshd_config set to kwete, ipapo muteereri achasungwa chete kune localhost (127.0.0.1).
Chengetedzo Yambiro
Ndokumbira utarise kuti nekuvhura tunnel uye masokisi proxies, yemukati network zviwanikwa zvinogona kuwanikwa kune asina kuvimbika network (senge Internet!). Izvi zvinogona kuve njodzi yakakomba yekuchengetedza, saka ita shuwa kuti unonzwisisa kuti mutereri chii uye zvavanogona kuwana.
6. Kuisa VPN kuburikidza neSSH
Izwi rinozivikanwa pakati penyanzvi dzekurwisa nzira (pentesters, nezvimwewo) i "fulcrum in network." Kana chinongedzo chamiswa pane imwe system, iyo system inova gedhi rekuwedzera kuwana kune network. A fulcrum inokubvumira kuti ufambe muhupamhi.
Kune yakadaro tsoka tinogona kushandisa SSH proxy uye proxychains, zvisinei pane zvimwe zvisingakwanisi. Semuenzaniso, hazvizogone kushanda zvakananga nezvigadziko, saka isu hatizokwanisa kuongorora madoko mukati metiweki kuburikidza SYN
.
Uchishandisa iyi yakawedzera VPN sarudzo, kubatana kunoderedzwa kusvika level 3. Isu tinogona ipapo kungofambisa traffic kuburikidza nemugero tichishandisa yakajairwa network routing.
Iyo nzira inoshandiswa ssh
, iptables
, tun interfaces
uye routing.
Kutanga iwe unofanirwa kuseta aya ma parameter mukati sshd_config
. Sezvo isu tiri kuita shanduko kune mainterfaces eese ari kure nevatengi masisitimu, isu vanoda midzi kodzero kumativi ose.
PermitRootLogin yes
PermitTunnel yes
Ipapo isu tichagadzira ssh yekubatanidza tichishandisa parameter inokumbira kutanga kwetun zvishandiso.
localhost:~# ssh -v -w any root@remoteserver
Isu tinofanirwa kuve netun mudziyo kana tichiratidza mainterfaces (# ip a
) Nhanho inotevera ichawedzera IP kero kune tunnel interfaces.
SSH divi remutengi:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up
SSH Server Side:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
Iye zvino tine nzira yakananga kune mumwe muenzi (route -n
ΠΈ ping 10.10.10.10
).
Iwe unogona kufambisa chero subnet kuburikidza nemuenzi kune rimwe divi.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
Kudivi rekure iwe unofanirwa kugonesa ip_forward
ΠΈ iptables
.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE
Boom! VPN pamusoro peSSH mugero pane network layer 3. Ikozvino ndiko kukunda.
Kana paine matambudziko, shandisa ping
kuziva chikonzero. Sezvo isu tiri kutamba pa layer 3, yedu icmp mapaketi achapfuura nemunzira iyi.
7. Kopa kiyi yeSSH (ssh-copy-id)
Pane nzira dzakati wandei dzekuita izvi, asi murairo uyu unochengetedza nguva nekusakopa mafaera nemaoko. Inongokopa ~/.ssh/id_rsa.pub (kana kiyi yekutanga) kubva kuhurongwa hwako kuenda ~/.ssh/authorized_keys
pane imwe sevha iri kure.
localhost:~$ ssh-copy-id user@remoteserver
8. Remote command execution (isina-interactive)
team ssh
Inogona kubatanidzwa nemimwe mirairo yeyakajairwa, mushandisi-inoshamwaridzika interface. Ingo wedzera murairo waunoda kumhanya pane iri kure host seyekupedzisira parameter mumakotesheni.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
Mumuenzaniso uyu grep
inoitwa pane yemuno system mushure mekunge irogi ratorwa kuburikidza ne ssh chiteshi. Kana iyo faira yakakura, zviri nyore kumhanya grep
kudivi rekure nekungovharira mirairo yese mune kaviri makotesheni.
Mumwe muenzaniso unoita basa rakafanana ne ssh-copy-id
kubva muenzaniso 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Remote packet kubatwa uye kuona muWireshark
Ndakatora mumwe wedu
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Kukopa folda yemunharaunda kune iri kure server kuburikidza neSSH
Chinyengeri chakanaka chinomanikidza folda uchishandisa bzip2
(iyi ndiyo -j sarudzo mukuraira tar
), uye obva atora rukova bzip2
kune rumwe rutivi, kugadzira duplicate folda pane iri kure server.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Remote GUI Applications ine SSH X11 Forwarding
Kana X yakaiswa pane mutengi uye sevha iri kure, saka unogona kure kure kuraira GUI nehwindo pane yako desktop desktop. Ichi chimiro chave chiripo kwenguva yakareba, asi chichiri kubatsira zvakanyanya. Tangisa webhusaiti iri kure kana kunyange iyo VMWawre Workstation koni sezvandinoita mumuenzaniso uyu.
localhost:~$ ssh -X remoteserver vmware
Tambo inodiwa X11Forwarding yes
mufaira sshd_config
.
12. Remote faira kukopa uchishandisa rsync uye SSH
rsync
zvakanyanya nyore scp
, kana uchida periodic backups yedhairekitori, nhamba huru yemafaira, kana mafaera makuru kwazvo. Pane basa rekudzoreredza kubva mukutadza kuchinjisa uye kukopa chete akachinja mafaera, ayo anochengetedza traffic uye nguva.
Uyu muenzaniso unoshandisa compression gzip
(-z) uye archiving mode (-a), iyo inogonesa kudzokorora kukopa.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH pamusoro peTor network
Iyo isingazivikanwe yeTor network inogona kuchinjisa SSH traffic uchishandisa murairo torsocks
. Murairo unotevera uchapfuura ssh proxy kuburikidza neTor.
localhost:~$ torsocks ssh myuntracableuser@remoteserver
14. SSH kune EC2 muenzaniso
Kuti ubatanidze kune EC2 muenzaniso, unoda kiyi yakavanzika. Dhawunirodha (.pem extension) kubva kuAmazon EC2 control panel uye shandura mvumo (chmod 400 my-ec2-ssh-key.pem
) Chengetedza kiyi munzvimbo yakachengeteka kana kuti isa muforodha yako ~/.ssh/
.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
Parameter -i inongoudza ssh mutengi kuti ashandise kiyi iyi. File ~/.ssh/config
Yakanakira kugadzirisa otomatiki kushandiswa kwekiyi kana uchibatanidza kune ec2 host.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Kugadzirisa zvinyorwa zvinyorwa uchishandisa VIM kuburikidza ne ssh/scp
Kune vese vanoda vim
Iyi zano ichachengetedza nguva. Nokushandisa vim
mafaira anogadziriswa kuburikidza nescp nemurairo mumwe. Iyi nzira inongogadzira iyo faira munharaunda mukati /tmp
uye wozoikopa zvakare kana tangoichengeta kubva vim
.
localhost:~$ vim scp://user@remoteserver//etc/hosts
Ongorora: iyo fomati yakati siyanei neyakajairwa scp
. Mushure memuenzi isu tine kaviri //
. Iyi ireferensi yenzira yakakwana. Imwe slash icharatidza nzira ine hukama kune yako folda yekumba users
.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])
Kana iwe ukaona kukanganisa uku, tarisa kaviri fomati yekuraira. Izvi zvinowanzoreva kukanganisa kwe syntax.
16. Kuisa SSH iri kure sefaira yemunharaunda ine SSHFS
Nekubatsirwa kwe sshfs
- faira system mutengi ssh
-tinokwanisa kubatanidza dhairekitori remunharaunda kunzvimbo iri kure nekusangana kwese kwefaira muchikamu chakavharidzirwa ssh
.
localhost:~$ apt install sshfs
Isa iyo package paUbuntu uye Debian sshfs
, uye wobva waisa nzvimbo iri kure kune yedu system.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. SSH Multiplexing neControlPath
By default, kana paine iripo yekubatanidza kune iri kure server uchishandisa ssh
chechipiri kubatana uchishandisa ssh
kana scp
inotangisa chikamu chitsva chine humwe huchokwadi. Option ControlPath
inobvumira chikamu chiripo kuti chishandiswe kune zvese zvinotevera zvinongedzo. Izvi zvichanyanya kukurumidzira maitiro: mhedzisiro inooneka kunyangwe kune network yemuno, uye zvakanyanya kana uchibatanidza kune kure zviwanikwa.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
ControlPath inotsanangura socket yekutarisa kune itsva yekubatanidza kuti uone kana paine inoshanda ssh
. Sarudzo yekupedzisira inoreva kuti kunyangwe mushure mekubuda mukoni, iyo iripo chikamu icharamba yakavhurika kwemaminetsi gumi, saka panguva ino unogona kubatanidza pane iripo socket. Kuti uwane rumwe ruzivo, ona rubatsiro. ssh_config man
.
18. Tevedzera vhidhiyo pamusoro peSSH uchishandisa VLC neSFTP
Kunyangwe vashandisi venguva refu ssh
ΠΈ vlc
(Vhidhiyo Lan Client) havawanzoziva nezve iyi sarudzo iri nyore kana iwe uchinyatsoda kuona vhidhiyo panetiweki. Muzvirongwa File | Vhura Network Stream zvirongwa vlc
unogona kupinda nzvimbo se sftp://
. Kana password ichidiwa, kukurumidza kuchaonekwa.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Kuvimbiswa kwezvinhu zviviri
Izvo zvakafanana-zviviri-chinhu chechokwadi seakaundi yako yebhangi kana Google account inoshanda kune iyo SSH sevhisi.
Ichokwadi, ssh
pakutanga ine maviri-factor authentication basa, zvinoreva password uye SSH kiyi. Kubatsira kwechiratidzo chehardware kana Google Authenticator app ndeyekuti inowanzova chinhu chakasiyana chemuviri.
Ona yedu 8-maminetsi gwara kune
20. Kusvetuka mauto ane ssh uye -J
Kana network segmentation ichireva kuti unofanirwa kusvetukira kuburikidza neakawanda ssh mauto kuti usvike kune yekupedzisira network yekuenda, iyo -J nzira yekudimbudzira inokuchengetera nguva.
localhost:~$ ssh -J host1,host2,host3 [email protected]
Chinhu chikuru chekunzwisisa apa ndechekuti izvi hazvina kufanana nemurairo ssh host1
ipapo user@host1:~$ ssh host2
etc. Iyo -J sarudzo inoshandisa neungwaru kutumira mberi kumanikidza localhost kumisa musangano nemugamuchiri anotevera mucheni. Saka mumuenzaniso wepamusoro, yedu localhost inotenderwa kune host4. Ndokureva kuti, makiyi edu emunharaunda anoshandiswa, uye chikamu kubva kuhosthost kuenda kune host4 chakavharwa zvachose.
Kune mukana wakadaro mukati ssh_config
tsanangura sarudzo yekugadzirisa ProxyJump. Kana iwe uchigara uchipfuura nepakati akati wandei, saka otomatiki kuburikidza neiyo config inochengetedza yakawanda nguva.
21. Vhara SSH brute simba kuedza kushandisa iptables
Chero ani zvake akabata SSH sevhisi uye akatarisa matanda anoziva nezvehuwandu hwehutsinye hwekuedza kunoitika awa yega yega zuva rega rega. Nzira yekukurumidza yekudzikisa ruzha mumatanda ndeyekufambisa SSH kune isiri-standard port. Ita shanduko kufaira sshd_config
kuburikidza nekugadzirisa parameter Port##.
Nekubatsirwa kwe iptables
Iwe unogona zvakare kuvharira nyore kuedza kubatana kune chiteshi kana wasvika pane imwe chikumbaridzo. Nzira iri nyore yekuita izvi ndeyekushandisa
22. SSH Escape kuti uchinje chiteshi chekufambisa
Uye muenzaniso wedu wekupedzisira ssh
yakagadzirirwa kushandura kutumira kwechiteshi pane nhunzi mukati mechikamu chiripo ssh
. Fungidzira chiitiko ichi. Iwe wakadzika mumambure; pamwe yakasvetukira anopfuura hafu yegumi nevaviri mauto uye inoda chiteshi chemuno pane yekushandira iyo inotumirwa kuMicrosoft SMB yekare Windows 2003 system (chero munhu anorangarira ms08-67?).
Kudzvanya enter
, edza kupinda mukoni ~C
. Uku kutevedzana kwesesheni inobvumira shanduko kuti iitwe kune iripo kubatana.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
Pano iwe unogona kuona kuti takaendesa chiteshi chedu chemuno 1445 kune Windows 2003 mugadziri watakawana pane yemukati network. Zvino chingomhanya msfconsole
, uye iwe unogona kuenderera mberi (uchifunga kuti unoronga kushandisa iyi host).
Kukwana
Iyi mienzaniso, mazano uye mirairo ssh
inofanira kupa pokutangira; Rumwe ruzivo nezve imwe neimwe yemirairo uye kugona kunowanikwa pamapeji emurume (man ssh
, man ssh_config
, man sshd_config
).
Ini ndagara ndichinakidzwa nekugona kuwana masisitimu uye kuita mirairo chero kupi zvako pasirese. Nekuvandudza hunyanzvi hwako nematurusi akadai ssh
unozonyanya kushanda mune chero mutambo waunotamba.
Source: www.habr.com