Tusaalayaal wax ku ool ah SSH, kaas oo xirfadahaaga maamulaha nidaamka fog gaadhsiin doona heer cusub. Awaamiirta iyo talooyinka ayaa kaa caawin doona ma aha oo kaliya in la isticmaalo SSH, laakiin sidoo kale u gudub shabakada si karti leh.

Aqoonta dhowr xeeladood ssh faa'iido u leh maamulaha nidaamka, injineerka shabakada ama khabiirka amniga.

Tusaalooyinka SSH ee wax ku oolka ah

1. SSH socks proxy
2. SSH tunnel (dekedu u gudbiso)
3. Tunnel SSH ilaa martigeliyaha saddexaad
4. Gadaal tunnel SSH
5. SSH gadaal wakiil
6. Ku rakibida VPN ka badan SSH
7. Koobiyaynta furaha SSH (ssh-koobi-id)
8. Fulinta amarka fog (aan is dhexgal ahayn)
9. Qabashada iyo daawashada baakidhka fog ee Wireshark
10. Ku koobiyaynta gal maxalli ah oo loo sii marinayo SSH
11. Codsiyada GUI fog ee leh SSH X11 Gudbinta
12. Koobiyaynta fogaanta faylka iyadoo la adeegsanayo rsync iyo SSH
13. SSH ee shabakada Tor
14. SSH ilaa EC2 tusaale ahaan
15. Tafatirka feylasha qoraalka iyadoo la adeegsanayo VIM iyadoo la adeegsanayo ssh/scp
16. Ku dheji meel fog ee SSH sida gal maxalli ah oo leh SSHFS
17. Isku-dhufashada SSH ee leh Waddada Kontoroolka
18. Ku daadi fiidyowyada SSH adoo isticmaalaya VLC iyo SFTP
19. Xaqiijinta laba-factor
20. Ku boodista martida SSH iyo -J
21. Joojinta isku-dayga xoogga wax-ku-oolka ah ee SSH iyadoo la isticmaalayo iptables
22. SSH Escape si aad u bedesho gudbinta dekeda

Marka hore aasaaska

Falanqaynta khadka taliska SSH

Tusaalahan soo socdaa waxa uu isticmaalayaa halbeegyada caadiga ah ee inta badan lala kulmo marka lagu xidho server fog SSH.

localhost:~$ ssh -v -p 22 -C neo@remoteserver

• -v: Soo saarista cilladaha ayaa si gaar ah faa'iido u leh marka la falanqeynayo dhibaatooyinka aqoonsiga. Waxaa loo isticmaali karaa dhowr jeer si loo muujiyo macluumaad dheeraad ah.
• - p 22: dekedda isku xirka U dir server-ka fog ee SSH. 22 ma aha in la cayimo, sababtoo ah kani waa qiimaha caadiga ah, laakiin haddii borotokoolku ku yaal deked kale, ka dibna waxaan ku qeexnaa isticmaalka cabbirka -p. Dekadda dhegeysiga ayaa lagu qeexay faylka sshd_config qaab ahaan Port 2222.
• -CCadaadiska xiriirka. Haddii aad leedahay xiriir gaabis ah ama aad aragto qoraallo badan, tani waxay soo dedejin kartaa xiriirka.
• neo@: Xariiqda ka horraysa summada @ waxay tusinaysaa magaca isticmaalaha si loogu xaqiijiyo server-ka fog. Haddii aadan cayimin, waxay ku dhici doontaa magaca isticmaalaha koontada aad hadda ku jirto (~$whoami). Isticmaalaha sidoo kale waxaa lagu qeexi karaa iyada oo la adeegsanayo cabbirka -l.
• remoteserver: magaca martida loo yahay in lagu xidho ssh, Kani wuxuu noqon karaa magac domain oo dhamaystiran, ciwaanka IP-ga, ama martigeliyaha kasta oo ku jira faylka martida loo yahay. Si aad ugu xidho martigeliyaha taageera IPv4 iyo IPv6 labadaba, waxaad ku dari kartaa cabbirka khadka taliska -4 ama -6 xallinta saxda ah.

Dhammaan xuduudaha kor ku xusan waa ikhtiyaari marka laga reebo remoteserver.

Isticmaalka faylka qaabeynta

Inkastoo qaar badan ay yaqaaniin faylka sshd_config, waxa kale oo jira faylka qaabaynta macmiilka ee amarka ssh. Qiimaha caadiga ah ~/.ssh/config, laakiin waxa lagu qeexi karaa in ay tahay halbeeg doorasho -F.

Host *
     Port 2222

Host remoteserver
     HostName remoteserver.thematrix.io
     User neo
     Port 2112
     IdentityFile /home/test/.ssh/remoteserver.private_key

Waxaa jira laba galmood oo martigeliyaha ah tusaale ahaan faylka qaabeynta ssh ee kore. Midka hore wuxuu ka dhigan yahay dhammaan martigeliyayaasha, dhammaantood waxay isticmaalayaan habka qaabeynta ee Port 2222. Midka labaad ayaa sheegaya in martida loo yahay. remoteserver magac isticmaal oo ka duwan, deked, FQDN iyo IdentityFile waa in la isticmaalaa.

Faylka qaabeynta wuxuu badbaadin karaa waqti badan oo wax qoris ah isagoo u oggolaanaya qaabeynta horumarsan in si toos ah loogu dabaqo marka lagu xirayo martigeliyayaal gaar ah.

Ku koobiyaynta faylasha SSH adoo isticmaalaya SCP

Macmiilka SSH waxa uu la socdaa laba qalab oo kale oo aad u anfacaya oo lagu koobiyaynayo faylasha isku xirka ssh sir ah. Hoos ka eeg tusaale isticmaalka caadiga ah ee amarrada scp iyo sftp. Ogsoonow in qaar badan oo ka mid ah xulashooyinka ssh ay sidoo kale khuseeyaan amarradan.

localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png

Tusaalahan faylka khuraafaad.png laga guuriyay remoteserver gal /media/xogta oo loo bixiyay mypic_2.png.

Ha iloobin farqiga u dhexeeya cabbirka dekedda. Tani waa halka ay dad badani ku dhacaan marka ay bilaabayaan scp laga bilaabo khadka taliska. Waa kan cabbirka dekedda -Piyo ma -p, sida macmiilka ssh! Waad illoobi doontaa, laakiin ha werwerin, qof kastaa wuu illoobaa.

Kuwa aqoonta u leh console-ka ftp, qaar badan oo ka mid ah amarrada ayaa la mid ah sftp. Waad sameyn kartaa riix, saaray и lssida qalbigu rabo.

sftp neo@remoteserver

Tusaalayaal wax ku ool ah

Qaar badan oo ka mid ah tusaalooyinkan, natiijooyinka waxaa lagu gaari karaa habab kala duwan. Sida dhammaanteen buugaagta waxbarashada iyo tusaalooyin, doorbidid ayaa la siiyaa tusaalooyin wax ku ool ah oo si fudud u guta shaqadooda.

1. SSH socks proxy

Tilmaamaha wakiillada SSH waa lambarka 1 sabab wanaagsan awgeed. Way ka awood badan tahay kuwa badan oo garwaaqsada waxayna ku siinaysaa marin u helka nidaam kasta oo server-ka fog uu heli karo, iyadoo la isticmaalayo ku dhawaad ​​codsi kasta. Macmiilka ssh wuxuu marin karaa taraafikada SOCKS wakiil leh hal amar oo fudud. Waa muhiim in la fahmo in taraafikada nidaamyada fog-fog ay ka iman doonaan server-ka fog, tan waxaa lagu tilmaami doonaa diiwaannada server-ka shabakadda.

localhost:~$ ssh -D 8888 user@remoteserver

localhost:~$ netstat -pan | grep 8888
tcp        0      0 127.0.0.1:8888       0.0.0.0:*               LISTEN      23880/ssh

Halkan waxaan ku socodsiineynaa wakiilka sharabaadada ee dekedda TCP 8888, amarka labaad wuxuu hubinayaa in dekeddu ay firfircoon tahay habka dhegeysiga. 127.0.0.1 waxay tusinaysaa in adeegu ku shaqeeyo localhost. Waxaan isticmaali karnaa amar yar oo ka duwan si aan u dhageysanno dhammaan is-dhexgalka, oo ay ku jiraan ethernet ama wifi, tani waxay u oggolaan doontaa codsiyada kale (browser, iwm.) ee shabakadayada inay ku xirmaan adeegga wakiillada iyada oo loo marayo ssh socks proxy.

localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver

Hadda waxaan u habeyn karnaa browserka si uu ugu xiro wakiilka sharabaadada. Firefox, dooro Dejinta | Aasaaska | Dejinta shabakada. Sheeg ciwaanka IP-ga iyo dekedda si aad isugu xidho.

Fadlan ogow ikhtiyaarka hoose ee foomka si aad sidoo kale u hesho codsiyada biraawsarkaaga ee DNS ay maraan wakiil SOCKS ah. Haddii aad isticmaalayso server-ka wakiil si aad u sirayso taraafikada shabakada shabakadaada deegaanka, waxa aad u badantahay in aad rabto in aad doorato doorashadan si codsiyada DNS loo dhex maro xidhiidhka SSH.

Ku hawlgelinta wakiilka sharabaadada gudaha Chrome

Daah-furka Chrome oo leh cabbirro xariiqo talis ah oo gaar ah waxay awood u siin doontaa wakiillada sharabaadada, iyo sidoo kale habaynta codsiyada DNS ee browserka. Kalsooni laakiin hubi. Isticmaal tcpdump si loo hubiyo in weydiimaha DNS aysan hadda muuqan.

localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"

Isticmaalka codsiyada kale ee leh wakiil

Maskaxda ku hay in codsiyo kale oo badan ay sidoo kale isticmaali karaan wakiilada sharabaadada. Barowsarku waa kan ugu caansan dhammaantood. Codsiyada qaarkood waxay leeyihiin ikhtiyaaro habayn si ay awood ugu yeeshaan server-ka wakiilnimada. Kuwa kale waxay u baahan yihiin in yar oo laga caawiyo barnaamijka caawiye. Tusaale ahaan, proxychains waxay kuu ogolaanaysaa inaad dhex marto iskaashatooyinka Microsoft RDP, iwm.

localhost:~$ proxychains rdesktop $RemoteWindowsServer

Halbeegyada qaabeynta proxy-ka sharabaadada ayaa lagu dejiyay faylka qaabeynta proxychains.

Tilmaam: haddii aad isticmaaleyso desktop-ka fog ee Linux ee Windows? Isku day macmiilka FreeRDP. Tani waa hirgelin ka casrisan marka loo eego rdesktop, oo leh khibrad aad u jilicsan.

Ikhtiyaarka lagu isticmaalo SSH iyada oo loo marayo wakiilka sharabaadada

Waxaad fadhidaa kafateeri ama hudheel - waxaana lagugu qasbay inaad isticmaasho WiFi aan la isku halayn karin. Waxaan ka soo saarnay wakiil ssh gudaha laptop-ka waxaana ku rakibnay tunnel ssh gudaha shabakada guriga Rasberry Pi maxalli ah. Isticmaalka browserka ama codsiyada kale ee loo habeeyey wakiilka sharabaadada, waxaan ka geli karnaa adeeg kasta oo shabakad ah oo ku yaal shabakadayada guriga ama waxaan ka galeynaa internetka iyada oo loo marayo xiriirka gurigayaga. Wax kasta oo u dhexeeya laptop-kaaga iyo server-ka gurigaaga (iyada oo loo sii marayo Wi-Fi iyo intarneedka ilaa gurigaaga) waxay ku qarsoon yihiin tunnelka SSH.

2. SSH tunnel (dekedu u gudbiso)

Qaabka ugu fudud, tunnel-ka SSH wuxuu si fudud u furayaa deked nidaamka deegaankaaga ah oo ku xidha deked kale oo ku taal cidhifka kale ee tunnelka.

localhost:~$ ssh  -L 9999:127.0.0.1:80 user@remoteserver

Aan eegno halbeegga -L. Waxaa loo malayn karaa inay tahay dhinaca dhegeysiga ee degaanka. Marka tusaalaha kore, dekedda 9999 waxay ka dhegeysaneysaa dhinaca localhost waxaana lagu sii gudbiyaa dekedda 80 oo loo sii gudbiyaa fogeeyaha. Fadlan ogow in 127.0.0.1 ay tixraacayso localhost server-ka fog!

Aan kor u qaadno tallaabada. Tusaalaha soo socdaa waxa uu la xidhiidha dekedaha dhegaysiga martigeliyayaasha kale ee shabakada maxaliga ah.

localhost:~$ ssh  -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver

Tusaalooyinkan waxaan ku xireynaa deked ku taal server-ka shabakadda, laakiin tani waxay noqon kartaa adeegaha wakiil ama adeeg kasta oo TCP ah.

3. Tunnel SSH ilaa cid saddexaad oo martida loo yahay

Waxaan u isticmaali karnaa isla jaangooyooyin isku mid ah si aan ugu xidhno tunnel ka server fog iyo adeeg kale oo ku shaqeeya nidaamka saddexaad.

localhost:~$ ssh  -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver

Tusaalahan, waxaanu ka hagajinaynaa tunnelka fog-server-ka una wareejinaynaa server-ka shabakadeed ee socda 10.10.10.10. Taraafikada ka fog server-ka ilaa 10.10.10.10 kuma sii jiro tunnelka SSH. Adeegga shabakadda ee 10.10.10.10 wuxuu u tixgelin doonaa fogeeyaha inuu yahay isha codsiyada shabakadda.

4. U rogo tunnel SSH

Halkan waxaan ku habeyn doonaa dekedda dhegeysiga ee server-ka fog kaas oo dib ugu xiri doona dekedda maxaliga ah ee localhost (ama nidaam kale).

localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver

Kalfadhigan SSH waxa uu deked 1999 ka dhigayaa xidhidh ku xidhidhiyaha fogfog ilaa dekeda 902 macmiilka deegaankayaga.

5. SSH Reverse Proxy

Xaaladdan oo kale, waxaan ku dhejineynaa wakiilka sharabaadada xiriirkayaga ssh, laakiin wakiilku wuxuu ku dhegeysanayaa cirifka fog ee server-ka. Xidhiidhinta wakiilkan fog ayaa hadda uga muuqda tunnelka sida taraafikada ka imanaysa localhost.

localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver

Xallinta mashaakilaadka tunnelyada fog ee SSH

Haddii aad dhibaato kala kulanto fursadaha fog ee SSH ee shaqeynaya, ka hubi netstat, waa maxay is-dhexgalka kale ee dekedda dhegeysiga ku xiran tahay. Inkasta oo aan ku muujinnay 0.0.0.0 tusaalooyinka, laakiin haddii qiimaha GatewayPorts в sshd_config dhigay maya, ka dib dhegaystaha waxa lagu xidhi doonaa oo kaliya localhost (127.0.0.1).

Digniin Amni

Fadlan la soco in marka la furo tunnel-yada iyo sharaabaadyada proxies, ilaha shabakadaha gudaha waxaa laga yaabaa inay galaan shabakadaha aan la aamini karin (sida internetka!). Tani waxay noqon kartaa khatar amni oo halis ah, markaa iska hubi inaad fahantay waxa dhegaystuhu yahay iyo waxa ay galaangal u leeyihiin.

6. Ku rakibida VPN iyada oo loo marayo SSH

Eray caadi ah oo ka dhex jira khubarada ku takhasusay hababka weerarka (pentesters, iwm.) waa "wax-ka-qabashada shabakada." Marka la isku xidho hal nidaam, nidaamkaasi waxa uu noqdaa albaabka laga galo gelitaanka shabakada. A fulcrum ah oo kuu ogolaanaya inaad u guurto si ballac ah.

Si loo helo cag noocaas ah waxaan u isticmaali karnaa wakiilka SSH iyo proxychains, si kastaba ha ahaatee waxaa jira xaddidaadyo. Tusaale ahaan, suurtogal ma noqon doonto in si toos ah loogu shaqeeyo saldhigyada, sidaas darteed ma awoodi doono in aan iskaankaro dekedaha shabakada Nmap SYN.

Isticmaalka ikhtiyaarkan VPN ee horumarsan, isku xirka waa la dhimay heerka 3. Kadibna waxaan si fudud u mari karnaa taraafikada tunnelka anagoo adeegsanayna marinka shabakada caadiga ah.

Habka loo isticmaalo ssh, iptables, tun interfaces iyo marin habaabinta.

Marka hore waxaad u baahan tahay inaad dejiso xuduudahan sshd_config. Maadaama aanu isbedel ku samaynayno is dhexgalka nidaamyada fog iyo macmiilka labadaba, waxaanu waxay u baahan yihiin xuquuq xidid labada dhinacba.

PermitRootLogin yes
PermitTunnel yes

Markaa waxaanu samayn doonaa xidhiidhka ssh anagoo adeegsanayna cabirka codsanaya bilowga aaladaha tun.

localhost:~# ssh -v -w any root@remoteserver

Waa in aan hadda haysanaa qalab tun ah marka aanu muujinayno is-dhexgalka (# ip a). Talaabada xigta waxay ku dari doontaa ciwaanada IP-ga ee tunnel-ka.

Dhanka macmiilka SSH:

localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up

Dhinaca Server-ka SSH:

remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up

Hadda waxaan haysanaa waddo toos ah oo loo maro martigeliyaha kale (route -n и ping 10.10.10.10).

Waxaad u marin kartaa subnet kasta iyada oo loo marayo martigeliyaha dhinaca kale.

localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0

Dhinaca fog waa inaad awood u yeelataa ip_forward и iptables.

remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE

Boom! VPN dulmarsan tunnel-ka SSH ee lakabka 3. Hadda taasi waa guul.

Haddii wax dhibaato ahi dhacaan, isticmaal tcpdump и pingsi loo ogaado sababta. Maadaama aan ku ciyaareyno lakabka 3, xirmooyinkayaga icmp waxay mari doonaan tunnelkan.

7. Koobiyi furaha SSH (ssh-koobi-id)

Waxaa jira dhowr siyaabood oo tan loo sameeyo, laakiin amarkani wuxuu badbaadiyaa waqti adiga oo aan gacanta ku koobiyaynin faylasha. Waxay si fudud u koobiyaysaa ~/.ssh/id_rsa.pub (ama furaha caadiga ah) ee nidaamkaaga ~/.ssh/authorized_keys on server fog.

localhost:~$ ssh-copy-id user@remoteserver

8. Fulinta amarka fog (aan dhexgal ahayn)

kooxda ssh Waxa lagu xidhidhi karaa amarrada kale ee is-dhexgal caadi ah oo saaxiibtinimo ku leh. Kaliya ku dar amarka aad rabto inaad ku socodsiiso martigeliyaha fog sida cabbirka ugu dambeeya ee xigashooyinka.

localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php

Tusaalahan grep lagu fuliyay nidaamka deegaanka ka dib markii logu soo dejiyo kanaalka ssh. Haddii feylku weyn yahay, way ku habboon tahay in la ordo grep dhanka fogfog adigoo si fudud labada amar ugu xidhaya xigashooyin laba jibaaran.

Tusaale kale wuxuu qabtaa shaqo la mid ah tan ssh-copy-id tusaale 7.

localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'

9. Qabashada iyo daawashada baakidhka fog ee Wireshark

Mid naga mid ah ayaan qaatay tcpdump tusaalayaal. U isticmaal si aad meel fog uga qabato baakadaha oo aad u muujiso natiijooyinka si toos ah GUI gudaha Wireshark.

:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -

10. Koobiynta galka maxaliga ah ee server-ka fog iyadoo loo sii marayo SSH

Khiyaamo fiican oo ku cadaadiya galka adoo isticmaalaya bzip2 (tani waa ikhtiyaarka -j ee amarka tar), ka dibna dib u soo ceshanaya qulqulka bzip2 dhinaca kale, abuurista gal nuqul ka mid ah server-ka fog.

localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"

11. Codsiyada GUI fog ee leh SSH X11 Gudbinta

Haddii X lagu rakibo macmiilka iyo server-ka fog, markaa waxaad meel fog ka fulin kartaa amarka GUI daaqada miiska deegaankaaga. Habkani wuxuu jiray muddo dheer, laakiin weli waa mid faa'iido leh. Bilow biraawsar shabakad fog ama xitaa VMWawre Workstation console sida aan ku sameeyo tusaalahan.

localhost:~$ ssh -X remoteserver vmware

Xarig loo baahan yahay X11Forwarding yes faylka ku jira sshd_config.

12. Koobiynta fogaanta faylka iyadoo la adeegsanayo rsync iyo SSH

rsync aad uga habboon scp, haddii aad u baahan tahay kayd wakhtiyeedka tusaha, tiro badan oo faylal ah, ama faylal aad u waaweyn. Waxaa jira shaqo loogu talagalay ka soo kabashada fashilka wareejinta iyo koobiyaynta kaliya faylasha la beddelay, kaas oo badbaadiya socodka iyo waqtiga.

Tusaalahani waxa uu isticmaalaa cadaadis gzip (-z) iyo habka kaydinta (-a), kaas oo awood u siinaya koobiyeynta soo noqnoqda.

:~$ rsync -az /home/testuser/data remoteserver:backup/

13. SSH oo dulmarsan shabakada Tor

Shabakadda Tor ee qarsoodiga ah waxay marin kartaa taraafikada SSH iyadoo adeegsanaysa amarka torsocks. Amarka soo socda ayaa gudbi doona wakiilka ssh ee Tor.

localhost:~$ torsocks ssh myuntracableuser@remoteserver

Torsocks waxay isticmaali doontaa dekedda 9050 ee localhost wakiil. Sida had iyo jeer, marka aad isticmaalayso Tor waxaad u baahan tahay inaad si dhab ah u hubiso waxa taraafikada lagu hagaajinayo iyo arrimaha kale ee amniga hawlgalka (opsec). Xaggee bay aadaan waydiimaha DNS kaaga?

14. SSH ilaa EC2 tusaale ahaan

Si aad ugu xidho tusaale EC2, waxaad u baahan tahay fure gaar ah. Ka soo dejiso (.pem extension) ka Amazon EC2 kontoroolka oo beddel oggolaanshaha (chmod 400 my-ec2-ssh-key.pem). Ku hay furaha meel aamin ah ama geli galkaaga ~/.ssh/.

localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public

Xildhibaan -i si fudud ugu sheeg macmiilka ssh inuu isticmaalo furahaan. Faylka ~/.ssh/config Ku habboon in si toos ah loo habeeyo isticmaalka furaha marka lagu xidho martigeliyaha ec2.

Host my-ec2-public
   Hostname ec2???.compute-1.amazonaws.com
   User ubuntu
   IdentityFile ~/.ssh/my-ec2-key.pem

15. Tafatirka feylasha qoraalka iyadoo la adeegsanayo VIM iyadoo la adeegsanayo ssh/scp

Dhamaan dadka jecel vim Taladani waxay badbaadin doontaa wakhti. Adigoo isticmaalaya vim faylasha waxaa lagu tafatiray iyada oo loo marayo scp oo leh hal amar. Habkani wuxuu si fudud u abuuraa faylka gudaha gudaha /tmpka dibna dib u koobiyeeyo mar aan ka badbaadnay vim.

localhost:~$ vim scp://user@remoteserver//etc/hosts

Xusuusin: qaabku wax yar ayuu ka duwan yahay kan caadiga ah scp. Ka dib martigeliyaha waxaan leenahay double //. Tani waa tixraac dhab ah. Hal jeex ayaa tilmaamaya dariiqa loo maro galka gurigaaga users.

**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])

Haddii aad aragto qaladkan, laba jeer hubi qaabka amarka. Tani waxay badanaa ka dhigan tahay qalad syntax.

16. Ku rakibida SSH fog sida gal maxalli ah oo leh SSHFS

Iyada oo gargaar ah sshfs - macmiilka nidaamka faylka ssh - Waxaan ku xidhi karnaa hagaha maxalliga ah meel fog oo leh dhammaan isdhexgalka faylalka ee fadhi qarsoodi ah ssh.

localhost:~$ apt install sshfs

Ku rakib xirmada Ubuntu iyo Debian sshfs, ka dibna si fudud ugu dheji meesha fog ee nidaamkayaga.

localhost:~$ sshfs user@remoteserver:/media/data ~/data/

17. Isku-dhufashada SSH oo leh Waddada Kontoroolka

Sida caadiga ah, haddii uu jiro xiriir ka jira server fog oo isticmaalaya ssh isku xirka labaad isticmaalaya ssh ama scp abuuraa fadhi cusub oo leh xaqiijin dheeraad ah. Ikhtiyaarka ControlPath u ogolaanaya fadhiga jira in loo isticmaalo dhammaan xidhiidhada xiga. Tani waxay si weyn u dedejin doontaa geeddi-socodka: saameyntu waa la dareemi karaa xitaa shabakada maxaliga ah, iyo xitaa in ka badan marka lagu xiro ilaha fog.

Host remoteserver
        HostName remoteserver.example.org
        ControlMaster auto
        ControlPath ~/.ssh/control/%r@%h:%p
        ControlPersist 10m

ControlPath waxay qeexdaa godka si loo hubiyo xidhiidhada cusub si loo eego haddii uu jiro fadhi firfircoon ssh. Xulashada ugu dambeysa waxay ka dhigan tahay xitaa ka dib markaad ka baxdo console-ka, fadhiga hadda jira wuxuu ahaan doonaa mid furan ilaa 10 daqiiqo, markaa inta lagu jiro wakhtigan waxaad dib ugu xiri kartaa godka jira. Wixii macluumaad dheeraad ah, arag caawimada. ssh_config man.

18. Ku daadi fiidyowyada SSH adigoo isticmaalaya VLC iyo SFTP

Xitaa isticmaalayaasha muddada dheer ssh и vlc (Video Lan Client) had iyo jeer kama warqabaan doorashadan ku habboon marka aad runtii u baahan tahay inaad daawato muuqaal shabakada. In settings File | Fur Network Stream barnaamijyada vlc waxaad geli kartaa goobta sida sftp://. Haddii loo baahdo furaha sirta ah, degdeg ayaa soo bixi doonta.

sftp://remoteserver//media/uploads/myvideo.mkv

19. Xaqiijinta laba-factor

Xaqiijin la mid ah labada arrimood ee xisaabtaada bangiga ama akoonkaaga Google ayaa quseeya adeegga SSH.

Dabcan, ssh marka hore waxa uu leeyahay shaqo sugida laba-factor, taas oo macnaheedu yahay erayga sirta ah iyo furaha SSH. Faa'iidada qalabka qalabka ama abka Google Authenticator waa in ay badanaa tahay qalab jireed oo ka duwan.

Eeg hagahayaga 8-daqiiqo ah adoo isticmaalaya Google Authenticator iyo SSH.

20. Ku boodka martida ssh iyo -J

Haddii qaybinta shabakadu ay ka dhigan tahay inaad ka dhex boodboodayso martigaliyayaasha ssh badan si aad u hesho shabakada meesha ugu dambeysa, gaaban -J ayaa kaa badbaadin doonta waqti.

localhost:~$ ssh -J host1,host2,host3 [email protected]

Waxa ugu weyn ee la fahmi karo halkan waa in tani aysan la mid ahayn amarka ssh host1markaa user@host1:~$ ssh host2 iwm. Xulashada -J waxay si xariifnimo leh u isticmaashaa gudbinta si ay ugu qasabto localhost in ay dhisto fadhi ay la yeelanayso martigeliyaha xiga ee silsiladda. Marka tusaalaha kore, localhost ayaa loo xaqiijiyay in uu yahay martigeliyaha4. Taasi waa, furayaasha localhost waa la isticmaalaa, iyo fadhiga laga bilaabo localhost ilaa host4 gabi ahaanba waa la siray.

Suurtagalnimadan oo kale gudaha ssh_config sheeg doorashada qaabeynta ProxyJump. Haddii aad si joogto ah u leedahay inaad u gudubto dhowr martigaliyayaasha, ka dibna otomatiga iyada oo loo marayo qaabeynta ayaa badbaadin doonta waqti badan.

21. Jooji isku dayga xooga SSH adoo isticmaalaya iptables

Qof kasta oo maamulay adeegga SSH oo eegay diiwaanka waxa uu garanayaa tirada isku dayga xoog-fudud ee dhaca saacad kasta maalin kasta. Habka ugu dhaqsaha badan ee lagu dhimi karo sawaxanka logyada waa in SSH loo raro deked aan caadi ahayn. Isbeddel ku samee faylka sshd_config via parameter qaabeynta Dekedda##.

Iyada oo gargaar ah iptables Waxa kale oo aad si fudud u xannibi kartaa isku dayada aad ku xidhayso dekedda markaad gaadho heer cayiman. Habka ugu fudud ee tan loo sameeyo waa in la isticmaalo OSSEC, sababtoo ah kaliya maaha inay xannibto SSH, laakiin waxay samaysaa tiro badan oo ka mid ah cabbiraadaha ogaanshaha galitaanka (HIDS).

22. SSH ka baxso si aad u bedesho gudbinta dekeda

Iyo tusaalaheenii ugu dambeeyay ssh loogu talagalay in lagu beddelo gudbinta dekedda ee duulista gudaha fadhiga jira ssh. Bal qiyaas dhacdadan. Waxaad ku qotontaa shabakada; Waxaa laga yaabaa inay kor u dhaaftay nus darsin martigaliyayaasha oo u baahan deked maxalli ah oo ku taal goobta shaqada ee loo gudbiyo Microsoft SMB ee nidaamkii hore ee Windows 2003 (qofna ma xasuusto ms08-67?).

Riixitaanka enter, isku day inaad gasho konsole ~C. Kani waa isku xigxiga kontoroolka kalfadhi kaas oo ogolaanaya in isbedel lagu sameeyo xidhiidhka jira.

localhost:~$ ~C
ssh> -h
Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KL[bind_address:]port                 Cancel local forward
      -KR[bind_address:]port                 Cancel remote forward
      -KD[bind_address:]port                 Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.

Halkan waxaad ku arki kartaa inaan u gudbinay dekedeena maxalliga ah 1445 a Windows 2003 martida loo yahay oo aan ka helnay shabakadda gudaha. Hadda orod uun msfconsole, oo waad dhaqaaqi kartaa (adiga oo u maleynaya inaad qorsheyneyso inaad isticmaasho martida loo yahay).

Buuxi

Tusaalooyinkan, talooyinka iyo amarradan ssh waa inuu bixiyaa bar bilow; Macluumaad dheeraad ah oo ku saabsan mid kasta oo ka mid ah amarrada iyo awoodaha ayaa laga heli karaa boggaga ninka (man ssh, man ssh_config, man sshd_config).

Had iyo jeer waxaa aad ii soo jiitay awoodda aan ku galo nidaamyada iyo fulinta amarada meel kasta oo adduunka ah. Adiga oo ku kobcinaya xirfadahaaga qalabka sida ssh waxaad noqon doontaa mid waxtar badan ciyaar kasta oo aad ciyaareyso.

Source: www.habr.com