Mehlala e sebetsang seo se tla nka litsebo tsa hau tsa taolo ea sistimi e hole ho ea boemong bo latelang. Litaelo le malebela li tla u thusa eseng feela ho sebelisa SSH, empa hape le ho tsamaisa marang-rang ka bohlale haholoanyane.
Ho tseba maqheka a 'maloa ssh e na le thuso ho molaoli ofe kapa ofe oa sistimi, moenjiniere oa marang-rang kapa setsebi sa ts'ireletso.
Mehlala e sebetsang ea SSH
Pele lintho tsa motheo
SSH Command Line Analysis
Mohlala o latelang o sebelisa li-parameter tse tloaelehileng tseo hangata li kopanang le tsona ha u hokela ho seva se hole. SSH.
localhost:~$ ssh -v -p 22 -C neo@remoteserver-v: Lintlha tsa ho rarolla bothata, haholo-holo tse sebetsang bakeng sa ho hlahloba mathata a netefatso. E ka sebelisoa ka makhetlo a mangata ho hlahisa lintlha tse eketsehileng.- p 22: boema-kepe ba khokahano ho seva sa SSH se hole. 22 ha e hloke ho hlakisa, hobane ena ke boleng ba kamehla, empa haeba protocol e le boema-kepeng bo bong, joale re e hlalosa ka ho sebelisa parameter.-p. Sebaka sa ho mamela se hlalositsoe faelengsshd_configka setšoantšoPort 2222.-C: compression bakeng sa kgokelo. Haeba o na le khokahano e liehang kapa o shebile mongolo o mongata, sena se ka potlakisa khokahano.neo@: khoele e ka pele ho letšoao la @ ke lebitso la mosebelisi leo u ka le netefatsang ho seva se hole. Haeba u sa e hlalose, lebitso la mosebelisi la ak'haonte eo u kentseng ho eona hajoale (~$ whoami) e tla sebelisoa ka ho sa feleng. Mosebelisi a ka boela a hlalosoa ka ho sebelisa-l.remoteserver: lebitso la moamoheli eo u ka hokelang ho eonassh, ena e ka ba lebitso la domain name le tšoanelehang ka botlalo, aterese ea IP, kapa moamoheli ofe kapa ofe faeleng ea mabotho a lehae. Ho hokela ho moamoheli ea tšehetsang IPv4 le IPv6 ka bobeli, o ka eketsa paramente moleng oa taelo-4kapa-6bakeng sa tharollo e nepahetseng.
Likarolo tsohle tse ka holimo ke tsa boikhethelo ntle le remoteserver.
Ho sebelisa faele ea tlhophiso
Le hoja ba bangata ba tloaelane le faele sshd_config, ho boetse ho na le faele ea tlhophiso ea bareki bakeng sa taelo ssh. Boleng ba kamehla ~/.ssh/config, empa e ka hlalosoa e le parameter bakeng sa khetho -F.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_keyMohlala oa faele ea ssh e kaholimo, ho na le likenyo tse peli tsa moamoheli. Ea pele e hlalosa mabotho ohle, ao kaofela a sebelisang khetho ea tlhophiso ea Port 2222. Ea bobeli e re bakeng sa moamoheli remoteserver o lokela ho sebelisa lebitso la mosebelisi le fapaneng, boema-kepe, FQDN le IdentityFile.
Faele ea tlhophiso e ka boloka ho thaepa ho hongata ka ho lumella tlhophiso e tsoetseng pele hore e sebelisoe ka bo eona ha e hokela ho baamoheli ba itseng.
Ho Kopitsa Lifaele Ka SSH U Sebelisa SCP
Moreki oa SSH o tla le lisebelisoa tse ling tse peli tse sebetsang haholo bakeng sa ho kopitsa lifaele ho feta khokahanyo ea ssh e patiloeng. Ka tlase ke mohlala oa tšebeliso e tloaelehileng ea litaelo tsa scp le sftp. Hlokomela hore likhetho tse ngata tsa ssh li sebetsa le ho litaelo tsena.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.pngMohlala ona file mypic.png kopitsoa ho remoteserver ho tsamaisetsa foldareng /media/data le ho rehoa lebitso ho mypic_2.png.
U se ke ua lebala ka phapang ea parameter ea koung. Mona ke moo batho ba bangata ba ts'oaroang ha ba matha scp ho tloha molaong oa taelo. Paramethara ea koung ke ena -P, eseng -p, joalo ka moreki oa ssh! U tla lebala, empa u se ke ua tšoenyeha, bohle ba lebala.
Bakeng sa ba tloaelaneng le console ftp, litaelo tse ngata li tšoana ho sftp. U ka e etsa Sututsa, Beha и ls, kamoo pelo e lakatsang kateng.
sftp neo@remoteserverMehlala e sebetsang
Mehlala e mengata ea tsena, sephetho se ka finyelloa ka mekhoa e fapaneng. Joalo ka mehla ea rona le mehlala, khetho e fuoa mehlala e sebetsang e etsang mosebetsi feela.
1. SSH socks proxy
Sebopeho sa SSH Proxy ke nomoro ea 1 ka lebaka le utloahalang. E matla ho feta kamoo batho ba bangata ba hlokomelang, 'me e u fa monyetla oa ho fumana sistimi efe kapa efe eo seva e hole e nang le phihlello ho eona, e sebelisa hoo e batlang e le ts'ebeliso efe kapa efe. Moreki oa ssh a ka tsamaisa sephethephethe ka seva ea proxy ea SOCKS ka taelo e le 'ngoe e bonolo. Ho bohlokoa ho utloisisa hore sephethephethe ho ea lits'ebetsong tse hole se tla tsoa ho seva se hole, joalo ka ha se tla bonts'oa ho li-log tsa marang-rang.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/sshMona re ntse re tsamaisa proxy ea likausi ho TCP port 8888, taelo ea bobeli e hlahloba hore koung e sebetsa ka mokhoa oa ho mamela. 127.0.0.1 e bontša hore tšebeletso e sebetsa ho localhost feela. Re ka sebelisa taelo e fapaneng hanyane ho mamela li-interfaces tsohle, ho kenyeletsoa ethernet kapa wifi, sena se tla lumella lits'ebetso tse ling (libatli, joalo-joalo) marang-rang a rona ho hokela ts'ebeletso ea proxy ka proxy ea ssh socks.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserverHona joale re ka lokisa sebatli hore se hokahane le proxy ea likausi. Ho Firefox, khetha Litlhophiso | Kakaretso | Litlhophiso tsa marang-rang. Hlalosa aterese ea IP le boema-kepe bakeng sa khokahano.
Ela hloko khetho e ka tlase ho foromo ea ho fetisa likopo tsa DNS tsa sebatli sa hau ka proxy ea SOCKS. Haeba u sebelisa seva ea proxy ho koala sephethephethe sa marang-rang marang-rang a hau, mohlomong u tla batla ho khetha khetho ena ho tsamaisa likopo tsa DNS ka khokahano ea hau ea SSH.
Ho kenya proxy ea likausi ho Chrome
Ho qala Chrome ka li-parameter tse itseng tsa mola oa taelo ho thusa proxy ea likausi hape ho tsamaisa likopo tsa DNS ho tsoa ho sebatli. Tšepa empa netefatsa. Sebelisa ho netefatsa hore lipotso tsa DNS ha li sa bonahala.
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"Ho sebelisa lits'ebetso tse ling ka proxy
Hopola hore lits'ebetso tse ling tse ngata li ka sebelisa li-proxies tsa likausi le tsona. Sebatli sa marang-rang ke sona se tsebahalang haholo ho tsona. Lisebelisoa tse ling li na le likhetho tsa tlhophiso ho kenya proxy seva. Ba bang ba hloka thuso e nyane ho tsoa lenaneong la bathusi. Ka mohlala, e o lumella ho tsamaisa Microsoft RDP le tse ling ka proxy ea likausi.
localhost:~$ proxychains rdesktop $RemoteWindowsServerMekhahlelo ea tlhophiso ea proxy ea li-socks e behiloe faeleng ea tlhophiso ea li-proxychains.
Keletso: Haeba o sebedisa Remote Desktop ho tloha ho Linux mabapi le WindowsLeka moreki Ena ke ts'ebetsong ea morao-rao ho feta
rdesktop, ka tšebelisano e bonolo haholoanyane.
Khetho ea ho sebelisa SSH ka proxy ea likausi
U lutse ka khefing kapa hoteleng - 'me u tlameha ho sebelisa WiFi e sa tšepahaleng. Ho tsoa ho laptop, sebakeng sa rona re tsamaisa moemeli oa ssh ebe re kenya kotopo ea ssh marang-rang a lapeng ho Rasberry Pi ea lehae. Ka ho sebelisa sebatli kapa lisebelisoa tse ling tse lokiselitsoeng bakeng sa proxy ea likausi, re ka fumana litšebeletso leha e le life tsa marang-rang marang-rang a rona kapa ra kena inthaneteng ka khokahanyo ea lapeng. Ntho e ngoe le e ngoe lipakeng tsa laptop ea hau le seva sa lapeng (ka Wi-Fi le Marang-rang ho ea lapeng la hau) e kentsoe ka har'a kotopo ea SSH.
2. kotopo ea SSH (ho fetisa koung)
Ka mokhoa oa eona o bonolo, kotopo ea SSH e bula boema-kepe ho sistimi ea hau ea lehae e hokelang koung e 'ngoe ka lehlakoreng le leng la kotopo.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver Ha re shebeng parameter -L. Sena se ka nkoa e le lehlakore le mamelang la sebakeng seo. Kahoo mohlaleng o ka holimo, port 9999 e mametse ho localhost mme e fetisetsoa ka port 80 ho remoteserver. Hlokomela hore 127.0.0.1 e bua ka localhost ho seva se hole!
Ha re e nyolleng holimo. Mohlala o latelang, likou tse mamelang li hokahane le li-node tse ling marang-rang a lehae.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserverMehlala ena re hokahanya le boema-kepe ho seva sa webo, empa e ka ba seva sa proxy kapa tšebeletso efe kapa efe ea TCP.
3. kotopo ea SSH ho moamoheli oa mokha oa boraro
Re ka sebelisa li-parameter tse tšoanang ho hokahanya kotopo ho tloha ho seva se hole ho ea ho tšebeletso e 'ngoe e sebetsang tsamaisong ea boraro.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserverMohlaleng ona, re fetisetsa kotopo ho tloha remoteserver ho ea ho seva sa marang-rang se sebetsang ho 10.10.10.10. Sephethephethe ho tloha remoteserver ho ea 10.10.10.10 ha e sa le ka har'a kotopo ea SSHSeva ea marang-rang ho 10.10.10.10 e tla tšoara remoteserver joalo ka mohloli oa likopo tsa webo.
4. Reverse SSH kotopo
Mona re tla theha boema-kepe ba ho mamela ho seva se hole se tla hokela morao koung ea lehae sebakeng sa rona sa lehae (kapa sistimi e 'ngoe).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserverSeboka sena sa SSH se theha khokahano ho tloha boema-kepeng ba 1999 ho remoteserver ho ea ho port 902 ho moreki oa lehae.
5. SSH Reverse Proxy
Tabeng ena, re theha moemeli oa likausi ho khokahanyo ea rona ea ssh, empa moemeli o mamela qetellong ea seva. Lihokelo tsa moemeli oa hau o hole joale li hlaha kotopong joalo ka sephethephethe se tsoang ho moamoheli oa lehae.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserverHo rarolla mathata a Remote SSH Tunnels
Haeba u na le mathata ka likhetho tse hole tsa SSH, sheba ka netstat, moo lihokelo tse ling koung ea ho mamela e hokahaneng. Leha re boletse 0.0.0.0 mehlaleng, empa haeba boleng GatewayPorts в leneng set to value Che, joale momameli o tla tlangoa feela ho localhost (127.0.0.1).
Tlhokomeliso ea Polokeho
Ka kopo hlokomela hore ho bula lithanele le li-proxies tsa likausi ho ka pepesa lisebelisoa tsa marang-rang ho marang-rang a sa tšepahaleng (joalo ka marang-rang!). Sena se ka ba kotsi e tebileng ea ts'ireletso, kahoo etsa bonnete ba hore u utloisisa hore na momameli ke eng le hore na o khona ho fumana eng.
6. Ho kenya VPN ka SSH
Lentsoe le tloaelehileng har'a litsebi tsa mekhoa ea tlhaselo (pentesters, joalo-joalo) ke "network foothold". Hang ha khokahanyo e thehiloe tsamaisong e le 'ngoe, tsamaiso eo e fetoha tsela ea ho fumana marang-rang a eketsehileng. Sebaka se lumellang ho atolosoa.
Bakeng sa ntlha e joalo ea tšehetso re ka sebelisa proxy ea SSH le li-proxychains, leha ho le joalo, ho na le mefokolo e itseng. Ka mohlala, ha ho khonehe ho sebetsa ka ho toba le li-sockets, kahoo re ke ke ra hlahloba likou ka har'a marang-rang ka tsela SYN.
U sebelisa khetho ena e tsoetseng pele ea VPN, khokahano ea hau e fokotsehile ho boemo ba 3. Joale re ka tsamaisa sephethephethe ka har'a kotopo re sebelisa mekhoa e tloaelehileng ea marang-rang.
Mokhoa o sebelisoa ssh, iptables, tun interfaces le ho tsamaisa tsela.
Pele u lokela ho kenya paramente ena sshd_config. Kaha re ntse re etsa liphetoho ho li-interfaces tse hole le tsa bareki, re litokelo tsa metso lia hlokahala mahlakoreng ka bobeli.
PermitRootLogin yes
PermitTunnel yesEbe re theha khokahano ea ssh re sebelisa paramente e kopang ho qalisoa ha lisebelisoa tsa tun.
localhost:~# ssh -v -w any root@remoteserver Joale re lokela ho ba le sesebelisoa sa tun ha re bonts'a li-interfaces (# ip a). Mohato o latelang o tla eketsa liaterese tsa IP ho li-interface tsa kotopo.
Lehlakore la moreki oa SSH:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 upLehlakore la Seva sa SSH:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up Hona joale re na le tsela e tobileng ho moamoheli e mong (route -n и ping 10.10.10.10).
Hoa khoneha ho tsamaisa subnet efe kapa efe ka moamoheli ka lehlakoreng le leng.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0 Ka lehlakoreng le ka thōko u hloka ho nolofalletsa ip_forward и iptables.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADEBoom! VPN holim'a kotopo ea SSH sebakeng sa marang-rang sa 3Jwale hoo ke tlholo.
Haeba u na le mathata, sebelisa и pingho tseba sesosa. Kaha re bapala ho layer 3, lipakete tsa rona tsa icmp li tla feta kotopong ena.
7. Ho kopitsa senotlolo sa SSH (ssh-copy-id)
Ho na le mekhoa e mengata ea ho etsa sena, empa taelo ena e boloka nako ka ho se kopitse lifaele ka letsoho. E kopitsa ~/.ssh/id_rsa.pub (kapa senotlolo sa kamehla) ho tloha ho sistimi ea hau ho ea ho ~/.ssh/authorized_keys ho seva e hole.
localhost:~$ ssh-copy-id user@remoteserver
8. Ts'ebetso ea taelo e hole (e sa sebetseng)
sehlopha ssh e ka amahanngoa le litaelo tse ling bakeng sa sebopeho se tloaelehileng, se bonolo ho se sebelisa. Kenya feela taelo eo u batlang ho e sebelisa ho moamoheli ea hole joalo ka paramethara ea ho qetela ea mantsoe a qotsitsoeng.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php Mohlaleng ona grep e etsoa tsamaisong ea lehae ka mor'a hore log e jarollotsoe ka ssh channel. Haeba faele e le kholo, ho bonolo ho e sebelisa grep ka lehlakoreng le ka thōko, feela ka ho koala litaelo tseo ka bobeli ka mantsoe a mabeli.
Mohlala o mong o sebetsa mosebetsi o tšoanang le ssh-copy-id mohlala oa 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Ho hapa le ho shebella pakete e hole ho Wireshark
Ke nkile e 'ngoe ea rona . E sebelise ho hapa lipakete u le hole le ho hlahisa liphetho ka kotloloho ho Wireshark GUI ea lehae.
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Ho kopitsa foldara ea lehae ho seva se hole ka SSH
Leqheka le pholileng le hatellang foldara e sebelisang bzip2 (ena ke -j parameter taelong tar), ebe o ntša molapo bzip2 ka lehlakoreng le leng, ho theha foldara e 'ngoe ho seva e hole.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Lisebelisoa tsa Remote GUI tse nang le SSH X11 ho fetisa
Haeba u kentse X ho mofani le seva e hole, u ka etsa taelo ea GUI u le hole, ka fensetere ho komporo ea hau ea lehae. Karolo ena e bile teng ka nako e telele, empa e ntse e le molemo haholo. Qala sebatli sa marang-rang se hole kapa esita le VMWawre Workstation console, joalo ka ha ke etsa mohlaleng ona.
localhost:~$ ssh -X remoteserver vmware Khoele e hlokahalang X11Forwarding yes ka faele sshd_config.
12. Ho kopitsa faele e hole ka ho sebelisa rsync le SSH
rsync ka mekhoa e mengata e loketseng haholoanyane scp, haeba u hloka nako le nako ho boloka bukana, palo e kholo ea lifaele, kapa lifaele tse kholo haholo. E na le ts'ebetso ea ho hlaphoheloa ho hloleha ho fetisa le ho kopitsa lifaele tse fetotsoeng feela, tse bolokang sephethephethe le nako.
Mohlala ona o sebelisa compression. gzip (-z) le mokhoa oa ho boloka (-a), o nolofalletsang ho kopitsa hape.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH holim'a marang-rang a Tor
Marang-rang a sa tsejoeng a Tor a ka tsamaisa sephethephethe sa SSH ka taelo torsocks. Taelo e latelang e tla fetisetsa moemeli oa ssh ka Tor.
localhost:~$ torsocks ssh myuntracableuser@remoteservere tla sebelisa port 9050 ho localhost bakeng sa moemeli. Joalo ka mehla ha u sebelisa Tor, hoa hlokahala ho lekola ka botebo hore na sephethephethe se ts'oaroe joang le litaba tse ling tsa ts'ireletso ea ts'ebetso (opsec). Likopo tsa hau tsa DNS li ea hokae?
14. Mohlala oa SSH ho EC2
Ho hokela ketsahalong ea EC2, o hloka senotlolo sa lekunutu. E khoasolle (.pem extension) ho tsoa ho phanele ea taolo ea Amazon EC2 'me u fetole litumello (chmod 400 my-ec2-ssh-key.pem). Boloka senotlolo sebakeng se sireletsehileng kapa u se behe foldareng ea hau. ~/.ssh/.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public Parameter -i e bolella feela moreki oa ssh hore a sebelise senotlolo sena. Faele ~/.ssh/config E loketse ho iketsetsa ts'ebeliso ea linotlolo ha o hokela ho moamoheli oa ec2.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Ho lokisa lifaele tsa mongolo ka VIM ka ssh/scp
Bakeng sa barati bohle vim Keletso ena e tla u bolokela nako. Ka thuso ea vim lifaele li hlophisitsoe ka scp ka taelo e le 'ngoe. Mokhoa ona o etsa feela faele sebakeng sa heno /tmp, ebe rea e kopitsa hang ha re se re e bolokile ho eona vim.
localhost:~$ vim scp://user@remoteserver//etc/hosts Tlhokomeliso: Sebopeho se fapane hanyane le se tloaelehileng scp. Ka mor'a moamoheli re na le habeli //. Sena ke sesupo sa tsela e phethahetseng. Slash e le 'ngoe e tla bolela tsela e amanang le foldara ea lapeng. users.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])Haeba u bona phoso ena, hlahloba habeli sebopeho sa taelo. Hangata sena se bolela phoso ea syntax.
16. Ho beha SSH ea Remote joalo ka Folder ea Lehae e nang le SSHFS
Ka thuso ea sshfs - moreki oa sistimi ea faele ssh - re ka beha bukana ea lehae sebakeng se hole ka litšebelisano tsohle tsa lifaele ka har'a seshene e patiloeng ssh.
localhost:~$ apt install sshfs mabapi le Ubuntu и Debian Ha re kenye sephutheloana sshfs, ebe re beha sebaka se hole ho sistimi ea rona.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. SSH Multiplexing le ControlPath
Ka kamehla, haeba u na le khokahano e teng ho seva e hole u sebelisa ssh khokahano ea bobeli e sebelisang ssh kapa scp e theha seshene e ncha e nang le netefatso e eketsehileng. Khetho ControlPath e o lumella ho sebelisa seshene e teng bakeng sa likhokahano tsohle tse latelang. Sena se tla potlakisa ts'ebetso haholo: phello e bonahala esita le marang-rang a sebaka seo, 'me le ho feta ha o hokela mehloling e hole.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m ControlPath e totobatsa sokete ho lekola likhokahano tse ncha ho bona hore na ho na le seboka se sebetsang. ssh. Khetho ea ho qetela e bolela hore le ka mor'a hore u tsoe ka console, seboka se seng se ntse se le teng se tla lula se bulehile metsotso ea 10, e le hore u ka boela ua kopanya ka sokete e teng nakong ena. Ho fumana lintlha tse ling, bona thuso ssh_config man.
18. Ho phallela Video ka SSH ka VLC le SFTP
Esita le basebelisi ba nako e telele ssh и vlc (Video Lan Client) ha se kamehla u tsebang ka khetho ena e loketseng ha u hlile u hloka ho shebella video holim'a marang-rang. Litlhophisong Faele | Bula Network Stream mananeo a vlc o ka kenya sebaka joalo ka sftp://Haeba password e hlokahala, molaetsa o tla hlaha.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Bopaki ba lintlha tse peli
Netefatso e tšoanang ea lintlha tse peli eo u nang le eona ka ak'haonte ea hau ea banka kapa ak'haonte ea Google e sebetsa tšebeletsong ea SSH.
Ho hlakile hore, ssh E na le tšobotsi ea netefatso ea lintlha tse peli ka ho sa feleng, e bolelang password le senotlolo sa SSH. Molemo oa token ea hardware kapa app ea Google Authenticator ke hore hangata ke sesebelisoa se seng sa 'mele.
Sheba tataiso ea rona ea metsotso e 8 ho .
20. Hopping mabotho ka ssh le -J
Haeba karohano ea marang-rang e bolela hore u tlameha ho tlola ka har'a li-ssh tse ngata ho fihla marang-rang a hau a ho qetela, tsela e khuts'oane ea -J e tla u bolokela nako.
localhost:~$ ssh -J host1,host2,host3 user@host4.internal Ntho e ka sehloohong eo u lokelang ho e utloisisa mona ke hore sena ha se tšoane le taelo ssh host1joale user@host1:~$ ssh host2 joalo-joalo. Khetho ea -J ka bohlale e sebelisa mokhoa oa ho tsamaisa sebaka ho etsa hore moamoheli oa lehae a thehe kopano le moamoheli ea latelang ka ketane. Kahoo mohlaleng o kaholimo, sebaka sa rona sa lehae se netefalitsoe ho amohela4. Ka mantsoe a mang, ho sebelisoa linotlolo tsa rona tsa lehae, 'me seboka ho tloha sebakeng sa lehae ho ea ho host4 se patiloe ka botlalo.
Bakeng sa monyetla o joalo ka ssh_config khetha khetho ea tlhophiso ProxyJump. Haeba khafetsa u tlameha ho chencha lipakeng tsa mabotho a 'maloa, joale automation ka config e tla boloka nako e ngata.
21. Ho thibela liteko tsa SSH Bruteforce ka li-iptables
Mang kapa mang ea laolang ts'ebeletso ea SSH mme a sheba lits'oants'o o tseba palo ea liteko tse matla tse etsahalang hora e 'ngoe le e 'ngoe ea letsatsi. Mokhoa o potlakileng oa ho fokotsa lerata ka har'a li-log ke ho isa SSH boema-kepeng bo sa tloaelehang. Etsa liphetoho tse latelang faeleng sshd_config ho sebelisa parameter ea tlhophiso Kou##.
Ka thuso ea iptables Hape ho bonolo ho thibela boiteko ba ho hokela boema-kepe hang ha moeli o itseng o fihlile. Mokhoa o bonolo oa ho etsa sena ke ho sebelisa , hobane ha e thibele SSH feela, empa e etsa letoto la litekanyo tse ling tse thehiloeng ho lebitso la moamoheli (HIDS).
22. SSH Escape ho fetola phetiso ea koung
Le mohlala oa rona oa ho qetela ssh e etselitsoe ho fetola phetisetso ea boema-kepe ka har'a nako e teng sshAk'u nahane ka boemo bona. U kene ka hare ho marang-rang, mohlomong u tlola har'a li-host tse mashome a tšeletseng, 'me u hloka kou ea lehae setsing sa hau sa mosebetsi e fetisetsoang ho Microsoft SMB ea sistimi ea khale. Windows 2003 (na ho na le motho ea hopolang ms08-67?).
Ka ho tobetsa enter, leka ho kena ka console ~C. Ena ke tatelano ea taolo ea seshene e lumellang hore ho etsoe liphetoho khokahanong e teng.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port. Mona o ka bona hore re rometse kou ea rona ea lehae ea 1445 ho moamoheli. Windows 2003, e fumanoeng marangrang a kahare. Joale e tsamaise feela msfconsole, 'me u ka tsoela pele (ho nka hore u rera ho sebelisa moamoheli enoa).
Qetellong
Mehlala ena, malebela le litaelo ssh e lokela ho fana ka sebaka sa ho qala; lintlha tse ling mabapi le e 'ngoe le e 'ngoe ea litaelo le likarolo li fumaneha maqepheng a banna (man ssh, man ssh_config, man sshd_config).
Haesale ke khahloa ke bokhoni ba ho fihlella lits'ebetso le ho phethahatsa litaelo kae kapa kae lefatšeng. Ho ntlafatsa tsebo ea ka ka lisebelisoa tse kang ssh U tla atleha haholoanyane papaling efe kapa efe eo u e bapalang.
Source: www.habr.com
