Mehlala e sebetsang , e tla nka tsebo ea hau joaloka mookameli oa tsamaiso ea hole ho ea boemong bo bocha. Litaelo le malebela li tla thusa eseng feela ho sebelisa SSH, empa hape u tsamaise marang-rang ka bokhoni bo eketsehileng.
Ho tseba maqheka a 'maloa ssh e na le thuso ho molaoli ofe kapa ofe oa sistimi, moenjiniere oa marang-rang kapa setsebi sa ts'ireletso.
Mehlala ea SSH e sebetsang
Pele lintho tsa motheo
Ho fetisa mola oa taelo oa SSH
Mohlala o latelang o sebelisa li-parameter tse tloaelehileng tseo hangata li kopanang le tsona ha u hokela ho seva se hole SSH.
localhost:~$ ssh -v -p 22 -C neo@remoteserver-v: Sephetho sa ho lokisa liphoso se bohlokoa haholo ha ho hlahlojoa mathata a netefatso. E ka sebelisoa ka makhetlo a mangata ho hlahisa lintlha tse eketsehileng.- p 22: boema-kepe ba khokahano ho seva sa SSH se hole. 22 ha ea tlameha ho hlalosoa, hobane ena ke boleng ba kamehla, empa haeba protocol e le koung e 'ngoe, joale re e hlalosa ka ho sebelisa parameter.-p. Sebaka sa ho mamela se hlalositsoe faelengsshd_configka setšoantšoPort 2222.-C: Khatello bakeng sa khokahano. Haeba o na le khokahano e liehang kapa o sheba mongolo o mongata, sena se ka potlakisa khokahano.neo@: Mohala o ka pele ho letšoao la @ o bontša lebitso la mosebelisi bakeng sa netefatso ho seva se hole. Haeba u sa e hlalose, e tla lula e le lebitso la mosebelisi la akhaonto eo u keneng ho eona hajoale (~$whoami). Mosebelisi a ka boela a hlalosoa ho sebelisa parameter-l.remoteserver: lebitso la moamoheli eo u ka hokelang ho eonassh, ena e ka ba lebitso la domain name le tšoanelehang ka botlalo, aterese ea IP, kapa moamoheli ofe kapa ofe faeleng ea mabotho a lehae. Ho hokela ho moamoheli ea tšehetsang IPv4 le IPv6 ka bobeli, o ka eketsa paramente moleng oa taelo-4kapa-6bakeng sa tharollo e nepahetseng.
Likarolo tsohle tse ka holimo ke tsa boikhethelo ntle le remoteserver.
Ho sebelisa faele ea tlhophiso
Le hoja ba bangata ba tloaelane le faele sshd_config, ho boetse ho na le faele ea tlhophiso ea bareki bakeng sa taelo ssh. Boleng ba kamehla ~/.ssh/config, empa e ka hlalosoa e le parameter bakeng sa khetho -F.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_keyHo na le likenyelletso tse peli tsa moamoheli molemong oa faele ea ssh e kaholimo. Ea pele e bolela mabotho ohle, bohle ba sebelisa parameter ea tlhophiso ea Port 2222. Ea bobeli e re bakeng sa moamoheli. remoteserver lebitso la mosebelisi le fapaneng, boema-kepe, FQDN le IdentityFile li lokela ho sebelisoa.
Faele ea tlhophiso e ka boloka nako e ngata ea ho thaepa ka ho lumella tlhophiso e tsoetseng pele hore e sebelisoe ka bo eona ha e hokela ho baamoheli ba itseng.
Ho kopitsa lifaele ka SSH ho sebelisa SCP
Moreki oa SSH o tla le lisebelisoa tse ling tse peli tse sebetsang haholo bakeng sa ho kopitsa lifaele ho feta khokahanyo ea ssh e patiloeng. Sheba ka tlase bakeng sa mohlala oa tšebeliso e tloaelehileng ea litaelo tsa scp le sftp. Hlokomela hore likhetho tse ngata tsa ssh li sebetsa le litaelong tsena.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.pngMohlala ona file mypic.png kopitsoa ho remoteserver ho tsamaisetsa foldareng /media/data le ho rehoa lebitso ho mypic_2.png.
U se ke ua lebala ka phapang ea parameter ea koung. Mona ke moo batho ba bangata ba ts'oaroang ha ba qala scp ho tloha molaong oa taelo. Mona ke parameter ea boema-kepe -P, eseng -p, joalo ka moreki oa ssh! U tla lebala, empa u se ke ua tšoenyeha, bohle ba lebala.
Bakeng sa ba tloaelaneng le console ftp, litaelo tse ngata li tšoana ho sftp. U ka etsa joalo Sututsa, Beha и lskamoo pelo e lakatsang kateng.
sftp neo@remoteserverMehlala e sebetsang
Mehlala e mengata ea tsena, liphello li ka finyelloa ka mekhoa e fapaneng. Joalo ka mehla ea rona le mehlala, khetho e fuoa mehlala e sebetsang e etsang mosebetsi oa eona feela.
1. SSH socks proxy
Sebopeho sa SSH Proxy ke nomoro ea 1 ka lebaka le utloahalang. E matla ho feta kamoo ba bangata ba hlokomelang 'me e u fa monyetla oa ho fumana sistimi efe kapa efe eo seva e hole e nang le phihlello ho eona, e sebelisa hoo e batlang e le ts'ebeliso efe kapa efe. Moreki oa ssh a ka tsamaisa sephethephethe ka proxy ea SOCKS ka taelo e le 'ngoe e bonolo. Ke habohlokoa ho utloisisa hore sephethephethe ho ea ho litsamaiso tse hole se tla tsoa ho seva se hole, sena se tla bontšoa ho li-log tsa marang-rang.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/sshMona re tsamaisa proxy ea likausi ho TCP port 8888, taelo ea bobeli e hlahloba hore boema-kepe bo sebetsa ka mokhoa oa ho mamela. 127.0.0.1 e bontša hore tšebeletso e sebetsa feela ho localhost. Re ka sebelisa taelo e fapaneng hanyane ho mamela li-interfaces tsohle, ho kenyeletsoa ethernet kapa wifi, sena se tla lumella lits'ebetso tse ling (libatli, joalo-joalo) marang-rang a rona ho hokela ts'ebeletso ea proxy ka proxy ea ssh socks.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserverHona joale re ka lokisa sebatli hore se hokahane le proxy ea likausi. Ho Firefox, khetha Litlhophiso | Motheo | Litlhophiso tsa marang-rang. Hlalosa aterese ea IP le boema-kepe ho hokela.
Ka kopo ela hloko khetho e botlaaseng ba foromo ea hore likopo tsa DNS tsa sebatli sa hau li fetele ho proxy ea SOCKS. Haeba u sebelisa seva ea proxy ho koala sephethephethe sa marang-rang marang-rang a hau, mohlomong u tla batla ho khetha khetho ena e le hore likopo tsa DNS li kenngoe ka khokahanyo ea SSH.
Ho kenya proxy ea likausi ho Chrome
Ho qala Chrome ka li-parameter tse itseng tsa mola oa taelo ho tla thusa proxy ea likausi, hammoho le ho etsa likopo tsa DNS ho tsoa ho sebatli. Tšepa empa hlahloba. Sebelisa ho hlahloba hore na lipotso tsa DNS ha li sa bonahala.
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"Ho sebelisa lits'ebetso tse ling ka proxy
Hopola hore lits'ebetso tse ling tse ngata le tsona li ka sebelisa li-proxies tsa likausi. Sebatli sa Marang-rang ke sona se tsebahalang haholo ho tsona kaofela. Lisebelisoa tse ling li na le likhetho tsa tlhophiso ho nolofalletsa seva ea proxy. Ba bang ba hloka thuso e nyane ka lenaneo la mothusi. Ka mohlala, e o lumella ho matha ka proxy ea likausi Microsoft RDP, joalo-joalo.
localhost:~$ proxychains rdesktop $RemoteWindowsServerMekhahlelo ea tlhophiso ea proxy ea li-socks e behiloe faeleng ea tlhophiso ea li-proxychains.
Tlhahiso: haeba u sebelisa komporo e hole ho tloha Linux ho Windows? Leka moreki . Ena ke ts'ebetsong ea morao-rao ho feta
rdesktop, ka phihlelo e bonolo haholoanyane.
Khetho ea ho sebelisa SSH ka proxy ea likausi
U lutse ka khefing kapa hoteleng - 'me u qobelloa ho sebelisa WiFi e sa tšepahaleng. Re qala proxy ea ssh sebakeng sa heno ho tsoa ho laptop ebe re kenya kotopo ea ssh marang-rang a lapeng ho Rasberry Pi ea lehae. Ka ho sebelisa sebatli kapa lits'ebetso tse ling tse etselitsoeng proxy ea likausi, re ka fihlella lits'ebeletso life kapa life tsa marang-rang marang-rang a rona kapa ra kena Marang-rang ka khokahano ea lapeng. Ntho e ngoe le e ngoe e lipakeng tsa laptop ea hau le seva ea hau ea lapeng (ka Wi-Fi le marang-rang ho ea lapeng la hau) e patiloe ka har'a kotopo ea SSH.
2. kotopo ea SSH (ho fetisa koung)
Ka mokhoa oa eona o bonolo, kotopo ea SSH e bula boema-kepe ho sistimi ea hau ea lehae e hokelang koung e 'ngoe pheletsong e' ngoe ea kotopo.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
Ha re shebeng parameter -L. E ka nkoa e le lehlakore la sebaka sa ho mamela. Kahoo mohlaleng o ka holimo, port 9999 e mametse ka lehlakoreng la localhost mme e fetisetsoa ka port 80 ho remoteserver. Ka kopo hlokomela hore 127.0.0.1 e bua ka localhost ho seva se hole!
Ha re nyoloheng ka mohato. Mohlala o latelang o buisana le likou tse mamelang le baamoheli ba bang marang-rang a lehae.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserverMehlaleng ena re hokela koung ho seva sa webo, empa sena e ka ba seva sa proxy kapa ts'ebeletso efe kapa efe ea TCP.
3. kotopo ea SSH ho moamoheli oa mokha oa boraro
Re ka sebelisa li-parameter tse tšoanang ho hokahanya kotopo ho tloha ho seva se hole ho ea ho tšebeletso e 'ngoe e sebetsang tsamaisong ea boraro.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserverMohlaleng ona, re tsamaisa kotopo ho tloha ho remoteserver ho ea ho seva ea tepo e sebetsang ka 10.10.10.10. Sephethephethe ho tloha remoteserver ho ea 10.10.10.10 ha e sa le ka har'a kotopo ea SSH. Seva ea marang-rang ho 10.10.10.10 e tla nka remoteserver e le mohloli oa likopo tsa webo.
4. Reverse SSH kotopo
Mona re tla hlophisa sebaka sa ho mamela ho seva se hole se tla hokela morao koung ea lehae sebakeng sa rona sa lehae (kapa sistimi e 'ngoe).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserverSeboka sena sa SSH se theha khokahano ho tloha boema-kepeng ba 1999 ho remoteserver ho ea ho port 902 ho moreki oa lehae.
5. SSH Reverse Proxy
Tabeng ena, re theha proxy ea likausi ho khokahanyo ea rona ea ssh, empa moemeli o mametse qetellong ea seva. Lihokelo tsa moemeli oa hau o hole joale li hlaha kotopong joalo ka sephethephethe se tsoang ho moamoheli oa lehae.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserverHo rarolla mathata ka lithanele tsa SSH tse hole
Haeba u na le mathata ka likhetho tse hole tsa SSH tse sebetsang, hlahloba le netstat, ke li-interface life tse ling tseo kou e mamelang e hokahaneng le tsona. Le hoja re bontšitse 0.0.0.0 mehlaleng, empa haeba boleng GatewayPorts в leneng set to Che, joale momameli o tla tlangoa feela ho localhost (127.0.0.1).
Tlhokomeliso ea Tšireletso
Ka kopo elelloa hore ka ho bula lithanele le li-proxies tsa likausi, lisebelisoa tsa marang-rang tsa kahare li ka fumaneha ho marang-rang a sa tšepahaleng (joalo ka Marang-rang!). Sena e ka ba kotsi e tebileng ea ts'ireletso, kahoo etsa bonnete ba hore u utloisisa hore na motho ea mametseng ke eng le hore na a ka fihlella eng.
6. Ho kenya VPN ka SSH
Lentsoe le tloaelehileng har'a litsebi tsa mekhoa ea tlhaselo (pentesters, joalo-joalo) ke "fulcrum in the network." Hang ha khokahanyo e thehiloe tsamaisong e le 'ngoe, tsamaiso eo e fetoha tsela ea ho kena marang-rang. fulcrum e u lumellang hore u tsamaee ka bophara.
Bakeng sa boemo bo joalo re ka sebelisa proxy ea SSH le li-proxychains, leha ho le joalo ho na le mefokolo e itseng. Ka mohlala, ho ke ke ha khoneha ho sebetsa ka ho toba ka li-sockets, kahoo re ke ke ra khona ho hlahloba likou ka har'a marang-rang ka SYN.
U sebelisa khetho ena e tsoetseng pele ea VPN, khokahano e fokotsoa ho boemo 3. Joale re ka tsamaisa sephethephethe ka har'a kotopo re sebelisa mekhoa e tloaelehileng ea marang-rang.
Mokhoa o sebelisoa ssh, iptables, tun interfaces le ho tsamaisa tsela.
Pele u lokela ho kenya paramente ena sshd_config. Kaha re ntse re etsa liphetoho ho li-interface tsa litsamaiso tse hole le tsa bareki, re hloka litokelo tsa motso mahlakoreng ka bobeli.
PermitRootLogin yes
PermitTunnel yesEbe re tla theha khokahano ea ssh re sebelisa paramente e kopang ho qalisoa ha lisebelisoa tsa tun.
localhost:~# ssh -v -w any root@remoteserver
Hona joale re lokela ho ba le sesebelisoa sa tun ha re bontša li-interfaces (# ip a). Mohato o latelang o tla eketsa liaterese tsa IP ho li-interface tsa kotopo.
Lehlakore la moreki oa SSH:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 upLehlakore la Seva sa SSH:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
Hona joale re na le tsela e tobileng ho moamoheli e mong (route -n и ping 10.10.10.10).
U ka tsamaisa subnet efe kapa efe ka moamoheli ka lehlakoreng le leng.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
Ka lehlakoreng le ka thōko u tlameha ho lumella ip_forward и iptables.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADEBoom! VPN holim'a kotopo ea SSH sebakeng sa marang-rang sa 3. Jwale hoo ke tlholo.
Haeba ho na le mathata, sebelisa и pingho tseba sesosa. Kaha re bapala ho layer 3, lipakete tsa rona tsa icmp li tla feta kotopong ena.
7. Kopitsa konopo ea SSH (ssh-copy-id)
Ho na le mekhoa e mengata ea ho etsa sena, empa taelo ena e boloka nako ka ho se kopitse lifaele ka letsoho. E kopitsa ~/.ssh/id_rsa.pub (kapa senotlolo sa kamehla) ho tloha ho sistimi ea hau ho ea ho ~/.ssh/authorized_keys ho seva e hole.
localhost:~$ ssh-copy-id user@remoteserver
8. Ts'ebetso ea taelo e hole (e sa sebetseng)
sehlopha ssh E ka amahanngoa le litaelo tse ling bakeng sa sebopeho se tloaelehileng, se bonolo sa mosebedisi. Kenya feela taelo eo u batlang ho e sebelisa ho moamoheli ea hole joalo ka paramethara ea ho qetela ea mantsoe a qotsitsoeng.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
Mohlaleng ona grep e etsoa tsamaisong ea lehae ka mor'a hore log e jarollotsoe ka ssh channel. Haeba faele e le kholo, ho bonolo ho e sebelisa grep ka lehlakoreng le ka thōko ka ho koala litaelo ka bobeli ka mantsoe a mabeli.
Mohlala o mong o etsa mosebetsi o tšoanang le ssh-copy-id mohlala oa 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Ho hapa le ho shebella pakete e hole ho Wireshark
Ke nkile e 'ngoe ea rona . E sebelise ho hapa lipakete u le hole le ho hlahisa liphetho ka kotloloho ho Wireshark GUI ea lehae.
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Ho kopitsa foldara ea lehae ho seva se hole ka SSH
Leqheka le letle le hatellang foldara ka ho sebelisa bzip2 (ena ke khetho ea -j taelong tar), ebe o ntša molapo bzip2 ka lehlakoreng le leng, ho theha foldara e 'ngoe ho seva e hole.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Lisebelisoa tsa Remote GUI tse nang le SSH X11 Forwarding
Haeba X e kentsoe ho moreki le seva e hole, joale o ka phethisa taelo ea GUI u le hole ka fensetere ho komporo ea hau ea lehae. Karolo ena e bile teng ka nako e telele, empa e ntse e le molemo haholo. Qala sebatli sa marang-rang se hole kapa esita le VMWawre Workstation console joalo ka ha ke etsa mohlaleng ona.
localhost:~$ ssh -X remoteserver vmware
Khoele e hlokahalang X11Forwarding yes ka faele sshd_config.
12. Ho kopitsa faele e hole ka ho sebelisa rsync le SSH
rsync e loketseng haholo scp, haeba o hloka li-backups tsa nako le nako tsa directory, palo e kholo ea lifaele, kapa lifaele tse kholo haholo. Ho na le ts'ebetso ea ho hlaphoheloa ho hloleha ha phetisetso le ho kopitsa lifaele tse fetotsoeng feela, tse bolokang sephethephethe le nako.
Mohlala ona o sebelisa compression gzip (-z) le mokhoa oa ho boloka (-a), o nolofalletsang ho kopitsa hape.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH holim'a marang-rang a Tor
Marang-rang a sa tsejoeng a Tor a ka tsamaisa sephethephethe sa SSH ka taelo torsocks. Taelo e latelang e tla fetisa moemeli oa ssh ka Tor.
localhost:~$ torsocks ssh myuntracableuser@remoteservere tla sebelisa port 9050 ho localhost bakeng sa moemeli. Joalo ka mehla, ha u sebelisa Tor u hloka ho lekola ka botebo hore na sephethephethe se ntse se ts'oaroa joang le litaba tse ling tsa ts'ireletso ea ts'ebetso (opsec). Lipotso tsa hau tsa DNS li ea hokae?
14. Mohlala oa SSH ho EC2
Ho hokela ketsahalong ea EC2, o hloka senotlolo sa lekunutu. E khoasolle (.pem extension) ho tsoa ho phanele ea taolo ea Amazon EC2 'me u fetole litumello (chmod 400 my-ec2-ssh-key.pem). Boloka senotlolo sebakeng se sireletsehileng kapa u se behe foldareng ea hau ~/.ssh/.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
Parameter -i e bolella feela moreki oa ssh hore a sebelise senotlolo sena. Faele ~/.ssh/config E loketse ho iketsetsa ts'ebeliso ea linotlolo ha o hokela ho moamoheli oa ec2.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Ho lokisa lifaele tsa mongolo ka VIM ka ssh/scp
Bakeng sa barati bohle vim Keletso ena e tla boloka nako. Ka ho sebelisa vim lifaele li hlophisitsoe ka scp ka taelo e le 'ngoe. Mokhoa ona o etsa feela faele sebakeng sa heno /tmpebe rea e kopitsa hang ha re se re e bolokile vim.
localhost:~$ vim scp://user@remoteserver//etc/hosts
Tlhokomeliso: sebopeho se fapane hanyane le se tloaelehileng scp. Ka mor'a moamoheli re na le habeli //. Ena ke sesupo sa tsela e felletseng. Slash e le 'ngoe e tla bontša tsela e amanang le foldara ea hau ea lapeng users.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])Haeba u bona phoso ena, hlahloba habeli sebopeho sa taelo. Hangata sena se bolela phoso ea syntax.
16. Ho kenya SSH e hole joalo ka foldara ea lehae e nang le SSHFS
Ka thuso ea sshfs - moreki oa sistimi ea faele ssh - re ka hokela bukana ea lehae sebakeng se hole ka litšebelisano tsohle tsa faele ka har'a seshene e patiloeng ssh.
localhost:~$ apt install sshfs
Kenya sephutheloana ho Ubuntu le Debian sshfs, ebe o beha sebaka se hole ho sistimi ea rona.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. SSH Multiplexing le ControlPath
Ka kamehla, haeba ho na le khokahano e teng ho seva e hole e sebelisang ssh khokahano ea bobeli e sebelisang ssh kapa scp e theha seshene e ncha e nang le netefatso e eketsehileng. Khetho ControlPath e lumella seboka se seng se ntse se le teng ho sebelisoa bakeng sa likhokahano tsohle tse latelang. Sena se tla potlakisa ts'ebetso haholo: phello e bonahala esita le marang-rang a sebaka seo, 'me le ho feta ha o hokela mehloling e hole.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
ControlPath e totobatsa sokete ho lekola likhokahano tse ncha ho bona hore na ho na le seboka se sebetsang ssh. Khetho ea ho qetela e bolela hore le ka mor'a hore u tsoe ka console, seboka se seng se ntse se le teng se tla lula se bulehile metsotso ea 10, kahoo ka nako ena u ka boela ua kopanya soketeng e teng. Ho fumana lintlha tse ling, bona thuso. ssh_config man.
18. Tsamaisa video ka SSH u sebelisa VLC le SFTP
Esita le basebelisi ba nako e telele ssh и vlc (Video Lan Client) ha se kamehla u tsebang ka khetho ena e loketseng ha u hlile u hloka ho shebella video ka marang-rang. Litlhophisong Faele | Bula Network Stream mananeo a vlc o ka kenya sebaka joalo ka sftp://. Haeba password e hlokahala, molaetsa o tla hlaha.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Bopaki ba lintlha tse peli
Netefatso e tšoanang ea lintlha tse peli joalo ka ak'haonte ea hau ea banka kapa ak'haonte ea Google e sebetsa tšebeletsong ea SSH.
Ho hlakile hore, ssh qalong e na le ts'ebetso ea netefatso ea lintlha tse peli, e bolelang senotlolo le senotlolo sa SSH. Molemo oa token ea hardware kapa app ea Google Authenticator ke hore hangata ke sesebelisoa sa 'mele se fapaneng.
Sheba tataiso ea rona ea metsotso e 8 ho .
20. Ho qhoma mabotho ka ssh le -J
Haeba karohano ea marang-rang e bolela hore u tlameha ho tlola ka har'a li-ssh tse ngata ho fihla marang-rang a ho qetela, tsela e khuts'oane ea -J e tla u bolokela nako.
localhost:~$ ssh -J host1,host2,host3 [email protected]
Ntho e ka sehloohong eo u lokelang ho e utloisisa mona ke hore sena ha se tšoane le taelo ssh host1joale user@host1:~$ ssh host2 joalo-joalo. Khetho ea -J e sebelisa ho fetisa ka bohlale ho qobella moamoheli oa lehae ho theha seboka le moamoheli ea latelang ketane. Kahoo mohlaleng o kaholimo, sebaka sa rona sa lehae se netefalitsoe ho amohela4. Ke hore, ho sebelisoa linotlolo tsa rona tsa lehae, 'me lenaneo ho tloha sebakeng sa lehae ho ea ho host4 le patiloe ka botlalo.
Bakeng sa monyetla o joalo ka ssh_config khetha khetho ea tlhophiso ProxyJump. Haeba kamehla u tlameha ho feta har'a mabotho a 'maloa, joale automation ka config e tla boloka nako e ngata.
21. Thibela liteko tsa matla a brute a SSH ho sebelisa li-iptables
Mang kapa mang ea laolang ts'ebeletso ea SSH mme a sheba lits'oants'o o tseba ka palo ea liteko tse matla tse etsahalang hora e 'ngoe le e 'ngoe ea letsatsi. Mokhoa o potlakileng oa ho fokotsa lerata ka har'a li-log ke ho isa SSH boema-kepeng bo sa tloaelehang. Etsa liphetoho faeleng sshd_config ka parameter ea tlhophiso Kou##.
Ka thuso ea iptables U ka thibela habonolo liteko tsa ho hokela koung ha u fihla moeling o itseng. Mokhoa o bonolo oa ho etsa sena ke ho sebelisa , hobane ha e thibele SSH feela, empa e na le letoto la mehato e meng ea ho lemoha ho kenella ka har'a lebitso la moamoheli (HIDS).
22. SSH Escape ho fetola phetiso ea koung
Le mohlala oa rona oa ho qetela ssh e etselitsoe ho fetola phetisetso ea boema-kepe ka har'a nako e teng ssh. Nahana ka boemo bona. U tebile marang-rang; mohlomong o ile a tlola mabotho a fetang halofo ea leshome le metso e 'meli 'me a hloka boema-kepe ba lehae sebakeng sa mosebetsi se fetisetsoang ho Microsoft SMB ea sistimi ea khale ea Windows 2003 (mang kapa mang ea hopolang ms08-67?).
Ho tobetsa enter, leka ho kena ka console ~C. Ena ke tatelano ea taolo ea seshene e lumellang hore ho etsoe liphetoho khokahanong e teng.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
Mona u ka bona hore re fetisitse boema-kepe ba rona ba lehae 1445 ho Windows 2003 moamoheli eo re e fumaneng marang-rang a kahare. Joale matha feela msfconsole, 'me u ka tsoela pele (ho nka hore u rera ho sebelisa moamoheli enoa).
Qetellong
Mehlala ena, malebela le litaelo ssh e lokela ho fana ka ntlha ea ho qala; Lintlha tse ling mabapi le e 'ngoe le e 'ngoe ea litaelo le bokhoni li fumaneha maqepheng a banna (man ssh, man ssh_config, man sshd_config).
Haesale ke khahloa ke bokhoni ba ho fihlella lits'ebetso le ho phethahatsa litaelo kae kapa kae lefatšeng. Ka ho ntlafatsa tsebo ea hau ka lisebelisoa tse kang ssh u tla atleha haholoanyane papaling efe kapa efe eo u e bapalang.
Source: www.habr.com