ProHoster > Ibhulogi > Ulawulo > Little SSH Tricks

Little SSH Tricks

Eli nqaku liqulathe ezona ndlela zilungileyo zokusebenzisa i-SSH ngempumelelo ngakumbi. Kuyo uya kufunda indlela yokwenza:

  • Yongeza into yesibini kwi-SSH yokungena
  • Sebenzisa ngokukhuselekileyo ukuthunyelwa kwe-arhente
  • Phuma kwiseshoni ye-SSH ephazamisekileyo
  • Gcina i-terminal eqhubekayo ivuliwe
  • Yabelana ngeseshini yetheminali ekude nomhlobo (akukho Sondeza!)

Ukongeza into yesibini kwi-SSH yakho

Unokongeza into yesibini yokuqinisekisa kuqhagamshelo lwakho lwe-SSH ngeendlela ezintlanu ezahlukeneyo:

  1. Hlaziya i-OpenSSH yakho kwaye usebenzise isitshixo soguqulelo oluntsonkothileyo. NgoFebruwari ka-2020, i-OpenSSH yongeze inkxaso ye-FIDO U2F (i-Universal Second Factor) izitshixo zokubethela. Eli linqaku elitsha elitsha, kodwa kukho i-caveat: kuphela abo baxhasi kunye neeseva ezihlaziyiweyo kwi-OpenSSH 8.2 nangaphezulu baya kukwazi ukusebenzisa izitshixo zokufihla, ekubeni uhlaziyo lukaFebruwari luzisa iintlobo ezintsha eziphambili kubo. Iqela ssh –V ungajonga uguqulelo lomxhasi we-SSH kunye noguqulelo lomncedisi ngomyalelo nc [servername] 22

    Iindidi ezimbini ezintsha zezitshixo zongezwa kwinguqulo kaFebruwari - ecdsa-sk kunye ne-ed25519-sk (kunye nezatifikethi ezihambelanayo). Ukuvelisa ifayile engundoqo, faka nje isitshixo sakho sokufihla kwaye usebenzise umyalelo:
    $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk

    Iyakuvelisa izitshixo zikawonke-wonke kunye nezabucala kwaye inxulumanise nesixhobo sakho se-U2F. Umsebenzi wesitshixo esiyimfihlo kwisixhobo se-U2F kukukhupha inkcazo yemfihlo eyimfihlo kwidiski xa iqhosha lofihlo livuliwe.

    Ukongeza, njengento yesibini, unokubonelela ngebinzana lokugqitha kwizitshixo zakho.

    Isitshixo somhlali lolunye uhlobo lwe- -sk isizukulwana sesitshixo esixhaswa yi-OpenSSH. Ngale ndlela, isiphatho sigcinwa kwisixhobo se-U2F kwaye sikuvumela ukuba ube nesitshixo sofihlo xa kufuneka. Unokwenza isitshixo sokuhlala ngomyalelo:

    $ ssh-keygen -t ecdsa-sk -O resident -f ~/.ssh/id_ecdsa_sk

    Emva koko, ukubuyisela isiphatho kwinkumbulo kwisixhobo esitsha, coma iqhosha lokufihla kwaye usebenzise umyalelo:

    $ ssh-add -K

    Xa uqhagamshela kumamkeli, kusaza kufuneka uvule iqhosha loguqulelo oluntsonkothileyo.

  2. Sebenzisa i-PIV+PKCS11 kunye neYubikey. Ukuqhagamshela izixhobo ezineenguqulelo zangaphambili ze-SSHD usebenzisa isitshixo sofihlo kuya kufuna indlela eyahlukileyo. I-Yubico inesikhokelo sokusebenzisa i-U2F + SSH nge-PIV/PKCS11. Oku akufani ne-FIDO U2F, kwaye nangona indlela isebenza, ithatha umsebenzi omningi ukuqonda ukuba yintoni umlingo oyiqhubayo.
  3. Faka isiko le-yubikey-arhente ye-ssh. UFilippo Valsorda wabhala i-arhente ye-SSH ye-Yubikeys. Yintsha ngokupheleleyo kwaye iqulethe iimpawu ezincinci.
  4. Sebenzisa i-ID ye-Touch kunye ne-sekey. I-Sekey yiarhente ye-SSH yomthombo ovulekileyo ogcina izitshixo zabucala kwindawo ekhuselekileyo kwi-Mac kwaye ivumela i-ID ye-Touch isetyenziselwe ukufikelela ekusebenzeni.
  5. Sebenzisa Uphawu olunye kwi-SSH. Ndibhale isifundo ukukunceda ukuseta le ndlela. Enye yeenzuzo zophawu olunye kwi-SSH kukukwazi ukusebenzisa imigaqo-nkqubo yokhuseleko lomnikezeli wakho wesazisi - kuquka nenkxaso yoqinisekiso lwezinto ezininzi (MFA).

Ukusetyenziswa ngokukhuselekileyo kokuthunyelwa kwe-arhente

Ugqithiso lwe-arhente ye-SHH kuvumela umamkeli okude ukuba afikelele kwi-arhente ye-SSH yesixhobo sakho sasekuhlaleni. Xa usebenzisa i-SSH ngonikezelo lwe-arhente olusebenzayo (ngokuqhelekileyo nge-ssh -A), kuya kubakho amajelo amabini kuqhagamshelwano: iseshoni yakho esebenzisanayo kunye nejelo lokuthunyelwa kwe-arhente. Ngeli jelo, i-Unix socket eyenziwe ngummeli wakho we-SSH wasekhaya uqhagamshela kumamkeli okude. Le yindlela enobungozi kuba umsebenzisi onofikelelo lweengcambu kwisixhobo esikude angafumana ufikelelo kwiarhente ye-SSH yakho yasekhaya kwaye akwenze ongeyena kwi-intanethi. Usebenzisa i-arhente ye-SSH eqhelekileyo esuka kwi-Open SSH kit, awuzukwazi nokuba oku kwenzekile. Ukuba nesitshixo se-U2F (okanye i-Sekey) kuya kukunceda uvale ngokufanelekileyo naziphi na iinzame zokusebenzisa i-arhente yakho ye-SSH ngaphandle.

Nokuba unale miqathango, luluvo olulungileyo ukusebenzisa ukuthunyelwa kwearhente kancinci kangangoko. Akufunekanga uyisebenzise kwiseshoni nganye - sebenzisa ukuthunyelwa kwearhente kuphela xa uqinisekile ukuba iyafuneka kwiseshoni yangoku.

Ukuphuma kwiseshoni ejingayo

Uphazamiseko lwenethiwekhi, iinkqubo eziqhuba ngaphandle kolawulo, okanye ulandelelwano lokubaleka oluvala igalelo lebhodi yezitshixo zizonke ezinokubangela ukuba iseshoni ye-SSH ipheliswe.

Kukho iindlela ezininzi zokuphelisa iseshoni ejingayo:

  1. Phuma ngokuzenzekelayo xa inethiwekhi iphazamisekile. Kufuneka udibanise oku kulandelayo kweyakho i-.ssh/config:
    ServerAliveInterval 5
ServerAliveCountMax 1

    ssh izakuthumela i-echo kwinginginya ekude rhoqo kwi-ServerAliveInterval imizuzwana ukujonga umdibaniso. Ukuba ngaphezulu kwe-ServerAliveCountMax echoes ayifumani mpendulo, i-ssh iya kuluvala unxibelelwano kwaye iphume kwiseshoni.

  2. Phuma kwiseshoni. ssh ngokungagqibekanga isebenzisa i ~ (tilde) njengophawu lolawulo lwayo. Iqela~. ivala umdibaniso ovulekileyo kwaye ikubuyisele emva kwi-terminal. (Ulandelelwano lokubaleka lungangenwa kuphela kumgca omtsha.) I ~? izakubonisa uluhlu olupheleleyo lwemiyalelo ekhoyo kule seshini. Nceda qaphela ukuba ukuchwetheza umlinganiswa kwiibhodi zamazwe ngamazwe, unokufuna ukucinezela i ~ isitshixo kabini.

Kutheni iiseshini zomkhenkce zisenzeka konke konke? Xa kwakusenziwa i-Intanethi, iikhompyutha zazingafane zihambe zisuka kwenye indawo ziye kwenye. Xa usebenzisa iilaptops kwaye utshintshe phakathi kweenethiwekhi ezininzi ze-IPv4 WiFi, idilesi yakho ye-IP iyatshintsha. Ekubeni i-SSH ixhomekeke kuqhagamshelwano lwe-TCP, oluthi luxhomekeke kwisiphelo kunye nedilesi ye-IP ezinzileyo, nanini na xa utshintsha phakathi kweenethiwekhi, uxhulumaniso lwakho lwe-SSH luphosa umqheba wesokhethi kwaye lulahlekile ngokwalo. Xa idilesi yakho ye-IP itshintsha, kuthatha ixesha ukuba isitakhi sothungelwano sakho siqaphele ilahleko yesiphatho. Xa iingxaki zenethiwekhi zisenzeka, asifuni enye yeenodi kuqhagamshelo lwe-TCP ukuyiphelisa kwangoko. Ke ngoko, iprotocol iya kuzama ukuthumela idatha kwakhona izihlandlo ezininzi ngaphambi kokuba inikezele. Ngeli xesha, kwitheminali yakho iseshoni iya kubonakala inomkhenkce. IPv6 yongeza uninzi lwezinto ezinxulumene nokushukuma ezivumela isixhobo ukuba sigcine idilesi yasekhaya ngelixa sitshintsha uthungelwano. Mhlawumbi ngenye imini oku akuyi kuba yingxaki enjalo.

Uyigcina njani i-terminal eqhubekayo ivuliwe kwinginginya ekude

Kukho iindlela ezimbini ezahlukeneyo zokugcina unxibelelwano lwakho xa uhamba phakathi kweenethiwekhi ezahlukeneyo okanye ufuna ukuqhawula unxibelelwano okwethutyana.

1. Thatha inzuzo mosh okanye Itheminali engunaphakade

Ukuba ufuna ngokwenene uxhulumaniso olungayekiyo naxa utshintsha phakathi kweenethiwekhi, sebenzisa iqokobhe leMosh eliphathwayo. Eli liqokobhe elikhuselekileyo elisebenzisa kuqala ukuxhawula ngesandla kwe-SSH kwaye emva koko litshintshele kwitshaneli yalo efihliweyo ngexesha leseshoni. Yile ndlela uMosh enza ngayo ijelo elahlukileyo, elizinzileyo nelikhuselekileyo elinokumelana nokuphazamiseka kwe-Intanethi, utshintsho kwidilesi ye-IP yelaptop yakho, ukucinywa kwenethiwekhi okunzulu, nokunye okuninzi, kwaye konke oku kubulela kubugqi bonxibelelwano lwe-UDP, ngokunjalo. njengeMosh iprotocol yongqamaniso.

Ukusebenzisa i-Mosh kuya kufuneka uyifake kuzo zombini umxhasi kunye nomncedisi, kwaye uvule izibuko 60000-61000 yetrafikhi ye-UPD engadityaniswanga kumamkeli wakho akude. Kwixesha elizayo, ukudibanisa kuya kuba kwanele ukusebenzisa mosh user@server.

I-Mosh isebenza kwinqanaba lezikrini kunye nezitshixo, ezinika inani leenzuzo ngaphezu kokuthumela umjelo wokubini wegalelo eliqhelekileyo kunye nemveliso phakathi komxhasi kunye nomncedisi we-SSH. Ukuba sifuna kuphela ukuvumelanisa izikrini kunye nezitshixo, ngoko ukubuyisela uxhulumaniso olwaphukileyo kamva kuba lula kakhulu. Ngelixa i-SSH iza kuphazamisa kwaye ithumele yonke into eyenzekileyo, iMosh ifuna kuphela ukunqanda izitshixo kwaye ingqamanise isakhelo sokugqibela sefestile yesiphelo kunye nomxhasi.

2. Sebenzisa i-tmux

Ukuba ufuna "ukuza kwaye uhambe njengoko uthanda" kwaye ugcine iseshoni ye-terminal kwinginginya ekude, sebenzisa i-terminal multiplexer tmux. Ndiyayithanda i-tmux kwaye ndiyisebenzisa ngalo lonke ixesha. Ukuba uxhulumaniso lwakho lwe-SSH luphazamisekile, emva koko ukubuyela kwiseshoni yakho ye-tmux kufuneka uqhagamshele kwakhona kwaye ungene. tmux attach. Ukongeza, ineempawu ezintle ezinje ngeethebhu ze-intra-terminal kunye neepaneli, ezifana neethebhu kwi-terminal ye-iOS, kunye nokukwazi ukwabelana ngeetheminali nabanye.

Abanye abantu bathanda ukuphucula i-tmux yabo ngeByobu, iphakheji ephucula kakhulu ukusetyenziswa kwe-tmux kwaye yongeza iindlela ezimfutshane zekhibhodi. I-Byobu iza ne Ubuntu, kwaye kulula ukuyifaka kwiMac ngeHomebrew.

Ukwabelana ngeseshini yetheminali ekude nomhlobo

Ngamanye amaxesha, xa ulungisa iingxaki ezinzima kwiiseva zakho, unokufuna ukwabelana ngeseshoni ye-SSH nomntu ongekho kwigumbi elifanayo nawe. I-tmux ifanelekile kulo msebenzi! Ithatha kuphela amanyathelo ambalwa:

  1. Qinisekisa ukuba i-tmux ifakiwe kwindawo yakho yogcino, okanye nakweyiphi na iseva oza kusebenza nayo.
  2. Nobabini kuya kufuneka ukuba usebenzise i-SSH kwisixhobo usebenzisa iakhawunti efanayo.
  3. Omnye wenu kufuneka eqhuba i-tmux ukuqala iseshoni ye-tmux.
  4. Enye kufuneka iqhube i-tmux attach
  5. Voila! Unetheminali ekwabelwana ngayo.

Ukuba ufuna iiseshini ze-tmux eziphucukileyo zabasebenzisi abaninzi, zama i-tmate, ifolokhwe ye-tmux eyenza iiseshini ze-terminal ekwabelwana ngazo zibe lula kakhulu.

umthombo: www.habr.com

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster