Imizekelo esebenzayo SSH
, kodwa ujonge inethiwekhi ngokufanelekileyo ngakumbi.
Ukwazi amaqhinga ambalwa ssh
iluncedo nakuwuphi na umlawuli wenkqubo, injineli yenethiwekhi okanye ingcali yokhuseleko.
Imizekelo ye-SSH esebenzayo
Iikawusi ze-SSH zommeleli Itonela ye-SSH (ukuthunyelwa kwezibuko) Itonela ye-SSH ukuya kumamkeli wesithathu Reverse SSH tonela Ummeli we-SSH umva Ukufakela i-VPN ngaphezulu kwe-SSH Ukukopa iqhosha le-SSH (ssh-copy-id) Ukuphunyezwa komyalelo okude (akusebenziswano) Ukuthathwa kwepakethi ekude kunye nokujongwa kwiWireshark Ukukhuphela incwadi yobulali kwiseva ekude nge-SSH Usetyenziso lwe-GUI olukude nge-SSH X11 Ugqithiso Ukukopa ifayile ekude usebenzisa i-rsync kunye ne-SSH SSH phezu kwenethiwekhi yeTor Umzekelo we-SSH ukuya ku-EC2 Ukuhlela iifayile zokubhaliweyo usebenzisa i-VIM nge-ssh/scp Nyusa i-SSH ekude njengefolda yendawo nge-SSHFS I-Multiplexing SSH nge-ControlPath Ukusasaza ividiyo nge-SSH usebenzisa iVLC kunye neSFTP Izinto ezimbini ezingqinisisiweyo Ukutsiba iinginginya nge-SSH kunye no -J Ukuthintela i-SSH brute force imizamo usebenzisa iptables I-SSH Escape ukutshintsha ugqithiso lwezibuko
Okokuqala iziseko
Ukwahlulahlula umgca womyalelo we-SSH
Lo mzekelo ulandelayo usebenzisa iiparameters eziqhelekileyo kudibana rhoqo xa uqhagamshela kwiseva ekude SSH
.
localhost:~$ ssh -v -p 22 -C neo@remoteserver
-v
: Imveliso yolungiso lweempazamo iluncedo ngakumbi xa uhlalutya iingxaki zoqinisekiso. Ingasetyenziswa amaxesha amaninzi ukubonisa ulwazi olongezelelweyo.- p 22
: izibuko loqhagamshelo kwiseva ekude ye-SSH. 22 ayifuni kuchazwa, kuba eli lixabiso elingagqibekanga, kodwa ukuba umthetho olandelwayo ukwelinye izibuko, ngoko siyayikhankanya sisebenzisa iparameter.-p
. Indawo yokumamela ichaziwe kwifayilesshd_config
kwifomathiPort 2222
.-C
: Uxinzelelo loqhagamshelwano. Ukuba unodibaniso olucothayo okanye jonga okubhaliweyo okuninzi, oku kungakhawulezisa uqhagamshelwano.neo@
: Umgca phambi kwesimboli @ ibonisa igama lomsebenzisi loqinisekiso kumncedisi okude. Ukuba awuyikhankanyi, izakuhlala ikwigama lomsebenzisi leakhawunti ongene kuyo ngoku (~$whoami). Umsebenzisi unokuchazwa kusetyenziswa iparamitha-l
.remoteserver
: igama lomamkeli omawuqhagamshelwe kuwossh
, oku kunokuba ligama le-domain eliqeqeshwe ngokupheleleyo, idilesi ye-IP, okanye nayiphi na inginginya kwifayile yenginginya yendawo. Ukuqhagamshela kumamkeli oxhasa zombini i-IPv4 kunye ne-IPv6, unokongeza iparamitha kumgca womyalelo-4
okanye-6
kwisisombululo esifanelekileyo.
Zonke ezi parameters zingentla zinokuzikhethela ngaphandle remoteserver
.
Ukusebenzisa ifayile yoqwalaselo
Nangona abaninzi baqhelene nefayile sshd_config
, kukho kwakhona ifayile yoqwalaselo yomxhasi yomyalelo ssh
. Ixabiso elimiselweyo ~/.ssh/config
, kodwa inokuchazwa njenge parameter yokhetho -F
.
Host *
Port 2222
Host remoteserver
HostName remoteserver.thematrix.io
User neo
Port 2112
IdentityFile /home/test/.ssh/remoteserver.private_key
Kukho amangeno amabini omamkeli kumzekelo wefayile yoqwalaselo ye-ssh apha ngasentla. Eyokuqala ithetha zonke iinginginya, zonke zisebenzisa iparamitha yoqwalaselo lwePort 2222. Eyesibini ithi kumamkeli iseva ekude igama lomsebenzisi elahlukileyo, izibuko, i-FQDN kunye nefayile yesazisi kufuneka isetyenziswe.
Ifayile yoqwalaselo inokugcina ixesha elininzi lokuchwetheza ngokuvumela uqwalaselo oluphezulu ukuba lusetyenziswe ngokuzenzekelayo xa uqhagamsheleka kwiinginginya ezithile.
Ukukopa iifayile nge-SSH usebenzisa i-SCP
Umxhasi we-SSH uza nezinye izixhobo ezibini eziluncedo kakhulu zokukopa iifayile ngaphezulu udibaniso olufihliweyo lwe-ssh. Jonga ngezantsi umzekelo wosetyenziso olusemgangathweni lwe-scp kunye nemiyalelo ye-sftp. Qaphela ukuba uninzi lweenketho ze-ssh ziyasebenza kule miyalelo ngokunjalo.
localhost:~$ scp mypic.png neo@remoteserver:/media/data/mypic_2.png
Kulo mzekelo ifayile mypic.png ikopishelwe ku iseva ekude kwifolda /media/data kwaye ithiywe kwakhona ku mypic_2.png.
Musa ukulibala malunga nokwahlukana kwiparameter ye-port. Kulapho abantu abaninzi babanjwa khona xa beqalisa scp
ukusuka kumgca womyalelo. Nantsi iparameter yezibuko -P
, kwaye akunjalo -p
, njengakwiklayenti ye-ssh! Uya kulibala, kodwa ungakhathazeki, wonke umntu uyalibala.
Kwabo baqhelene ne-console ftp
, emininzi yemiyalelo iyafana kwi sftp
. Unokwenza push, Beka ΠΈ lsnjengoko intliziyo inqwenela.
sftp neo@remoteserver
Imizekelo esebenzayo
Kwimininzi yale mizekelo, iziphumo zinokufumaneka ngokusebenzisa iindlela ezahlukeneyo. Njengakwimeko yethu yonke
1. Ummeli weekawusi ze-SSH
Uphawu loMmeli we-SSH yinombolo 1 ngesizathu esihle. Inamandla ngakumbi kunokuba abaninzi becinga kwaye ikunika ukufikelela kuyo nayiphi na inkqubo iseva ekude enofikelelo kuyo, isebenzisa phantse nasiphi na isicelo. Umxhasi we-ssh unokutsibela itrafikhi nge-SOCKS proxy ngomyalelo omnye olula. Kubalulekile ukuqonda ukuba i-traffic kwiinkqubo ezikude ziya kuvela kwi-server ekude, oku kuya kuboniswa kwiilogi ze-server yewebhu.
localhost:~$ ssh -D 8888 user@remoteserver
localhost:~$ netstat -pan | grep 8888
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 23880/ssh
Apha siqhuba i-socks proxy kwi-TCP port 8888, umyalelo wesibini uhlola ukuba i-port iyasebenza kwimodi yokuphulaphula. 127.0.0.1 ibonisa ukuba inkonzo isebenza kuphela kwi-localhost. Singasebenzisa umyalelo owahluke kancinane ukumamela kuzo zonke iindawo zojongano, kuquka i-ethernet okanye i-wifi, oku kuya kuvumela ezinye izicelo (iibrawuza, njl.njl.) kuthungelwano lwethu ukuba ziqhagamshelane nenkonzo yommeli nge-ssh proxy yeekawusi.
localhost:~$ ssh -D 0.0.0.0:8888 user@remoteserver
Ngoku siyakwazi ukuqwalasela isikhangeli ukuba sidibanise kwi-proxy yeesokisi. KwiFirefox, khetha Iisetingi | Esisiseko | Iisetingi zenethiwekhi. Cacisa idilesi ye-IP kunye nezibuko ukudibanisa.
Nceda uqaphele ukhetho olusemazantsi efom ukuba izicelo ze-DNS zesikhangeli sakho zidlule kummeli we-SOCKS. Ukuba usebenzisa umncedisi onegunya lokusebenzela omnye uguqulelo oluntsonkothileyo lwetrafikhi yewebhu kumsebenzi womnatha wakho wobulali, ungafuna ukukhetha olu khetho ukwenzela ukuba izicelo zeDNS zigqitywe ngodibaniso lweSSH.
Ukwenza iproxy yeekawusi isebenze kwiChrome
Ukusungula iChrome kunye neeparamitha zomgca womyalelo kuya kwenza i-proxy yeekawusi, kunye ne-tunneling yezicelo ze-DNS ezivela kwisikhangeli. Thembela kodwa khangela. Sebenzisa
localhost:~$ google-chrome --proxy-server="socks5://192.168.1.10:8888"
Ukusebenzisa ezinye ii-aplikeshini nge-proxy
Gcina ukhumbula ukuba ezinye izicelo ezininzi zinokusebenzisa iiproxies zeekawusi. Isikhangeli sewebhu sesona sidumileyo kuzo zonke. Ezinye izicelo zineenketho zoqwalaselo ukwenza iseva engummeli. Abanye badinga uncedo oluncinci ngeprogram yomncedisi. Umzekelo,
localhost:~$ proxychains rdesktop $RemoteWindowsServer
Iiparamitha zokumisela ummeli weesokisi zisetwe kwifayile yokumisela iproxychains.
Ingcebiso: ukuba usebenzisa idesktop ekude kwiLinux kwiWindows? Zama umxhasi
I-FreeRDP . Olu luphunyezo lwangoku ngakumbi kunerdesktop
, ngamava alula ngakumbi.
Ukhetho lokusebenzisa i-SSH nge-proxy yeekawusi
Uhleli kwi-cafe okanye kwihotele- kwaye unyanzelekile ukuba usebenzise iWiFi engathembekanga. Siphehlelela ummeli we-ssh ekuhlaleni kwilaptop kwaye sifake itonela ye-ssh kwinethiwekhi yasekhaya kwiRasberry Pi yasekhaya. Ngokusebenzisa isikhangeli okanye ezinye ii-aplikeshini ezilungiselelwe i-proxy yeekawusi, sinokufikelela kuzo naziphi na iinkonzo zenethiwekhi kuthungelwano lwasekhaya okanye sifikelele kwi-Intanethi ngoqhagamshelo lwasekhaya. Yonke into ephakathi kwelaptop yakho kunye neseva yakho yasekhaya (nge-Wi-Fi kunye ne-intanethi kwikhaya lakho) ibhalwe ngokuntsonkothileyo kwitonela ye-SSH.
2. Itonela ye-SSH (ukuthunyelwa kwezibuko)
Kweyona ndlela ilula, itonela ye-SSH ivula ngokulula izibuko kwindlela yakho yobulali eqhagamshela kwelinye izibuko kwelinye icala letonela.
localhost:~$ ssh -L 9999:127.0.0.1:80 user@remoteserver
Makhe sijonge iparameter -L
. Inokucingwa njengecala lasekuhlaleni lokuphulaphula. Ke kumzekelo ongasentla, izibuko 9999 limamele kwicala lendawo yokuhlala kwaye idluliselwe nge-80 kwi-remoteserver. Nceda uqaphele ukuba i-127.0.0.1 ibhekisa kwinginginya yendawo kwiseva ekude!
Masinyuke inqanaba. Lo mzekelo ulandelayo unxibelelana namazibuko okuphulaphula kunye nezinye iinginginya kuthungelwano lwasekhaya.
localhost:~$ ssh -L 0.0.0.0:9999:127.0.0.1:80 user@remoteserver
Kule mizekelo siqhagamshela kwizibuko kwiseva yewebhu, kodwa oku kunokuba ngumncedisi weproxy okanye nayiphi na enye inkonzo ye-TCP.
3. Itonela ye-SSH kumntu wesithathu
Singasebenzisa iiparamitha ezifanayo ukudibanisa itonela ukusuka kwiseva ekude ukuya kwenye inkonzo esebenza kwinkqubo yesithathu.
localhost:~$ ssh -L 0.0.0.0:9999:10.10.10.10:80 user@remoteserver
Kulo mzekelo, siqondisa ngokutsha itonela ukusuka kwiremoteserver ukuya kwiseva yewebhu esebenza ngo-10.10.10.10. I-traffic esuka kwi-remoteserver ukuya kwi-10.10.10.10 ayisekho kwitonela ye-SSH. Umncedisi wewebhu ngo-10.10.10.10 uya kuthathela ingqalelo i-remoteserver njengomthombo wezicelo zewebhu.
4. Umva itonela ye-SSH
Apha siza kuqwalasela izibuko lokumamela kwiseva ekude ezakuxhulumanisa umva kwizibuko lendawo kwinginginya yethu yendawo (okanye enye inkqubo).
localhost:~$ ssh -v -R 0.0.0.0:1999:127.0.0.1:902 192.168.1.100 user@remoteserver
Le seshoni ye-SSH iseka umdibaniso ukusuka kwizibuko le-1999 kwi-remoteserver ukuya kwi-port 902 kumxhasi wethu wasekhaya.
5. Ummeli we-SSH uReverse
Kule meko, siseta i-proxy yeekawusi kuqhagamshelwano lwethu lwe-ssh, kodwa i-proxy imamele ekupheleni kweseva. Uqhagamshelo kule proxy ukude ngoku luvela kwitonela njengetrafikhi evela kumamkeli wethu wasekhaya.
localhost:~$ ssh -v -R 0.0.0.0:1999 192.168.1.100 user@remoteserver
Ukusombulula iingxaki ngeetonela ze-SSH ezikude
Ukuba uneengxaki ngeenketho ze-SSH ezikude ezisebenzayo, jonga nge netstat
, loluphi olunye ujongano izibuko lokumamela eliqhagamshelwe kulo. Nangona sibonise 0.0.0.0 kwimizekelo, kodwa ukuba ixabiso GatewayPorts Π² sshd_config cwangcisa uku hayi, ngoko umphulaphuli uya kubotshwa kuphela kwi-localhost (127.0.0.1).
Isilumkiso soKhuseleko
Nceda uqaphele ukuba ngokuvula iitonela kunye neeproxies zeekawusi, imithombo yenethiwekhi yangaphakathi inokufikeleleka kwiinethiwekhi ezingathembekanga (ezifana ne-Intanethi!). Oku kunokuba yingozi enkulu yokhuseleko, ke qiniseka ukuba uyayiqonda into yokuba umphulaphuli kwaye yintoni abanokufikelela kuyo.
6. Ukufaka i-VPN nge-SSH
Igama eliqhelekileyo phakathi kweengcali kwiindlela zokuhlasela (i-pentesters, njl.) "yi-fulcrum kwinethiwekhi." Nje ukuba uqhagamshelo lusekiwe kwinkqubo enye, loo nkqubo iba lisango lokufikelela ngakumbi kuthungelwano. I-fulcrum evumela ukuba uhambe ngobubanzi.
Kwindawo enjalo singasebenzisa i-SSH proxy kwaye iiproxychains, nangona kunjalo kukho imida ethile. Umzekelo, ngeke kwenzeke ukusebenza ngokuthe ngqo kunye neesokethi, ngoko asizukwazi ukuskena izibuko ngaphakathi komsebenzi womnatha ngokusebenzisa SYN
.
Ukusebenzisa olu khetho oluphezulu lweVPN, uxhulumaniso luncitshisiwe inqanaba lesi-3. Singenza ngokulula indlela yetrafikhi kwitonela sisebenzisa iindlela eziqhelekileyo zothungelwano.
Indlela isetyenziswa ssh
, iptables
, tun interfaces
kunye nendlela.
Okokuqala kufuneka usete ezi parameters ngaphakathi sshd_config
. Kuba senza utshintsho kwiindlela zokujonga zombini ezikude kunye neenkqubo zabathengi, thina kufuneka amalungelo engcambu kumacala omabini.
PermitRootLogin yes
PermitTunnel yes
Emva koko siya kuseka unxibelelwano lwe-ssh sisebenzisa iparameter ecela ukuqaliswa kwezixhobo ze-tun.
localhost:~# ssh -v -w any root@remoteserver
Ngoku kufuneka sibe nesixhobo se-tun xa ubonisa ujongano (# ip a
). Inyathelo elilandelayo liyakongeza iidilesi ze-IP kujongano lwetonela.
Icala lomxhasi we-SSH:
localhost:~# ip addr add 10.10.10.2/32 peer 10.10.10.10 dev tun0
localhost:~# ip tun0 up
Icala leseva ye-SSH:
remoteserver:~# ip addr add 10.10.10.10/32 peer 10.10.10.2 dev tun0
remoteserver:~# ip tun0 up
Ngoku sinendlela ethe ngqo komnye umamkeli (route -n
ΠΈ ping 10.10.10.10
).
Uyakwazi ukuhambisa nayiphi na i-subnet ngokusebenzisa inginginya kwelinye icala.
localhost:~# route add -net 10.10.10.0 netmask 255.255.255.0 dev tun0
Kwicala elikude kufuneka uvule ip_forward
ΠΈ iptables
.
remoteserver:~# echo 1 > /proc/sys/net/ipv4/ip_forward
remoteserver:~# iptables -t nat -A POSTROUTING -s 10.10.10.2 -o enp7s0 -j MASQUERADE
Boom! I-VPN ngaphezulu kwetonela ye-SSH kumnatha we-3. Ngoku luloyiso.
Ukuba kukho naziphi na iingxaki, sebenzisa ping
ukufumanisa unobangela. Kuba sidlala umaleko wesi-3, iipakethi zethu ze-icmp ziyakudlula kweli tonela.
7. Khuphela iqhosha le-SSH (ssh-copy-id)
Kukho iindlela ezininzi zokwenza oku, kodwa lo myalelo ugcina ixesha ngokungakhupheli iifayile ngesandla. Ikhuphela ngokulula ~/.ssh/id_rsa.pub (okanye isitshixo esingagqibekanga) ukusuka kwindlela yakho ukuya ~/.ssh/authorized_keys
kwiseva ekude.
localhost:~$ ssh-copy-id user@remoteserver
8. Ukuphunyezwa komyalelo okude (okungasetyenziswanga)
iqela ssh
Inokudityaniswa neminye imiyalelo yojongano oluqhelekileyo, olusebenziseka lula. Yongeza nje umyalelo ofuna ukuwuqhuba kwinginginya ekude njenge parameter yokugqibela kwizicaphulo.
localhost:~$ ssh remoteserver "cat /var/log/nginx/access.log" | grep badstuff.php
Kulo mzekelo grep
isetyenziswe kwindlela yobulali emva kokuba ushicilelo lwelog lukhutshelwe ngaphandle kwetshaneli ye-ssh. Ukuba ifayile inkulu, kulula ngakumbi ukuyiqhuba grep
kwicala elikude ngokuvala ngokulula imiyalelo yomibini ngokucaphula kabini.
Omnye umzekelo wenza umsebenzi ofanayo no ssh-copy-id
ukusuka kumzekelo 7.
localhost:~$ cat ~/.ssh/id_rsa.pub | ssh remoteserver 'cat >> .ssh/authorized_keys'
9. Ukuthathwa kwepakethi ekude kunye nokujongwa kwiWireshark
Ndathatha omnye wethu
:~$ ssh root@remoteserver 'tcpdump -c 1000 -nn -w - not port 22' | wireshark -k -i -
10. Ukukhuphela incwadi eneenkcukacha yobulali kwiseva ekude nge-SSH
Iqhinga elihle elicinezela ifolda usebenzisa bzip2
(olu lukhetho lwe -j kumyalelo tar
), kwaye emva koko ikhuphe umsinga bzip2
kwelinye icala, ukwenza impinda yolawulo kumncedisi okude.
localhost:~$ tar -cvj /datafolder | ssh remoteserver "tar -xj -C /datafolder"
11. Usetyenziso lwe-GUI ekude nge-SSH X11 Ugqithiso
Ukuba i-X ifakwe kumxhasi kunye nomncedisi okude, ngoko ungenza ukude umyalelo we GUI ngefestile kwidesktop yakho yobulali. Olu phawu sele lukhona ixesha elide, kodwa lusaluncedo kakhulu. Qalisa isikhangeli sewebhu esikude okanye i-VMWawre Workstation console njengokuba ndenza kulo mzekelo.
localhost:~$ ssh -X remoteserver vmware
Umtya ofunekayo X11Forwarding yes
kwifayile sshd_config
.
12. Ukukhuphela ifayile ekude usebenzisa i-rsync kunye ne-SSH
rsync
iluncedo kakhulu scp
, ukuba ufuna ugcino lwexesha lolawulo, inani elikhulu leefayile, okanye iifayile ezinkulu kakhulu. Kukho umsebenzi wokubuyisela kwintsilelo yokudluliselwa kunye nokukopa iifayile ezitshintshileyo kuphela, ezigcina i-traffic kunye nexesha.
Lo mzekelo usebenzisa ucinezelo gzip
(-z) kunye nemo yogcino (-a), eyenza ukuphindaphinda ukukopishwa.
:~$ rsync -az /home/testuser/data remoteserver:backup/
13. SSH phezu kwenethiwekhi yeTor
Inethiwekhi yeTor engachazwanga iyakwazi ukujongisa itrafikhi ye-SSH isebenzisa umyalelo torsocks
. Lo myalelo ulandelayo uya kudlula ummeli we-ssh ngeTor.
localhost:~$ torsocks ssh myuntracableuser@remoteserver
14. Umzekelo we-SSH ukuya ku-EC2
Ukuqhagamshela kumzekelo we-EC2, udinga isitshixo sabucala. Yikhuphele (.pem extension) kwiphaneli yolawulo ye-Amazon EC2 kwaye utshintshe iimvume (chmod 400 my-ec2-ssh-key.pem
). Gcina isitshixo kwindawo ekhuselekileyo okanye usibeke kwifolda yakho ~/.ssh/
.
localhost:~$ ssh -i ~/.ssh/my-ec2-key.pem ubuntu@my-ec2-public
IParamu -i ixelela ngokulula umxhasi we-ssh ukuba asebenzise eli qhosha. Ifayile ~/.ssh/config
Ilungele ukusetyenzwa kwesitshixo ngokuzenzekelayo xa uqhagamshela kumamkeli we-ec2.
Host my-ec2-public
Hostname ec2???.compute-1.amazonaws.com
User ubuntu
IdentityFile ~/.ssh/my-ec2-key.pem
15. Ukuhlela iifayile ezibhaliweyo usebenzisa i-VIM nge-ssh/scp
Kubo bonke abathandi vim
Eli cebiso liya konga ixesha. Ngokusebenzisa vim
iifayile zihlelwa nge scp ngomyalelo omnye. Le ndlela yenza ngokulula ifayile kwindawo /tmp
kwaye emva koko siyikhuphele emva kokuba siyigcinile kuyo vim
.
localhost:~$ vim scp://user@remoteserver//etc/hosts
Qaphela: ifomathi yahluke kancinane kweqhelekileyo scp
. Emva komninimzi sinesibini //
. Le yireferensi yendlela epheleleyo. Isilayidi esinye siyakubonisa indlela ehambelana nefolda yakho yasekhaya users
.
**warning** (netrw) cannot determine method (format: protocol://[user@]hostname[:port]/[path])
Ukuba ubona le mpazamo, khangela kabini ifomathi yomyalelo. Oku ngokuqhelekileyo kuthetha impazamo yesintaksi.
16. Ukunyuswa kwe-SSH ekude njengolawulo lobulali nge-SSHFS
Ngo kunceda sshfs
- umxhasi wenkqubo yefayile ssh
-Singakwazi ukuqhagamshela uvimba weefayili wendawo kwindawo ekude kunye nazo zonke iindibano zefayile kwiseshoni efihliweyo ssh
.
localhost:~$ apt install sshfs
Faka iphakheji ku-Ubuntu kunye neDebian sshfs
, kwaye emva koko unyuse ngokulula indawo ekude kwindlela yethu.
localhost:~$ sshfs user@remoteserver:/media/data ~/data/
17. I-SSH Multiplexing nge-ControlPath
Ngokungagqibekanga, ukuba kukho uxhulumaniso olukhoyo kumncedisi olude usebenzisa ssh
uqhagamshelwano lwesibini usebenzisa ssh
okanye scp
iseka iseshoni entsha ngoqinisekiso olongezelelweyo. Ukhetho ControlPath
ivumela iseshoni ekhoyo ukuba isetyenziswe kulo lonke uxhulumaniso olulandelayo. Oku kuya kukhawulezisa kakhulu inkqubo: umphumo ubonakala nakwinethiwekhi yendawo, kwaye ngakumbi xa udibanisa kwimithombo ekude.
Host remoteserver
HostName remoteserver.example.org
ControlMaster auto
ControlPath ~/.ssh/control/%r@%h:%p
ControlPersist 10m
I-ControlPath ikhankanya isiseko sokujonga udibaniso olutsha ukubona ukuba kukho iseshoni esebenzayo ssh
. Inketho yokugqibela ithetha ukuba nangemva kokuba uphume kwi-console, iseshoni ekhoyo iya kuhlala ivulekile imizuzu eyi-10, ngoko ngeli xesha unokuphinda udibanise kwi-socket ekhoyo. Ukuze ufumane inkcazelo engakumbi, bona uncedo. ssh_config man
.
18. Ukusasaza ividiyo nge-SSH usebenzisa iVLC kunye neSFTP
Nabasebenzisi bexesha elide ssh
ΠΈ vlc
(Ividiyo yeLan Client) ayisoloko ilwazi ngolu khetho lufanelekileyo xa ufuna ngokwenene ukubukela ividiyo kwinethiwekhi. Kwiisetingi Ifayile | Vula iNetwork Stream kwenkqubo vlc
ungangenisa indawo njenge sftp://
. Ukuba igama eliyimfihlo liyafuneka, umyalezo uya kuvela.
sftp://remoteserver//media/uploads/myvideo.mkv
19. Ukuqinisekiswa kwezinto ezimbini
Ukuqinisekiswa kwezinto ezimbini njengeakhawunti yakho yebhanki okanye i-akhawunti kaGoogle iyasebenza kwinkonzo ye-SSH.
Kakade, ssh
ekuqaleni inomsebenzi woqinisekiso lwezinto ezimbini, okuthetha igama eligqithisiweyo kunye neqhosha le-SSH. Inzuzo yethokheni ye-hardware okanye i-app ye-Google Authenticator kukuba idla ngokuba sisixhobo somzimba esahlukileyo.
Jonga isikhokelo sethu semizuzu esi-8 ukuya
20. Ukutsiba iinginginya nge ssh kunye -J
Ukuba ulwahlulo lomsebenzi womnatha luthetha ukuba kufuneka utsibe kwiinginginya ezininzi ze-ssh ukuze ufike kuthungelwano lokugqibela lwendawo, i--J indlela emfutshane iya kongela ixesha.
localhost:~$ ssh -J host1,host2,host3 [email protected]
Into ephambili yokuyiqonda apha kukuba oku akufani nomyalelo ssh host1
ke user@host1:~$ ssh host2
njl. Ukhetho lwe -J ngobuchule lusebenzisa ugqithiso ukunyanzela umamkeli wasekhaya ukuseka iseshoni kunye nomamkeli olandelayo kwikhonkco. Ke kulo mzekelo ungasentla, i-hosthost yethu iqinisekisiwe ukuba ibambe4. Oko kukuthi, izitshixo zethu ze-localhost zisetyenzisiwe, kwaye iseshoni ukusuka kwi-hosthost ukuya kwi-host4 iguqulelwe ngokupheleleyo.
Ukuba nokwenzeka okunjalo kwi ssh_config
khankanya ukhetho loqwalaselo I-ProxyJump. Ukuba kufuneka uhambe rhoqo kwiinginginya ezininzi, ke i-automation ngokusebenzisa uqwalaselo iya konga ixesha elininzi.
21. Vimba iinzame ze-SSH brute force usebenzisa iptables
Nabani na oye walawula inkonzo ye-SSH kwaye wajonga iinkuni uyazi malunga nenani leenzame zamandla akhohlakeleyo ezenzeka rhoqo ngeyure yonke imihla. Indlela ekhawulezayo yokunciphisa ingxolo kwiilog kukuhambisa i-SSH kwizibuko elingekho mgangathweni. Yenza utshintsho kwifayile sshd_config
ngokusebenzisa iparameter yoqwalaselo Izibuko##.
Ngo kunceda iptables
Unganqakraza ngokulula iinzame zokuqhagamshela kwizibuko ekufikeleleni kumda othile. Indlela elula yokwenza oku kukusebenzisa
22. I-SSH Escape ukutshintsha ugqithiso lwezibuko
Kwaye umzekelo wethu wokugqibela ssh
yenzelwe ukutshintsha ugqithiso lwezibuko kubhabho phakathi kweseshoni esele ikhona ssh
. Khawube nomfanekiso-ngqondweni wale meko. Unzulu kuthungelwano; mhlawumbi itsibe ngaphezulu kwesiqingatha seshumi elinesibini lenginginya kwaye idinga izibuko lendawo kwindawo yokusebenza ethunyelwa kwiMicrosoft SMB yenkqubo endala yeWindows 2003 (nabani na okhumbula i-ms08-67?).
Ukucofa enter
, zama ukungena kwi console ~C
. Olu lulandelelwano lolawulo lweseshoni oluvumela ukuba utshintsho lwenziwe kumdibaniso okhoyo.
localhost:~$ ~C
ssh> -h
Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
ssh> -L 1445:remote-win2k3:445
Forwarding port.
Apha unokubona ukuba sithumele izibuko lethu lendawo i-1445 kwi-Windows 2003 umamkeli esiwufumene kuthungelwano lwangaphakathi. Ngoku baleka nje msfconsole
, kwaye ungaqhubela phambili (ucinga ukuba uceba ukusebenzisa lo mamkeli).
Ukugqiba
Le mizekelo, iingcebiso kunye nemiyalelo ssh
kufuneka inike isiqalo; Ulwazi oluninzi malunga nomyalelo ngamnye kunye nesakhono ziyafumaneka kumaphepha omntu (man ssh
, man ssh_config
, man sshd_config
).
Bendihlala ndinomdla wokukwazi ukufikelela kwiinkqubo kunye nokwenza imiyalelo naphi na emhlabeni. Ngokuphuhlisa izakhono zakho ngezixhobo ezifana ssh
uya kusebenza ngakumbi kuwo nawuphi na umdlalo owudlalayo.
umthombo: www.habr.com