Jerin RHCSA: Tsare SSH, Saita Sunan Mai watsa shiri da Ba da damar Sabis na hanyar sadarwa - Sashe na 8
A matsayinka na mai gudanar da tsarin sau da yawa dole ne ka shiga tsarin nesa don aiwatar da ayyukan gudanarwa iri-iri ta amfani da kwaikwayon tasha. Da kyar ba za ku zauna a gaban tasha ta zahiri (na zahiri), don haka kuna buƙatar saita hanyar shiga daga nesa zuwa injinan da za a nemi ku sarrafa.
A haƙiƙa, wannan yana iya zama abu na ƙarshe da za ku yi a gaban tasha ta zahiri. Don dalilai na tsaro, yin amfani da Telnet don wannan dalili ba abu ne mai kyau ba, saboda duk zirga-zirgar ababen hawa suna bi ta waya cikin rubutu marar rufaffiyar, bayyananne.
Bugu da ƙari, a cikin wannan labarin za mu kuma sake nazarin yadda ake saita ayyukan cibiyar sadarwa don farawa ta atomatik a taya kuma mu koyi yadda ake saita hanyar sadarwa da ƙudurin sunan mai masauki a tsaye ko a hankali.
Shigarwa da Tabbatar da Sadarwar SSH
Don ku sami damar shiga nesa zuwa akwatin RHEL 7 ta amfani da SSH, dole ne ku shigar da openssh, openssh-abokan ciniki da buɗaɗɗen sabar-sabar. Umarni mai zuwa ba wai kawai zai shigar da shirin shiga mai nisa ba, har ma da ingantaccen kayan aikin canja wurin fayil, da kuma mai amfani da kwafin fayil ɗin nesa:
# yum update && yum install openssh openssh-clients openssh-servers
Lura cewa yana da kyau a shigar da takwarorinsu na uwar garken kamar yadda za ku iya amfani da na'ura iri ɗaya kamar abokin ciniki da uwar garken a wani lokaci ko wani.
Bayan shigarwa, akwai wasu abubuwa na yau da kullun waɗanda kuke buƙatar la'akari da su idan kuna son amintaccen damar nesa zuwa uwar garken SSH ɗinku. Saituna masu zuwa yakamata su kasance a cikin fayil ɗin /etc/ssh/sshd_config.
1. Canja tashar jiragen ruwa inda sshd daemon zai saurara daga 22 (ƙimar tsoho) zuwa babban tashar jiragen ruwa (2000 ko mafi girma), amma da farko tabbatar da cewa ba a amfani da tashar da aka zaɓa.
Misali, bari mu ɗauka kun zaɓi tashar jiragen ruwa 2500. Yi amfani da netstat don bincika ko ana amfani da tashar da aka zaɓa ko a'a:
# netstat -npltu | grep 2500
Idan netstat bai dawo da komai ba, zaku iya amfani da tashar jiragen ruwa 2500 lafiya don sshd, kuma yakamata ku canza saitin Port a cikin fayil ɗin sanyi kamar haka:
Port 2500
2. Bada izini kawai 2:
Protocol 2
3. Sanya lokacin tabbatarwa zuwa mintuna 2, kar a ba da izinin shiga tushen, kuma iyakance ga mafi ƙarancin jerin masu amfani waɗanda aka ba su izinin shiga ta ssh:
LoginGraceTime 2m PermitRootLogin no AllowUsers gacanepa
4. Idan zai yiwu, yi amfani da tushen maɓalli maimakon tantance kalmar sirri:
PasswordAuthentication no RSAAuthentication yes PubkeyAuthentication yes
Wannan yana ɗauka cewa kun riga kun ƙirƙiri maɓalli na biyu tare da sunan mai amfani akan na'urar abokin cinikin ku kuma kun kwafi shi zuwa uwar garken ku kamar yadda aka bayyana anan.
- A kunna Shigar da ba ta da kalmar wucewa ta SSH
Ƙirƙirar Sadarwar Sadarwar da Ƙaddamar Suna
1. Ya kamata kowane mai kula da tsarin ya kasance da masaniya da waɗannan fayilolin daidaitawar tsarin:
- Ana amfani da
- /etc/hosts don warware suna <--> IPs a cikin ƙananan cibiyoyin sadarwa.
Kowane layi a cikin fayil /etc/hosts yana da tsari mai zuwa:
IP address - Hostname - FQDN
Misali,
192.168.0.10 laptop laptop.gabrielcanepa.com.ar
2. /etc/resolv.conf yana ƙayyadaddun adiresoshin IP na sabobin DNS da yankin bincike, wanda ake amfani da shi don kammala sunan tambaya da aka bayar zuwa sunan yanki mai cikakken ƙwararru lokacin da ba a kawo ƙaramar yanki ba.
A ƙarƙashin yanayi na al'ada, ba kwa buƙatar gyara wannan fayil ɗin kamar yadda tsarin ke sarrafa shi. Koyaya, idan kuna son canza sabar DNS, a shawarce ku cewa kuna buƙatar tsayawa kan tsarin da ke gaba a kowane layi:
nameserver - IP address
Misali,
nameserver 8.8.8.8
3. 3. /etc/host.conf yana ƙayyadaddun hanyoyin da tsari da ake warware sunayen masu masauki a cikin hanyar sadarwa. A wasu kalmomi, yana gaya wa mai warware sunan waɗanne ayyukan da za a yi amfani da su, kuma a cikin wane tsari.
Kodayake wannan fayil yana da zaɓuɓɓuka da yawa, saitin da aka fi sani da asali ya haɗa da layi kamar haka:
order bind,hosts
Wanne yana nuna cewa mai warwarewa yakamata ya fara duba sabar suna da aka ƙayyade a cikin resolv.conf sannan zuwa fayil ɗin /etc/hosts don ƙudurin suna.
4. /etc/sysconfig/network yana ƙunshe da hanyoyin sadarwa da bayanan rundunar duniya don duk mu'amalar hanyar sadarwa. Ana iya amfani da waɗannan ƙimomi masu zuwa:
NETWORKING=yes|no HOSTNAME=value
Inda darajar yakamata ta zama Cikakken Sunan Domain Cancanci (FQDN).
GATEWAY=XXX.XXX.XXX.XXX
Inda XXX.XXX.XXX.XXX shine adireshin IP na ƙofar cibiyar sadarwa.
GATEWAYDEV=value
A cikin injin da ke da NICs da yawa, ƙimar ita ce na'urar ƙofa, kamar enp0s3.
5. Fayiloli a cikin /etc/sysconfig/network-scripts (fayilolin daidaita masu adaftar hanyar sadarwa).
A cikin kundin adireshi da aka ambata a baya, zaku sami fayilolin rubutu na fili da yawa masu suna.
ifcfg-name
Inda sunan shine sunan NIC kamar yadda aka mayar da shi ta hanyar hanyar haɗin ip:
Misali:
Baya ga madaidaicin madauki, kuna iya tsammanin daidaitawa iri ɗaya don NICs ɗinku. Lura cewa wasu masu canji, idan an saita su, za su ƙetare waɗanda ke cikin /etc/sysconfig/network don wannan ƙayyadaddun mu'amala. Ana yin sharhi kowane layi don ƙarin haske a cikin wannan labarin amma a cikin ainihin fayil ɗin yakamata ku guji sharhi:
HWADDR=08:00:27:4E:59:37 # The MAC address of the NIC TYPE=Ethernet # Type of connection BOOTPROTO=static # This indicates that this NIC has been assigned a static IP. If this variable was set to dhcp, the NIC will be assigned an IP address by a DHCP server and thus the next two lines should not be present in that case. IPADDR=192.168.0.18 NETMASK=255.255.255.0 GATEWAY=192.168.0.1 NM_CONTROLLED=no # Should be added to the Ethernet interface to prevent NetworkManager from changing the file. NAME=enp0s3 UUID=14033805-98ef-4049-bc7b-d4bea76ed2eb ONBOOT=yes # The operating system should bring up this NIC during boot
Saita Sunayen Mai Gida
A cikin Red Hat Enterprise Linux 7, ana amfani da umarnin hostnamectl don duka tambaya da saita sunan mai masaukin tsarin.
Don nuna sunan mai gida na yanzu, rubuta:
# hostnamectl status
Don canza sunan mai masauki, yi amfani
# hostnamectl set-hostname [new hostname]
Misali,
# hostnamectl set-hostname cinderella
Don canje-canjen suyi tasiri, kuna buƙatar sake kunna daemon mai masaukin baki (ta haka ba za ku sake shiga ba kuma ku sake kunnawa don amfani da canjin):
# systemctl restart systemd-hostnamed
Bugu da ƙari, RHEL 7 kuma ya haɗa da mai amfani na nmcli wanda za'a iya amfani dashi don wannan dalili. Don nuna sunan mai masauki, gudu:
# nmcli general hostname
kuma canza shi:
# nmcli general hostname [new hostname]
Misali,
# nmcli general hostname rhel7
Fara Sabis na hanyar sadarwa akan Boot
Don gamawa, bari mu ga yadda za mu iya tabbatar da cewa an fara ayyukan cibiyar sadarwa ta atomatik akan taya. A cikin sassauƙan kalmomi, ana yin wannan ta ƙirƙirar alamomin alamomi zuwa wasu fayiloli da aka kayyade a sashin [Shigar] na fayilolin daidaitawar sabis.
A cikin yanayin firewalld (/usr/lib/systemd/system/firewalld.service):
[Install] WantedBy=basic.target Alias=dbus-org.fedoraproject.FirewallD1.service
Don kunna sabis:
# systemctl enable firewalld
A gefe guda, kashe firewalld yana da haƙƙin cire alamomin:
# systemctl disable firewalld
Kammalawa
A cikin wannan labarin mun taƙaita yadda ake shigar da amintaccen haɗi ta hanyar SSH zuwa uwar garken RHEL, yadda ake canza sunansa, da kuma yadda ake tabbatar da cewa an fara ayyukan cibiyar sadarwa akan boot. Idan kun lura cewa wani sabis ɗin ya gaza farawa da kyau, zaku iya amfani da systemctl status -l [sabis] da journalctl -xn don magance shi.
Jin kyauta don sanar da mu abin da kuke tunani game da wannan labarin ta amfani da fom ɗin sharhi da ke ƙasa. Tambayoyi kuma suna maraba. Muna jiran ji daga gare ku!