Hanyoyi 4 don Sauƙaƙe Haɗin SSH a cikin Linux

SSH ita ce hanya mafi shahara kuma amintacciyar hanya don sarrafa sabar Linux daga nesa. Ɗaya daga cikin ƙalubale tare da sarrafa uwar garken nesa shine saurin haɗin gwiwa, musamman ma idan ya zo ga ƙirƙirar zaman tsakanin na'urori masu nisa da na gida.

Akwai shingaye da yawa ga wannan tsari, yanayin ɗaya shine lokacin da kake haɗawa da uwar garken nesa a karon farko; yana ɗaukar ƴan daƙiƙa kaɗan don kafa zama. Koyaya, lokacin da kuke ƙoƙarin fara haɗin haɗin gwiwa da yawa a jere, wannan yana haifar da wuce gona da iri (haɗuwa da wuce gona da iri ko lokacin ƙididdigewa kai tsaye, ƙwaƙwalwar ajiya, bandwidth, ko wasu albarkatu masu alaƙa don aiwatar da aikin).

A cikin wannan labarin, za mu raba shawarwari huɗu masu amfani kan yadda ake hanzarta haɗin SSH mai nisa a cikin Linux.

1. Tilasta Haɗin SSH akan IPV4

OpenSSH yana goyan bayan duka IPV4/IP6, amma a wasu lokuta haɗin IPv6 yakan zama a hankali. Don haka zaku iya la'akari da tilasta haɗin ssh akan IPv4 kawai, ta amfani da ma'anar da ke ƙasa:

# ssh -4 [email 

A madadin, yi amfani da AddressFamily (yana ƙayyadad da dangin adireshin don amfani da lokacin haɗawa) umarnin a cikin fayil ɗin daidaitawar ssh /etc/ssh/ssh_config (tsarin duniya) ko ~/.ssh/config (fayil ɗin takamaiman mai amfani).

Ƙimar da aka karɓa sune \kowa, \inet don IPv4 kawai, ko inet6.

$ vi ~.ssh/config

Anan akwai jagorar farawa mai amfani akan daidaita takamaiman fayil ɗin daidaitawar ssh mai amfani:

  1. Yadda ake Siffata Haɗin SSH na Musamman don Sauƙaƙe Samun Nisa

Bugu da ƙari, akan na'ura mai nisa, zaka iya kuma umurci sshd daemon don yin la'akari da haɗin kai akan IPv4 ta amfani da umarnin da ke sama a cikin fayil /etc/ssh/sshd_config.

2. Kashe Binciken DNS akan Na'ura mai Nisa

Ta hanyar tsoho, sshd daemon yana duba sunan mai watsa shiri mai nisa, sannan kuma yana bincika sunan mai masaukin baki don taswirar adireshin IP mai nisa zuwa adireshin IP iri ɗaya. Wannan na iya haifar da jinkirin kafa haɗin gwiwa ko ƙirƙirar zama.

Umarnin UseDNS yana sarrafa ayyukan da ke sama; don kashe shi, bincika kuma ba da amsa a cikin fayil ɗin /etc/ssh/sshd_config. Idan ba a saita shi ba, ƙara shi da ƙimar no.

UseDNS  no

3. Sake amfani da haɗin SSH

Ana amfani da shirin abokin ciniki na ssh don kafa haɗin kai zuwa sshd daemon yana karɓar haɗin kai mai nisa. Kuna iya sake amfani da haɗin da aka riga aka kafa lokacin ƙirƙirar sabon zaman ssh kuma wannan na iya ƙara saurin zama na gaba.

Kuna iya kunna wannan a cikin fayil ɗin ~/.ssh/config.

Host *
	ControlMaster auto
	ControlPath  ~/.ssh/sockets/%[email %h-%p
	ControlPersist 600

Tsarin da ke sama (Mai watsa shiri *) zai ba da damar sake amfani da haɗin gwiwa don duk sabar nesa da kuka haɗa ta amfani da waɗannan umarnin:

  • ControlMaster - yana ba da damar raba lokuta da yawa akan hanyar sadarwa guda ɗaya.
  • Path Control – yana bayyana hanyar zuwa soket ɗin sarrafawa da ake amfani da shi don raba haɗin gwiwa.
  • ControlPersist - idan aka yi amfani da shi tare da ControlMaster, yana gaya wa ssh ya ci gaba da buɗe haɗin haɗin yanar gizon a bango (yana jiran haɗin haɗin abokin ciniki na gaba) da zarar an rufe haɗin abokin ciniki na farko.

Kuna iya kunna wannan don haɗin kai zuwa takamaiman sabar nesa, misali:

Host server1
	HostName   www.example.com
	IdentityFile  ~/.ssh/webserver.pem
      	User username_here
	ControlMaster auto
	ControlPath  ~/.ssh/sockets/%[email %h-%p
	ControlPersist  600

Ta wannan hanyar kawai kuna fama da haɗin kai don haɗin farko, kuma duk haɗin da ke gaba zai yi sauri da sauri.

4. Yi amfani da takamaiman Hanyar Tabbatar da SSH

Wata hanyar haɓaka haɗin ssh ita ce ta amfani da hanyar tantancewa don duk haɗin ssh, kuma a nan muna ba da shawarar saita kalmar sirri ta ssh ta amfani da ssh keygen a matakai 5 masu sauƙi.

Da zarar an yi haka, yi amfani da umarnin PreferredAuthetications, a cikin fayilolin ssh_config (ƙayyadaddun duniya ko takamaiman mai amfani) a sama. Wannan umarnin yana bayyana tsarin da abokin ciniki yakamata ya gwada hanyoyin tantancewa (zaka iya saka jerin raba umarni don amfani da hanya fiye da ɗaya).

PreferredAuthentications=publickey

Da zaɓin, yi amfani da wannan haɗin gwiwar da ke ƙasa daga layin umarni.

# ssh -o "PreferredAuthentications=publickey" [email 

Idan kun fi son tantance kalmar sirri wanda ake ganin ba shi da tsaro, yi amfani da wannan.

# ssh -o "PreferredAuthentications=password" [email 

A ƙarshe, kuna buƙatar sake kunna sshd daemon bayan yin duk canje-canjen da ke sama.

# systemctl restart sshd	#Systemd
# service sshd restart 		#SysVInit

Don ƙarin bayani game da umarnin da aka yi amfani da su anan, duba ssh_config da sshd_config man shafukan.

# man ssh_config
# man sshd_config

Hakanan duba waɗannan jagororin masu amfani don tabbatar da ssh akan tsarin Linux:

  1. 5 Mafi kyawun Ayyuka don Aminta da Kare Sabar SSH
  2. Yadda ake cire haɗin haɗin SSH mara aiki ko mara aiki a cikin Linux

Wannan ke nan a yanzu! Kuna da wasu shawarwari/ dabaru don haɓaka haɗin SSH. Za mu so mu ji labarin wasu hanyoyin yin wannan. Yi amfani da fom ɗin sharhi da ke ƙasa don raba tare da mu.