Yadda ake Sanya OpenSSH 8.0 Server daga Tushen a Linux

OpenSSH tushen kyauta ne kuma buɗaɗɗe, cikakken aiwatar da ka'idar SSH 2.0. Yana ba da kayan aiki da yawa don samun dama cikin aminci da sarrafa tsarin kwamfuta mai nisa, da sarrafa maɓallan tantancewa, kamar ssh (madaidaicin madadin telnet), ssh-keygen, ssh-copy-id, ssh-add, da ƙari.

Kwanan nan an fito da OpenSSH 8.0 kuma ana jigilar kaya tare da sabbin abubuwa da yawa da gyaran kwaro; za ku iya karanta bayanan saki don ƙarin bayani.

A cikin wannan labarin, za mu yi bayanin yadda ake shigarwa da daidaita sabon sigar uwar garken OpenSSH 8.0 da abokin ciniki akan tsarin Linux daga tushe. Muna ɗauka cewa kuna da shigarwar OpenSSH suite.

  • Tsarin Debian/Ubuntu ko RHEL/CentOS Linux
  • C mai tarawa
  • Zlib 1.1.4 ko 1.2.1.2 ko fiye
  • LibreSSL ko Buɗe SSL>= 1.0.1 <1.1.0

Shigar OpenSSH Server da Client a cikin Linux

Kafin shigar da sabon sigar SSH, tabbatar da duba sigar SSH na yanzu da aka shigar akan tsarin ku ta amfani da umarni mai zuwa.

$ ssh -V

OpenSSH_7.7p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g	1 Mar 2016

Daga sakamakon da ke sama, nau'in OpenSSH da aka shigar shine 7.7, don shigar da sabon nau'in OpenSSH, da farko kuna buƙatar shigar da ƴan abubuwan dogaro, watau kayan aikin haɓakawa ko gina mahimman abubuwa da sauran fakitin da ake buƙata, kamar haka.

-------------- CentOS/RHEL 7/6--------------
$ sudo yum group install 'Development Tools' 
$ sudo yum install zlib-devel openssl-devel

-------------- RHEL 8 and Fedora 22+ --------------
$ sudo dnf group install 'Development Tools' 
$ sudo dnf install zlib-devel openssl-devel

-------------- Debian/Ubuntu --------------
$ sudo apt update 
$ sudo apt install build-essential zlib1g-dev libssl-dev

Don ƙirƙirar yanayin da ya dace don shigar da sabar 8.0 ta OpenSSH, muna buƙatar ƙirƙirar sabon tsarin mai amfani da rukuni mai suna sshd, kazalika da amintaccen wuri don chroot.

Lura: Gabaɗaya, idan kuna da shigarwar data kasance, wannan yanayin yakamata ya kasance a wurin, zaku iya tsallake wannan sashe ku je na gaba. In ba haka ba, gudanar da waɗannan umarni don saita shi.

$ sudo mkdir /var/lib/sshd
$ sudo chmod -R 700 /var/lib/sshd/
$ sudo chown -R root:sys /var/lib/sshd/
$ sudo useradd -r -U -d /var/lib/sshd/ -c "sshd privsep" -s /bin/false sshd

Yin bayanin tutoci a cikin umarnin useradd da ke sama:

  • -r – yana gaya wa useradd don ƙirƙirar mai amfani da tsarin
  • -U – yana umurce shi da ƙirƙirar ƙungiya mai suna iri ɗaya da ID ɗin rukuni
  • -d - yana ƙayyade kundin adireshin masu amfani
  • -c - ana amfani da shi don ƙara sharhi
  • -s - yana ƙayyade harsashin mai amfani

Yanzu, zazzage wasan kwal na OpenSSH version 8.0 daga kowane umarnin wget don saukewa kai tsaye a cikin tashar ku.

$ wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
$ tar -xzf openssh-8.0p1.tar.gz
$ cd openssh-8.0p1/

Yanzu za mu gina da shigar da uwar garken OpenSSH ta amfani da --with-md5-passwords, -with-privsep-path da --sysconfdir zažužžukan, wanda zai shigar da duk fayiloli a cikin /usr/local/ (wannan shine tsoho shigarwa PREFIX).

Kuna iya ganin duk zaɓuɓɓukan da ake da su ta hanyar gudanar da ./configure -h kuma ku ƙara inganta shigarwar ku.

$ ./configure -h

Misali, don ba da damar tallafin SELinux, ƙara --with-pam da --with-selinux zažužžukan, bi da bi, kana buƙatar shigar da duk fayilolin da suka dace da su. yin aiki.

## Install PAM and SELinux Headers ##
$ sudo apt install libpam0g-dev libselinux1-dev   [On Debian/Ubuntu]
$ sudo yum install pam-devel libselinux-devel     [On CentOS/RHEL]

## Compile and Install SSH from Sources ##
$ ./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh 
$ make
$ sudo make install

Da zarar kun shigar da OpenSSH, sake kunna SSH ko buɗe wata taga tasha kuma duba sigar OpenSSH da aka shigar yanzu akan tsarin ku.

$ ssh -V

OpenSSH_8.0p1, OpenSSL 1.1.0g  2 Nov 2017

Fayilolin daidaitawar OpenSSH daban-daban da ke:

  • ~/.ssh/* - wannan kundin adireshin yana adana takamaiman saitunan abokin ciniki na ssh (laƙabin ssh) da maɓallai.
  • /etc/ssh/ssh_config - wannan fayil ɗin yana ƙunshe da tsarin tsarin abokin ciniki na ssh.
  • /etc/ssh/sshd_config - ya ƙunshi saitunan sabis na sshd.

Don saita sunayen laƙabi na ssh, duba: Yadda ake saita Haɗin SSH na al'ada don Sauƙaƙe Samun Nisa

Hakanan kuna iya son karanta waɗannan labarai masu alaƙa da SSH masu zuwa.

  1. Yadda ake Ƙirƙirar Tunneling SSH ko Canja wurin Tashoshi a cikin Linux
  2. Yadda ake Canja Tsohuwar tashar SSH zuwa Port Custom a Linux
  3. Hanyoyi 4 don Saukar Haɗin SSH a Linux
  4. Yadda ake Nemo Duk Ƙoƙarin Shigar SSH da bai yi nasara ba a cikin Linux
  5. Yadda ake kashe Tushen SSH a Linux

Shi ke nan! A cikin wannan labarin, mun bayyana yadda ake shigarwa da daidaita sabon sigar uwar garken OpenSSH da abokin ciniki akan tsarin Linux. Idan kuna da wasu tambayoyi ko sharhi, yi amfani da fom ɗin amsa da ke ƙasa don isa gare mu.