Yadda ake Sanya Haɗin SSH na Musamman don Sauƙaƙe Samun Nisa


SSH (abokin ciniki na SSH) shiri ne don samun dama ga na'ura daga nesa, yana bawa mai amfani damar aiwatar da umarni akan mai watsa shiri mai nisa. Yana ɗaya daga cikin hanyoyin da aka fi ba da shawarar don shiga cikin mai watsa shiri mai nisa, tunda an ƙirƙira ta don samar da amintattun hanyoyin sadarwa tsakanin runduna biyu marasa amana akan hanyar sadarwa mara tsaro.

SSH yana amfani da duka faɗin tsarin da kuma takamaiman mai amfani (na al'ada) fayil ɗin daidaitawa. A cikin wannan koyawa, za mu yi bayanin yadda ake ƙirƙirar fayil ɗin daidaitawar ssh na al'ada da amfani da wasu zaɓuɓɓuka don haɗawa da runduna masu nisa.

  1. Dole ne ka shigar da abokin ciniki na OpenSSH akan tebur na Linux.
  2. Fahimtar zaɓuɓɓukan gama gari da ake amfani da su don haɗin nesa ta hanyar ssh.

A ƙasa akwai wuraren fayilolin daidaitawar abokin ciniki ssh:

  1. /etc/ssh/ssh_config - wannan shine tsoho, fayil ɗin daidaitawar tsarin. Ya ƙunshi saitunan da suka shafi duk masu amfani da injin abokin ciniki ssh.
  2. ~/.ssh/config ko $HOME/.ssh/config - shine takamaiman mai amfani/fayil ɗin daidaitawa na al'ada. Yana da saitunan da suka shafi takamaiman mai amfani. Don haka yana soke saitunan tsoho a cikin babban fayil ɗin daidaita tsarin. Wannan shi ne fayil ɗin da za mu ƙirƙira kuma za mu yi amfani da su.

Ta hanyar tsoho, masu amfani suna inganta su a cikin ssh ta amfani da kalmomin shiga, duk da haka, kuna iya saita ssh kalmar sirri shiga ta amfani da ssh keygen a cikin matakai 5 masu sauƙi.

Lura: Idan directory ~/.ssh ba ya wanzu akan tsarin tebur ɗin ku, ƙirƙira shi tare da izini masu zuwa.

$ mkdir -p ~/.ssh
$ chmod 0700 ~/.ssh   

Umurnin chmod da ke sama yana nuna cewa mai amfani ne kawai zai iya karantawa, rubuta da aiwatar da izini akan kundin adireshi kamar yadda saitunan ssh suka buƙata.

Yadda Ake Ƙirƙirar Fayil na Kanfigareshan SSH na Musamman mai amfani

Yawancin wannan fayil ba a ƙirƙira shi ta tsohuwa ba, don haka kuna buƙatar ƙirƙirar shi tare da izinin karantawa/rubutu don mai amfani kawai.

$ touch ~/.ssh/config
$ chmod 0700 ~/.ssh/config

Fayil ɗin da ke sama yana ƙunshe da sassan da aka ayyana ta hanyar ƙayyadaddun runduna, kuma ana amfani da wani sashe ne kawai ga runduna waɗanda suka dace da ɗaya daga cikin tsarin da aka saita a cikin ƙayyadaddun bayanai.

Tsarin al'ada na ~/.ssh/config shine kamar haka, kuma duk layin da babu komai da kuma layin da suka fara da '#' ana ɗaukarsu azaman sharhi:

Host    host1
	ssh_option1=value1
	ssh_option2=value1 value2
	ssh_option3=value1 

Host    host2
	ssh_option1=value1
	ssh_option2=value1 value2

Host  *
	ssh_option1=value1
	ssh_option2=value1 value2

Daga tsarin da ke sama:

  1. Mai watsa shiri1 - shine ma'anar taken ga mai watsa shiri1, wannan shine inda ƙayyadaddun runduna ta fara kuma ta ƙare tare da ma'anar taken gaba na gaba, Mai watsa shiri host2 yana yin sashe.
  2. host1, host2 ana kiransu ne kawai don amfani da layin umarni, ba su ne ainihin sunayen runduna na nesa ba.
  3. Zaɓuɓɓukan daidaitawa kamar ssh_option1=value1, ssh_option2=darajar1 darajar2 ta shafi ma'aikacin da ya dace kuma yakamata a sanya shi cikin tsari mai kyau.
  4. Don wani zaɓi kamar ssh_option2=darajar1 darajar2, ana la'akari da ƙimar ƙimar1 da farko, sannan ƙimar2.
  5. Ma'anar taken Mai watsa shiri * (inda * tsari ne - kati mai kama da sifili ko fiye da haruffa) zai dace da sifili ko fiye da runduna.

Har yanzu la'akari da tsarin da ke sama, wannan shine yadda ssh ke karanta fayil ɗin saitin. Idan kun aiwatar da umarnin ssh don samun dama ga mai masaukin baki1 kamar haka:

$ ssh host1

Umurnin ssh na sama zai yi abubuwa masu zuwa:

  1. match the host alias host1 a cikin fayil ɗin daidaitawa kuma a yi amfani da zaɓuɓɓukan da aka saita a ƙarƙashin ma'anar taken, Mai watsa shiri1.
  2. sannan ya matsa zuwa sashin mai masaukin baki na gaba, Mai watsa shiri2 kuma ya gano cewa sunan da aka bayar akan layin umarni bai yi daidai ba, don haka ba a yi amfani da zabin daga nan.
  3. Yana ci gaba zuwa sashe na ƙarshe, Mai watsa shiri *, wanda yayi daidai da duk runduna. Anan, yana amfani da duk zaɓuɓɓukan da ke cikin wannan sashe zuwa haɗin mai watsa shiri. Amma ba zai iya ƙetare kowane ƙimar zaɓuɓɓuka waɗanda aka riga aka yi amfani da su a cikin sashe(s) da suka gabata.
  4. Haka ya shafi host2.

Yadda Ake Amfani da Fayil na Kanfigareshan SSH na Musamman mai amfani

Da zarar kun fahimci yadda fayil ɗin saitin abokin ciniki na ssh ke aiki, zaku iya ƙirƙirar shi kamar haka. Ka tuna don amfani da zaɓuka da ƙima (laƙiyi masu masaukin baki, lambobin tashar jiragen ruwa, sunayen mai amfani da sauransu) waɗanda suka dace da mahallin uwar garken ku.

Bude fayil ɗin daidaitawa tare da editan da kuka fi so:

$ vi ~/.ssh/config

Kuma ayyana sassan da ake bukata:

Host fedora25
        HostName 192.168.56.15
        Port 22
        ForwardX11 no

Host centos7
        HostName 192.168.56.10
        Port 22
        ForwardX11 no

Host ubuntu
        HostName 192.168.56.5
        Port 2222
        ForwardX11 yes

Host *
        User tecmint
        IdentityFile ~/.ssh/id_rsa
        Protocol 2
        Compression yes
        ServerAliveInterval 60
        ServerAliveCountMax 20
        LogLevel INFO

Cikakken bayani na zaɓuɓɓukan sanyi na ssh na sama.

  1. Sunan Mai watsa shiri - yana bayyana ainihin sunan mai watsa shiri don shiga, a madadin, zaku iya amfani da adiresoshin IP na lamba, kuma an ba da izini (duka kan layin umarni da cikin ƙayyadaddun HostName).
  2. Mai amfani - yana ƙayyade mai amfani don shiga azaman.
  3. Port – saita lambar tashar jiragen ruwa don haɗawa akan mai watsa shiri mai nisa, tsoho shine 22. Yi amfani da lambar tashar da aka saita a cikin fayil ɗin sshd mai nisa.
  4. Labarai - wannan zaɓin yana bayyana sigogin yarjejeniya ssh yakamata su goyi bayan tsari na fifiko. Ƙimar da aka saba sune '1' da '2', dole ne a raba nau'ukan waƙafi da yawa.
  5. IdentityFile - yana ƙayyade fayil ɗin da aka karanta DSA, Ed25519, RSA ko ECDSA na mai amfani.
  6. ForwardX11 - yana bayyana ko za a juya haɗin X11 ta atomatik akan amintaccen tashar da saitin DISPLAY. Yana da ƙima biyu masu yuwuwa \e ko \a'a.
  7. Matsi - ana amfani dashi don saita matsawa yayin haɗin nesa tare da ƙimar \yes. Tsohuwar ita ce \a'a.
  8. ServerAliveInterval - yana saita tazarar lokaci a cikin daƙiƙa guda bayan haka idan ba a sami amsa (ko bayanai) daga uwar garken ba, ssh zai aika sako ta hanyar rufaffen tashar don neman amsa daga uwar garken. Tsohuwar ƙimar ita ce 0, ma'ana ba za a aika saƙonni zuwa uwar garken ba, ko 300 idan an ayyana zaɓin BatchMode.
  9. ServerAliveCountMax - yana saita adadin saƙon uwar garke masu rai waɗanda za a iya aikawa ba tare da ssh ya karɓi kowane amsa daga uwar garken ba.
  10. LogLevel - yana bayyana matakin furucin da ake amfani da shi lokacin shiga saƙonni daga ssh. Ƙimar da aka yarda sun haɗa da: KUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, da DEBUG3. Kuma tsohowar shine INFO.

Hanyar daidaitaccen hanyar haɗi zuwa kowane mai watsa shiri na Linux (CentOS 7 - a cikin akwati na), wanda aka bayyana a cikin sashe na biyu na fayil ɗin daidaitawa a sama, yawanci za mu rubuta umarnin da ke ƙasa:

$ ssh -i ~/.ssh/id_rsa -p 22 [email 

Koyaya, tare da amfani da fayil ɗin sanyi na abokin ciniki ssh, zamu iya kawai rubuta wannan umarni:

$ ssh centos7 

Kuna iya samun ƙarin zaɓuɓɓuka da misalan amfani a cikin ssh abokin ciniki config man page:

$man ssh_config

Shi ke nan a yanzu, a cikin wannan jagorar, mun bayyana muku yadda ake amfani da takamaiman mai amfani (al'ada) ssh fayil saitin abokin ciniki a cikin Linux. Yi amfani da fom ɗin amsa da ke ƙasa don sake rubuto mana game da wannan labarin.