Yadda ake Ƙirƙirar Tunneling SSH ko Canja wurin Port a Linux

Tunneling SSH (kuma ana kiranta da isar da tashar tashar jiragen ruwa ta SSH) yana sarrafa zirga-zirgar hanyar sadarwar gida ta hanyar SSH zuwa runduna mai nisa. Wannan yana nuna cewa duk haɗin yanar gizon ku an kiyaye su ta hanyar ɓoyewa. Yana ba da hanya mai sauƙi ta kafa ainihin VPN (Virtual Private Network), mai amfani don haɗawa da cibiyoyin sadarwa masu zaman kansu akan cibiyoyin sadarwar jama'a marasa tsaro kamar Intanet.

Hakanan ana iya amfani da ku don bijirar da sabar gida a bayan NATs da firewalls zuwa Intanet akan amintattun tunnels, kamar yadda aka aiwatar a cikin ngrok.

[Za ku iya kuma son: Yadda ake Aminta da Harden OpenSSH Server]

Zaman SSH yana ba da damar haɗa hanyoyin sadarwa ta tsohuwa kuma akwai nau'ikan isar da tashar jiragen ruwa na SSH guda uku: na gida, nesa da tura tashar jiragen ruwa mai ƙarfi.

A cikin wannan labarin, za mu nuna yadda ake sauri da sauƙi saita SSH tunneling ko daban-daban na isar da tashar jiragen ruwa a cikin Linux.

Don manufar wannan labarin, muna amfani da saitin mai zuwa:

1. Mai watsa shiri na gida: 192.168.43.31
2. Mai watsa shiri mai nisa: Linode CentOS 7 VPS tare da uwar garken sunan mai masauki1.example.com.

Yawancin lokaci, zaku iya haɗa amintaccen haɗi zuwa uwar garken nesa ta amfani da SSH kamar haka. A cikin wannan misalin, na saita shiga SSH mara kalmar sirri tsakanin runduna na gida da na nesa, don haka bai nemi kalmar sirrin mai amfani ba.

$ ssh [email   

Gabatar da tashar tashar SSH ta gida

Wannan nau'in isar da tashar jiragen ruwa yana ba ku damar haɗi daga kwamfutar ku zuwa uwar garken nesa. Tsammanin kana bayan bangon wuta mai hanawa ko kuma katange shi ta hanyar wuta mai fita daga shiga aikace-aikacen da ke gudana akan tashar jiragen ruwa 3000 akan sabar ka mai nisa.

Kuna iya tura tashar jiragen ruwa na gida (misali 8080) wanda sannan zaku iya amfani da shi don samun damar aikace-aikacen gida kamar haka. Tutar -L tana bayyana tashar jiragen ruwa da aka tura zuwa ga mai watsa shiri mai nisa da tashar jiragen ruwa mai nisa.

$ ssh [email  -L 8080:server1.example.com:3000

Ƙara alamar -N yana nufin kada ku aiwatar da umarni mai nisa, ba za ku sami harsashi a wannan yanayin ba.

$ ssh -N [email  -L 8080:server1.example.com:3000

Canjin -f yana ba da umarni ssh ya yi aiki a bango.

$ ssh -f -N [email  -L 8080:server1.example.com:3000

Yanzu, akan injin ɗin ku, buɗe mashigar bincike, maimakon samun damar aikace-aikacen nesa ta amfani da adireshin uwar garken1.example.com:3000, kuna iya amfani da kawai localhost:8080 ko 192.168.43.31: 8080, kamar yadda aka nuna a hoton da ke ƙasa.

Canza tashar tashar SSH mai nisa

Isar da tashar tashar jiragen ruwa mai nisa yana ba ku damar haɗawa daga injin ku zuwa kwamfutar gida. Ta hanyar tsoho, SSH baya bada izinin isar da tashar tashoshi mai nisa. Kuna iya kunna wannan ta amfani da umarnin GatewayPorts a cikin babban fayil ɗin sanyi na SSHD /etc/ssh/sshd_config akan mai watsa shiri mai nisa.

Bude fayil ɗin don gyara ta amfani da editan layin umarni da kuka fi so.

$ sudo vim /etc/ssh/sshd_config 

Nemo umarnin da ake buƙata, ba da amsa, kuma saita ƙimarta zuwa ye, kamar yadda aka nuna a hoton.

GatewayPorts yes

Ajiye canje-canje kuma fita. Na gaba, kuna buƙatar sake kunna sshd don amfani da canjin kwanan nan da kuka yi.

$ sudo systemctl restart sshd
OR
$ sudo service sshd restart 

Na gaba gudanar da umarni mai zuwa don tura tashar jiragen ruwa 5000 akan injin nesa zuwa tashar jiragen ruwa 3000 akan injin gida.

$ ssh -f -N [email  -R 5000:localhost:3000

Da zarar kun fahimci wannan hanyar tunneling, za ku iya sauƙi da amintaccen fallasa uwar garken ci gaban gida, musamman bayan NATs da Firewalls zuwa Intanet akan amintattun ramuka. Tunnels kamar Ngrok, pagekite, localtunnel, da sauran su suna aiki iri ɗaya.

Ƙaddamar da tashar tashar SSH mai ƙarfi

Wannan shine nau'in tura tashar jiragen ruwa na uku. Ba kamar isar da tashar jiragen ruwa na gida da na nesa ba wanda ke ba da damar sadarwa tare da tashar jiragen ruwa guda ɗaya, yana ba da damar, cikakken kewayon sadarwar TCP a cikin kewayon tashoshin jiragen ruwa. Canza tashar tashar jiragen ruwa mai ƙarfi tana saita injin ku azaman uwar garken wakili na SOCKS wanda ke saurare akan tashar jiragen ruwa 1080, ta tsohuwa.

Don masu farawa, SOCKS yarjejeniya ce ta Intanet wacce ke bayyana yadda abokin ciniki zai iya haɗawa da sabar ta hanyar sabar wakili (SSH a wannan yanayin). Kuna iya kunna tura tashar jiragen ruwa mai ƙarfi ta amfani da zaɓi -D.

Umurnin da ke biyowa zai fara wakili na SOCKS akan tashar jiragen ruwa 1080 yana ba ku damar haɗawa da mai watsa shiri mai nisa.

$ ssh -f -N -D 1080 [email 

Daga yanzu, zaku iya yin aikace-aikace akan injin ku amfani da wannan SSH proxy uwar garken ta hanyar gyara saitunan su da daidaita su don amfani da shi, don haɗawa da sabar ku ta nesa. Lura cewa wakili na SOCKS zai daina aiki bayan kun rufe zaman SSH ɗin ku.

A cikin wannan labarin, mun bayyana nau'ikan isar da tashar jiragen ruwa daban-daban daga wannan na'ura zuwa waccan, don daidaita zirga-zirga ta hanyar amintacciyar hanyar SSH. Wannan shine ɗayan mafi yawan amfani da SSH. Kuna iya ƙara muryar ku zuwa wannan jagorar ta hanyar bayanin da ke ƙasa.

Hankali: Isar da tashar tashar jiragen ruwa ta SSH yana da wasu babban lahani, ana iya cin zarafi: ana iya amfani da shi don keɓance tsarin sa ido na hanyar sadarwa da shirye-shiryen tace zirga-zirga (ko firewalls). Maharan na iya amfani da shi don ayyukan mugunta. A cikin labarinmu na gaba, za mu nuna yadda ake kashe tura tashar jiragen ruwa ta gida ta SSH. Kasance da haɗin kai!