Yadda ake shiga uwar garken nesa ta amfani da Mai watsa shiri mai tsalle
Mai watsa shiri mai tsalle (wanda kuma aka sani da uwar garken tsalle) mai tsaka-tsaki ne ko hanyar SSH zuwa cibiyar sadarwa mai nisa, ta inda za a iya haɗa haɗin kai zuwa wani runduna a cikin yankin tsaro mara kamance, misali yankin da aka lalata (DMZ). Yana haɗa yankuna biyu na tsaro iri ɗaya kuma yana ba da damar sarrafawa tsakanin su.
Ya kamata a kiyaye mai watsa shirye-shiryen tsalle-tsalle da kulawa sosai musamman lokacin da ya mamaye cibiyar sadarwa mai zaman kansa da DMZ tare da sabar da ke ba da sabis ga masu amfani akan intanit.
Wani yanayi na yau da kullun yana haɗuwa daga tebur ɗinku ko kwamfutar tafi-da-gidanka daga cikin hanyar sadarwar cikin gida na kamfanin ku, wanda ke da tsaro sosai tare da bangon wuta zuwa DMZ. Domin samun sauƙin sarrafa sabar a cikin DMZ, kuna iya samun dama gare ta ta hanyar mai watsa shiri mai tsalle.
A cikin wannan labarin, za mu nuna yadda ake samun dama ga uwar garken Linux mai nisa ta hanyar tsalle-tsalle kuma za mu tsara saitunan da suka dace a cikin saitunan abokin ciniki na SSH na kowane mai amfani.
Yi la'akari da yanayin da ke gaba.
A cikin yanayin sama, kuna son haɗawa zuwa HOST 2, amma dole ne ku bi ta HOST 1, saboda firewalling, routing da gata. Akwai wasu ingantattun dalilai da yasa ake buƙatar jumphosts..
Lissafin Jumphost mai ƙarfi
Hanya mafi sauƙi don haɗawa zuwa uwar garken manufa ta hanyar tsalle tsalle shine ta amfani da alamar -J
daga layin umarni. Wannan yana gaya wa ssh don yin haɗi zuwa mai watsa shirye-shiryen tsalle sannan kafa isar da TCP zuwa uwar garken manufa, daga can (tabbatar da shigar SSH mara kalmar wucewa tsakanin injuna).
$ ssh -J host1 host2
Idan sunayen masu amfani ko tashar jiragen ruwa a kan inji sun bambanta, saka su a kan tashar kamar yadda aka nuna.
$ ssh -J [email :port [email :port
Jerin Jumphosts da yawa
Za'a iya amfani da ma'auni iri ɗaya don yin tsalle a kan sabobin da yawa.
$ ssh -J [email :port,[email :port [email :port
Jerin Jumphost a tsaye
Lissafin tsalle-tsalle na tsalle-tsalle yana nufin, cewa kun san tsalle-tsalle ko tsalle-tsalle waɗanda kuke buƙatar haɗa na'ura. Don haka kuna buƙatar ƙara madaidaicin jumphost 'routing' a cikin ~/.ssh/config
fayil kuma saka sunan mai masaukin kamar yadda aka nuna.
### First jumphost. Directly reachable Host vps1 HostName vps1.example.org ### Host to jump to via jumphost1.example.org Host contabo HostName contabo.example.org ProxyJump vps1
Yanzu gwada haɗi zuwa uwar garken manufa ta hanyar tsalle kamar yadda aka nuna.
$ ssh -J vps1 contabo
Hanya ta biyu ita ce a yi amfani da zaɓi na ProxyCommand don ƙara daidaitawar jumphost a cikin ~.ssh/config
ko $HOME/.ssh/config
fayil kamar yadda aka nuna.
A cikin wannan misalin, mai watsa shiri mai niyya shine contabo kuma jumphost shine vps1.
Host vps1 HostName vps1.example.org IdentityFile ~/.ssh/vps1.pem User ec2-user Host contabo HostName contabo.example.org IdentityFile ~/.ssh/contabovps Port 22 User admin Proxy Command ssh -q -W %h:%p vps1
Inda umarnin Proxy Command ssh -q -W %h:%p vps1
, yana nufin gudanar da ssh cikin yanayin shuru (amfani da -q
) kuma a cikin isar da stdio (ta amfani da >-W
) yanayin, tura haɗin haɗin kai ta hanyar mai watsa shiri (vps1).
Sannan gwada samun dama ga mai masaukin ku kamar yadda aka nuna.
$ ssh contabo
Umurnin da ke sama zai fara buɗe haɗin ssh zuwa vps1 a bangon da ProxyCommand ya yi, kuma a can bayan, fara zaman ssh zuwa uwar garken manufa.
Don ƙarin bayani, duba shafin ssh man ko koma zuwa: OpenSSH/Cookbxook/Proxies da Jump Hosts.
Wannan ke nan a yanzu! A cikin wannan labarin, mun nuna yadda ake samun damar uwar garken nesa ta hanyar tsalle tsalle. Yi amfani da fom ɗin amsa da ke ƙasa don yin kowace tambaya ko raba tunanin ku tare da mu.