Mafi yawan Amfani da Umurnin SSH da Kanfigareshan a Linux


Taƙaice: A cikin wannan jagorar, za mu tattauna batutuwan amfani gama gari na SSH. Za mu kuma tattauna abubuwan da aka saba amfani da su na SSH waɗanda za a iya amfani da su a cikin rayuwar yau da kullum don haɓaka yawan amfanin ku.

Secure Shell (SSH) ƙa'idar ce ta hanyar sadarwa da aka karɓa da yawa, wacce ke ba mu damar yin hulɗa tare da runduna mai nisa a cikin amintacciyar hanya. Yana ba da tsaro ta hanyar ɓoye duk wata hanyar sadarwa a tsakanin su.

Yadda ake Amfani da Umurnin SSH a Linux

A cikin wannan sashe, za mu tattauna wasu shahararrun sharuɗɗan amfani da ka'idar SSH.

Akwai hanyoyi daban-daban don mu'amala da rundunonin Linux masu nisa ta amfani da ka'idoji kamar telnet, netcat, da sauransu. Duk da haka, waɗannan ba su da tsaro saboda rashin ɓoyewa. Za mu iya amfani da ka'idar SSH don ba da damar sadarwa mai aminci tsakanin runduna.

Dole ne mu yi amfani da abokin ciniki na SSH don yin hulɗa tare da mai watsa shiri mai nisa. Akwai ɗimbin GUI da abokan ciniki na tushen CLI don Linux. Koyaya, a cikin wannan jagorar, za mu yi amfani da mai amfani da layin umarni da ake kira ssh. Ta hanyar tsoho, ana samun amfanin ssh akan yawancin rarrabawar Linux.

Rubutun umarnin SSH shine kamar haka:

$ ssh [OPTIONS]  [COMMANDS] [ARGS]

Anan, maƙallan murabba'in ([]) suna wakiltar mahawara ta zaɓi yayin da maƙallan kusurwa (<>) suna wakiltar hujjojin tilas.

Bari mu haɗa zuwa mai watsa shiri mai nisa ta amfani da abokin ciniki ssh:

$ ssh -l root 192.168.19.130

A cikin wannan misalin, mun ƙayyade sunan shiga ta amfani da zaɓin -l kuma wurin da ake nufi shine 192.168.19.130. An kafa haɗin SSH bayan shigar da kalmar sirri daidai. Yanzu gaba, za mu iya aiwatar da umarni akan mai watsa shiri mai nisa kamar tsarin gida.

# hostname

Don ƙare zaman, za mu iya amfani da umarnin fita ko ctrl+D haɗin maɓalli.

Yana da mahimmanci a lura cewa dole ne mu tantance tare da mai watsa shiri mai nisa don kowane sabon zama. Don guje wa shigar da kalmomin shiga kowane lokaci, za mu iya saita shiga mara kalmar sirri ta SSH.

A cikin sashin da ya gabata, mun ga yadda ake kafa haɗin gwiwa tare da mai watsa shiri mai nisa, wanda ya dace kawai lokacin da za mu yi amfani da mai watsa shiri na dogon lokaci. Wani lokaci, kawai muna buƙatar aiwatar da umarni ɗaya ko biyu akan mai masaukin nesa. A irin waɗannan lokuta, za mu iya aiwatar da waɗannan umarni ba tare da ƙirƙirar zaman dogon lokaci ba.

Bari mu aiwatar da umarnin sunan mai gida akan mai watsa shiri mai nisa:

$ ssh -l root 192.168.19.130 hostname

Hakazalika, zamu iya aiwatar da umarni da yawa akan na'urar Linux mai nisa:

$ ssh -l root 192.168.19.130 'hostname; pwd'

Yana da mahimmanci a lura cewa, dole ne a haɗa umarnin a cikin abubuwan ƙididdiga kuma a raba su da ɗan ƙaramin yanki (;) hali. Idan kuna son gudanar da umarni akan runduna Linux masu nisa da yawa, karanta labarinmu - Pssh - Gudun Umurnin kan Runduna Linux da yawa.

Hakazalika da umarni muna iya aiwatar da rubutun gida akan mai watsa shiri mai nisa. Bari mu fahimci wannan da misali.

Da farko, ƙirƙirar rubutun harsashi mai sauƙi akan injin gida tare da izini masu aiwatarwa akansa:

$ cat script.sh 

hostname
pwd

Yanzu, bari mu aiwatar da shi akan mai watsa shiri mai nisa:

$ ssh [email  'bash -s' < ./script.sh 

A cikin wannan misalin, mun yi amfani da -s zaɓi na bash don karanta rubutun daga daidaitaccen shigarwar.

Muna aiki tare da fayiloli da kundayen adireshi sau da yawa. Ɗayan aiki gama gari masu amfani da ke yi shine kwafin kundayen adireshi da fayiloli. Kamar injunan gida, za mu iya kwafin fayiloli da kundayen adireshi tsakanin rundunonin nesa ta amfani da umarnin scp, wanda ke kwafin fayilolin amintattu ta amfani da ka'idar SSH.

Bari mu kwafi fayil ɗin script.sh zuwa ga /tmp directory na mai watsa shiri mai nisa:

$ scp script.sh [email :/tmp

Yanzu, tabbatar da cewa an kwafi fayil ɗin:

$ ssh [email  'ls /tmp/script.sh'

Hakazalika, za mu iya amfani da umarnin scp don kwafi kundin adireshi. Koyaya, dole ne mu yi amfani da zaɓin -r tare da umarnin.

SSH yana goyan bayan matsawar bayanai ta amfani da gzip compression algorithm, wanda ke matsawa duk yiwuwar rafukan bayanai kamar stdin, stdout, stderr, da sauransu. Wannan zaɓin yana zuwa da amfani sosai yayin amfani da hanyoyin sadarwar jinkirin.

Za mu iya kunna matsawa akan SSH ta amfani da zaɓin -C:

$ ssh -C -l root 192.168.19.130 'hostname' 

Masu amfani da Linux galibi suna buƙatar gyara zaman SSH don bincika haɗin SSH daban-daban da al'amurran da suka shafi daidaitawa. A irin waɗannan lokuta, za mu iya kunna yanayin verbose wanda ke buga rajistan ayyukan debug na zaman yanzu.

Bari mu kunna yanayin magana ta amfani da zaɓin -v:

$ ssh -v -l root 192.168.19.130 hostname

Baya ga wannan, za mu iya ƙara matakin magana ta amfani da zaɓuɓɓukan -v da yawa.

  • -v - yana saita matakin magana zuwa 1 kuma yana ba da cikakkun bayanai game da ayyukan abokin ciniki.
  • -vv - yana saita matakin magana zuwa 2 kuma yana ba da cikakkun bayanai game da abokin ciniki da ayyukan gefen uwar garke.
  • -vvv - yana saita matakin magana zuwa 3 kuma yana ba da ƙarin cikakkun bayanai game da abokin ciniki da ayyukan gefen uwar garke.

Matsakaicin matakin magana da SSH ke goyan bayan shine 3. Bari mu ga wannan a aikace:

$ ssh -vvv -l root 192.168.19.130 hostname

A cikin misalin da ke sama, debug1 yana wakiltar saƙon gyara kuskuren da matakin verbosity 1 ya kunna. Hakazalika, debug2 da debug3 suna wakiltar saƙon kuskuren da matakan verbosity 2 da 3 suka kunna.

Za mu iya amfani da jerin tserewa tare da SSH don sarrafa zaman ƙarshen abokin ciniki. Bari mu tattauna jerin tseren da aka saba amfani da su tare da lokuta masu dacewa da amfani.

Wani lokaci, dole ne mu yi ƴan ayyuka akan na'urar gida ba tare da dakatar da zaman SSH na yanzu ba. A cikin irin wannan yanayin, za mu iya dakatar da zaman na yanzu ta amfani da jerin maɓalli na ~ + ctrl+z.

Da farko, shiga cikin mai watsa shiri mai nisa kuma aiwatar da umarnin sunan mai masauki:

$ ssh -l root 192.168.19.130
# hostname

Na gaba, don dakatar da zaman na yanzu da farko rubuta tilde (~) harafi sannan danna maɓallan ctrl+z. Yana da mahimmanci a lura cewa harafin (~) ba za a nuna a kan stdout ba har sai mun danna ctrl+z.

Yanzu, bari mu tabbatar da cewa an dakatar da zaman:

$ jobs

Anan, zamu iya ganin cewa zaman SSH na yanzu yana gudana a bango.

Bari mu sake ci gaba da zaman ta amfani da umarnin fg kuma mu aiwatar da umarnin sunan mai masauki:

$ fg %1

Na tabbata tabbas kun ga daskararrun zaman SSH, wanda ke faruwa lokacin da cibiyar sadarwa mara tsayayye ta katse zaman. Anan, ba za mu iya soke zaman ta amfani da umarnin fita ba. Koyaya, zamu iya dakatar da shi ta amfani da jerin maɓalli na \~ + .\.

Da farko, shiga cikin mai watsa shiri mai nisa:

$ ssh -l root 192.168.19.130

Yanzu yi amfani da haɗin maɓallin \~ + .\ don ƙare zaman na yanzu.

A cikin wannan misali, zamu iya ganin cewa SSH yana nuna saƙon - Haɗin zuwa 192.168.19.130 rufe.

Abu ɗaya mai ban sha'awa shine cewa akwai jerin tsere don jera duk jerin hanyoyin tserewa da aka goyan baya. Za mu iya amfani da \~ + ? jerin tserewa don jera hanyoyin tserewa da ke da goyan bayan:

Anan, dole ne mu danna maɓallin shigar don fitowa daga menu na taimako.

Yadda ake saita SSH a Linux

A cikin wannan sashe, za mu tattauna daidaitawar gefen uwar garken don taurare uwar garken SSH. SSH uwar garken yana adana duk tsarin sa a /etc/ssh/sshd_config fayil. Yana da mahimmanci a lura cewa, ana buƙatar samun damar mai amfani don sabunta tsarin SSH.

A matsayin mafi kyawun aiki, yakamata mu nuna banner koyaushe kafin kafa haɗin SSH. A wasu lokuta, yana hana masu amfani mara izini shiga cikin runduna mai nisa. Bari mu ga yadda ake kunna wannan saitin mataki-mataki.

Da farko, ƙirƙiri fayil ɗin rubutu akan sabar nesa tare da saƙon faɗakarwa:

# vi /etc/banner.txt 

Na gaba, ƙara saƙon tuta mai zuwa:

*********************************************************************
Warning !!! You are trying to log in to techmint.com's server.
All the activities on this server are monitored.
Terminate the session immediately if you are not an authorized user.
*********************************************************************

Na gaba, buɗe fayil ɗin /etc/ssh/sshd_config kuma saka fayil ɗin tare da umarnin Banner:

Banner /etc/banner.txt

Yanzu, sake kunna sabis ɗin sshd kuma ƙare zaman ta amfani da umarnin fita:

# systemctl restart sshd
# exit

A ƙarshe, tabbatar da banner ta shiga cikin mai watsa shiri mai nisa:

$ ssh -l root 192.168.19.130

Anan, zamu iya cewa uwar garken ta nuna banner ɗin SSH daidai.

Ya zuwa yanzu, mun yi amfani da tushen mai amfani don samun damar mai watsa shiri mai nisa. Koyaya, wannan ya saba wa ƙa'idar mafi ƙarancin gata. A cikin yanayin samarwa, tushen mai amfani koyaushe ana iyakance shi don inganta tsaro.

Za mu iya amfani da umarnin PermitRootLogin don kashe tushen shiga mai amfani.

Da farko, buɗe fayil ɗin /etc/ssh/sshd_config kuma yi amfani da zaɓi no tare da umarnin PermitRootLogin:

PermitRootLogin no

Yanzu, sake kunna sabis ɗin sshd kuma ƙare zaman ta amfani da umarnin fita:

# systemctl restart sshd
# exit

A ƙarshe, tabbatar da wannan ta ƙirƙirar sabon zaman SSH:

$ ssh -l root 192.168.19.130

Anan, zamu iya lura cewa ba za mu iya shiga cikin mai watsa shiri mai nisa tare da tushen mai amfani ba. Don ba da izinin shiga tushen mai amfani za mu iya amfani da zaɓin e tare da umarni iri ɗaya.

Ta hanyar tsoho, SSH yana amfani da tashar TCP 22. Duk da haka, za mu iya saita SSH don aiki a kan wani tashar jiragen ruwa daban-daban watau 8088.

Da farko, buɗe fayil ɗin /etc/ssh/sshd_config kuma yi amfani da ƙimar 8088 tare da umarnin Port:

Port 8088

Na gaba, sake kunna sabis ɗin sshd kuma ƙare zaman:

# systemctl restart sshd
# exit

Yanzu, bari mu shiga cikin mai watsa shiri mai nisa:

$ ssh -p 8088 -l root 192.168.19.130

A cikin wannan misalin, mun yi amfani da zaɓin -p don tantance lambar tashar jiragen ruwa.

A wasu lokuta, dole ne mu yi wasu matakai don ba da damar sadarwa a tashar tashar da ba ta asali ba. Kamar gano tashoshin jiragen ruwa masu samuwa, sabunta dokokin Tacewar zaɓi, saitunan SELinux, da sauransu.

A cikin wannan labarin, mun tattauna ka'idar SSH da al'amuran amfani da ita. Na gaba, mun tattauna wasu zaɓuɓɓukan gama gari. A ƙarshe, mun tattauna wasu saitunan don kare uwar garken SSH.

Shin kun san kowane mafi kyawun umarnin SSH a cikin Linux? Bari mu san ra'ayoyin ku a cikin sharhin da ke ƙasa.