Kodi sintha ndi ntchito SSH doko? Sitepe ndi sitepe kalozera

M'chitetezo Nkhono, kapena chidule monga SSH, ndi wina wa zotsogola umisiri deta chitetezo ndimakokedwe. Pogwiritsa ntchito ulamuliro pa rauta chomwecho amalola osati chinsinsichi mudziwe opatsirana, komanso mofulumira nzeru mapaketi. Komabe, sikuti aliyense amadziwa momwe kutsegula doko SSH, ndipo n'chifukwa chiyani zonsezi ndi zofunika. Pankhaniyi m'pofunika kupereka zaphindu malongosoledwe.

Port SSH: ndichiyani ndipo n'chifukwa chiyani tiyenera?

Popeza tikulankhula za chitetezo, mu nkhani iyi, pansi pa doko SSH bwino odzipereka njira mu mawonekedwe a mumphangayo, umene amapereka deta kubisa.

Chiwembu ambiri wosazindikira kwa mandawa ichi ndi lotseguka SSH-doko ntchito zotsatira chitetezo Deta magwero ndi decryption pa endpoint lapansi. Izi zikhoza anafotokoza motere: ngati inu kapena ayi, opatsirana magalimoto, mosiyana ndi IPSec, encrypted mokakamizika ndi osachiritsika linanena bungwe la maukonde, ndi mbali kolandira pakhomo. Kuti decrypt mfundo opatsirana pa njira iyi, osachiritsika kulandira amagwiritsa kiyi wapadera. M'mawu ena, kanthu kulanda kapena kuswa kukhulupirika kwa deta opatsirana pa mphindi imodzi sangayende mopanda makiyi.

Yangotseguka SSH-kudoko rauta kapena pogwiritsa ntchito zikhazikiko yoyenera kasitomala zina interacts mwachindunji ndi SSH-Seva, amalola kuti athe kugwiritsa ntchito mbali zonse za machitidwe amakono maukonde chitetezo. Ife tiri pano pa momwe ntchito kudoko akapatsidwa ndi zoikamo kusakhulupirika kapena mwambo. magawo izi mu ntchito ungaoneke kovuta, koma popanda kumvetsetsa gulu la amenewa kulumikiza sikokwanira.

Standard doko SSH

Zoona, ngati zochokera magawo a aliyense wa rauta ayenera choyamba kudziwa kuti ndi mtundu wanji wa mapulogalamu zidzagwiritsidwanso ntchito kwa mphamvu kugwirizana. Ndipotu kusakhulupirika SSH doko akhoza kukhala Zokonda zosiyanasiyana. Zonse zimadalira zimene agwiritsa ntchito njira panthawi (kugwirizana pa makina, khazikitsa zina kasitomala doko kutumiza ndi zina zotero. D.).

Mwachitsanzo, ngati kasitomala ntchito chibwibwi, kugwirizana zolondola, kubisa, ndi deta kutengerapo doko 443 kuyigwiritsa ntchito, ngakhale chimake cha amayikidwa mu doko muyezo 22.

Kuti bwererani kwa rauta kuti Kugawilidwa kwanthaka ndi misonkhano yapadera kapena pokonza zinthu zofunika ndi kuchita doko kutumiza SSH. Ndi chiyani icho? Ndi cholinga cha kupeza makamaka pulogalamu limodzi kuti amagwiritsa ntchito Intaneti, mosasamala chimene inachitikira panopa protocol kuwombola deta (IPv4 kapena IPv6).

kulungamitsidwa luso

Standard SSH doko 22 si nthawi zonse ntchito ngati kale bwino. Komabe, apa m'pofunika kuonetsetsa ena mwa makhalidwe ndi zoikamo ntchito pa khwekhwe.

Chifukwa encrypted deta chinsinsi protocol zimaphatikizapo kugwiritsa ntchito SSH monga chinthu Link (alendo) doko me? Koma chifukwa tunneling umagwiritsidwa timatha kugwiritsa ntchito otchedwa kutali chipolopolo (SSH), kuti tidzalowe kasamalidwe osachiritsika kudzera kutali malowedwe (slogin), ndiponso kugwiritsa ntchito kutali buku ndondomeko (scp).

Komanso, SSH-doko zikhoza adamulowetsa zinalili pamene wosuta n'kofunika kudzapereka zolembedwa kutali X Windows, zomwe zinachitikira losavuta ndi kulanda mfundo makina wina ndi mzake, monga zanenedwa, ndi anakakamizika kubisa deta. Zikatero, zofunika kwambiri ntchito zochokera AES aligorivimu. Izi ndi ofananira kubisa aligorivimu limene poyambirira anapereka luso SSH. Ndipo ntchito Zimatheka kutero.

History of ndimakumbukira

luso anaonekera kwa nthawi yaitali. Tiyeni kusiya pambali funso bwanji kuti icing SSH doko, ndi mmene iwo ntchito zonse.

Kawirikawiri amabwera pansi kuti, kugwiritsa ntchito tidzakulowereni pamaziko a masokosi kapena ntchito VPN tunneling. Pankhaniyi ena ntchito pulogalamu akhoza ntchito ndi VPN bwino kusankha njirayi. Chakuti pafupifupi onse odziwika mapulogalamu lero ntchito magalimoto Intaneti, VPN akhoza ntchito, koma mosavuta yolozera kasinthidwe si. Izi, monga zinachitikira maseva ndi tidzakulowereni, amalola kusiya adiresi kunja kwa osachiritsika imene panopa opangidwa ku maukonde linanena bungwe, yosadziwika. Zinali choncho ndi adilesi tidzakulowereni zikusintha nthawi ndi nthawi, ndi VPN Baibulo amakhalabe zikutsatiridwa ndi fixation wa dera lina, ena kuposa kumene kuletsa mwayi.

Kagwiridwe womwewo umene amapereka SSH doko, anayamba kupanga mu 1995 ku University of Technology ku Finland (SSH-1). Mu 1996, zinthu kuwonjezera mu mawonekedwe a SSH-2 protocol, omwe anali ambiri ndithu mu malo pambuyo Soviet, ngakhale kuti izi, komanso m'mayiko ena Western ku Ulaya, ndi zina zofunika kupeza chilolezo chogwiritsa ntchito mumphangayo izi, ndi ku mabungwe a boma.

The mwayi waukulu wothandiza SSH-doko, monga kuyenera telnet kapena rlogin, ndi ntchito digito anasaina RSA kapena DSA (ntchito awiri poyera ndi chinsinsi m'manda). Komanso imeneyi mungagwiritse ntchito otchedwa gawo kiyi zochokera Diffie-Hellman aligorivimu, zimene zimaphatikizapo kugwiritsa ntchito ofananira kubisa linanena bungwe, ngakhale akuletsa kugwiritsa ntchito ma aligorivimu asymmetric kubisa pa deta HIV ndi phwando ndi makina wina.

Zatsabola ndi chipolopolo

Pa Windows kapena Linux SSH-doko lotseguka si zovuta. Koma funso ndi mtundu wanji wa zida cholinga limeneli lidzagwiritsidwa ntchito.

Mwanjira imeneyi m'pofunika kulabadira nkhani ya HIV mfundo ndi kutsimikizika. Choyamba, protocol wokha sukhalira mokwanira kutetezedwa ndi Kukoka otchedwa, ndilo kwambiri mwachizolowezi "wiretapping" magalimoto. SSH-1 anasonyeza kuti kulimbana ndi. Kulowelera mu ndondomeko anasamutsa deta mu mawonekedwe a chiwembu cha "munthu pakati" anali zake. Information akhoza kungoyankha kukakumana ndi kumvetsa pulayimale ndithu. Koma Baibulo chachiwiri (SSH-2) wakhala m'thupi umenewu alowererepo, lotchedwa gawo hijacking, chifukwa zimene zatchuka kwambiri.

ziletso chitetezo

Koma chitetezo kulemekeza deta opatsirana ndipo analandira, gulu la kugwirizana anakhazikitsa ntchito njira zamakono ngati zimathandiza kupewa mavuto otsatirawa:

• Chiphaso kiyi khamu pa sitepe HIV, pamene "chithunzithunzi» zala;
• Support kwa Mawindo ndi machitidwe UNIX-monga;
• m'malo IP ndi ma DNS (spoofing);
• intercepting achinsinsi momasuka ndi mwayi thupi njira deta.

Ndipotu, gulu lonse la dongosolo otere inamangidwa pa mfundo ya "kasitomala-Seva", ndiye loyamba kompyuta onse wosuta kupyolera mu msonkhano wapadera kapena kuwonjezera mu kuyitana pa makina, zomwe amapangira redirection kake.

tunneling

Ndizosachita kunena kuti kukhazikitsa mgwirizano wa mtundu uwu mu dalaivala wapadera ayenera kuikidwa pa dongosolo.

Childs, mu kachitidwe Windows ofotokoza wamangidwa mu woyendetsa pulogalamu chipolopolo Microsoft Teredo, ndiwo mtundu wa pafupifupi kutsanzira njira IPv6 mu Intaneti akuthandiza IPv4 yekha. Ngalande kusakhulupirika adaputala ukugwirira. Mu chochitika cha kulephera kugwirizana ndi izo, inu mungakhoze basi kupanga dongosolo kuyambitsanso kapena kuchita shutdown ndi Chisudzulo Chikuwononga malamulo ku kutonthoza lamulo. Kwa nthawi yaitali pamalo angawa mizere amenewa ntchito:

• netsh;
• mawonekedwe teredo akonzedwa boma wolemala;
• mawonekedwe isatap anapereka boma wolemala.

Utatha lamulo ayenera Chisudzulo Chikuwononga. Kuti adzathe chimathandiza adaputala ndipo fufuzani udindo wa olumala m'malo unathandiza akaundula chilolezo, kenako, kachiwiri, ayenera Chisudzulo Chikuwononga dongosolo lonse.

SSH-Seva

Tsopano tiyeni tione mmene doko SSH ntchito monga pakati, kuyambira chiwembu "kasitomala-Seva". The kusakhulupirika kawirikawiri ntchito Mphindi 22 doko, koma, ngati tatchulazi, zikhoza kugwiritsidwa ntchito ndi 443rd. Koma funso mu zokonda za Seva yokha.

Ambiri SSH-maseva akuti ndi zotsatirazi:

• Windows: Tectia SSH Server, OpenSSH ndi Cygwin, MobaSSH, KpyM Telnet / SSH Server, WinSSHD, copssh, freeSSHd;
• chifukwa FreeBSD: OpenSSH;
• chifukwa Linux: Tectia SSH Server, ssh, openssh-Seva, lsh-Seva, dropbear.

Onse maseva ndi ufulu. Komabe, mungapeze ndipo analipira ntchito kuti kupereka milingo kuposa chitetezo, umene uli wofunika kwa gulu la mwayi maukonde ndi chitetezo mfundo mabizinezi. The mtengo zithandizozi si takambirana. Koma ambiri tikhoza kunena kuti zimakhalanso zotsika mtengo, ngakhale poyerekeza ndi unsembe wa mapulogalamu kapena "hardware" makhoma oteteza.

SSH-kasitomala

Change SSH doko angathe kukhala pa maziko a dongosolo kasitomala kapena zoikamo yoyenera pamene doko kutumiza pa rauta wanu.

Komabe, ngati inu musakhudze chipolopolo kasitomala, izi mankhwala mapulogalamu angagwiritsidwe ntchito machitidwe osiyanasiyana:

• Windows - SecureCRT, PuTTY \ Kitty, Axessh, ShellGuard, SSHWindows, ZOC, XShell, ProSSHD etc;..
• Mac Os X: iTerm2, vSSH, NiftyTelnet SSH;
• Linux ndi BSD: lsh-kasitomala, kdessh, openssh-kasitomala, Vinagre, putty.

Kutsimikizika zachokera kiyi anthu, ndi kusintha doko

Tsopano mawu ochepa za mmene yachinsinsi ndi kuika makina a. Pankhani losavuta, muyenera kugwiritsa ntchito wapamwamba kasinthidwe (sshd_config). Komabe, mungachite popanda Mwachitsanzo, mu nkhani ya mapulogalamu monga PuTTY. Change SSH doko ku mtengo kusakhulupirika (22) kuti wina aliyense ndi maziko kwathunthu.

Chinthu chachikulu - kutsegula doko chiwerengero si upambana mtengo wa 65535 (madoko apamwamba chabe kulibe mu chikhalidwe). Komanso, ayenera kulabadira ena madoko lotseguka ndi kusakhulupirika, amene angagwiritsidwe ntchito ndi makasitomala monga MySQL kapena FTPD zinasokoneza makompyuta. Ngati inu mwachindunji kwa SSH kasinthidwe, ndithudi, iwo ndimangoima ntchito.

Dziwani kuti yomweyo kumabwebweta kasitomala ayenera akuthamanga mu malo omwewo ntchito SSH-Seva Mwachitsanzo, pa makina enieni. Ndipo ambiri Seva localhost ayenera perekani mtengo kwa 4430 (m'malo 443 monga mmene tafotokozera pamwambapa). kasinthidwe angagwiritsidwe ntchito pamene mwayi waukulu file jabber.example.com watsekedwa ndi makhoma oteteza lapansi.

Komano, kulanda madoko akhoza kukhala pa rauta ntchito kasinthidwe wa mawonekedwe ake ndi chilengedwe cha kuchotserapo malamulo. Mu zitsanzo zambiri athandizira kudzera maadiresi athandizira kuyambira 192,168 wodzilemekeza ndi 0.1 kapena 1.1, koma routers kaphatikizidwe mphamvu ADSL-modems ngati Mikrotik, pomalizira zimaphatikizapo kugwiritsa ntchito 88,1.

Pankhaniyi, kulenga lamulo latsopano, anapereka magawo kofunika Mwachitsanzo, kukhazikitsa kugwirizana kunja DST-nat, komanso madoko pamanja Kwalamulidwa simuli pansi pa zoikamo ambiri ndi gawo zokonda Activism (Action). Palibe kwambiri kumva pano. Chinthu chachikulu - kuti mwachindunji makhalidwe ofunikira zoikamo ndipo anapereka doko zolondola. Ndi kusakhulupirika, mungagwiritse ntchito doko 22, koma ngati kasitomala limagwiritsa ntchito yapadera (ena a pamwamba kachitidwe osiyana), mtengo zikhoza kusintha amangosankha, koma chifukwa chimene chizindikiro ichi alibe upambana phindu anati, pamwamba omwe analipo doko kungoti palibe.

Pamene inu kukhazikitsa kugwirizana komanso ayenera kulabadira magawo a pulogalamu kasitomala. N'kutheka kuti zoikamo yake kuti mwachindunji kutalika osachepera kiyi (512), ngakhale kuti kusakhulupirika kwa nthawi anapereka 768. Ndi zofunika kukhazikitsa timeout kuti fufuzani pa mlingo wa masekondi 600 kumidzi kupeza chilolezo ndi ufulu mizu. Kuthira makondawa, muyenera komanso kulola ntchito ufulu wawo wonse kutsimikizika, kupatulapo amene zochokera ntchito .rhost (koma m'pofunika yekha dongosolo akuluakulu).

Mwa zina, ngati wosuta dzina mayina dongosolo, osati mofanana anayambitsa pa nthawiyo, ziyenera chinanena mosapita ntchito wosuta ssh mbuye lamulo ndi kumayambiriro magawo zina (amene amadziwa pangozi).

Team ~ / .ssh / id_dsa angagwiritsidwe ntchito yosintha kiyi ndi njira kubisa (kapena rsa). Kuti akonze kiyi anthu ntchito ndi kutembenuka ntchito mzere ~ / .ssh / identity.pub (koma osati). Koma, ikusonyeza kumapeto, chophweka njira kugwiritsa ntchito malamulo ngati ssh-keygen. Apa akamanena za nkhani yafupika chokha chakuti, kuwonjezera fungulo ku njira iliyonse kutsimikizika (~ / .ssh / authorized_keys).

Koma ife tayenda patali. Mukapita ku nkhani zoikamo doko SSH, monga zakhala bwino kusintha SSH doko si zovuta. Komabe, zinthu zina, iwo amati, adzayenera thukuta, chifukwa kufunika kuganizira makhalidwe onse a magawo kiyi. Ena a nkhani kasinthidwe zithupsa pansi pakhomo la alionse Seva kapena kasitomala (ngati amaperekedwa poyamba), kapena kugwiritsa ntchito doko kutumiza pa rauta lapansi. Koma ngakhale ngati kusintha kwa doko 22, kusakhulupirika, ku 443rd yomweyo, ayenera anamvetsetsa kuti chiwembu sikuti ntchito, koma mu nkhani ya khazikitsa yemweyo pokha-mu kumabwebweta (analogs ena akhoza yambitsa ndi madoko wawo, kumasiyana ndi muyezo). Komanso mwapadera apatsidwe chizindikiro atakhala SSH-kasitomala, umene mwachindunji kucheza ndi SSH-Seva, ngati mwenimweni ntchito kugwirizana panopa.

Pamene enawo, ngati doko kutumiza si anapereka poyamba (ngakhale zofunika kuchita zimenezi), zoikamo ndi zimene mungachite kuti mwayi kudzera SSH, simungathe kusintha. Pali mavuto polenga kugwirizana ndi ntchito zina, ambiri, ndi sayembezereka (kupatula, zoona, si ntchito pamanja sintha kasinthidwe Seva ofotokoza ndi kasitomala). The kuchotserapo ambiri chilengedwe cha malamulo pa rauta ndi limakupatsani kukonza mavuto kapena kupewa iwo.