KwamfutocinKayan aiki

Yadda za a saita da amfani da SSH tashar jiragen ruwa? Mataki-mataki jagora

M Shell, ko rage tsawon as SSH, shi ne daya daga cikin mafi m data kariya fasahar a watsa. A amfani da irin wannan tsarin mulki a kan wannan na'ura mai ba da hanya tsakanin hanyoyin sadarwa damar ba kawai da tsare sirri na daukar kwayar cutar bayanai, amma kuma don bugun sama da musayar fakitoci. Duk da haka, ba kowa da kowa ya sani zuwa yanzu kamar yadda bude SSH tashar jiragen ruwa, kuma me ya sa duk wannan shi ne ya cancanta. A wannan yanayin wajibi ne a bayar da wani sanyata bayani.

Port SSH: abin da yake da shi da kuma me ya sa muke bukatar?

Tun da muna magana ne game da tsaro, a wannan yanayin, a karkashin SSH tashar jiragen ruwa da za a gane kwazo tashar a cikin wani nau'i na rami, wanda ya samar da bayanai boye-boye.

A mafi m makirci na wannan rami ne cewa an bude SSH-tashar jiragen ruwa da ake amfani da default zuwa encrypt data at tushen da kuma Mabudi a kan Gacin ƙarshe na Abubuwan. Wannan za a iya bayyana kamar haka: ko kana son shi ko a'a, daukar kwayar cutar zirga-zirga, sabanin da IPSec, rufaffen tilastawa da kuma fitarwa m na cibiyar sadarwa, da kuma a kan mai karɓa gefe na ƙofar. Don sauya da bayanai daukar kwayar cutar a kan wannan tashar, da samun m yana amfani da wani musamman key. A wasu kalmomin, to shiga tsakani a canja wuri ko yin sulhu akai da mutunci da daukar kwayar cutar data a lokacin daya iya ba ba tare da wani key.

Just bude SSH-tashar jiragen ruwa a kan wani na'ura mai ba da hanya tsakanin hanyoyin sadarwa ko ta hanyar amfani da dace saituna na ƙarin abokin ciniki interacts kai tsaye tare da SSH-uwar garke, ka damar cikakken amfani da dukan fasali na zamani cibiyar sadarwa tsaro tsarin. Muna nan a kan yadda za a yi amfani da tashar jiragen ruwa da aka sanya ta default ko al'ada saituna. Wadannan sigogi a cikin aikace-aikace iya duba wuya, amma ba tare da wani fahimtar kungiyar na da irin wannan connection bai isa ba.

Standard SSH tashar jiragen ruwa

Idan, lalle ne, haƙĩƙa, dangane da sigogi na da wani daga cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa kamata farko ƙayyade domin, abin da irin software zai iya amfani da kunna wannan link. A gaskiya, da tsoho SSH tashar jiragen ruwa za su iya samun daban-daban da saitunan. Duk abin dogara a kan abin da hanyar da aka yi amfani da shi a wannan lokacin (kai tsaye dangane da uwar garke, installing ƙarin abokin ciniki tashar jiragen ruwa isar da sauransu. D.).

Alal misali, idan abokin ciniki amfani Jabber, don daidai sadarwa, da boye-boye, da canja wurin bayanai tashar jiragen ruwa 443 ne za a yi amfani da, ko da yake embodiment an saita a cikin misali tashar jiragen ruwa 22.

Don sake saita da na'ura mai ba da hanya tsakanin hanyoyin sadarwa da kasafi na musamman shirin ko aiwatar da zama dole yanayi da yin tashar jiragen ruwa isar SSH. Mene ne wannan? Shi ne da manufar wani musamman samun guda shirin cewa yana amfani da wani Internet connection, ko da kuwa wanda saitin ne halin yanzu yarjejeniya musayar bayanai (IPv4 ko IPv6).

fasaha gaskata

Standard SSH tashar jiragen ruwa 22 ne ba ko da yaushe amfani da shi ya riga ya bayyana. Duk da haka, a nan ya zama dole don ware wasu daga cikin halaye da kuma saituna amfani a lokacin saitin.

Me zane data tsare sirri yarjejeniya shafi yin amfani da SSH matsayin zalla waje (bako) mai amfani da tashar jiragen ruwa? Amma kawai saboda murhu ne amfani da shi damar yin amfani da abin da ake kira m harsashi (SSH), domin ya sami damar yin amfani da m management ta hanyar m login (slogin), da kuma amfani da m kwafin hanya (scp).

Bugu da kari, SSH-tashar jiragen ruwa za a iya kunna a cikin akwati inda mai amfani da wajibi ne a aiwatar da m rubutun X Windows, wanda a cikin sauki hali ne a canja wuri na bayanai daga daya na'ura zuwa wani, kamar yadda aka ce, da tilasta data boye-boye. A irin wannan yanayi, ya fi zama dole zai yi amfani dangane da AES algorithm. Wannan shi ne fasali boye-boye algorithm, wanda aka asali bayar a SSH fasaha. Kuma amfani da shi ba kawai zai yiwu amma dole.

Tarihi na ganin

The fasaha ya bayyana na dogon lokaci. Bari mu bar kau da kai da tambaya na yadda za a yi icing SSH tashar jiragen ruwa, da kuma mayar da hankali a kan yadda za shi duka ayyuka.

Yawancin lokaci shi zo saukar zuwa, yin amfani da wani wakili a kan tushen da safa ko amfani da VPN murhu. A yanayin da wasu software aikace-aikace na iya aiki tare da VPN, mafi alhẽri ya zabi wannan wani zaɓi. Gaskiyar cewa kusan duk aka sani da shirye-shirye a yau amfani da Internet zirga-zirga, da VPN iya aiki, amma saukin bayar da kwatance sanyi ba. Wannan, kamar yadda a cikin hali na wakili sabobin, damar barin waje adireshin da m daga abin da a halin yanzu samar a cikin fitarwa cibiyar sadarwa, da shari'ã. Wannan shi ne yanayin da wakili adireshin da aka yaushe canza, kuma VPN version zauna canzawa tare da kam na wani yankin, wasu fiye da daya inda hananne ne a kan hanya.

The sosai wannan fasaha cewa yayi SSH tashar jiragen ruwa, da aka ɓullo da a 1995 a cikin University of Technology a Finland (SSH-1). A shekarar 1996, inganta da aka kara a cikin nau'i na SSH-2 yarjejeniya, wanda ya quite tartsatsi a cikin post-Soviet sarari, ko da yake wannan, kazalika da a wasu kasashen yammacin kasashen Turai, shi ne wani lokacin dole a samu izinin yin amfani da wannan rami, kuma daga hukumomin gwamnati.

Babban amfani da bude SSH-tashar jiragen ruwa, kamar yadda tsayayya wa Telnet ko rlogin, amfani ne na dijital sa hannu RSA ko DSA (da amfani da wata biyu daga bude da kuma a binne key). Bugu da ƙari kuma, a cikin wannan halin da ake ciki za ka iya amfani da abin da ake kira zaman key dangane Diffie-Hellman algorithm, wanda ya shafi yin amfani da wani fasali boye-boye fitarwa, ko da yake ba hana yin amfani da asymmetric boye-boye lissafi mai tsauri a lokacin watsa bayanai da liyafar da wani inji.

Servers da kuma harsashi

A Windows ko Linux SSH-tashar jiragen ruwa bude ba don haka da wuya. The kawai tambaya ne, abin da irin kayayyakin aiki, don wannan dalili za a yi amfani da.

A wannan yanayi wajibi ne a kula da batun na bayanai watsa da kuma Tantance kalmar sirri. Da fari dai, yarjejeniya da kanta ne isasshe kare da ake kira sniffing, wanda shi ne mafi saba "wiretapping" na zirga-zirga. SSH-1 tabbatar da saurin kai hare-hare. Kutse a cikin aiwatar da canja wurin bayanai, a cikin wani nau'i na makirci na "mutumin a tsakiyar" ya ta da sakamakon. Bayani iya kawai sakonnin da decipher quite na farko. Amma na biyu version (SSH-2) ya kasance rigakafi ga wannan irin tsoma baki, da aka sani da zaman Kame jirgin, godiya ga abin da shi ne mafi m.

Haramta tsaro

Amma ga tsaro a game da daukar kwayar cutar da samu bayanai, kungiyar na sadarwa kafa tare da yin amfani da irin wannan fasaha damar kauce wa wadannan matsaloli:

  • ganewa key wa rundunar a watsa mataki, a lokacin da wani "hoto» yatsa.
  • Support for Windows da kuma UNIX-kamar tsarin.
  • canzawa na IP da kuma DNS adiresoshin (spoofing).
  • intercepting bude da kalmar sirri da zahirin damar yin amfani da bayanan tashar.

A gaskiya, da dukan kungiyar na da irin wannan tsarin da aka gina a kan manufa da "abokin ciniki-uwar garke", da cewa shi ne, na farko mai amfani da kwamfuta ta hanyar wani na musamman shirin ko ƙara-a da kira zuwa ga uwar garke, wanda ya fitar da wani daidai madosa.

murhu

Ba sai an fada ba tare da cewa da aiwatar da dangane da wannan irin a wani musamman direban dole ne a shigar a kan tsarin.

Yawanci, a Windows-tushen tsarin da aka gina a cikin shirin harsashi direban Microsoft Teredo, wanda shi ne wani nau'i ne na rumfa tsẽre wajen IPv6 a networks goyon bayan IPv4 kawai. Rami default adaftan yake aiki. A taron na gazawar hade da shi, za ka iya kawai yin tsarin sake kunnawa ko yi wani kashewa kuma zata sake farawa dokokin daga umurnin na'ura wasan bidiyo. Don kashe irin wannan Lines aka yi amfani:

  • netsh.
  • dubawa teredo sa jiha kashe.
  • dubawa isatap kafa jihar kashe.

Bayan shigar da umurnin kamata zata sake farawa. Don sake taimaka da adaftan da kuma duba matsayi na nakasassu maimakon na kunna rajista yarda, bayan da, a sake, ya kamata zata sake farawa da dukan tsarin.

SSH-uwar garke

Yanzu bari mu ga yadda za a SSH tashar jiragen ruwa da ake amfani da matsayin da zuciyar, fara daga makirci "abokin ciniki-uwar garke". The default mafi yawa ana amfani da 22 minutes tashar jiragen ruwa, amma, kamar yadda aka ambata a sama, za a iya amfani da 443rd. The kawai tambaya a cikin son na uwar garke kanta.

Mafi na kowa SSH-sabobin an dauke su da wadannan:

  • for Windows: Tectia SSH Server, OpenSSH da Cygwin, MobaSSH, KpyM Telnet / SSH Server, WinSSHD, copssh, freeSSHd.
  • domin FreeBSD: OpenSSH.
  • domin Linux: Tectia SSH Server, SSH, openssh-uwar garke, lsh-uwar garke, dropbear.

Duk da sabobin ne free. Duk da haka, za ka iya samu da kuma biya ayyuka da cewa samar da ma fi girma matakan tsaro, wanda yana da muhimmanci ga kungiyar na cibiyar sadarwa damar da bayanai tsaro a Enterprises. A kudin irin wannan ayyuka ba tattauna. Amma a general mu iya cewa shi ne gwada m, ko da a kwatanta da shigarwa na musamman software ko "hardware" Firewall.

SSH-abokin ciniki

Change SSH tashar jiragen ruwa za a iya sanya a kan tushen abokin ciniki shirin ko da ya dace saituna a lokacin da tashar jiragen ruwa isar on your na'ura mai ba da hanya tsakanin hanyoyin sadarwa.

Duk da haka, idan ka taba abokin ciniki harsashi, da wadannan software kayayyakin za a iya amfani da daban-daban tsarin:

  • Windows - SecureCRT, putty \ Kitty, Axessh, ShellGuard, SSHWindows, ZOC, XShell, ProSSHD da dai sauransu...
  • Mac OS X: iTerm2, vSSH, NiftyTelnet SSH.
  • Linux da BSD: lsh-abokin ciniki, kdessh, openssh-abokin ciniki, Vinagre, putty.

Gasktawa dogara ne a kan jama'a key, da kuma canja tashar jiragen ruwa

Yanzu 'yan kalmomi game da yadda da tabbaci da kuma kafa wani uwar garke. A cikin sauki hali, dole ne ka yi amfani da wani sanyi fayil (sshd_config). Duk da haka, za ka iya yi ba tare da shi, misali, a cikin hali na shirye-shirye kamar putty. Change SSH tashar jiragen ruwa daga default darajar (22) zuwa wani ne gaba daya na farko.

Babban abu - don bude tashar jiragen ruwa lambar bai wuce darajar 65535 (mafi girma tashoshin jiragen ruwa kawai ba wanzu a yanayi). Bugu da kari, ya kamata ka kula da wasu bude tashoshin jiragen ruwa da tsoho, wanda za a iya amfani da abokan ciniki kamar MySQL ko FTPD databases. Idan ka saka su ga SSH sanyi, ba shakka, sun kawai daina aiki.

Yana kamata a lura cewa wannan Jabber abokin ciniki dole ne a guje a cikin wannan yanayi ta amfani da SSH-uwar garke, misali, a kan wani mai rumfa na'ura. Kuma mafi uwar garke localhost za bukatar sanya wani darajar 4430 (maimakon 443, kamar yadda aka ambata a sama). Wannan sanyi za a iya amfani da lokacin da damar yin amfani da babban fayil jabber.example.com katange da Tacewar zaɓi.

A daya hannun, da canja wurin da tashoshin jiragen ruwa na iya zama a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta amfani da sanyi na ta dubawa tare da halittar ware ga dokoki. A mafi model shigar ta hanyar shigar da adireshin farko da 192,168 suna goyon bayan da 0.1 ko 1.1, amma magudanar hada damar ADSL-modems kamar Mikrotik, karshen adireshin shafi yin amfani da 88,1.

A wannan yanayin, haifar da wani sabon mulkin, sa'an nan saita dole sigogi, misali, ka shigar da na waje dangane dst-NAT, kazalika da hannu wajabta tashoshin jiragen ruwa ba su a karkashin general saituna kuma a cikin sashe na ayyukan fifiko (Action). Babu wani abu da kuma wahala a nan. Babban abu - don saka da ake bukata dabi'u na saituna kuma saita daidai tashar jiragen ruwa. By tsoho, za ka iya amfani da tashar jiragen ruwa 22, amma idan abokin ciniki yana amfani da wani musamman (wasu daga cikin sama domin daban-daban tsarin), da darajar za a iya canza siddan, amma kawai don haka wannan siga ba ya wuce da ayyana darajar, sama da tashar jiragen ruwa lambobi ne kawai ba samuwa.

A lokacin da ka kafa sadarwa ma ya kamata kula da sigogi na abokin ciniki shirin. Yana yiwuwa kuma cewa a cikin saituna dole saka da m tsawon na key (512), ko da yake tsoho yawanci ana saita 768. Haka ma kyawawa don kafa da timeout shiga zuwa matakin 600 seconds da m damar izni tare da tushen 'yancin. Bayan ake ji wadannan saituna, kana bukatar ka izinin yin amfani da duk Tantance kalmar sirri, da mutuncinsu, wanin wadanda dogara ne a kan yin amfani da .rhost (amma shi wajibi ne kawai don tsarin ma'aikata).

Daga cikin abubuwan, idan sunan mai amfani rajista a cikin tsarin, ba iri daya ba kamar yadda ya gabatar a wannan lokacin, dole ne a kayyade baro-baro ta amfani da mai amfani da SSH master umurnin da gabatarwar ƙarin sigogi (ga wadanda suka fahimci abin da yake a kan gungumen azaba).

Team ~ / .ssh / id_dsa za a iya amfani da canji na key da boye-boye Hanyar (ko RSA). Don ƙirƙirar jama'a key amfani da hira ta amfani da layin ~ / .ssh / identity.pub (amma ba dole ba). Amma, kamar yadda yi nuna, mafi sauki hanyar yin amfani da dokokin kamar SSH-keygen. Ga jigon da batun an rage kawai ga gaskiya, to ƙara key ga samuwa Tantance kayayyakin aiki, (~ / .ssh / authorized_keys).

Amma mun tafi da nisan. Idan ka koma zuwa tashar jiragen ruwa saituna SSH batun, kamar yadda ya bayyana a fili canji SSH tashar jiragen ruwa ne ba don haka da wuya. Duk da haka, a wasu yanayi, suka ce, za su yi gumi, saboda bukatar la'akari duk dabi'u na key sigogi. Sauran sanyi batun tafasa saukar zuwa mashigin wani uwar garken ko abokin ciniki shirin (idan an bayar da farko), ko kuma don amfani tashar jiragen ruwa isar a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Amma har a cikin hali na canji da tashar jiragen ruwa 22, da tsoho, to wannan 443rd, ya kamata a fili gane cewa irin wannan makirci ba ko da yaushe aiki, amma kawai a yanayin saukan installing guda add-a Jabber (sauran analogs iya kunna da su Game da tashoshin jiragen ruwa, Ya bambanta daga tuta). Bugu da kari, musamman hankali ya kamata a ba siga saitin SSH-abokin ciniki, wanda zai kai tsaye hulɗa tare da SSH-uwar garke, idan yana da gaske ya kamata su yi amfani da na yanzu connection.

Amma ga sauran, idan tashar jiragen ruwa isar ba a bayar da farko (ko da yake yana da kyawawa don yin irin wannan ayyuka), saituna kuma zaɓuɓɓuka saboda damar via SSH, ba za ka iya canza. Akwai wani matsaloli a lokacin da samar da wani connection, kuma ta kara yin amfani da, a general, ba a sa ran (sai dai in, ba shakka, ba za a yi amfani da hannu saita sanyi uwar garke-tushen da kuma abokin ciniki). Mafi na kowa ware ga halittar dokoki a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa ba ka damar gyara wani matsaloli ko ƙaurace musu.

Similar articles

 

 

 

 

Trending Now

 

 

 

 

Newest

Copyright © 2018 ha.delachieve.com. Theme powered by WordPress.