User Tools
сервис_ssh
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
сервис_ssh [2021/03/09 10:35] val [Аутентификация с использованием протокола GSSAPI] |
сервис_ssh [2024/05/15 13:02] val [Использование SSH Chroot] |
||
|---|---|---|---|
| Line 10: | Line 10: | ||
| ==== Windows ==== | ==== Windows ==== | ||
| + | === PuTTY === | ||
| * [[http://www.putty.org/|PuTTY]] | * [[http://www.putty.org/|PuTTY]] | ||
| - | * [[http://val.bmstu.ru/unix/SSH/putty-settings.zip]] | + | * [[https://the.earth.li/~sgtatham/putty/latest/w64/]] |
| + | * [[http://val.bmstu.ru/unix/SSH/putty-64bit-0.76-installer.msi]] | ||
| <code> | <code> | ||
| Line 18: | Line 20: | ||
| HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys | HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys | ||
| </code> | </code> | ||
| + | |||
| + | === MobaXterm === | ||
| + | |||
| + | * [[https://mobaxterm.mobatek.net/|MobaXterm]] | ||
| + | * [[https://bbs.archlinux.org/viewtopic.php?id=174595|Weird characters while pasting in terminal]] | ||
| + | <code> | ||
| + | printf "\e[?2004l" | ||
| + | </code> | ||
| + | |||
| + | === WinSCP === | ||
| * [[https://winscp.net/eng/docs/lang:ru|WinSCP]] | * [[https://winscp.net/eng/docs/lang:ru|WinSCP]] | ||
| - | * [[http://val.bmstu.ru/unix/SSH/winscp433setup.exe]] | + | * [[http://val.bmstu.ru/unix/SSH/WinSCP-5.19.2-Setup.exe]] |
| ==== Ubuntu/Debian ==== | ==== Ubuntu/Debian ==== | ||
| <code> | <code> | ||
| Line 28: | Line 40: | ||
| ===== Настройка ssh сервера ===== | ===== Настройка ssh сервера ===== | ||
| <code> | <code> | ||
| - | gate# cat /etc/ssh/sshd_config | + | gate# cat /etc/ssh/sshd_config.d/my.conf |
| </code><code> | </code><code> | ||
| - | ... | ||
| Port 2222 | Port 2222 | ||
| - | ... | + | |
| DenyUsers "user*" | DenyUsers "user*" | ||
| - | ... | + | |
| PermitRootLogin yes | PermitRootLogin yes | ||
| - | ... | + | |
| + | #KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 | ||
| + | #HostkeyAlgorithms +ssh-dss,ssh-rsa | ||
| </code> | </code> | ||
| Line 50: | Line 63: | ||
| ===== Настройка ssh клиента ===== | ===== Настройка ssh клиента ===== | ||
| + | |||
| + | * [[Утилита corkscrew]] | ||
| + | |||
| <code> | <code> | ||
| + | $ sftp -P 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user3@localhost | ||
| + | |||
| $ mkdir .ssh/ | $ mkdir .ssh/ | ||
| - | $ cat .ssh/config | + | $ cat ~/.ssh/config |
| </code><code> | </code><code> | ||
| Host * | Host * | ||
| ServerAliveInterval 10 | ServerAliveInterval 10 | ||
| - | #Host server2* | + | #Host gitlab* |
| # Port 2222 | # Port 2222 | ||
| - | # User backup | + | ## User root |
| - | #Host 172.16.1.* 192.168.*.* *.corpX.un | + | #Host switch* 192.168.X.5* |
| + | # KexAlgorithms +diffie-hellman-group1-sha1 | ||
| + | # Ciphers +aes128-cbc | ||
| # UserKnownHostsFile=/dev/null | # UserKnownHostsFile=/dev/null | ||
| # StrictHostKeyChecking=no | # StrictHostKeyChecking=no | ||
| + | # LogLevel ERROR | ||
| - | #Host switch* 192.168.X.3 192.168.X.4 192.168.X.5 | + | ### HostKeyAlgorithms +ssh-rsa |
| - | # KexAlgorithms +diffie-hellman-group1-sha1 | + | ### PubkeyAcceptedKeyTypes +ssh-rsa |
| - | # Ciphers +aes128-cbc | + | |
| </code> | </code> | ||
| Line 88: | Line 108: | ||
| student@hostX$ cd /; sudo tar -cf - etc/ | ssh -l user1 gate "cat > etc.tar" | student@hostX$ cd /; sudo tar -cf - etc/ | ssh -l user1 gate "cat > etc.tar" | ||
| - | server# ssh switch "show cdp neighbors" | + | server# ssh switch1 "show cdp neighbors" |
| </code> | </code> | ||
| ==== SSH вместо RCP (SCP) ==== | ==== SSH вместо RCP (SCP) ==== | ||
| + | ==== SCP ==== | ||
| <code> | <code> | ||
| - | $ scp -P 2222 val@radio.specialist.ru:/usr/local/www/apache22/data/unijava/jre-8u211-windows-x64.exe . | + | $ scp -P 2222 val@radio.specialist.ru:/usr/local/www/apache22/data/unix/virus.zip . |
| server# scp switchN:running-config /srv/tftp/switchN-running-config | server# scp switchN:running-config /srv/tftp/switchN-running-config | ||
| server# sshpass -p cisco scp switchN:running-config /srv/tftp/switchN-running-config | server# sshpass -p cisco scp switchN:running-config /srv/tftp/switchN-running-config | ||
| + | |||
| + | server# scp -3 192.168.X.101:/etc/docker/daemon.json gate:/etc/docker/daemon.json | ||
| </code> | </code> | ||
| Line 105: | Line 128: | ||
| <code> | <code> | ||
| - | www# cat /etc/ssh/sshd_config | + | # cat /etc/ssh/sshd_config |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 112: | Line 135: | ||
| ... | ... | ||
| Match group user1 | Match group user1 | ||
| + | #Match group group1 | ||
| ChrootDirectory %h | ChrootDirectory %h | ||
| ForceCommand internal-sftp | ForceCommand internal-sftp | ||
| </code><code> | </code><code> | ||
| - | www# chown root ~user1/ | + | # chown root ~user1/ |
| - | www# mkdir ~user1/public_html | + | # mkdir ~user1/public_html && chown user1:user1 ~user1/public_html/ |
| - | www# chown -R user1:user1 ~user1/public_html/ | + | # mkdir ~user1/mail && chown user1:user1 ~user1/mail/ |
| </code> | </code> | ||
| Line 162: | Line 186: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | lan# ssh -N -R 2222:localhost:22 user1@server.corpX.un | + | # cat /proc/sys/net/ipv4/ip_local_port_range |
| + | или | ||
| + | # sysctl net.ipv4.ip_local_port_range | ||
| - | lan# ssh -N -R 3101:192.168.100+X.101:3389 user1@server.corpX.un | + | lan# ssh -N -R 61022:localhost:22 -o ServerAliveInterval=60 student@server.corpX.un |
| + | |||
| + | lan# ssh -N -R 61389:192.168.100+X.1NN:3389 student@server.corpX.un | ||
| + | |||
| + | mobaxterm> ssh -N -R 61389:localhost:3389 student@server.corpX.un | ||
| + | |||
| + | mobaxterm> ssh -N -R 0:localhost:5500 student@server.corpX.un | ||
| </code> | </code> | ||
| Line 178: | Line 210: | ||
| </code> | </code> | ||
| + | ==== Управление доступом на основе членства в группе ==== | ||
| + | |||
| + | Пример использования отдельного файла конфигурации | ||
| + | |||
| + | <code> | ||
| + | gate# cat /etc/ssh/sshd_config.d/my.conf | ||
| + | </code><code> | ||
| + | #AllowGroups sudo | ||
| + | |||
| + | #DenyGroups group1 group2 | ||
| + | </code> | ||
| ==== Запрет Forwarding портов ==== | ==== Запрет Forwarding портов ==== | ||
| Line 193: | Line 236: | ||
| <code> | <code> | ||
| - | node1:~# cat .ssh/config | + | node1:~# cat ~/.ssh/config |
| </code><code> | </code><code> | ||
| Host * | Host * | ||
| Line 214: | Line 257: | ||
| ==== Парольная аутентификация ==== | ==== Парольная аутентификация ==== | ||
| <code> | <code> | ||
| - | [gate.isp.un:~] # apt install sshpass | + | server# apt install sshpass |
| - | [gate.isp.un:~] # sshpass -p '123' ssh 172.16.1.13 | + | server# sshpass -p 'strongpassword' ssh vagrant@node1 |
| server# sshpass -p cisco ssh switchN | server# sshpass -p cisco ssh switchN | ||
| Line 227: | Line 270: | ||
| === Настройка sshd на использование ключей === | === Настройка sshd на использование ключей === | ||
| <code> | <code> | ||
| - | gate# cat /etc/ssh/sshd_config | + | gate# less /etc/ssh/sshd_config |
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | PubkeyAuthentication yes | + | #PubkeyAuthentication yes |
| #AuthorizedKeysFile %h/.ssh/authorized_keys | #AuthorizedKeysFile %h/.ssh/authorized_keys | ||
| ... | ... | ||
| Line 348: | Line 391: | ||
| C:\>pscp gatehost.keytab gate: | C:\>pscp gatehost.keytab gate: | ||
| + | </code> | ||
| + | |||
| + | == Samba4 == | ||
| + | <code> | ||
| + | server# samba-tool user create gatehost | ||
| + | |||
| + | server# samba-tool user setexpiry gatehost --noexpiry | ||
| + | |||
| + | server# samba-tool spn add host/gate.corpX.un gatehost | ||
| + | |||
| + | server# samba-tool spn list gatehost | ||
| + | |||
| + | server# samba-tool domain exportkeytab gatehost.keytab --principal=host/gate.corpX.un | ||
| </code> | </code> | ||
| Line 384: | Line 440: | ||
| === Настройка unix клиента ssh на использование GSSAPI === | === Настройка unix клиента ssh на использование GSSAPI === | ||
| <code> | <code> | ||
| - | client1# cat /etc/ssh/ssh_config | + | client1# less /etc/ssh/ssh_config |
| </code><code> | </code><code> | ||
| ... | ... | ||
сервис_ssh.txt · Last modified: 2024/06/19 12:22 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
