I-SSH yokufunda: Izinketho ze-SSH Config File kanye namapharamitha
Esitolimendeni sethu sakamuva ku Ukufunda i-SSH Sibhekana nakho konke Izinketho zomyalo we-SSH namapharamitha yohlelo lwe-OpenSSH, ezitholakalayo uma usebenzisa i ssh umyalo kutheminali. Omunye wabo kwaba "-o inketho", esiyichazayo iyakuvumela sebenzisa izinketho ezichazwe ku- Ifayela lokumisa le-OpenSSH, okungukuthi, ifayela "SSHConfig" (ssh_config).
Ngenxa yalesi sizathu, namuhla sizochaza kafushane ezinye zalezi ongakhetha kukho ku Ifayela lokumisa le-OpenSSH, ukusinika umbono omncane nowusizo walokho esingakwenza lapho senza umyalo wohlobo "ssh -o option...", noma vele ulungiselele yethu iseva yendawo ye-SSH (iklayenti).
I-SSH yokufunda: Izinketho namapharamitha wokucushwa
Futhi njengenjwayelo, ngaphambi kokungena esihlokweni sanamuhla mayelana nezinketho namapharamitha atholakala kufayela VulaSSH "SSH Config" (ssh_config), sizoshiya kulabo abathanda izixhumanisi ezilandelayo kwabanye okuthunyelwe kwangaphambilini okuhlobene:
Izinketho zefayela lokulungisa le-SSH namapharamitha (ssh_config)
Liyini ifayela le-SSH Config (ssh_config) le-OpenSSH?
I-OpenSSH inamafayela okumisa angu-2. omunye wabiza ssh_config yokucushwa kwe iphakethe leklayenti nolunye ucingo sshd_config for the iphakethe leseva, zombili zitholakala endleleni elandelayo noma uhla lwemibhalo: /etc/ssh.
Ngakho-ke, lapho usebenza ku- ifayela lokumisa "SSH Config" (ssh_config) Sicabanga ukuthi sizobe sisebenza kukhompyutha ezosebenza njengendawo yokusebenzela yohlobo lweklayenti, okungukuthi, ezokwenza Ukuxhumana kwe-SSH eqenjini elilodwa noma amaningi Amaseva ane-SSH.
Uhlu lwezinketho ezikhona namapharamitha
Ngezansi ezinye zezinketho noma amapharamitha akhona ngaphakathi kwe ifayela lokumisa "SSH Config" (ssh_config), eziningi zazo ezingasetshenziswa ngaphakathi komyalo ofana "ssh -o option...".
umphathi/umdlalo
Le nketho noma ipharamitha ibonisa ngaphakathi kwefayela lokumisa leklayenti le-SSH (ssh_config) ukuthi izimemezelo ezilandelayo (kufika ku-Host noma inketho yokufanisa noma ipharamitha) zikhawulelwe kubonisiwe), ukuze kube okwalabo kuphela abasingathi abafana nephethini eyodwa enikezwe ngemva kwegama elingukhiye.
Okusho ukuthi, lokhu inketho isebenza njengesihlukanisi sesigaba ngaphakathi kwefayela, njengenketho yokufanisa. Ngakho-ke, zombili zingaphindwa izikhathi eziningi kufayela. setting. Futhi amanani ayo, angaba uhlu lwamaphethini, olunquma ukuthi yiziphi izinketho ezilandelayo zokukhetha kusebenza ekuxhumekeni okwenziwe kubasingathi okukhulunywa ngabo.
Inani * kusho ukuthi "bonke izivakashi”, ngenkathi iku-Match inani elithi “konke” lenza okufanayo. Futhi, uma iphethini engaphezu kweyodwa inikezwe, kufanele ihlukaniswe ngendawo emhlophe. Okokufaka kwephethini kungase kuhoxiswe ngokufaka isiqalo ngophawu lwesibabazo ('!'), ukuze okufanayo okunganakiyo kube usizo ekuhlinzekeni okuhlukile kokufanayo kwekhadi lasendle.
AddressFamily
Ikuvumela ukuthi ucacise ukuthi yiluphi uhlobo (umndeni) wamakheli ongawasebenzisa lapho uxhuma. Izimpikiswano ezivumelekile yilezi: noma yikuphi (okuzenzakalelayo), i-inet (sebenzisa i-IPv4 kuphela), noma i-inet6 (sebenzisa i-IPv6 kuphela).
I-BatchMode
Ikuvumela ukuthi ukhubaze ukwaziswa kwephasiwedi futhi usongethe iziyalezo zokuqinisekisa zokhiye ekuhlanganyeleni komsebenzisi, uma usetha impikiswano ethi "yebo" noma inani. Le nketho iwusizo emibhalweni nakweminye imisebenzi yeqoqo lapho kungekho msebenzisi okhona ukuze ahlanganyele ne-SSH. Ukuphikisana kufanele kube "yebo" noma "cha", lapho "cha" kuyinani elizenzakalelayo.
Le pharamitha ikuvumela ukuthi ucacise ukuthi i-SSH kufanele inqamule yini uxhumano, uma ingakwazi ukumisa konke okuceliwe kokudlulisela phambili okuguquguqukayo, umhubhe, kwendawo, kanye nembobo ekude.
I-ForwardAgent
Le pharamitha ikuvumela ukuthi ucacise ukuthi ingabe uxhumano kumenzeli wokuqinisekisa (uma lukhona) luzodluliselwa emshinini wesilawuli kude. I-agumenti ingaba ngu-"yebo", njengoba u-"cha" engokwakhona, futhi ukudluliselwa komenzeli kufanele kunikwe amandla ngokuqapha. Njengoba, abasebenzisi abanekhono lokudlula izimvume zefayela kumsingathi wesilawuli kude bangakwazi ukufinyelela umenzeli wendawo ngoxhumano oludluliselwe phambili.
I-ForwardX11
Lapha kuyacaciswa ukuthi ukuxhumeka kwe-X11 kuzoqondiswa kabusha ngokuzenzakalelayo yini ngesiteshi esivikelekile kanye nesethi ye-DISPLAY. Impikiswano ingaba "yebo", njengoba "cha" kuyinani elizenzakalelayo.
PhambiliX11Thembekile
Lapha usethe ukuthi yebo yimaphi amaklayenti e-X11 akude azokwazi ukufinyelela okugcwele kusibonisi sangempela se-X11. Okungukuthi, Uma le nketho isethelwe kokuthi "yebo", amaklayenti e-X11 akude azokwazi ukufinyelela okugcwele kusikrini sokuqala se-X11. Ngenkathi, yebongibekwe ukuthi cha (okuzenzakalelayo), amaklayenti e-X11 akude azobhekwa njengangathembekile futhi azovinjelwa ekwebeni noma ekuphazamiseni idatha yamaklayenti athembekile e-X11.
I-HashKnownHosts
Isetshenziselwa ukutshela i-SSH ukuthi ithole amagama osokhaya kanye namakheli lapho engezwa kokuthi ~/.ssh/known_hosts. Ukuze lawa magama abethelwe asetshenziswe ngokujwayelekile nge-ssh ne-sshd, kodwa ngaphandle kokuveza ulwazi oluhlonzayo, uma kwenzeka okuqukethwe kwefayela kudalulwa.
GSSAPIAuthentication
Isetshenziselwa ukucacisa ngaphakathi kwe-SSH, ukuthi ukuqinisekiswa komsebenzisi okususelwe ku-GSSAPI kuvunyelwe yini. I-GSSAPI ivamise ukusetshenziselwa ukuqinisekiswa kwe-Kerberos, isibonelo nge-Active Directory.
SendEnv
Isetshenziselwa ukucacisa ukuthi yikuphi okuguquguqukayo kwendawo yendawo okufanele kuthunyelwe kuseva. Ukwenza lokhu kusebenze kahle, iseva kufanele futhi iyisekele, futhi ilungiselelwe ukwamukela lezi ziguquguqukayo zemvelo. Okuguquguqukayo kucaciswe ngamagama, okungaqukatha izinhlamvu ze-wildcard. Futhi, okuguquguqukayo okuningana kwemvelo kungahlukaniswa ngesikhala esimhlophe noma kusatshalaliswe kokumbalwa iziqondiso zalolu hlobo (SendEnv).
Ulwazi oluningi
Futhi kulesi sitolimende sesine, ukuze nwebisa lolu lwazi futhi ufunde ngayinye yezinketho kanye nemingcele etholakalayo ngaphakathi kwe ifayela lokumisa "SSH Config" (ssh_config)Sincoma ukuthi uhlole izixhumanisi ezilandelayo: Ifayela lokumisa le-SSH leklayenti le-OpenSSH y Imanyuwali esemthethweni ye-OpenSSH, ngesiNgisi. Futhi njengasezitolimendeni ezintathu ezedlule, hlola okulandelayo okuqukethwe okusemthethweni futhi enokwethenjelwa ku-inthanethi mayelana I-SSH ne-OpenSSH:
- I-Debian Wiki
- Imanuwali Yomlawuli We-Debian: Ukungena Okukude / I-SSH
- I-Debian Security Handbook: Isahluko 5. Ukuvikela izinsiza ezisebenza kusistimu yakho
Isifingqo
Ngamafuphi, lesi sitolimende esisha sivuliwe "Ukufunda i-SSH" ngokuqinisekile okuqukethwe okuyincazelo kuzoba ukuphelelisa okukhulu kokushicilelwe kwangaphambilini ihlobene ne-OpenSSH. Ngaleyo ndlela, ukwenza ukuxhumana okukude okungcono nokuyinkimbinkimbi. futhi ugijime izilungiselelo ezivikeleke kakhulu nezithembekile, kusetshenziswa iphrothokholi yokuxhumana ekude nevikelekile.
Uma ukuthandile lokhu okuthunyelwe, qiniseka ukuthi uyaphawula ngakho futhi wabelane ngakho nabanye. Futhi khumbula, vakashela yethu «ikhasi lasekhaya» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux, ENtshonalanga iqembu ukuze uthole ulwazi olwengeziwe ngesihloko sanamuhla.