Usoro RHCSA: Ichekwa SSH, Tọọ aha nnabata na inye ọrụ netwọk ike - Nkebi 8
Dịka onye na-ahụ maka sistemụ, ị ga-abanyerịrị na sistemụ dịpụrụ adịpụ iji rụọ ọrụ nchịkwa dị iche iche site na iji emulator ọdụ. Ị ga-anọkebe n'ihu a n'ezie (anụ ahụ) ọnụ ọnụ, n'ihi ya, ị chọrọ guzobe ụzọ abanye remotely na igwe na a ga-agwa gị ka jikwaa.
N'ezie, nke ahụ nwere ike ịbụ ihe ikpeazụ ị ga-eme n'ihu ọnụ ụlọ anụ ahụ. Maka ebumnuche nchekwa, iji Telnet maka ebumnuche a abụghị ezigbo echiche, ebe okporo ụzọ niile na-aga na waya na ederede edoghị anya.
Na mgbakwunye, n'isiokwu a, anyị ga-enyochakwa otu esi ahazi ọrụ netwọk ka ịmalite na-akpaghị aka na buut ma mụta ka esi edozi netwọk na mkpebi aha nnabata statically ma ọ bụ dynamically.
Ịwụnye na Chekwaa Nkwukọrịta SSH
Ka ị nwee ike ịbanye na igbe RHEL 7 site na iji SSH, ị ga-etinyerịrị ngwugwu openssh, openssh-clients na openssh-servers. Iwu a na-esote ọ bụghị naanị ga-arụnye mmemme nbanye dịpụrụ adịpụ, kamakwa ngwa mbufe faịlụ echekwara, yana akụrụngwa oyiri faịlụ dịpụrụ adịpụ:
# yum update && yum install openssh openssh-clients openssh-servers
Rịba ama na ọ bụ ezi echiche ịwụnye ndị mmekọ ihe nkesa dịka ị nwere ike iji otu igwe dịka ma ndị ahịa na ihe nkesa n'oge ụfọdụ ma ọ bụ ọzọ.
Mgbe echichi gasịrị, enwere ihe ole na ole ị kwesịrị iburu n'uche ma ọ bụrụ na ịchọrọ ịchekwa ohere dịpụrụ adịpụ na sava SSH gị. Ntọala ndị a kwesịrị ịdị na faịlụ /etc/ssh/sshd_config faịlụ.
1. Gbanwee ọdụ ụgbọ mmiri ebe sshd daemon ga-ege ntị site na 22 (ọnụahịa ndabara) gaa n'ọdụ ụgbọ mmiri dị elu (2000 ma ọ bụ karịa), ma buru ụzọ hụ na a naghị eji ọdụ ụgbọ mmiri ahọrọ.
Dịka ọmụmaatụ, ka anyị were ya na ịhọrọ ọdụ ụgbọ mmiri 2500. Jiri netstat chọpụta ma a na-eji ọdụ ụgbọ mmiri ahọpụtara ma ọ bụ na ejighi:
# netstat -npltu | grep 2500
Ọ bụrụ na netstat alaghachighị ihe ọ bụla, ị nwere ike iji ọdụ ụgbọ mmiri 2500 n'enweghị nsogbu maka sshd, ma ị ga-agbanwe ntọala Port na faịlụ nhazi dị ka ndị a:
Port 2500
2. Naanị kwe ka protocol 2:
Protocol 2
3. Hazie oge nkwenye ka ọ bụrụ nkeji 2, ekwela ka ntinye mgbọrọgwụ, machibido na opekempe ndepụta nke ndị ọrụ na-ekwe ka ịbanye site na ssh:
LoginGraceTime 2m PermitRootLogin no AllowUsers gacanepa
4. Ọ bụrụ na ọ ga-ekwe omume, jiri igodo dabere na njirimara paswọọdụ:
PasswordAuthentication no RSAAuthentication yes PubkeyAuthentication yes
Nke a na-eche na i jirila aha njirimara gị mepụta otu igodo igodo n'igwe ndị ahịa gị wee depụta ya na nkesa gị dịka akọwara ebe a.
- Kwado nbanye SSH enweghị mbanye
Ịhazi netwọkụ na mkpebi aha
1. Onye ọ bụla na-ahụ maka sistemụ kwesịrị ịma nke ọma na faịlụ nhazi sistemụ na-esonụ:
- /etc/hosts na-eji dozie aha <---> IP na obere netwọk.
Ahịrị ọ bụla dị na faịlụ /etc/hosts nwere usoro a:
IP address - Hostname - FQDN
Ọmụmaatụ,
192.168.0.10 laptop laptop.gabrielcanepa.com.ar
2.
N'okpuru ọnọdụ nkịtị, ịkwesighi idezi faịlụ a ka sistemụ na-ejikwa ya. Agbanyeghị, ọ bụrụ na ịchọrọ ịgbanwe sava DNS, a dụrụ gị ọdụ na ịkwesịrị ịrapara n'usoro a n'ahịrị ọ bụla:
nameserver - IP address
Ọmụmaatụ,
nameserver 8.8.8.8
3. 3. /etc/host.conf na-akọwapụta usoro na usoro a na-esi edozi aha nnabata n'ime netwọkụ. N'ikwu ya n'ụzọ ọzọ, na-agwa onye na-edozi aha ọrụ ọ ga-eji, yana n'usoro.
Ọ bụ ezie na faịlụ a nwere ọtụtụ nhọrọ, nhazi kachasị na nke bụ isi gụnyere ahịrị dị ka ndị a:
order bind,hosts
Nke na-egosi na onye nbibi kwesịrị ibu ụzọ lelee aha aha nke akọwapụtara na resolv.conf wee gaa na faịlụ /etc/hosts maka mkpebi aha.
4. /etc/sysconfig/network nwere ozi ntugharị na ozi nnabata zuru ụwa ọnụ maka oghere netwọkụ niile. Enwere ike iji ụkpụrụ ndị a:
NETWORKING=yes|no HOSTNAME=value
Ebe uru kwesịrị ịbụ aha ngalaba ruru eru zuru oke (FQDN).
GATEWAY=XXX.XXX.XXX.XXX
Ebe XXX.XXX.XXX.XXX bụ adreesị IP nke ọnụ ụzọ netwọkụ.
GATEWAYDEV=value
N'ime igwe nwere ọtụtụ NIC, uru bụ ngwaọrụ ọnụ ụzọ ámá, dị ka enp0s3.
5. Faịlụ n'ime
N'ime ndekọ aha a kpọtụrụ aha na mbụ, ị ga-ahụ ọtụtụ faịlụ ederede dị larịị aha.
ifcfg-name
Ebe aha bụ aha NIC dị ka ihe ngosi ip njikọ weghachiri:
Ọmụmaatụ:
Ndị ọzọ karịa maka loopback interface, ị nwere ike ịtụ anya nhazi nhazi maka NIC gị. Rịba ama na ụfọdụ mgbanwe, ma ọ bụrụ na edobere ya, ga-ewepụ ndị dị na /etc/sysconfig/network maka otu interface a. Ekwuru ahịrị ọ bụla maka nkọwa n'ime akụkọ a mana n'ime faịlụ ahụ ị ga-ezere ikwu okwu:
HWADDR=08:00:27:4E:59:37 # The MAC address of the NIC TYPE=Ethernet # Type of connection BOOTPROTO=static # This indicates that this NIC has been assigned a static IP. If this variable was set to dhcp, the NIC will be assigned an IP address by a DHCP server and thus the next two lines should not be present in that case. IPADDR=192.168.0.18 NETMASK=255.255.255.0 GATEWAY=192.168.0.1 NM_CONTROLLED=no # Should be added to the Ethernet interface to prevent NetworkManager from changing the file. NAME=enp0s3 UUID=14033805-98ef-4049-bc7b-d4bea76ed2eb ONBOOT=yes # The operating system should bring up this NIC during boot
Ịtọ aha ndị ọbịa
Na Red Hat Enterprise Linux 7, a na-eji iwu hostnamectl mee ajụjụ abụọ ma tọọ aha nnabata nke sistemụ.
Iji gosi aha nnabata ugbu a, pịnye:
# hostnamectl status
Ka ịgbanwee aha nnabata, jiri
# hostnamectl set-hostname [new hostname]
Ọmụmaatụ,
# hostnamectl set-hostname cinderella
Maka mgbanwe ndị a ga-arụ ọrụ, ị ga-achọ ịmalitegharị daemon a na-akpọ aha ya (nke ahụ ị gaghị abanye ugboro ugboro iji tinye mgbanwe ahụ):
# systemctl restart systemd-hostnamed
Na mgbakwunye, RHEL 7 tinyekwara uru nmcli nke enwere ike iji maka otu ebumnuche. Iji gosi aha nnabata, gbaa ọsọ:
# nmcli general hostname
na ịgbanwe ya:
# nmcli general hostname [new hostname]
Ọmụmaatụ,
# nmcli general hostname rhel7
Ịmalite ọrụ netwọk na buut
Iji mechie, ka anyị hụ otú anyị nwere ike isi hụ na ọrụ netwọk malitere na-akpaghị aka na buut. N'okwu dị mfe, a na-eme nke a site na ịmepụta symlinks na faịlụ ụfọdụ akọwapụtara na ngalaba [Wụnye] nke faịlụ nhazi ọrụ.
N'ihe banyere firewalld (/usr/lib/systemd/system/firewalld.service):
[Install] WantedBy=basic.target Alias=dbus-org.fedoraproject.FirewallD1.service
Iji mee ka ọrụ ahụ nwee ike:
# systemctl enable firewalld
N'aka nke ọzọ, iwepu firewalld nwere ikike iwepu symlinks:
# systemctl disable firewalld
Mmechi
N'isiokwu a, anyị achịkọtala otu esi etinye ma chekwaa njikọ site na SSH na ihe nkesa RHEL, otu esi agbanwe aha ya, na n'ikpeazụ ka esi hụ na ọrụ netwọk malitere na buut. Ọ bụrụ na ị chọpụta na otu ọrụ amalitebeghị nke ọma, ịnwere ike iji systemctl status -l [ọrụ] na journalctl -xn iji dozie ya.
Enwere onwe gị ime ka anyị mara ihe ị chere gbasara akụkọ a site na iji ụdị nkọwa n'okpuru. A na-anabatakwa ajụjụ. Anyị na-atụ anya ịnụ gị!