Machibido onye ọrụ SSH ịnweta ụfọdụ ndekọ site na iji ụlọ mkpọrọ chrooted
Enwere ọtụtụ ihe kpatara igbochi nnọkọ onye ọrụ SSH na otu ndekọ aha, ọkachasị na sava weebụ, mana nke doro anya bụ nchekwa sistemụ. Iji kpọchie ndị ọrụ SSH n'otu akwụkwọ ndekọ aha, anyị nwere ike iji usoro chroot.
gbanwee mgbọrọgwụ (chroot) na usoro Unix dị ka Linux, bụ ụzọ isi kewaa ọrụ ndị ọrụ kpọmkwem na usoro Linux ndị ọzọ; na-agbanwe akwụkwọ ndekọ mgbọrọgwụ pụtara ìhè maka usoro onye ọrụ na-agba ọsọ ugbu a yana usoro nwa ya nwere akwụkwọ ndekọ mgbọrọgwụ ọhụrụ akpọrọ jail chrooted.
N'ime nkuzi a, anyị ga-egosi gị otu esi egbochi onye ọrụ SSH ịnweta akwụkwọ ndekọ aha enyere na Linux. Rịba ama na anyị ga-agba ọsọ iwu niile dị ka mgbọrọgwụ, jiri iwu sudo ma ọ bụrụ na ịbanye na nkesa dị ka onye ọrụ nkịtị.
Kwụpụ 1: Mepụta SSH Chroot Jail
1. Malite site na ịmepụta ụlọ mkpọrọ chroot site na iji iwu mkdir dị n'okpuru:
# mkdir -p /home/test
2. Na-esote, chọpụta faịlụ ndị achọrọ, dị ka ibe sshd_config man si dị, nhọrọ ChrootDirectory na-akọwapụta aha akwụkwọ ndekọ aha ka chroot na mgbe nyochachara ya. Akwụkwọ ndekọ aha ga-enwerịrị faịlụ na akwụkwọ ndekọ aha dị mkpa iji kwado nnọkọ onye ọrụ.
Maka nnọkọ mmekọrịta, nke a na-achọ opekata mpe shei, nke na-abụkarị sh, yana ọnụ /dev ndị dị ka null, zero, stdin, stdout, stderr, na tty ngwaọrụ:
# ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty}
3. Ugbu a, mepụta faịlụ /dev dị ka ndị a site na iji iwu mknod. N'iwu dị n'okpuru ebe a, a na-eji ọkọlọtọ -m akọwapụta ibe ikike ikike faịlụ, c pụtara faịlụ agwa na ọnụọgụ abụọ bụ nnukwu na obere ọnụọgụ faịlụ na-atụ aka na ya. .
# mkdir -p /home/test/dev/ # cd /home/test/dev/ # mknod -m 666 null c 1 3 # mknod -m 666 tty c 5 0 # mknod -m 666 zero c 1 5 # mknod -m 666 random c 1 8
4. Emechaa, tọọ ikike kwesịrị ekwesị n'ụlọ nga chroot. Rịba ama na ụlọ mkpọrọ chroot na akwụkwọ ndekọ aha ya na obere faịlụ ga-abụrịrị nke onye ọrụ mgbọrọgwụ, ọ bụghịkwa onye ọrụ ma ọ bụ otu ọ bụla nwere ike dee ya:
# chown root:root /home/test # chmod 0755 /home/test # ls -ld /home/test
Kwụpụ 2: Mepụta Shell Interactive maka SSH Chroot Jail
5. Mbụ, mepụta ndekọ bin wee detuo faịlụ /bin/bash n'ime ndekọ bin dị ka ndị a:
# mkdir -p /home/test/bin # cp -v /bin/bash /home/test/bin/
6. Ugbu a, chọpụta bash chọrọ ịkekọrịta libs, dị ka n'okpuru ma detuo ha na ndekọ lib:
# ldd /bin/bash
# mkdir -p /home/test/lib64
# cp -v /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/test/lib64/
Kwụpụ 3: Mepụta ma hazie onye ọrụ SSH
7. Ugbu a, mepụta onye ọrụ SSH na iwu useradd wee tọọ paswọọdụ echekwara maka onye ọrụ:
# useradd tecmint # passwd tecmint
8. Mepụta ndekọ ndekọ aha nhazi ụlọ mkpọrọ chroot, /home/test/etc wee detuo faịlụ akaụntụ emelitere (/etc/passwd na /etc/group) n'ime ndekọ a dị ka ndị a:
# mkdir /home/test/etc
# cp -vf /etc/{passwd,group} /home/test/etc/
Mara: Oge ọ bụla ị gbakwunyere ndị ọrụ SSH na sistemụ ahụ, ị ga-achọ idetu faịlụ akaụntụ emelitere n'ime ndekọ /home/ule/etc ndekọ.
Kwụpụ 4: Hazie SSH ka ọ jiri Chroot Jail
9. Ugbu a, mepee faịlụ sshd_config.
# vi /etc/ssh/sshd_config
ma tinye/gbanwee ahịrị dị n'okpuru na faịlụ ahụ.
#define username to apply chroot jail to Match User tecmint #specify chroot jail ChrootDirectory /home/test
Chekwaa faịlụ ahụ wee pụọ, wee malitegharịa ọrụ SSHD:
# systemctl restart sshd OR # service sshd restart
Kwụpụ 5: Jiri Chroot Jail nwale SSH
10. N'ebe a, nwalee ma ọ bụrụ na nhazi ụlọ mkpọrọ chroot na-arụ ọrụ dịka a tụrụ anya:
# ssh [email -bash-4.1$ ls -bash-4.1$ date -bash-4.1$ uname
Site na nseta ihuenyo dị n'elu, anyị nwere ike ịhụ na akpọchiri onye ọrụ SSH n'ụlọ nga chrooted, na enweghị ike ịme iwu mpụga ọ bụla (ls, ụbọchị, enweghị aha wdg).
Onye ọrụ nwere ike ime naanị bash na iwu arụnyere ya dị ka (pwd, akụkọ ihe mere eme, echo wdg) dị ka a hụrụ n'okpuru:
# ssh [email -bash-4.1$ pwd -bash-4.1$ echo "Tecmint - Fastest Growing Linux Site" -bash-4.1$ history
Kwụpụ 6. Mepụta ndekọ ụlọ onye ọrụ SSH wee tinye iwu Linux
11. Site na nzọụkwụ gara aga, anyị nwere ike ịhụ na a na-akpọchi onye ọrụ na ndekọ mgbọrọgwụ, anyị nwere ike ịmepụta ndekọ ụlọ maka onye ọrụ SSH dị ka ya (mee nke a maka ndị ọrụ niile n'ọdịnihu):
# mkdir -p /home/test/home/tecmint # chown -R tecmint:tecmint /home/test/home/tecmint # chmod -R 0700 /home/test/home/tecmint
12. Ọzọ, tinye iwu onye ọrụ ole na ole dị ka ls, date, mkdir na bin ndekọ:
# cp -v /bin/ls /home/test/bin/ # cp -v /bin/date /home/test/bin/ # cp -v /bin/mkdir /home/test/bin/
13. Na-esote, lelee ọba akwụkwọ nkekọrịta maka iwu ndị dị n'elu wee buba ha n'ime akwụkwọ ndekọ aha ụlọ akwụkwọ nga chrooted:
# ldd /bin/ls
# cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} /home/test/lib64/
Nzọụkwụ 7. Nyochaa SFTP na Chroot Jail
14. Mee ule ikpeazụ site na iji sftp; lelee ma iwu ndị ị rụnyere na-arụ ọrụ.
Tinye ahịrị dị n'okpuru na faịlụ /etc/ssh/sshd_config:
#Enable sftp to chrooted jail ForceCommand internal-sftp
Chekwaa faịlụ wee pụọ. Mgbe ahụ malitegharịa ọrụ SSDHD:
# systemctl restart sshd OR # service sshd restart
15. Ugbu a, nwalee iji SSH, ị ga-enweta njehie na-esonụ:
# ssh [email
Gbalịa iji SFTP dị ka ndị a:
# sftp [email
Ọ bụ ya ugbu a!. N'edemede a, anyị gosiri gị otu esi amachibido onye ọrụ SSH na akwụkwọ ndekọ aha (chrooted jail) na Linux. Jiri ngalaba nkọwa n'okpuru nye anyị echiche gị gbasara ntuziaka a.