Otu esi etinye OpenSSH 8.0 Server site na isi iyi na Linux

OpenSSH bụ isi iyi mepere emepe, yana mmejuputa iwu SSH 2.0. Ọ na-enye ọtụtụ ngwaọrụ maka ịnweta na ijikwa sistemu kọmputa dịpụrụ adịpụ, yana ijikwa igodo nyocha, dị ka ssh (ngbanwe echekwara maka telnet), ssh-keygen, ssh-copy-id, ssh-add, na ndị ọzọ.

Na nso nso a ka ewepụtara OpenSSH 8.0 wee jiri ọtụtụ atụmatụ ọhụrụ na ndozi ahụhụ banye; ị nwere ike ịgụ ndetu ntọhapụ maka ozi ndị ọzọ.

N'ime edemede a, anyị ga-akọwa otu esi etinye na hazie ụdị nkesa na OpenSSH 8.0 ọhụrụ na sistemụ Linux sitere na isi mmalite. Anyị chere na ị nwere nrụnye nke OpenSSH suite.

  • Sistemụ Debian/Ubuntu ma ọ bụ RHEL/CentOS Linux
  • C compiler
  • Zlib 1.1.4 ma ọ bụ 1.2.1.2 ma ọ bụ karịa
  • LibreSSL ma ọ bụ OpenSSL>= 1.0.1 <1.1.0

Wụnye OpenSSH Server na Client na Linux

Tupu ịwụnye ụdị SSH ọhụrụ, gbaa mbọ lelee ụdị SSH arụnyere na sistemụ gị site na iji iwu na-esonụ.

$ ssh -V

OpenSSH_7.7p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g	1 Mar 2016

Site na nsonaazụ dị n'elu, ụdị OpenSSH arụnyere bụ 7.7, iji wụnye ụdị OpenSSH ọhụrụ, nke mbụ ịkwesịrị ịwụnye ndabere ole na ole, ya bụ ngwaọrụ mmepe ma ọ bụ wuo ihe dị mkpa na ngwugwu ndị ọzọ achọrọ, dị ka ndị a.

-------------- CentOS/RHEL 7/6--------------
$ sudo yum group install 'Development Tools' 
$ sudo yum install zlib-devel openssl-devel

-------------- RHEL 8 and Fedora 22+ --------------
$ sudo dnf group install 'Development Tools' 
$ sudo dnf install zlib-devel openssl-devel

-------------- Debian/Ubuntu --------------
$ sudo apt update 
$ sudo apt install build-essential zlib1g-dev libssl-dev

Iji mepụta ebe kwesịrị ekwesị maka ịwụnye ihe nkesa OpenSSH ụdị 8.0, anyị kwesịrị ịmepụta onye ọrụ na otu sistemụ ọhụrụ aha ya bụ sshd, yana ebe nchekwa maka chroot.

Mara: N'ozuzu, ọ bụrụ na ị nwere nrụnye dị ugbu a, gburugburu ebe a kwesịrị ịdịrịrịrịrị, ị nwere ike ịwụpụ ngalaba a wee gaa na nke ọzọ. Ma ọ bụghị ya, mee iwu ndị a ka ịtọlite ya.

$ sudo mkdir /var/lib/sshd
$ sudo chmod -R 700 /var/lib/sshd/
$ sudo chown -R root:sys /var/lib/sshd/
$ sudo useradd -r -U -d /var/lib/sshd/ -c "sshd privsep" -s /bin/false sshd

Na-akọwa ọkọlọtọ na iwu useradd n'elu:

  • -r – na-agwa useradd ka o mepụta onye ọrụ sistemụ
  • -U – na-agwa ya ka o mepụta otu nwere otu aha na ID otu
  • -d – ezipụta ndekọ aha ndị ọrụ
  • -c – eji tinye okwu
  • -s - ezipụta shei onye ọrụ

Ugbu a, budata tarball nke ụdị OpenSSH 8.0 site na iwu wget ọ bụla ka ibudata ozugbo na ọdụ gị.

$ wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
$ tar -xzf openssh-8.0p1.tar.gz
$ cd openssh-8.0p1/

Ugbu a, anyị ga-ewu ma wụnye ihe nkesa OpenSSH site na iji --na-md5-passwords, -with-privsep-ụzọ na -sysconfdir nhọrọ, nke ga-etinye faịlụ niile na /usr/local/ (nke a bụ PREFIX nrụnye ndabara).

Ị nwere ike ịhụ nhọrọ niile dị site na ịgba ọsọ ./configure -h wee hazie nrụnye gị n'ihu.

$ ./configure -h

Dịka ọmụmaatụ, iji nyere nkwado SELinux aka, tinye --with-pam na --with-selinux nhọrọ, n'otu n'otu, ịkwesịrị ịwụnye faịlụ nkụnye eji isi mee maka ha. ịrụ ọrụ.

## Install PAM and SELinux Headers ##
$ sudo apt install libpam0g-dev libselinux1-dev   [On Debian/Ubuntu]
$ sudo yum install pam-devel libselinux-devel     [On CentOS/RHEL]

## Compile and Install SSH from Sources ##
$ ./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh 
$ make
$ sudo make install

Ozugbo itinyechara OpenSSH, malitegharịa SSH ma ọ bụ mepee windo ọnụ ọzọ wee lelee ụdị OpenSSH arụnyere na sistemụ gị ugbu a.

$ ssh -V

OpenSSH_8.0p1, OpenSSL 1.1.0g  2 Nov 2017

Faịlụ nhazi OpenSSH dị na:

  • ~/.ssh/* - akwụkwọ ndekọ aha a na-echekwa nhazi ndị ahịa ssh kpọmkwem (ssh aliases) na igodo.
  • /etc/ssh/ssh_config - faịlụ a nwere nhazi ssh ahịa n'obosara.
  • /etc/ssh/sshd_config - nwere nhazi ọrụ sshd.

Iji hazie ssh aliases, hụ: Otu esi ahazi njikọ SSH omenala iji mee ka ịnweta ohere dị mfe.

Ị nwekwara ike ịmasị ịgụ akụkọ SSH ndị a na-esote.

  1. Otu esi ekepụta Tunneling SSH ma ọ bụ ebugharị Port na Linux
  2. Etu esi agbanwe ọdụ ụgbọ mmiri SSH nke an-kpọ na ọdụ ụgbọ mmiri dị na Linux
  3. Ụzọ 4 iji kwalite njikọ SSH na Linux
  4. Etu esi achọta mbọ nbanye SSH niile dara na Linux
  5. Etu esi agbanyụọ SSH Root Login na Linux

Ọ bụ ya! N'ime edemede a, anyị akọwala otu esi etinye na hazie ụdị nkesa na onye ahịa OpenSSH kachasị ọhụrụ na sistemụ Linux. Ọ bụrụ na ị nwere ajụjụ ma ọ bụ nkọwa ọ bụla, jiri ụdị nzaghachi dị n'okpuru ka iru anyị.