Bii o ṣe le Fi sii Server OpenSSH 8.0 lati Orisun ni Lainos

OpenSSH jẹ orisun ọfẹ ati ṣiṣi, imuse kikun ti ilana SSH 2.0. O pese nọmba awọn irinṣẹ fun iraye si ni aabo ati iṣakoso awọn eto kọmputa latọna jijin, ati ṣiṣakoso awọn bọtini idanimọ, bii ssh (rirọpo to ni aabo fun telnet), ssh-keygen, ssh-copy-id, ssh-add, ati siwaju sii.

Laipe OpenSSH 8.0 ti tu silẹ ati awọn ọkọ oju omi pẹlu ọpọlọpọ awọn ẹya tuntun ati awọn atunṣe kokoro; o le ka awọn akọsilẹ idasilẹ fun alaye diẹ sii.

Ninu akọle yii, a yoo ṣalaye bi o ṣe le fi sori ẹrọ ati tunto ẹya tuntun ti olupin OpenSSH 8.0 ati alabara lori eto Linux lati awọn orisun. A ro pe o ni fifi sori ẹrọ tẹlẹ ti suite OpenSSH.

  • Eto Debian/Ubuntu tabi RHEL/CentOS Linux eto
  • C alakojo
  • Zlib 1.1.4 tabi 1.2.1.2 tabi tobi
  • LibreSSL tabi OpenSSL> = 1.0.1 <1.1.0

Fi sii OpenSSH Server ati Onibara ni Lainos

Ṣaaju fifi ẹya tuntun ti SSH sori ẹrọ, rii daju lati ṣayẹwo ẹya lọwọlọwọ ti SSH ti a fi sori ẹrọ lori ẹrọ rẹ nipa lilo pipaṣẹ atẹle.

$ ssh -V

OpenSSH_7.7p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g	1 Mar 2016

Lati abajade ti o wa loke, ẹya OpenSSH ti a fi sori ẹrọ jẹ 7.7, lati fi ẹya OpenSSH tuntun sori ẹrọ, akọkọ o nilo lati fi awọn igbẹkẹle diẹ sii, ie awọn irinṣẹ idagbasoke tabi kọ awọn nkan pataki ati awọn idii miiran ti o nilo, gẹgẹbi atẹle.

-------------- CentOS/RHEL 7/6--------------
$ sudo yum group install 'Development Tools' 
$ sudo yum install zlib-devel openssl-devel

-------------- RHEL 8 and Fedora 22+ --------------
$ sudo dnf group install 'Development Tools' 
$ sudo dnf install zlib-devel openssl-devel

-------------- Debian/Ubuntu --------------
$ sudo apt update 
$ sudo apt install build-essential zlib1g-dev libssl-dev

Lati ṣẹda agbegbe ti o yẹ fun fifi sori ẹrọ olupin OpenSSH version 8.0, a nilo lati ṣẹda olumulo eto tuntun ati ẹgbẹ ti a npè ni “sshd”, ati aaye aabo kan si chroot.

Akiyesi: Ni gbogbogbo, ti o ba ni fifi sori ẹrọ tẹlẹ, agbegbe yii yẹ ki o wa ni ipo tẹlẹ, o le foju apakan yii ki o lọ si atẹle. Bibẹẹkọ, ṣiṣe awọn ofin wọnyi lati ṣeto rẹ.

$ sudo mkdir /var/lib/sshd
$ sudo chmod -R 700 /var/lib/sshd/
$ sudo chown -R root:sys /var/lib/sshd/
$ sudo useradd -r -U -d /var/lib/sshd/ -c "sshd privsep" -s /bin/false sshd

Ti n ṣalaye awọn asia ni aṣẹ useradd loke:

  • -r - sọ fun useradd lati ṣẹda olumulo eto
  • -U - kọ ọ lati ṣẹda ẹgbẹ kan pẹlu orukọ kanna ati ID ẹgbẹ
  • -d - ṣalaye itọsọna awọn olumulo
  • -c - lo lati ṣafikun ọrọ asọye kan
  • -s - ṣalaye ikarahun olumulo

Nisisiyi, ṣe igbasilẹ tarball ti ẹya OpenSSH 8.0 lati eyikeyi aṣẹ wget lati ṣe igbasilẹ taara ni ebute rẹ.

$ wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
$ tar -xzf openssh-8.0p1.tar.gz
$ cd openssh-8.0p1/

Bayi a yoo kọ ati fi sori ẹrọ olupin OpenSSH nipa lilo --with-md5-passwords , --with-privsep-path ati --sysconfdir awọn aṣayan, eyi ti yoo fi gbogbo awọn faili sii ni/usr/agbegbe/(eyi ni fifi sori ẹrọ aiyipada PREFIX).

O le wo gbogbo awọn aṣayan to wa nipa ṣiṣe ./configure -h ki o ṣe akanṣe fifi sori rẹ siwaju.

$ ./configure -h

Fun apẹẹrẹ, lati jẹki atilẹyin SELinux, ṣafikun awọn --with-pam ati --with-selinux awọn aṣayan, lẹsẹsẹ, o nilo lati fi sori ẹrọ gbogbo awọn faili akọle pataki fun wọn lati ṣiṣẹ.

## Install PAM and SELinux Headers ##
$ sudo apt install libpam0g-dev libselinux1-dev   [On Debian/Ubuntu]
$ sudo yum install pam-devel libselinux-devel     [On CentOS/RHEL]

## Compile and Install SSH from Sources ##
$ ./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh 
$ make
$ sudo make install

Lọgan ti o ba ti fi sii OpenSSH, tun bẹrẹ SSH tabi ṣii awọn window ebute miiran ati ṣayẹwo ẹya ti OpenSSH ti fi sori ẹrọ bayi lori ẹrọ rẹ.

$ ssh -V

OpenSSH_8.0p1, OpenSSL 1.1.0g  2 Nov 2017

Awọn faili iṣeto OpenSSH oriṣiriṣi wa ni:

  • ~/.ssh/* - itọsọna yii tọjú olumulo awọn atunto alabara ssh kan pato (awọn ali ali ssh) ati awọn bọtini.
  • /etc/ssh/ssh_config - faili yii ni awọn atunto alabara ssh jakejado ni eto.
  • /ati be be/ssh/sshd_config - ni awọn atunto iṣẹ sshd ninu.

Lati tunto awọn aliasi ssh, wo: Bii o ṣe le Tunto Awọn isopọ SSH Aṣa lati Ṣedasilẹ Wiwọle Latọna jijin

O tun le fẹ lati ka wọnyi atẹle awọn nkan ti o jọmọ SSH.

  1. Bii o ṣe Ṣẹda eefin SSH tabi Gbigbe Ibudo ni Linux
  2. Bii o ṣe le Yi Ibudo SSH Aiyipada pada si Ibudo Aṣa ni Linux
  3. Awọn ọna 4 lati Titẹ Awọn isopọ SSH ni Linux
    4. Bii a ṣe le Wa Gbogbo Awọn igbiyanju Wiwọle SSH Ti kuna Ni Lainos
  4. Bii o ṣe le Mu Wiwọle Gbongbo SSH ṣiṣẹ ni Linux

O n niyen! Ninu nkan yii, a ti ṣalaye bi o ṣe le fi sori ẹrọ ati tunto ẹya tuntun ti olupin OpenSSH ati alabara lori eto Linux. Ti o ba ni ibeere tabi awọn asọye eyikeyi, lo fọọmu esi ni isalẹ lati de ọdọ wa.