{"id":3828,"date":"2013-06-06T15:39:52","date_gmt":"2013-06-06T12:39:52","guid":{"rendered":"http:\/\/www.koraykey.com\/?p=3828"},"modified":"2013-06-20T00:10:21","modified_gmt":"2013-06-19T21:10:21","slug":"linux-isletim-sistemlerinde-ssh-secure-shell-yapilandirmasi","status":"publish","type":"post","link":"https:\/\/www.koraykey.com\/?p=3828","title":{"rendered":"Linux \u0130\u015fletim Sistemlerinde SSH (Secure Shell) Yap\u0131land\u0131rmas\u0131"},"content":{"rendered":"

\"LinuxAll\"<\/a>Bu makalemizde “Linux \u0130\u015fletim Sistemlerinde SSH (Secure Shell) Yap\u0131land\u0131rmas\u0131” konusunu inceleyece\u011fiz. SSH (Secure Shell) g\u00fcvenli veri iletimi i\u00e7in kriptografik a\u011f protokol\u00fcd\u00fcr. Ssh ile a\u011fa ba\u011fl\u0131 olan iki bilgisayar aras\u0131nda veri aktar\u0131m\u0131 g\u00fcvenlik kanal\u0131 \u00fczerinden g\u00fcvensiz bir a\u011fda yap\u0131l\u0131r. Bu durumda a\u011fda Ssh ile haberle\u015fen makinelerden biri ssh sunucusu di\u011feri ssh istemcisi olur. Bu protokol \u015fartlar\u0131 SSH-1 ve SSH-2 olmak \u00fczere iki \u00f6nemli s\u00fcr\u00fcm \u00fczerinden birbirinden ayr\u0131l\u0131r. SSH kabuk hesab\u0131na eri\u015fim i\u00e7in Unix ve benzeri i\u015fletim sistemlerinde protokol\u00fcn en iyi uygulamas\u0131 olarak bilinir, ama ayn\u0131 zamanda Windows \u00fczerindeki hesaplara eri\u015fim i\u00e7in de kullan\u0131labilir. SSH Telnet ve di\u011fer uzaktan kabu\u011fa eri\u015fim yapan g\u00fcvensiz protokollerin (Berkeley rsh ve rexec protokol\u00fc gibi) yerine g\u00fcvenli veri iletimini sa\u011flamas\u0131 i\u00e7in tasarlanm\u0131\u015ft\u0131r. SSH uzaktaki makineye ba\u011flan\u0131p kimlik kan\u0131tlamas\u0131 yapmak i\u00e7in a\u00e7\u0131k anahtarl\u0131 \u015fifrelemeyi kullan\u0131r ve bu sayede kullan\u0131c\u0131ya sistemi kullanmas\u0131na izin vermi\u015f olur. SSH kullanman\u0131n bir \u00e7ok farkl\u0131 yolu vard\u0131r. Birincisi otomatik olarak a\u00e7\u0131k-gizli anahtar \u00e7ifti \u00fcretme ve parolay\u0131 kullanarak yetki sahibi olmak. Di\u011feri ise kimlik kan\u0131tlamas\u0131 i\u00e7in a\u00e7\u0131k ve gizli anahtar \u00e7iftini manuel olarak \u00fcretmek, bu durum kullan\u0131c\u0131lara ya da programlara \u00f6zel bir parola kullanmadan sistemde kimlik kan\u0131tlamas\u0131 yapmay\u0131 sa\u011flar. Bu durumda a\u00e7\u0131k ve gizli anahtar\u0131 \u00fcreten ki\u015fi birbiriyle e\u015fle\u015fen bir anahtar \u00e7ifti (gizli ve a\u00e7\u0131k ) \u00fcretmi\u015f olur ve \u00fcretti\u011fi gizli anahtar\u0131 kendinde muhafaza eder. Kimlik kan\u0131tlamas\u0131 yap\u0131lmas\u0131 gizli anahtara g\u00f6redir. SSH sadece makine \u00fczerinde ayn\u0131 ki\u015fiye ait gizli anahtara kar\u015f\u0131l\u0131k gelen a\u00e7\u0131k anahtar olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. SSH’\u0131n t\u00fcm s\u00fcr\u00fcmlerinde a\u00e7\u0131k anahtar ge\u00e7erli say\u0131lmanda \u00f6nce bilinmeyen a\u00e7\u0131k anahtar\u0131n do\u011frulanmas\u0131 \u00f6nemlidir. A\u00e7\u0131k anahtar sahibinin bilgisiyle ili\u015fkilendirilmi\u015ftir.<\/span><\/p>\n

Sistemimizde SSH paketi genelde kurulu gelir. E\u011fer kurulu de\u011filse a\u015fa\u011f\u0131daki komutu kullanarak kurabiliriz.<\/span><\/p>\n

# yum -y install openssh*<\/span><\/pre>\n
1. SSH kullan\u0131m\u0131nda “root” kullan\u0131c\u0131s\u0131n\u0131n k\u0131s\u0131tlanmas\u0131 (kapat\u0131lmas\u0131)\u00a0i\u00e7in a\u015fa\u011f\u0131daki komutlar\u0131 kullanabiliriz.<\/span><\/p>\n
-- SSH yap\u0131land\u0131rma dosyam\u0131z\u0131 a\u00e7arak de\u011fi\u015fkenlerimizi d\u00fczenliyoruz.<\/span>\r\n\r\n# vim \/etc\/ssh\/sshd_config<\/span>\r\n\r\n#PermitRootLogin yes<\/span>\r\n\r\nsat\u0131r\u0131ndaki \"#\" i\u015faretini kald\u0131rarak a\u015fa\u011f\u0131daki gibi d\u00fczenliyoruz.<\/span>\r\n\r\nPermitRootLogin no<\/span>\r\n\r\ngerekli d\u00fczenlemeyi yapt\u0131ktan sonra kaydedip \u00e7\u0131k\u0131yoruz.<\/span>\r\n\r\n-- Ayarlar\u0131n ge\u00e7erli olabilmesi i\u00e7in SSH servisimizi yeniden ba\u015flat\u0131yoruz.<\/span>\r\n\r\n# service sshd restart\r\n\r\n-- Bu \u015fekilde ayarlad\u0131\u011f\u0131m\u0131zda sistemimize \"root\" kullan\u0131c\u0131s\u0131 ile ba\u011flanamay\u0131z\r\nancak ba\u015fka bir kullan\u0131c\u0131 ile ba\u011flanabiliriz. \u00d6rne\u011fin sistemimize \"oracle\"\r\nkullan\u0131c\u0131s\u0131 ile ba\u011flan\u0131p daha sonra \"su\" komutu ile \"root\" kullan\u0131c\u0131s\u0131na\r\nge\u00e7ebiliriz.<\/span><\/pre>\n
2. Sistemimize SSH ile ba\u011flanmas\u0131n\u0131 istedi\u011fimiz veya engellemek istedi\u011fimiz kullan\u0131c\u0131lar\u0131 a\u015fa\u011f\u0131daki de\u011fi\u015fkenlerle belirleyebiliriz.<\/span><\/p>\n
-- Sistemimize \"root\" d\u0131\u015f\u0131nda bir kullan\u0131c\u0131n\u0131n ba\u011flanmas\u0131n\u0131 engellemek i\u00e7in<\/span>\r\n\r\n# vim \/etc\/ssh\/sshd_config<\/span>\r\n\r\ndosyas\u0131na a\u015fa\u011f\u0131daki de\u011fi\u015fkeni eklemeliyiz.<\/span>\r\n\r\nAllowUsers root<\/span>\r\n\r\n-- Sistemimize belli bir kullan\u0131c\u0131n\u0131n ba\u011flanmas\u0131n\u0131 engellemek i\u00e7in<\/span>\r\n\r\nDenyUsers oracle<\/span>\r\n\r\nde\u011fi\u015fkenini eklememiz yeterlidir.\r\n\r\n-- Ayarlar\u0131n ge\u00e7erli olabilmesi i\u00e7in SSH servisimizi yeniden ba\u015flat\u0131yoruz.\r\n\r\n# service sshd restart<\/span><\/pre>\n
3. SSH program\u0131n\u0131n kulland\u0131\u011f\u0131 portu de\u011fi\u015ftirerek ekstra g\u00fcvenlik sa\u011flayabiliriz. Bu \u015fekilde port numaras\u0131n\u0131 bilmeyen bir kullan\u0131c\u0131 sisteme ba\u011flanamayacakt\u0131r. Dikkat etmemiz gerekense atayaca\u011f\u0131m\u0131z portun ba\u015fka bir program taraf\u0131ndan kullan\u0131lmamas\u0131d\u0131r.<\/span><\/p>\n
-- Sistemimize \"root\" d\u0131\u015f\u0131nda bir kullan\u0131c\u0131n\u0131n ba\u011flanmas\u0131n\u0131 engellemek i\u00e7in<\/span>\r\n\r\n# vim \/etc\/ssh\/sshd_config<\/span>\r\n\r\ndosyas\u0131na a\u015fa\u011f\u0131daki port de\u011fi\u015fkenini de\u011fi\u015ftirmeliyiz.<\/span>\r\n\r\n#Port 22<\/span>\r\n\r\nsat\u0131r\u0131ndaki \"#\" i\u015faretini kald\u0131rarak a\u015fa\u011f\u0131daki gibi d\u00fczenliyoruz.<\/span>\r\n\r\nPort 2210<\/span>\r\n\r\n-- Ayarlar\u0131n ge\u00e7erli olabilmesi i\u00e7in SSH servisimizi yeniden ba\u015flat\u0131yoruz.<\/span>\r\n\r\n# service sshd restart<\/span>\r\n\r\n-- Art\u0131k sistemimize ba\u011flanacak kullan\u0131c\u0131 port numaras\u0131n\u0131 \"22\" yerine \"2210\"\r\nolarak yazmal\u0131d\u0131r.\r\n\r\n# ssh -W hostname:portnumber\r\n\r\nveya\r\n\r\n# ssh hostname -p 2210\r\n\r\n<\/span><\/pre>\n
4. Linux i\u015fletim sistemlerinde “ssh” yaz\u0131l\u0131m\u0131 b\u00fct\u00fcnle\u015fik olarak gelmektedir. Ancak Microsoft Windows \u0130\u015fletim Sistemlerinde “ssh” ba\u011flant\u0131s\u0131 yapabilmek i\u00e7in entegre bir ara\u00e7 bulunmamaktad\u0131r. A\u015fa\u011f\u0131daki gibi benzer bir “ssh” yaz\u0131l\u0131m\u0131n\u0131n sisteme kurulu olmas\u0131 gerekmektedir.<\/span><\/p>\n
-- puTTY arac\u0131n\u0131 a\u015fa\u011f\u0131daki sisteden indirebiliriz. Bu ara\u00e7 \u00fccretsiz ve\r\nkullan\u0131m\u0131 basittir.\r\n<\/span>\r\nPutty<\/span><\/a>\r\n\r\n-- VanDyke SecureCRT arac\u0131n\u0131 a\u015fa\u011f\u0131daki siteden indirebiliriz. Bu ara\u00e7 \u00fccretli\r\nve geli\u015fmi\u015f bir ara\u00e7t\u0131r.<\/span>\r\n\r\nVanDyke SecureCRT<\/span><\/a><\/pre>\n
5. Oracle Real Application Cluster Veritabanlar\u0131nda \u00fcyeler birbirleri aras\u0131nda parolas\u0131z olarak g\u00fcvenli bir \u015fekilde konu\u015fabilirler. Bunun i\u00e7in “ssh” yap\u0131land\u0131rmas\u0131n\u0131 kurulum sihirbaz\u0131 ile yapabiliriz. Ancak baz\u0131 durumlarda bu yap\u0131land\u0131rmay\u0131 elle yapmam\u0131z gerekirse a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 uygulamal\u0131y\u0131z.<\/span><\/p>\n
-- SSH arac\u0131 genellikle sistemimizde kurulu halde gelmektedir.\r\nAncak kurulu de\u011filse kurmak i\u00e7in<\/span>\r\n\r\n# yum install openssh-server<\/span>\r\n\r\n-- SSH arac\u0131m\u0131z\u0131 ba\u015flatmak ve sunucumuz ba\u015flad\u0131\u011f\u0131nda otomatik ba\u015flamas\u0131 i\u00e7in<\/span>\r\n\r\n# service sshd start<\/span>\r\n\r\n# chkconfig sshd on<\/span>\r\n\r\n-- SSH yap\u0131land\u0131rmam\u0131z\u0131 elle yapmak i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 t\u00fcm \u00fcye sunucularda\r\nyap\u0131yoruz.<\/span>\r\n\r\n-- oracle kullan\u0131c\u0131s\u0131na ge\u00e7iyoruz.<\/span>\r\n\r\n# su - oracle<\/span>\r\n\r\n-- SSH anahtar\u0131m\u0131z\u0131n depolanmas\u0131 i\u00e7in dizinimizi yarat\u0131yoruz.<\/span>\r\n\r\n$ mkdir ~\/.ssh<\/span>\r\n\r\n-- Gerekli \u00e7al\u0131\u015fma izinlerini veriyoruz.<\/span>\r\n\r\n$ chmod 700 ~\/.ssh<\/span>\r\n\r\n-- SSH anahtar\u0131m\u0131z\u0131 \u00fcretiyoruz. A\u015fa\u011f\u0131daki 3 soruyu \"enter\" tu\u015funa basarak\r\nvarsay\u0131lan ayarlarla ge\u00e7iyoruz.<\/span>\r\n\r\n$ ssh-keygen -t rsa<\/span>\r\n\r\nGenerating public\/private rsa key pair.<\/span>\r\n\r\nEnter file in which to save the key (\/home\/oracle\/.ssh\/id_rsa): \r\n<\/span>\r\n\r\nEnter passphrase (empty for no passphrase):<\/span>\r\n\r\nEnter same passphrase again:<\/span>\r\n\r\nYour identification has been saved in \/home\/oracle\/.ssh\/id_rsa.<\/span>\r\nYour public key has been saved in \/home\/oracle\/.ssh\/id_rsa.pub.<\/span>\r\n\r\nThe key fingerprint is:<\/span>\r\na4:df:a2:e6:46:f9:b7:4e:20:0a:ab:e7:f3:01:17:f7 oracle@kryrac1.localdomain<\/span>\r\n\r\nThe key's randomart image is:<\/span>\r\n+--[ RSA 2048]----+<\/span>\r\n|                 |<\/span>\r\n|                 |<\/span>\r\n|    . . .        |<\/span>\r\n|     o +         |<\/span>\r\n|  o . o.E        |<\/span>\r\n|   = .oo o       |<\/span>\r\n|  . o. .o o      |<\/span>\r\n| .o  .o..o.      |<\/span>\r\n|.o.o.+o  oo.     |<\/span>\r\n+-----------------+<\/span>\r\n\r\n-- Her iki \u00fcyede \"authorized_keys\" dosyas\u0131n\u0131 olu\u015fturuyoruz.<\/span>\r\n\r\n$ cd ~\/.ssh<\/span>\r\n\r\n$ cat id_rsa.pub >> authorized_keys<\/span>\r\n\r\n-- Birinci \u00fcyede ikinci \u00fcyeye ikinci \u00fcyeden de birinci \u00fcyeye \"authorized_keys\"\r\ndosyas\u0131n\u0131 kopyal\u0131yoruz.<\/span>\r\n\r\n-- Birinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ scp authorized_keys kryrac2.localdomain:\/home\/oracle\/.ssh\/<\/span>\r\n\r\n-- \u0130kinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ scp authorized_keys kryrac1.localdomain:\/home\/oracle\/.ssh\/<\/span>\r\n\r\n-- SSH ayarlar\u0131m\u0131z\u0131 test edip gerekli ayarlar\u0131 yap\u0131yoruz.<\/span>\r\n\r\n-- Birinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ ssh kryrac2 date<\/span>\r\n\r\n-- \u0130kinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ ssh kryrac1 date<\/span>\r\n\r\n-- Birinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ ssh kryrac2.localdomain date<\/span>\r\n\r\n-- \u0130kinci \u00fcyede a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ ssh kryrac1.localdomain date<\/span>\r\n\r\n-- Her iki \u00fcyede a\u015fa\u011f\u0131daki komutlaru \u00e7al\u0131\u015ft\u0131yoruz.<\/span>\r\n\r\n$ exec \/usr\/bin\/ssh-agent $SHELL<\/span>\r\n\r\n$ \/usr\/bin\/ssh-add\r\n\r\n-- Her iki \u00fcyede \"root\" kullan\u0131c\u0131yla \"ssh\" servisini yeniden ba\u015flat\u0131yoruz.\r\n\r\n# service sshd restart<\/span>\r\n\r\n-- Bu i\u015flemlerden sonra sunucular\u0131m\u0131z \"ssh\" \u00fczerinden parolas\u0131z konu\u015facakt\u0131r.<\/span><\/pre>\n
6. Oracle Real Application Cluster Veritabanlar\u0131nda \u00fcyeler birbirleri aras\u0131nda parolas\u0131z olarak g\u00fcvenli bir \u015fekilde konu\u015fabilmesini “grid” kurulumundaki “sshUserSetup.sh” scriptinide kullanarak yap\u0131land\u0131rabiliriz.<\/span><\/p>\n
-- Oracle kullan\u0131c\u0131s\u0131na ge\u00e7iyoruz.<\/span>\r\n\r\n# su - oracle<\/span>\r\n\r\n-- Grid kurulum dosyalar\u0131m\u0131z\u0131n oldu\u011fu dizindeki \"\/media\/sshsetup\" dizinine \r\nge\u00e7iyoruz.<\/span>\r\n\r\n$ cd \/u01\/orainstall\/grid\/media\/sshsetup<\/span>\r\n\r\n-- SSH yap\u0131land\u0131rma scriptimizi a\u015fa\u011f\u0131daki parametreleri kendi sistemimize g\u00f6re\r\nayarlay\u0131p \u00e7al\u0131\u015ft\u0131r\u0131yoruz.<\/span>\r\n\r\n$ .\/sshUserSetup.sh -user oracle -hosts \"kryrac1 kryrac2\" -noPromptPassphrase<\/span>\r\n\r\n-- Yap\u0131land\u0131rmam\u0131z ba\u015far\u0131l\u0131 olduktan sonra her iki \u00fcyede \"root\" kullan\u0131c\u0131yla\r\n\"ssh\" servisini yeniden ba\u015flat\u0131yoruz.<\/span>\r\n\r\n# service sshd restart<\/span><\/pre>\n
Bu makalemizde “Linux \u0130\u015fletim Sistemlerinde SSH (Secure Shell) Yap\u0131land\u0131rmas\u0131” konusunu inceledik. Ayr\u0131ca Oracle RAC veritabanlar\u0131 i\u00e7in SSH ba\u011flant\u0131 yap\u0131land\u0131rmas\u0131n\u0131 g\u00f6rd\u00fck. Oracle Real Application Cluster kurulumu i\u00e7in “Oracle Enterprise Linux \u0130\u015fletim Sisteminde Oracle Real Application Cluster (Rac) Veritaban\u0131 Kurulumu”<\/a> makalemizi inceleyebilirsiniz.<\/span><\/p>\n
Ba\u015fka bir makalede g\u00f6r\u00fc\u015fmek \u00fczere\u2026<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
Bu makalemizde “Linux \u0130\u015fletim Sistemlerinde SSH (Secure Shell) Yap\u0131land\u0131rmas\u0131” konusunu inceleyece\u011fiz. SSH (Secure Shell) g\u00fcvenli veri iletimi i\u00e7in kriptografik a\u011f protokol\u00fcd\u00fcr. Ssh ile a\u011fa ba\u011fl\u0131 olan iki bilgisayar aras\u0131nda veri aktar\u0131m\u0131 g\u00fcvenlik kanal\u0131 \u00fczerinden g\u00fcvensiz bir a\u011fda yap\u0131l\u0131r. Bu durumda … Okumaya devam et →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,8],"tags":[21,290,20,19,539,540,537,448,462,534,461,536,538,450,458,449,541,453,452,460,533,451,459,456,455,454,457,535],"class_list":["post-3828","post","type-post","status-publish","format-standard","hentry","category-oracle","category-unix-linux","tag-h-koray-gunduz","tag-halil-koray-gunduz","tag-koray-gunduz","tag-koraykey","tag-linux-oracle-ssh","tag-linux-oracle-ssh-ayarlari","tag-linux-ssh-acma","tag-linux-ssh-ayarlari","tag-linux-ssh-baglanti","tag-linux-ssh-kurulumu","tag-linux-ssh-nedir","tag-linux-ssh-port-degistirme","tag-oracle-linux-ssh","tag-oracle-rac-ssh-ayarlari","tag-oracle-ssh","tag-oracle-ssh-ayarlari","tag-oracle-ssh-kurulumu","tag-root-ssh-acma","tag-root-ssh-kapatma","tag-ssh-farkli-porttan-baglanma","tag-ssh-kurulumu","tag-ssh-nedir","tag-ssh-port-degistirme","tag-ssh-root-login-acma","tag-ssh-root-login-allow","tag-ssh-root-login-deny","tag-ssh-root-login-kapatma","tag-windows-ssh-kurulumu"],"_links":{"self":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/3828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3828"}],"version-history":[{"count":0,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/3828\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}