hack ¤Î¤¿¤á¤Î¥Í¥¿Ä¢, etc,,,

Secure Shell ¤Î¥Õ¥ê¡¼¤Ê¼ÂÁõ

¸ø¼°¥Ú¡¼¥¸

»²¹Í¤Ë¤Ê¤ë¥Ú¡¼¥¸Åù

Tips

¥Ñ¥¹¥ï¡¼¥ÉÆþÎϤΤä¤êľ¤·

C-u ¤¹¤ì¤ÐÎɤ¤¤é¤·¤¤¡£
OpenSSH ¤Î¥É¥­¥å¥á¥ó¥È¤Ë¤Ï¸«Åö¤¿¤é¤Ê¤¤µ¤¤¬¤¹¤ë¡£
READLINE(3) ¸«¤ë¤È»÷¤¿¤è¤¦¤Ê¥­¡¼¥Ð¡¼¥¤¥ó¥É¤Ï¤¢¤ë¤±¤É kill-ring ¤Ï´Ø·¸¤·¤Æ¤Ê¤µ¤½¤¦¡£
unix-line-discard (C-u)
       Kill backward from point to the  beginning  of  the  line.   The
       killed text is saved on the kill-ring.
Îɤ¯¤¢¤ë¥­¡¼¥Ð¡¼¥¤¥ó¥É¤Ë½¾¤Ã¤Æ¤ë¤À¤±¤À¤í¤¦¤«¡©
»²¹Í:

X11Forwarding ¤Ç¤­¤Ê¤¤¾ì¹ç¤Î¥Á¥§¥Ã¥¯¹àÌÜ

  • ¥ê¥â¡¼¥È¤Î¦¤Î sshd_config ¤Ç X11Forwarding ¤Ï yes ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤«¡©
  • ¥ê¥â¡¼¥È¤Î¦¤Ë xauth ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤«¡©

¥í¡¼¥«¥ë¦¤Î´Ä¶­ÊÑ¿ô¤ò¥ê¥â¡¼¥È¦¤Ø¼«Æ°Á÷¿®¤¹¤ë

Î㤨¤Ð°Ê²¼¤Î¤è¤¦¤Ê´Ä¶­ÊÑ¿ô¤ò¼«Æ°¤ÇÁ÷¤Ã¤È¤¯¤ÈÊØÍø¤Ç¤¢¤ë¡£
  • ¥í¡¼¥«¥ë¦¤ÈƱ¤¸¥í¥±¡¼¥ë¤Çºî¶È¤·¤¿¤¤¾ì¹ç
    • LANG LC_*
  • X11Forwarding ¤·¤Æ¤ë¤È¤­¤Ë¥í¡¼¥«¥ë¤Î´Á»úÊÑ´¹¤ò»È¤¤¤¿¤¤¾ì¹ç
    • XMODIFIERS

ÀßÄꤹ¤ë²Õ½ê¤Ï¼¡¤ÎÄ̤ꡣ
¥í¡¼¥«¥ë¦¤Î /etc/ssh/ssh_conf ¤Ë°Ê²¼¤Î¹àÌܤ¬¤Ê¤±¤ì¤ÐÄɲÃ
SendEnv LANG LC_*
SendEnv XMODIFIERS
¥ê¥â¡¼¥È¦¤Î /etc/ssh/sshd_conf ¤Ë°Ê²¼¤Î¹àÌܤ¬¤Ê¤±¤ì¤ÐÄɲÃ
AcceptEnv LANG LC_*
AcceptEnv XMODIFIERS
ºÇ¸å¤Ë¥ê¥â¡¼¥È¦¤Î sshd ¤òºÆµ¯Æ°

¤¢¤È Debian ¤Ç language-env 0.69 »È¤Ã¤Æ ~/.bashrc ÀßÄꤷ¤Æ¤ë¤È
TERM=xterm ¤Î»þ LANG=C ¤Ç¾å½ñ¤­¤µ¤ì¤Æ¤ë¤Î¤Ç°Ê²¼¤Î²Õ½ê¤òÊѹ¹¤·¤È¤¯É¬Íפ¬¤¢¤ë¡£
*** .bashrc~	2011-02-09 11:01:09.000000000 +0900
--- .bashrc	2011-02-09 11:38:00.000000000 +0900
***************
*** 32,35 ****
      xterm)
        if [ "$COLORTERM" != "gnome-terminal" ] ; then
!         LANG=C
        fi ;;
--- 32,37 ----
      xterm)
        if [ "$COLORTERM" != "gnome-terminal" ] ; then
!         if [ "$LANG" = "" ] ; then
!           LANG=C
!         fi
        fi ;;
»²¹Í:

known_hosts ¤ÎÀ°Íý

¥»¥­¥å¥ê¥Æ¥£¤Î¸þ¾å¤Î¤¿¤á¡¢
ºÇ¶á¤Î known_hosts ¥Õ¥¡¥¤¥ë¤Ë¤Ï pkey ¤È¡¢°ìÊý¸þ hash ²½¤µ¤ì¤¿ hostname ¤ÎÂбþ¤¬µ­Ï¿¤µ¤Æ¤Æ¤¤¤ë¡£
¤Ä¤Þ¤ê¡¢hostname ¤«¤é pkey ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤ë¤¬¡¢pkey ¤«¤é hostname ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤Ê¤¤¡£

´û¤ËÉÔÍ×¤Ê pkey ¤«¤òȽÃǤ¹¤ë¤¿¤á¤Ë¤Ï¡¢°Ê²¼¤ÎÊýË¡¤Ç hostname ¤«¤é pkey ¤òÁíÅö¤¿¤êŪ¤Ë¸¡º÷¤¹¤ë¤·¤«¤Ê¤¤¡£
ssh-keygen -lF $hostname -f ~/.ssh/known_hosts
¥ª¥×¥·¥ç¥ó¤Î°ÕÌ£¤Ï°Ê²¼
  • -l : fingerprint ¤Çɽ¼¨(ÉÕ¤±¤Ê¤±¤ì¤Ð¡¢pkey ¤ò¤½¤Î¤Þ¤Þɽ¼¨¤¹¤ë)
  • -F : ¸¡º÷¤¹¤ë hostname ¤Î»ØÄê
  • -f : known_host ¥Õ¥¡¥¤¥ë¤Î»ØÄê
$hostname ¤Ë¤Ï
¥Ç¥Õ¥©¥ë¥È port (=22) ¤Î¾ì¹ç¡¢hostname ¤ò¤½¤Î¤Þ¤Þ½ñ¤¯¡£
¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î port (¡â22) ¤Î¾ì¹ç¡¢[hostname]:port ¤Î¤è¤¦¤Ë½ñ¤¯¡£

ÆÃÄê¤Î¥Û¥¹¥È¤Ë´Ø¤¹¤ë¸°¤Îºï½ü¤Ï
ssh-keygen -R "hostname"

¥µ¡¼¥Ð¡¼¤Î pkey ¤òÄ´¤Ù¤ë

known_hosts ¤Ëµ­Ï¿¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¡¼¤Ø ssh ¤·¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë·Ù¹ð¤¬É½¼¨¤µ¤ì¤ë¡£
$ ssh -p 1234 myserver
The authenticity of host '[myserver]:1234 ([127.0.0.1]:1234)' can't be established.
RSA key fingerprint is 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f.
Are you sure you want to continue connecting (yes/no)? 
½é²ó¤ÎÀܳ¤Ç known_hosts ¤Ë¥µ¡¼¥Ð¡¼¤¬ÅÐÏ¿¤µ¤ì¤Æ¤Ê¤¤¾ì¹ç¡¢¥µ¡¼¥Ð¡¼¤Î pkey ¤«¤é·×»»¤·¤¿ fingerprint ¤ò»öÁ°Ä´¤Ù¤Æ¤ª¤¯¤³¤È¤Ç¡¢°ÂÁ´¤Ë ssh ¤ÇÀܳ¤Ç¤­¤ë¡£

³Æ¥µ¡¼¥Ð¡¼¤Î pkey ¤ò¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤ë¤Ë¤Ï ssh-keyscan ¥³¥Þ¥ó¥É¤òÍѤ¤¤ë¡£
¤¿¤À¤·¡¢¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤¿¤Î¤Ç¤Ï¡¢¤Ê¤ê¤¹¤Þ¤·¤¬È½Ê̽ÐÍè¤Ê¤¤¤Î¤Ç¡¢
»öÁ°¤Ë¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¥µ¡¼¥Ð¡¼¼«¿È¤Î pkey ¤òÄ´¤Ù¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¡£
¤Ä¤Þ¤ê¡¢¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¼«Ê¬¼«¿È¤Î sshd ¤ËÂФ·¤Æ°Ê²¼¤Î¤è¤¦¤ËÌä¹ç¤»¤ò¹Ô¤Ê¤¨¤ÐÎɤ¤¡£
ssh-keyscan localhost

¤³¤ì¤ÏÀ¸¤Î pkey ¤Ê¤Î¤Ç¡¢fingerprint ¤òÄ´¤Ù¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë ssh-keygen ¥³¥Þ¥ó¥É¤òÄ̤¹¡£
ssh-keyscan localhost > /tmp/pkey
ssh-keygen -vlf /tmp/pkey
ssh-keygen ¤Î¥ª¥×¥·¥ç¥ó¤Î°ÕÌ£¤Ï°Ê²¼
  • -v : verbose. -l ¥ª¥×¥·¥ç¥ó»ÈÍÑ»þ¤Ë ASCII art ɽ¸½¤âÊ»¤»¤Æɽ¼¨¤µ¤»¤¿¤¤¾ì¹ç¤ËÉÕ¤±¤ë¡£
  • -l : fingerprint ¤Î·×»»
  • -f : pkey ¥Õ¥¡¥¤¥ë¤Î»ØÄê

ssh-keygen ¤Ø¤Î pkey ÆþÎϤ¬¥Õ¥¡¥¤¥ë¸ÂÄê(?)¤Ê¤Î¤Ç¡¢¾åµ­¤Î¤è¤¦¤Ë°ìö¥ê¥À¥¤¥ì¥¯¥È¤Ç¡¢¥Õ¥¡¥¤¥ë¤ò·Ðͳ¤µ¤»¤ëɬÍפ¬¤¢¤ë¡£
̾Á°ÉÕ¤­¥Ñ¥¤¥×¤¬»È¤¨¤½¤¦¤Ê¤â¤Î¤À¤¬¡¢2011-09-18¸½ºß¡¢Debian ¤Î openssh-client 1:5.8p1-7 ¤À¤È¡¢À¸¤Î¥Õ¥¡¥¤¥ë¤¸¤ã¤Ê¤¤¤ÈÄ̤é¤Ê¤¤¡£

2016-02-12:
OpenSSH 6.8/6.8p1 °Ê¹ß¡¢¸°¤Î fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤¬ md5 ¤«¤é sha256/base64 ¤ËÊѹ¹¤Ë¤Ê¤Ã¤¿¤È¤Î»ö¡£
ssh-keygen ¤Ç¤Ï -E ¥ª¥×¥·¥ç¥ó¤Ç¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤òÊѹ¹½ÐÍè¤ë¤é¤·¤¤¡£
ssh ¤Ë¤Ï fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤ÎÀÚÂص¡Ç½¤¬¤Ê¤¤¤Î¤Ç¡¢
¼ê¸µ¤Ëµì fingerprint ¤Î¾ðÊó¤·¤«¤Ê¤¤¾ì¹ç¡¢°ìö ssh-keygen ¤Ç¿·µìÂоȤ¹¤ëɬÍפ¬¤¢¤ë¡£
´Ê°×Ū¤Ë¤Ï¤³¤ó¤Ê´¶¤¸¤«¡©
ssh-keycomp () { ( local tmp=$(mktemp -u); trap "rm $tmp" 0; ssh-keyscan "$1" > $tmp; ssh-keygen -E md5 -lf $tmp; ssh-keygen -lf $tmp; ); }

»²¹Í:

known_hosts ¤Ëµ­Ï¿¤ò»Ä¤µ¤Ê¤¤¤ÇÀܳ

¥á¥ó¥Æ¥Ê¥ó¥¹¤ä¥Æ¥¹¥È¤Ê¤É¤Ç°ì»þŪ¤ËΩ¤Á¾å¤²¤¿ ssh ¥µ¡¼¥Ð¡¼¤ËÉÑÈˤ˷Ҥ¤¤Æ¤¤¤ë¤È¡¢°ì»þŪ¤Ê pkey ¤¬ known_hosts ¤Øµ­Ï¿¤µ¤ì¤Æ¥´¥ß¤Î»³¤Ë¤Ê¤ë¡£
¤³¤Î¤è¤¦¤Ë¡¢±Ê³Ū¤Ç¤Ê¤¤ pkey ¤ò»ý¤Ä¥µ¡¼¥Ð¡¼¤ËÀܳ¤¹¤ë¾ìÌ̤Ǥϡ¢¤¤¤Á¤¤¤Á known_hosts ¤Ëµ­Ï¿¤ò»Ä¤·¤¿¤¯¤Ê¤¤¡£
ÊýË¡¤Ï´Êñ¤Ç -o UserKnownHostsFile ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ÆŬÅö¤Ë¼Î¤Æ¾ì½ê¤ò»ØÄꤷ¤Æ¤ä¤ì¤ÐÎɤ¤¡£
ssh -o UserKnownHostsFile=/dev/null 192.168.0.1
¤¤¤­¤Ê¤ê /dev/null ¤Ø¼Î¤Æ¤ë¤Î¤¬É԰¤ʤé°ì»þ¥Õ¥¡¥¤¥ë(Î㤨¤Ð /tmp/known_hosts Åù)¤Ë½ÐÎϤ·¤Æ¤âÎɤ¤¤«¤â¤·¤ì¤Ê¤¤¡£
°Ê²¼¤Î¤è¤¦¤Ë -y ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ì¤Ð ~/.ssh/id_rsa.pub ÁêÅö¤Î¤â¤Î¤¬À¸À®½ÐÍè¤ë¤é¤·¤¤¡£
ssh-keygen -f ~/.ssh/id_rsa -y
»²¹Í:
base64 encode ¤µ¤ì¤¿¸°¤ò base64 decode ¤·¤Æ md5sum ¤ò¼è¤Ã¤¿¤â¤Î¤é¤·¤¤¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤ÈƱ¤¸ fingerprint ¤¬½Ð¤ÆÍè¤ë¤³¤È¤ò³Îǧ½ÐÍè¤ë¡£
cat ~/.ssh/id_rsa.pub | awk '{print $2;}' | base64 -d | md5sum
ssh-keygen -l -f ~/.ssh/id_rsa.pub
»²¹Í¡§
~/.ssh °Ê²¼¤Î SSH ¥­¡¼¤Ï
ÈëÌ©¸°¤Ï PEM ·Á¼°¤Ê¤Î¤Ç OpenSSL ¤Ç¤½¤Î¤Þ¤Þ»È¤¨¤ë¤Î¤À¤¬¡¢
ÈëÌ©¸°¤Ï OpenSSH ¤ÎÆȼ«·Á¼°(¡©)(RFC4716 ·Á¼°¤ò1¹Ô¤ËŸ³«¤·¤¿¤è¤¦¤Ê·Á¼°) ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢
¤½¤Î¤Þ¤Þ¤Ç¤Ï OpenSSL ¤Ç½èÍý½ÐÍè¤Ê¤¤¡£
¤³¤Î¤¿¤á ssh-keygen -e ¤Ç PKCS8 ·Á¼°¤Ë export ¤¹¤ëɬÍפ¬¤¢¤ë¡£
¤½¤ì¤¾¤ì¤Î·Á¼°¤Ë export ¤¹¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤ÐÎɤ¤¡£
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8   > id_rsa.pub.PKCS8
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PEM     > id_rsa.pub.PEM     # ¤³¤ì¤Ï OpenSSL ¤Ç¤Ï»È¤¨¤Ê¤¤¡©¡©¡©
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m RFC4716 > id_rsa.pub.RFC4716 # ¤³¤ì¤Ï OpenSSL ¤Ç¤Ï»È¤¨¤Ê¤¤
¤¢¤È¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð RSA ¤Ë¤è¤ë°Å¹æ²½¤ÈÉü¹æ²½¤¬¹Ô¤¨¤ë¡£
openssl rsautl -encrypt -inkey ~/.ssh/id_rsa           < file           > file.encrypted # RSA ÈëÌ©¸°¤Ë´Þ¤Þ¤ì¤ë¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½
openssl rsautl -encrypt -inkey id_rsa.pub.PEM   -pubin < file           > file.encrypted # RSA ¸ø³«¸°¤«¤é PEM ·Á¼°¤Ç export ¤·¤¿¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½ (pubkey ¤¬¾å¼ê¤¯Æɤá¤Ê¤¤ÌÏÍÍ)
openssl rsautl -encrypt -inkey id_rsa.pub.PKCS8 -pubin < file           > file.encrypted # RSA ¸ø³«¸°¤«¤é PKCS8 ·Á¼°¤Ç export ¤·¤¿¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa           < file.encrypted > file.decrypted # RSA ÈëÌ©¸°¤Ë¤è¤ëÉü¹æ²½
¸ø³«¸°°Å¹æ¤Ê¤Î¤Ç¡¢ÈëÌ©¸°¤ÏÁê¼ê¤ËÅϤ·¤Æ¤Ï¤¤¤±¤Ê¤¤¡£
½¾¤Ã¤Æ¡¢¤Þ¤ºÁê¼ê¤Ë²¿¤é¤«¤ÎÊýË¡¤Ç¸ø³«¸°¤òÅϤ·¡¢¤½¤Î¸ø³«¸°¤Ç°Å¹æ²½¤·¤Æ¤â¤é¤Ã¤¿¤â¤Î¤ò¡¢¤³¤Á¤é¤ÇÉü¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£
º¡Êý¤«¤éÁê¼ê¤ËÁ÷¤ëºÝ¤Ï¡¢²¿¤é¤«¤ÎÊýË¡¤ÇÆþ¼ê¤·¤¿Áê¼ê¤Î¸ø³«¸°¤Ç°Å¹æ²½¤¹¤ëɬÍפ¬¤¢¤ë¡£

¸ø³«¸°¤Î¼õ¤±ÅϤ·¤Ï¡¢ÉáÄÌ¤Ï man in middle ¤Ç²þã⤵¤ì¤ë¤È¤³¤í¤Þ¤Ç¿´ÇÛ¤¹¤ëɬÍפϤʤ¤¤Ï¤º¤Ê¤Î¤Ç¥á¡¼¥ë¤« web ¤ÇÅϤ»¤Ð½½Ê¬¤À¤í¤¦¡£
¤É¤¦¤·¤Æ¤â¿´ÇۤʤéÅÅÏÃÅù¤Ç fingerprint ¤ò³Îǧ¤¹¤ì¤Ð¤Ê¤ó¤È¤«¤Ê¤ë¤Ï¤º¡£
¤Þ¤¿¡¢¸ø³«¸°°Å¹æ¤Ç¤¢¤ë RSA ¤ÏÃÙ¤¤¤Î¤Ç¡¢¼ÂÍÑŪ¤Ë¤Ï AES Åù¤Î¶¦Ä̸°°Å¹æ¤Ç°Å¹æ²½¤·¤Æ¡¢RSA ¤Ç¤½¤Î¶¦Ä̸°¤ò°Å¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£

¤¢¤È rsautl ¤ËÂбþ¤¹¤ë dsautl, ecutil Åù¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤¬¸«Åö¤¿¤é¤Ê¤«¤Ã¤¿¤Î¤Ç DSA ¤È ECDSA ¤Ë¤è¤ë encrypt/decrypt ¤¹¤ëÊýË¡¤ÏÍ×Ä´ºº¡£
pkeyutl ¤Ï RSA ¤ÏÄ̤뤱¤É DSA ¤È EC ¤Ï¤Ê¤¼¤«¾å¼ê¤¯¤¤¤Ê¤¤¡£¸°¤Îºî¤êÊý¤¬°­¤¤¤Î¤«¡©¡©¡©
Äɵ­: 2015-03-18
DSA ¤È ECDSA ¤ÏÅŻҽð̾¤Îµ¬³Ê¤Ê¤Î¤Ç¡¢¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½¤ÈÉü¹æ²½ (encrypt, decrypt) ¤Ï½ÐÍè¤Ê¤¤ÌÏÍÍ¡£
½ð̾¤È¸¡¾Ú (sign, verify) ¤ÏÌäÂê¤Ê¤¯½ÐÍ褿¡£
openssl pkeyutl # EC ALGORITHM ¤Ç¤Ï sign, verify ¤Ç ECDSA ¤È derive ¤Ç ECDH ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¤È¤Î»ö¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È ECDH ¤Ë¤è¤êƱ¤¸Ãͤ¬ÆÀ¤é¤ì¤ë¡£
openssl pkeyutl -derive -inkey my_ecdsa   -peerkey your_ecdsa.pub
openssl pkeyutl -derive -inkey your_ecdsa -peerkey my_ecdsa.pub
Ëè²óƱ¤¸Ãͤ·¤«ÆÀ¤é¤ì¤Ê¤¤¤Î¤Ç¡¢¤É¤Á¤é¤«°ìÊý¤¬»È¤¤¼Î¤Æ¤Î ec ¥Ú¥¢¤ò»È¤¨¤ÐÎɤ¤¤Î¤«¤Ê¡©

Äɵ­: 2015-03-23
ECDSA ¥­¡¼¥Ú¥¢¤È AES256 ¤Ë¤è¤ë°Å¹æ²½¥¹¥¯¥ê¥×¥È¤ò½ñ¤¤¤Æ¤ß¤¿¡£ ¿·¤·¤¯ ECDSA ¥­¡¼¥Ú¥¢¤òÀ¸À®¤·¤Æ°Å¹æ²½¤·¤¿¾ì¹ç¡¢¤½¤Î¾ì¤ÇÈëÌ©¸°¤òÇË´þ¤¹¤ë¤È¡¢Áê¼ê°Ê³°¤Ë¤Ï¼«Ê¬¤â´Þ¤á¤Æï¤â(¸½¾õ¤Ç¤Ïŷʸ³ØŪ¤Ê³ÎΨ¤Ç¤·¤«)Éü¹æ½ÐÍè¤Ê¤¯¤Ê¤ë¤Ï¤º¡£
ÈëÌ©¸°¤Îµ¡Ì©À­¤Ë¤Ä¤¤¤ÆôÊݽÐÍè¤Æ¤µ¤¨¤¤¤ë¤Ê¤é¡¢ÉáÄ̤Ϥ½¤³¤Þ¤Ç¤¹¤ëɬÍפϤʤ¤È¦¤À¤±¤É¡£

»²¹Í¡§
~/.ssh/config ¤Ë°Ê²¼¤Î¤è¤¦¤Ëʤ٤Ƥª¤¯¤È¾å¤ÎÊý¤«¤é½ç¤Ë»î¤µ¤ì¤ë¤ß¤¿¤¤¡£
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_rsa
¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤·¤¿¤¤¾ì¹ç¤Ï -o PubkeyAuthentication=no ÉÕ¤±¤È¤±¤Ð OK
ÆÃÄê¤Î¸°¤òÆͤùþ¤ß¤¿¤¤¤È¤­¤Ï -i id_seckey ÉÕ¤±¤È¤±¤Ð OK
¤Ä¤¤¤Ç¤Ë -o PasswordAuthentication=no ¤âÉÕ¤±¤Æ¤âÎɤ¤¤«¤â¡£
¸ø³«¸°Ç§¾Ú¤¹¤ëºÝ
~/.ssh/authorized_keys ¤Ï 644 ¤Ç¤âÌäÂê¤Ê¤¤¤¬
~/.ssh ¤Ï 700 ¤¸¤ã¤Ê¤¤¤ÈÂÌÌܤߤ¿¤¤
¤¢¤È owner ¤Ë¤âÃí°Õ
chmod 700 ~/.ssh ¤Î¤Ä¤â¤ê¤Ç chown 700 ~/.ssh ¤Ê¤ó¤Æ¤·¤Æ¤·¤Þ¤¤¡¢¤·¤Ð¤é¤¯Æ¬¤òÊú¤¨¤Æ¤ë±©Ìܤ˴٤俤ΤÏÆâ½ï¤À
~/.ssh/authorized_keys ¤Ë¤Ï¤¤¤í¤¤¤í¤ÈÀßÄ꤬½ÐÍè¤ëÌÏÍÍ¡£
1¹Ô¤ËÁ´Éô²¡¤·¹þ¤à¤Î¤Ç¤Á¤ç¤Ã¤È²ÄÆÉÀ­¤ËÌäÂ꤬¤¢¤ë¤¬¡¢Î㤨¤Ð¥È¥ó¥Í¥ë¼«Æ°µ¯Æ°ÍѤȤ·¤Æ¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò³°¤·¤¿ÈëÌ©¸°¤ËÂФ¹¤ë¥Ú¥¢ÍѤθø³«¸°¤Ê¤ó¤«¤ò¤Ê¤ë¤Ù¤¯°ÂÁ´¤Ë»È¤¤¤¿¤¤¾ì¹ç¤¬¤¢¤Ã¤¿¤È¤·¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È IP ¤òÀ©¸Â¤·¤Æ¡¢¤µ¤é¤Ë cat ¤ÎÆþÎÏÂÔ¤Á¤Ç²¿¤â½ÐÍè¤Ê¤¤¾õÂ֤˽ÐÍè¤ë¡£
from="192.168.1.xxx/32",command="echo -e \"Tunnel: waiting forever.\nC-D to exit.\";cat" ¡Ápubkey¡Á
¤½¤³¤«¤é¹¹¤Ë¥µ¡¼¥Ð¡¼Â¦¤Ç¥í¡¼¥«¥ë¤Ë ssh ¤«¤±¤Æ¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Ç¥í¥°¥¤¥óÂÔ¤Á¤µ¤»¤ë¤Ê¤é°Ê²¼¤Î¤è¤¦¤Ë¤·¤Æ¤â°­¤¯¤Ê¤¤¤À¤í¤¦¡£
from="192.168.1.xxx/32",command="echo -e \"Tunnel: waiting forever.\nC-D to exit.\";ssh -oPubkeyAuthentication=no localhost" ¡Ápubkey¡Á
»²¹Í:
20190514: Äɵ­
µ¯Æ°»þ¤Ë¥È¥ó¥Í¥ë¤ò·¡¤Ã¤Æ screen ¾å¤Ç°Ý»ý¤·¤¿¤¤¤è¤¦¤Ê¾ì¹ç¤Ï°Ê²¼
¿ÃÊ ssh ¤Ç¡¢³ÆÃÊ¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¾Êά¤·¤¿¶¦Ä̤θ°¤Ç¡¢
Ƨ¤ßÂæ¤È¤Ê¤ë 1 ÃÊÌܤΠremote-1st-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤»¤º¡¢
ÌÜŪÃϤȤʤë 2 ÃÊÌܤΠremote-2nd-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤¹¤ë
¤ß¤¿¤¤¤ÊÀßÄê

local host ¤Î ~/.ssh/config
Host	remote-2nd-host
	ProxyCommand	ssh -oIdentityFile=~/.ssh/seckey_for_tunnel remote-1st-host
	IdentityFile	~/.ssh/seckey_for_tunnel
	LocalForward	localhost:10080 remotehost:80
	PermitLocalCommand	yes
	LocalCommand	echo "Tunnel is opened."
1ÃÊÌܤΠremote host ¤Î ~/.ssh/authorized_keys
command="nc remote-2nd-host 22",no-port-forwarding ¡Ápubkey_for_tunnel¡Á
2ÃÊÌܤΠremote host ¤Î ~/.ssh/authorized_keys
command="echo -e \"Waiting forever.\nCtrl-D to exit.\"; cat" ¡Ápubkey_for_tunnel¡Á
password authentication ¤¬Í­¸ú¤Ê´Ä¶­¤Ç ~/.ssh/authorized_keys ¤ØÈëÌ©¸°¤ò¥³¥Ô¡¼¤¹¤ë¾ì¹ç¡¢
local ¤«¤é°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð°ìȯ¤À¤Ã¤¿¡£
ssh-copy-id <remote host name>
´û¤ËÅÐÏ¿¤¬¤¢¤ë¾ì¹ç¡¢-f ¥ª¥×¥·¥ç¥ó¤Ç¶¯À©Åª¤ËÄɲäâ½ÐÍè¤ë¤è¤¦¤À¡£
°ìÊý¤Çºï½ü¤Ï remote host ¾å¤Ç ~/.ssh/authorized_keys ¤ÎÅö³º¹Ô¤òºï½ü¤¹¤ë¤·¤«¤Ê¤¤ÌÏÍÍ¡£
X, Y ¤Î 2 Âæ¤Î¥Û¥¹¥È¤¬¤¢¤Ã¤Æ¡¢X ·Ðͳ¤Ç Y ¤ËžÁ÷¤·¤¿¤¤¤È¤·¤¿¾ì¹ç¡¢~/.ssh/config ¤Ë°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Æ¤ª¤±¤Ð¤è¤¤¡£
Host    Y
        ProxyCommand    ssh -W %h:%p X

Trouble Shooting

°Ê²¼¤Î¤è¤¦¤ÊÁàºî¤ò¤·¤¿¾ì¹ç¤Ë terminal ¤¬¸Ç¤Þ¤Ã¤Æ¤·¤Þ¤¦¾ì¹ç¤¬¤¢¤ë¡£
  • ¤¢¤ëÄøÅÙ¹Ô¿ô¤¢¤ë¥Õ¥¡¥¤¥ë¤ò cat ¤¹¤ë
  • ¤¢¤ëÄøÅ٤Υե¡¥¤¥ë¿ô¤Î¤¢¤ë¥Ç¥£¥ì¥¯¥È¥ê¤ò ls -l ¤¹¤ë
  • lv ¤ä byobu Åù ncurses »È¤Ã¤Æ¤ë¥³¥Þ¥ó¥É¤Ç²èÌ̤ò¥¹¥¯¥í¡¼¥ë¤¹¤ë
¤É¤¦¤â ssh client ¤Î down stream ¤ËÉÔ¶ñ¹ç¤¬À¸¤¸¤Æ¤¤¤ë¤é¤·¤¤¤Î¤À¤¬ up stream ¤ÏÀ¸¤­¤Æ¤¤¤ë¤é¤·¤¯¡¢¥­¡¼¥Ü¡¼¥É¤ò᤯¤È²èÌ̽ÐÎϤÏÊ֤äƤ³¤Ê¤¤¤â¤Î¤Î¥µ¡¼¥Ð¡¼Â¦¤Ç¥³¥Þ¥ó¥ÉÅù¤Ï¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¤È¤¤¤¦ÉԻ׵Ĥʾõ¶·¡£
¤¿¤À¤· exit ¤·¤Æ¤âÀܳ¤¬ÀÚ¤ì¤Ê¤¯¤Ã¤Æ who ¥³¥Þ¥ó¥É¤Ç pts ¤ò³Îǧ¤·¤Æ¤ª¤¤¤Æ¡¢Àܳ¤·¤Æ¤¤¤ë sshd ¤ò kill ¤¹¤ë¤È Write failed: Connection reset by peer ¤Ç¤è¤¦¤ä¤¯Àܳ¤¬ÀÚ¤ì¤è¤¦¤Ê¾õ¶·¡£

Jambo Frame Âбþ¤·¤Æ¤â¤é¤¤¤¿¤¯¤Æ ssh server Æ°¤¤¤Æ¤ë Ubuntu Server ¦¤Î ifconfig ¤Ç mtu 16110¡¢ssh client Æ°¤¤¤Æ¤ë Windows 7 ¤Î NIC ¥Ç¥Ð¥¤¥¹¥É¥é¥¤¥Ð¡¼¾ÜºÙÀßÄ꥿¥Ö¤Î Jambo Frame ¤Ç 9KB MTU ¤òÀßÄꤷ¤Æ¤¿¤ó¤À¤±¤É¡¢¤³¤ì¤¬¤Þ¤º¤«¤Ã¤¿ÌÏÍÍ¡£
¤È¤ê¤¢¤¨¤º freeze ¤·¤¿¾õÂÖ¤Ç server ¦¤ò mtu 1500 ¤Ë¤¹¤ë¤È¡¢freeze ¤«¤éÉüµ¢½ÐÍ褿¡£
¤È¸À¤¦¤³¤È¤Ç¡¢MTU ¤ÎÀßÄê¤ò¥Ç¥Õ¥©¥ë¥È¤Î 1500 ¤Ë¤·¤Æ¤ª¤¯¤ÈÌäÂê¤Ï²ò·è¤·¤¿¡£

Jambo Frame Âбþ¤Ï¡¢ÀßÄêµÍ¤á¤ëɬÍפ¬¤¢¤ê¤½¤¦¡£
¤È¤ê¤¢¤¨¤º¡¢mtu 16110 ¤Î Ubuntu Server 13.04 ¤È 9KB MTU ¤Î Windows 7 ¤À¤ÈÉÑÈˤËȯÀ¸¡£
mtu 16110 ¤Î Ubuntu Server 13.04 ¤È mtu 6128 ¤Î Ubuntu Desktop 12.04 LTS ¤À¤Èº£¤Î¤È¤³¤í¤³¤ÎÉÔ¶ñ¹ç¤Ï³Îǧ½ÐÍè¤Æ¤Ê¤¤¡£

»²¹Í:
OpenSSH 7.0 ¤Ç¤ÏÀȼåÀ­Âкö¤Î¤¿¤á DSA(ssh-dss) ¤¬¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï̵¸ú¤Ë¤µ¤ì¤¿¤é¤·¤¤¡£
¤³¤Î·ë²Ì¡¢ÀܳÀè¤Î¥µ¡¼¥Ð¡¼¤¬¸Å¤¤¤È°Ê²¼¤Î¤è¤¦¤Ê¥¨¥é¡¼¤ÇÀܳ½ÐÍè¤Ê¤¤¾ì¹ç¤¬¤¢¤ë¡£
Unable to negotiate with xxx.xxx.xxx.xxx: no matching host key type found. Their offer: ssh-dss
¥»¥­¥å¥ê¥Æ¥£Åª¤Ë¤Ï¥µ¡¼¥Ð¡¼¤ò¥Ð¡¼¥¸¥ç¥ó¥¢¥Ã¥×¤¹¤ë¤Î¤¬¶Ú¤À¤¬¡¢¥µ¡¼¥Ð¡¼¤¬¼«Ê¬¤Î´ÉÍý²¼¤Ë¤Ê¤¯¤ÆÂбþ¤·¤Æ¤â¤é¤¨¤Ê¤¤¤è¤¦¤Ê¾ì¹ç¡¢»ÅÊý¤¬¤Ê¤¤¤Î¤Ç ~/.ssh/config ¤Ë°Ê²¼¤ÎÍͤÊÀßÄê¤òÄɲ䷤Ƥª¤¯¤È ssh-dss ¤òÍ­¸ú¤Ë½ÐÍè¤ëÌÏÍÍ¡£
servername
    HostKeyAlgorithms ssh-dss
Cygwin ¤¬ Linux ¤ä BSD ¤è¤ê¤âÀè¹Ô¤·¤Æ OpenSSH ¤Î¿·¤·¤¤¥Ð¡¼¥¸¥ç¥óÆþ¤ì¤Æ¤¿¤ê¤¹¤ë¤Î¤Ç¡¢ÆÃ¤Ë Cygwin ¤«¤é¸Å¤¤¥µ¡¼¥Ð¡¼¤ËÀܳ¤¹¤ëºÝ¤ËÌäÂ꤬½Ð°×¤¤¡£

»²¹Í:
Äɵ­: 2016-07-04
¸À¤¦¤Þ¤Ç¤â¤Ê¤¤¤¬¡¢~/.ssh/config ¤ËÀßÄꤷ¤Ê¤¯¤Æ¤â ssh ¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤òÍ¿¤¨¤Æ¤âÎɤ¤¡£
-o HostKeyAlgorithms=ssh-dss

´ØÏ¢

¥³¥á¥ó¥È¤ò¤«¤¯


¡Öhttp://¡×¤ò´Þ¤àÅê¹Æ¤Ï¶Ø»ß¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

ÍøÍѵ¬Ìó¤ò¤´³Îǧ¤Î¤¦¤¨¤´µ­Æþ²¼¤µ¤¤

WikiÆ⸡º÷

¥Õ¥ê¡¼¥¨¥ê¥¢

´ÉÍý¿Í/Éû´ÉÍý¿Í¤Î¤ßÊÔ½¸¤Ç¤­¤Þ¤¹