Secure Shell ¤Î¥Õ¥ê¡¼¤Ê¼ÂÁõ
- MANA-DOT / 2014-07-22: ssh-agent¤Îforward¤òÍøÍѤ·¡¢¥Û¥¹¥È¥Þ¥·¥ó¤È¥í¡¼¥«¥ëVM¤ÎÈó¸ø³«¸°¤ò¶¦Í¤¹¤ë
- SSH Examples, Tips & Tunnels, ¥Í¥¿¸µ: Twitter: 1082289852056461313
- -J¡¢Ubuntu 16.04.04 LTS ¤Ç¤Ï »È¤¨¤Ê¤¤¤Ê
C-u ¤¹¤ì¤ÐÎɤ¤¤é¤·¤¤¡£
OpenSSH ¤Î¥É¥¥å¥á¥ó¥È¤Ë¤Ï¸«Åö¤¿¤é¤Ê¤¤µ¤¤¬¤¹¤ë¡£
READLINE(3) ¸«¤ë¤È»÷¤¿¤è¤¦¤Ê¥¡¼¥Ð¡¼¥¤¥ó¥É¤Ï¤¢¤ë¤±¤É kill-ring ¤Ï´Ø·¸¤·¤Æ¤Ê¤µ¤½¤¦¡£
»²¹Í:
OpenSSH ¤Î¥É¥¥å¥á¥ó¥È¤Ë¤Ï¸«Åö¤¿¤é¤Ê¤¤µ¤¤¬¤¹¤ë¡£
READLINE(3) ¸«¤ë¤È»÷¤¿¤è¤¦¤Ê¥¡¼¥Ð¡¼¥¤¥ó¥É¤Ï¤¢¤ë¤±¤É kill-ring ¤Ï´Ø·¸¤·¤Æ¤Ê¤µ¤½¤¦¡£
unix-line-discard (C-u) Kill backward from point to the beginning of the line. The killed text is saved on the kill-ring.Îɤ¯¤¢¤ë¥¡¼¥Ð¡¼¥¤¥ó¥É¤Ë½¾¤Ã¤Æ¤ë¤À¤±¤À¤í¤¦¤«¡©
»²¹Í:
- ¥ê¥â¡¼¥È¤Î¦¤Î sshd_config ¤Ç X11Forwarding ¤Ï yes ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤«¡©
- ¥ê¥â¡¼¥È¤Î¦¤Ë xauth ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤«¡©
Î㤨¤Ð°Ê²¼¤Î¤è¤¦¤Ê´Ä¶ÊÑ¿ô¤ò¼«Æ°¤ÇÁ÷¤Ã¤È¤¯¤ÈÊØÍø¤Ç¤¢¤ë¡£
ÀßÄꤹ¤ë²Õ½ê¤Ï¼¡¤ÎÄ̤ꡣ
¥í¡¼¥«¥ë¦¤Î /etc/ssh/ssh_conf ¤Ë°Ê²¼¤Î¹àÌܤ¬¤Ê¤±¤ì¤ÐÄɲÃ
¤¢¤È Debian ¤Ç language-env 0.69 »È¤Ã¤Æ ~/.bashrc ÀßÄꤷ¤Æ¤ë¤È
TERM=xterm ¤Î»þ LANG=C ¤Ç¾å½ñ¤¤µ¤ì¤Æ¤ë¤Î¤Ç°Ê²¼¤Î²Õ½ê¤òÊѹ¹¤·¤È¤¯É¬Íפ¬¤¢¤ë¡£
- ¥í¡¼¥«¥ë¦¤ÈƱ¤¸¥í¥±¡¼¥ë¤Çºî¶È¤·¤¿¤¤¾ì¹ç
- LANG LC_*
- X11Forwarding ¤·¤Æ¤ë¤È¤¤Ë¥í¡¼¥«¥ë¤Î´Á»úÊÑ´¹¤ò»È¤¤¤¿¤¤¾ì¹ç
- XMODIFIERS
ÀßÄꤹ¤ë²Õ½ê¤Ï¼¡¤ÎÄ̤ꡣ
¥í¡¼¥«¥ë¦¤Î /etc/ssh/ssh_conf ¤Ë°Ê²¼¤Î¹àÌܤ¬¤Ê¤±¤ì¤ÐÄɲÃ
SendEnv LANG LC_* SendEnv XMODIFIERS¥ê¥â¡¼¥È¦¤Î /etc/ssh/sshd_conf ¤Ë°Ê²¼¤Î¹àÌܤ¬¤Ê¤±¤ì¤ÐÄɲÃ
AcceptEnv LANG LC_* AcceptEnv XMODIFIERSºÇ¸å¤Ë¥ê¥â¡¼¥È¦¤Î sshd ¤òºÆµ¯Æ°
¤¢¤È Debian ¤Ç language-env 0.69 »È¤Ã¤Æ ~/.bashrc ÀßÄꤷ¤Æ¤ë¤È
TERM=xterm ¤Î»þ LANG=C ¤Ç¾å½ñ¤¤µ¤ì¤Æ¤ë¤Î¤Ç°Ê²¼¤Î²Õ½ê¤òÊѹ¹¤·¤È¤¯É¬Íפ¬¤¢¤ë¡£
*** .bashrc~ 2011-02-09 11:01:09.000000000 +0900 --- .bashrc 2011-02-09 11:38:00.000000000 +0900 *************** *** 32,35 **** xterm) if [ "$COLORTERM" != "gnome-terminal" ] ; then ! LANG=C fi ;; --- 32,37 ---- xterm) if [ "$COLORTERM" != "gnome-terminal" ] ; then ! if [ "$LANG" = "" ] ; then ! LANG=C ! fi fi ;;»²¹Í:
- watanet Personal Side-C
- spikelet days
¥»¥¥å¥ê¥Æ¥£¤Î¸þ¾å¤Î¤¿¤á¡¢
ºÇ¶á¤Î known_hosts ¥Õ¥¡¥¤¥ë¤Ë¤Ï pkey ¤È¡¢°ìÊý¸þ hash ²½¤µ¤ì¤¿ hostname ¤ÎÂбþ¤¬µÏ¿¤µ¤Æ¤Æ¤¤¤ë¡£
¤Ä¤Þ¤ê¡¢hostname ¤«¤é pkey ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤ë¤¬¡¢pkey ¤«¤é hostname ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤Ê¤¤¡£
´û¤ËÉÔÍ×¤Ê pkey ¤«¤òȽÃǤ¹¤ë¤¿¤á¤Ë¤Ï¡¢°Ê²¼¤ÎÊýË¡¤Ç hostname ¤«¤é pkey ¤òÁíÅö¤¿¤êŪ¤Ë¸¡º÷¤¹¤ë¤·¤«¤Ê¤¤¡£
¥Ç¥Õ¥©¥ë¥È port (=22) ¤Î¾ì¹ç¡¢hostname ¤ò¤½¤Î¤Þ¤Þ½ñ¤¯¡£
¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î port (¡â22) ¤Î¾ì¹ç¡¢[hostname]:port ¤Î¤è¤¦¤Ë½ñ¤¯¡£
ÆÃÄê¤Î¥Û¥¹¥È¤Ë´Ø¤¹¤ë¸°¤Îºï½ü¤Ï
ºÇ¶á¤Î known_hosts ¥Õ¥¡¥¤¥ë¤Ë¤Ï pkey ¤È¡¢°ìÊý¸þ hash ²½¤µ¤ì¤¿ hostname ¤ÎÂбþ¤¬µÏ¿¤µ¤Æ¤Æ¤¤¤ë¡£
¤Ä¤Þ¤ê¡¢hostname ¤«¤é pkey ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤ë¤¬¡¢pkey ¤«¤é hostname ¤òõ¤¹¤³¤È¤Ï½ÐÍè¤Ê¤¤¡£
´û¤ËÉÔÍ×¤Ê pkey ¤«¤òȽÃǤ¹¤ë¤¿¤á¤Ë¤Ï¡¢°Ê²¼¤ÎÊýË¡¤Ç hostname ¤«¤é pkey ¤òÁíÅö¤¿¤êŪ¤Ë¸¡º÷¤¹¤ë¤·¤«¤Ê¤¤¡£
ssh-keygen -lF $hostname -f ~/.ssh/known_hosts¥ª¥×¥·¥ç¥ó¤Î°ÕÌ£¤Ï°Ê²¼
- -l : fingerprint ¤Çɽ¼¨(ÉÕ¤±¤Ê¤±¤ì¤Ð¡¢pkey ¤ò¤½¤Î¤Þ¤Þɽ¼¨¤¹¤ë)
- -F : ¸¡º÷¤¹¤ë hostname ¤Î»ØÄê
- -f : known_host ¥Õ¥¡¥¤¥ë¤Î»ØÄê
¥Ç¥Õ¥©¥ë¥È port (=22) ¤Î¾ì¹ç¡¢hostname ¤ò¤½¤Î¤Þ¤Þ½ñ¤¯¡£
¥Ç¥Õ¥©¥ë¥È°Ê³°¤Î port (¡â22) ¤Î¾ì¹ç¡¢[hostname]:port ¤Î¤è¤¦¤Ë½ñ¤¯¡£
ÆÃÄê¤Î¥Û¥¹¥È¤Ë´Ø¤¹¤ë¸°¤Îºï½ü¤Ï
ssh-keygen -R "hostname"
known_hosts ¤ËµÏ¿¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¡¼¤Ø ssh ¤·¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë·Ù¹ð¤¬É½¼¨¤µ¤ì¤ë¡£
³Æ¥µ¡¼¥Ð¡¼¤Î pkey ¤ò¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤ë¤Ë¤Ï ssh-keyscan ¥³¥Þ¥ó¥É¤òÍѤ¤¤ë¡£
¤¿¤À¤·¡¢¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤¿¤Î¤Ç¤Ï¡¢¤Ê¤ê¤¹¤Þ¤·¤¬È½Ê̽ÐÍè¤Ê¤¤¤Î¤Ç¡¢
»öÁ°¤Ë¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¥µ¡¼¥Ð¡¼¼«¿È¤Î pkey ¤òÄ´¤Ù¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¡£
¤Ä¤Þ¤ê¡¢¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¼«Ê¬¼«¿È¤Î sshd ¤ËÂФ·¤Æ°Ê²¼¤Î¤è¤¦¤ËÌä¹ç¤»¤ò¹Ô¤Ê¤¨¤ÐÎɤ¤¡£
¤³¤ì¤ÏÀ¸¤Î pkey ¤Ê¤Î¤Ç¡¢fingerprint ¤òÄ´¤Ù¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë ssh-keygen ¥³¥Þ¥ó¥É¤òÄ̤¹¡£
ssh-keygen ¤Ø¤Î pkey ÆþÎϤ¬¥Õ¥¡¥¤¥ë¸ÂÄê(?)¤Ê¤Î¤Ç¡¢¾åµ¤Î¤è¤¦¤Ë°ìö¥ê¥À¥¤¥ì¥¯¥È¤Ç¡¢¥Õ¥¡¥¤¥ë¤ò·Ðͳ¤µ¤»¤ëɬÍפ¬¤¢¤ë¡£
̾Á°ÉÕ¤¥Ñ¥¤¥×¤¬»È¤¨¤½¤¦¤Ê¤â¤Î¤À¤¬¡¢2011-09-18¸½ºß¡¢Debian ¤Î openssh-client 1:5.8p1-7 ¤À¤È¡¢À¸¤Î¥Õ¥¡¥¤¥ë¤¸¤ã¤Ê¤¤¤ÈÄ̤é¤Ê¤¤¡£
2016-02-12:
OpenSSH 6.8/6.8p1 °Ê¹ß¡¢¸°¤Î fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤¬ md5 ¤«¤é sha256/base64 ¤ËÊѹ¹¤Ë¤Ê¤Ã¤¿¤È¤Î»ö¡£
ssh-keygen ¤Ç¤Ï -E ¥ª¥×¥·¥ç¥ó¤Ç¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤òÊѹ¹½ÐÍè¤ë¤é¤·¤¤¡£
ssh ¤Ë¤Ï fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤ÎÀÚÂص¡Ç½¤¬¤Ê¤¤¤Î¤Ç¡¢
¼ê¸µ¤Ëµì fingerprint ¤Î¾ðÊó¤·¤«¤Ê¤¤¾ì¹ç¡¢°ìö ssh-keygen ¤Ç¿·µìÂоȤ¹¤ëɬÍפ¬¤¢¤ë¡£
´Ê°×Ū¤Ë¤Ï¤³¤ó¤Ê´¶¤¸¤«¡©
»²¹Í:
$ ssh -p 1234 myserver The authenticity of host '[myserver]:1234 ([127.0.0.1]:1234)' can't be established. RSA key fingerprint is 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f. Are you sure you want to continue connecting (yes/no)?½é²ó¤ÎÀܳ¤Ç known_hosts ¤Ë¥µ¡¼¥Ð¡¼¤¬ÅÐÏ¿¤µ¤ì¤Æ¤Ê¤¤¾ì¹ç¡¢¥µ¡¼¥Ð¡¼¤Î pkey ¤«¤é·×»»¤·¤¿ fingerprint ¤ò»öÁ°Ä´¤Ù¤Æ¤ª¤¯¤³¤È¤Ç¡¢°ÂÁ´¤Ë ssh ¤ÇÀܳ¤Ç¤¤ë¡£
³Æ¥µ¡¼¥Ð¡¼¤Î pkey ¤ò¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤ë¤Ë¤Ï ssh-keyscan ¥³¥Þ¥ó¥É¤òÍѤ¤¤ë¡£
¤¿¤À¤·¡¢¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤ËÄ´¤Ù¤¿¤Î¤Ç¤Ï¡¢¤Ê¤ê¤¹¤Þ¤·¤¬È½Ê̽ÐÍè¤Ê¤¤¤Î¤Ç¡¢
»öÁ°¤Ë¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¥µ¡¼¥Ð¡¼¼«¿È¤Î pkey ¤òÄ´¤Ù¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¡£
¤Ä¤Þ¤ê¡¢¥µ¡¼¥Ð¡¼¾å¤Ç¡¢¼«Ê¬¼«¿È¤Î sshd ¤ËÂФ·¤Æ°Ê²¼¤Î¤è¤¦¤ËÌä¹ç¤»¤ò¹Ô¤Ê¤¨¤ÐÎɤ¤¡£
ssh-keyscan localhost
¤³¤ì¤ÏÀ¸¤Î pkey ¤Ê¤Î¤Ç¡¢fingerprint ¤òÄ´¤Ù¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë ssh-keygen ¥³¥Þ¥ó¥É¤òÄ̤¹¡£
ssh-keyscan localhost > /tmp/pkey ssh-keygen -vlf /tmp/pkeyssh-keygen ¤Î¥ª¥×¥·¥ç¥ó¤Î°ÕÌ£¤Ï°Ê²¼
- -v : verbose. -l ¥ª¥×¥·¥ç¥ó»ÈÍÑ»þ¤Ë ASCII art ɽ¸½¤âÊ»¤»¤Æɽ¼¨¤µ¤»¤¿¤¤¾ì¹ç¤ËÉÕ¤±¤ë¡£
- -l : fingerprint ¤Î·×»»
- -f : pkey ¥Õ¥¡¥¤¥ë¤Î»ØÄê
ssh-keygen ¤Ø¤Î pkey ÆþÎϤ¬¥Õ¥¡¥¤¥ë¸ÂÄê(?)¤Ê¤Î¤Ç¡¢¾åµ¤Î¤è¤¦¤Ë°ìö¥ê¥À¥¤¥ì¥¯¥È¤Ç¡¢¥Õ¥¡¥¤¥ë¤ò·Ðͳ¤µ¤»¤ëɬÍפ¬¤¢¤ë¡£
̾Á°ÉÕ¤¥Ñ¥¤¥×¤¬»È¤¨¤½¤¦¤Ê¤â¤Î¤À¤¬¡¢2011-09-18¸½ºß¡¢Debian ¤Î openssh-client 1:5.8p1-7 ¤À¤È¡¢À¸¤Î¥Õ¥¡¥¤¥ë¤¸¤ã¤Ê¤¤¤ÈÄ̤é¤Ê¤¤¡£
2016-02-12:
OpenSSH 6.8/6.8p1 °Ê¹ß¡¢¸°¤Î fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤¬ md5 ¤«¤é sha256/base64 ¤ËÊѹ¹¤Ë¤Ê¤Ã¤¿¤È¤Î»ö¡£
ssh-keygen ¤Ç¤Ï -E ¥ª¥×¥·¥ç¥ó¤Ç¤³¤Î¥¢¥ë¥´¥ê¥º¥à¤òÊѹ¹½ÐÍè¤ë¤é¤·¤¤¡£
ssh ¤Ë¤Ï fingerprint À¸À®¥¢¥ë¥´¥ê¥º¥à¤ÎÀÚÂص¡Ç½¤¬¤Ê¤¤¤Î¤Ç¡¢
¼ê¸µ¤Ëµì fingerprint ¤Î¾ðÊó¤·¤«¤Ê¤¤¾ì¹ç¡¢°ìö ssh-keygen ¤Ç¿·µìÂоȤ¹¤ëɬÍפ¬¤¢¤ë¡£
´Ê°×Ū¤Ë¤Ï¤³¤ó¤Ê´¶¤¸¤«¡©
ssh-keycomp () { ( local tmp=$(mktemp -u); trap "rm $tmp" 0; ssh-keyscan "$1" > $tmp; ssh-keygen -E md5 -lf $tmp; ssh-keygen -lf $tmp; ); }
»²¹Í:
- Qiita / matoken¤¬ / 2012-03-08: ssh¸°¤Î¸°»ØÌæ¤òɽ¼¨
¥á¥ó¥Æ¥Ê¥ó¥¹¤ä¥Æ¥¹¥È¤Ê¤É¤Ç°ì»þŪ¤ËΩ¤Á¾å¤²¤¿ ssh ¥µ¡¼¥Ð¡¼¤ËÉÑÈˤ˷Ҥ¤¤Æ¤¤¤ë¤È¡¢°ì»þŪ¤Ê pkey ¤¬ known_hosts ¤ØµÏ¿¤µ¤ì¤Æ¥´¥ß¤Î»³¤Ë¤Ê¤ë¡£
¤³¤Î¤è¤¦¤Ë¡¢±Ê³Ū¤Ç¤Ê¤¤ pkey ¤ò»ý¤Ä¥µ¡¼¥Ð¡¼¤ËÀܳ¤¹¤ë¾ìÌ̤Ǥϡ¢¤¤¤Á¤¤¤Á known_hosts ¤ËµÏ¿¤ò»Ä¤·¤¿¤¯¤Ê¤¤¡£
ÊýË¡¤Ï´Êñ¤Ç -o UserKnownHostsFile ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ÆŬÅö¤Ë¼Î¤Æ¾ì½ê¤ò»ØÄꤷ¤Æ¤ä¤ì¤ÐÎɤ¤¡£
¤³¤Î¤è¤¦¤Ë¡¢±Ê³Ū¤Ç¤Ê¤¤ pkey ¤ò»ý¤Ä¥µ¡¼¥Ð¡¼¤ËÀܳ¤¹¤ë¾ìÌ̤Ǥϡ¢¤¤¤Á¤¤¤Á known_hosts ¤ËµÏ¿¤ò»Ä¤·¤¿¤¯¤Ê¤¤¡£
ÊýË¡¤Ï´Êñ¤Ç -o UserKnownHostsFile ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ÆŬÅö¤Ë¼Î¤Æ¾ì½ê¤ò»ØÄꤷ¤Æ¤ä¤ì¤ÐÎɤ¤¡£
ssh -o UserKnownHostsFile=/dev/null 192.168.0.1¤¤¤¤Ê¤ê /dev/null ¤Ø¼Î¤Æ¤ë¤Î¤¬É԰¤ʤé°ì»þ¥Õ¥¡¥¤¥ë(Î㤨¤Ð /tmp/known_hosts Åù)¤Ë½ÐÎϤ·¤Æ¤âÎɤ¤¤«¤â¤·¤ì¤Ê¤¤¡£
°Ê²¼¤Î¤è¤¦¤Ë -y ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ì¤Ð ~/.ssh/id_rsa.pub ÁêÅö¤Î¤â¤Î¤¬À¸À®½ÐÍè¤ë¤é¤·¤¤¡£
ssh-keygen -f ~/.ssh/id_rsa -y»²¹Í:
- kanonji¤ÎÆüµ / 2011-05-14: ssh-keygen¤ÇÈëÌ©¸°¤«¤é¸ø³«¸°¤òÀ¸À®¤¹¤ë
base64 encode ¤µ¤ì¤¿¸°¤ò base64 decode ¤·¤Æ md5sum ¤ò¼è¤Ã¤¿¤â¤Î¤é¤·¤¤¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤ÈƱ¤¸ fingerprint ¤¬½Ð¤ÆÍè¤ë¤³¤È¤ò³Îǧ½ÐÍè¤ë¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤ÈƱ¤¸ fingerprint ¤¬½Ð¤ÆÍè¤ë¤³¤È¤ò³Îǧ½ÐÍè¤ë¡£
cat ~/.ssh/id_rsa.pub | awk '{print $2;}' | base64 -d | md5sum ssh-keygen -l -f ~/.ssh/id_rsa.pub»²¹Í¡§
- ¤Þ¤Ë¤Ã¤ / 2012-09-11: ssh ¤Î RSA ¸°¤ò openssl ¥³¥Þ¥ó¥É¤Ç°·¤Ã¤Æ¤ß¤ë
~/.ssh °Ê²¼¤Î SSH ¥¡¼¤Ï
ÈëÌ©¸°¤Ï PEM ·Á¼°¤Ê¤Î¤Ç OpenSSL ¤Ç¤½¤Î¤Þ¤Þ»È¤¨¤ë¤Î¤À¤¬¡¢
ÈëÌ©¸°¤Ï OpenSSH ¤ÎÆȼ«·Á¼°(¡©)(RFC4716 ·Á¼°¤ò1¹Ô¤ËŸ³«¤·¤¿¤è¤¦¤Ê·Á¼°) ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢
¤½¤Î¤Þ¤Þ¤Ç¤Ï OpenSSL ¤Ç½èÍý½ÐÍè¤Ê¤¤¡£
¤³¤Î¤¿¤á ssh-keygen -e ¤Ç PKCS8 ·Á¼°¤Ë export ¤¹¤ëɬÍפ¬¤¢¤ë¡£
¤½¤ì¤¾¤ì¤Î·Á¼°¤Ë export ¤¹¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤ÐÎɤ¤¡£
½¾¤Ã¤Æ¡¢¤Þ¤ºÁê¼ê¤Ë²¿¤é¤«¤ÎÊýË¡¤Ç¸ø³«¸°¤òÅϤ·¡¢¤½¤Î¸ø³«¸°¤Ç°Å¹æ²½¤·¤Æ¤â¤é¤Ã¤¿¤â¤Î¤ò¡¢¤³¤Á¤é¤ÇÉü¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£
º¡Êý¤«¤éÁê¼ê¤ËÁ÷¤ëºÝ¤Ï¡¢²¿¤é¤«¤ÎÊýË¡¤ÇÆþ¼ê¤·¤¿Áê¼ê¤Î¸ø³«¸°¤Ç°Å¹æ²½¤¹¤ëɬÍפ¬¤¢¤ë¡£
¸ø³«¸°¤Î¼õ¤±ÅϤ·¤Ï¡¢ÉáÄÌ¤Ï man in middle ¤Ç²þã⤵¤ì¤ë¤È¤³¤í¤Þ¤Ç¿´ÇÛ¤¹¤ëɬÍפϤʤ¤¤Ï¤º¤Ê¤Î¤Ç¥á¡¼¥ë¤« web ¤ÇÅϤ»¤Ð½½Ê¬¤À¤í¤¦¡£
¤É¤¦¤·¤Æ¤â¿´ÇۤʤéÅÅÏÃÅù¤Ç fingerprint ¤ò³Îǧ¤¹¤ì¤Ð¤Ê¤ó¤È¤«¤Ê¤ë¤Ï¤º¡£
¤Þ¤¿¡¢¸ø³«¸°°Å¹æ¤Ç¤¢¤ë RSA ¤ÏÃÙ¤¤¤Î¤Ç¡¢¼ÂÍÑŪ¤Ë¤Ï AES Åù¤Î¶¦Ä̸°°Å¹æ¤Ç°Å¹æ²½¤·¤Æ¡¢RSA ¤Ç¤½¤Î¶¦Ä̸°¤ò°Å¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£
¤¢¤È rsautl ¤ËÂбþ¤¹¤ë dsautl, ecutil Åù¤Î¥µ¥Ö¥³¥Þ¥ó¥É¤¬¸«Åö¤¿¤é¤Ê¤«¤Ã¤¿¤Î¤Ç DSA ¤È ECDSA ¤Ë¤è¤ë encrypt/decrypt ¤¹¤ëÊýË¡¤ÏÍ×Ä´ºº¡£
pkeyutl ¤Ï RSA ¤ÏÄ̤뤱¤É DSA ¤È EC ¤Ï¤Ê¤¼¤«¾å¼ê¤¯¤¤¤Ê¤¤¡£¸°¤Îºî¤êÊý¤¬°¤¤¤Î¤«¡©¡©¡©
Äɵ: 2015-03-18
DSA ¤È ECDSA ¤ÏÅŻҽð̾¤Îµ¬³Ê¤Ê¤Î¤Ç¡¢¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½¤ÈÉü¹æ²½ (encrypt, decrypt) ¤Ï½ÐÍè¤Ê¤¤ÌÏÍÍ¡£
½ð̾¤È¸¡¾Ú (sign, verify) ¤ÏÌäÂê¤Ê¤¯½ÐÍ褿¡£
openssl pkeyutl # EC ALGORITHM ¤Ç¤Ï sign, verify ¤Ç ECDSA ¤È derive ¤Ç ECDH ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¤È¤Î»ö¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È ECDH ¤Ë¤è¤êƱ¤¸Ãͤ¬ÆÀ¤é¤ì¤ë¡£
Äɵ: 2015-03-23
ECDSA ¥¡¼¥Ú¥¢¤È AES256 ¤Ë¤è¤ë°Å¹æ²½¥¹¥¯¥ê¥×¥È¤ò½ñ¤¤¤Æ¤ß¤¿¡£
ÈëÌ©¸°¤Îµ¡Ì©À¤Ë¤Ä¤¤¤ÆôÊݽÐÍè¤Æ¤µ¤¨¤¤¤ë¤Ê¤é¡¢ÉáÄ̤Ϥ½¤³¤Þ¤Ç¤¹¤ëɬÍפϤʤ¤È¦¤À¤±¤É¡£
»²¹Í¡§
ÈëÌ©¸°¤Ï PEM ·Á¼°¤Ê¤Î¤Ç OpenSSL ¤Ç¤½¤Î¤Þ¤Þ»È¤¨¤ë¤Î¤À¤¬¡¢
ÈëÌ©¸°¤Ï OpenSSH ¤ÎÆȼ«·Á¼°(¡©)(RFC4716 ·Á¼°¤ò1¹Ô¤ËŸ³«¤·¤¿¤è¤¦¤Ê·Á¼°) ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢
¤½¤Î¤Þ¤Þ¤Ç¤Ï OpenSSL ¤Ç½èÍý½ÐÍè¤Ê¤¤¡£
¤³¤Î¤¿¤á ssh-keygen -e ¤Ç PKCS8 ·Á¼°¤Ë export ¤¹¤ëɬÍפ¬¤¢¤ë¡£
¤½¤ì¤¾¤ì¤Î·Á¼°¤Ë export ¤¹¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤ÐÎɤ¤¡£
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 > id_rsa.pub.PKCS8 ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PEM > id_rsa.pub.PEM # ¤³¤ì¤Ï OpenSSL ¤Ç¤Ï»È¤¨¤Ê¤¤¡©¡©¡© ssh-keygen -f ~/.ssh/id_rsa.pub -e -m RFC4716 > id_rsa.pub.RFC4716 # ¤³¤ì¤Ï OpenSSL ¤Ç¤Ï»È¤¨¤Ê¤¤¤¢¤È¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð RSA ¤Ë¤è¤ë°Å¹æ²½¤ÈÉü¹æ²½¤¬¹Ô¤¨¤ë¡£
openssl rsautl -encrypt -inkey ~/.ssh/id_rsa < file > file.encrypted # RSA ÈëÌ©¸°¤Ë´Þ¤Þ¤ì¤ë¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½ openssl rsautl -encrypt -inkey id_rsa.pub.PEM -pubin < file > file.encrypted # RSA ¸ø³«¸°¤«¤é PEM ·Á¼°¤Ç export ¤·¤¿¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½ (pubkey ¤¬¾å¼ê¤¯Æɤá¤Ê¤¤ÌÏÍÍ) openssl rsautl -encrypt -inkey id_rsa.pub.PKCS8 -pubin < file > file.encrypted # RSA ¸ø³«¸°¤«¤é PKCS8 ·Á¼°¤Ç export ¤·¤¿¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½ openssl rsautl -decrypt -inkey ~/.ssh/id_rsa < file.encrypted > file.decrypted # RSA ÈëÌ©¸°¤Ë¤è¤ëÉü¹æ²½¸ø³«¸°°Å¹æ¤Ê¤Î¤Ç¡¢ÈëÌ©¸°¤ÏÁê¼ê¤ËÅϤ·¤Æ¤Ï¤¤¤±¤Ê¤¤¡£
½¾¤Ã¤Æ¡¢¤Þ¤ºÁê¼ê¤Ë²¿¤é¤«¤ÎÊýË¡¤Ç¸ø³«¸°¤òÅϤ·¡¢¤½¤Î¸ø³«¸°¤Ç°Å¹æ²½¤·¤Æ¤â¤é¤Ã¤¿¤â¤Î¤ò¡¢¤³¤Á¤é¤ÇÉü¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£
º¡Êý¤«¤éÁê¼ê¤ËÁ÷¤ëºÝ¤Ï¡¢²¿¤é¤«¤ÎÊýË¡¤ÇÆþ¼ê¤·¤¿Áê¼ê¤Î¸ø³«¸°¤Ç°Å¹æ²½¤¹¤ëɬÍפ¬¤¢¤ë¡£
¸ø³«¸°¤Î¼õ¤±ÅϤ·¤Ï¡¢ÉáÄÌ¤Ï man in middle ¤Ç²þã⤵¤ì¤ë¤È¤³¤í¤Þ¤Ç¿´ÇÛ¤¹¤ëɬÍפϤʤ¤¤Ï¤º¤Ê¤Î¤Ç¥á¡¼¥ë¤« web ¤ÇÅϤ»¤Ð½½Ê¬¤À¤í¤¦¡£
¤É¤¦¤·¤Æ¤â¿´ÇۤʤéÅÅÏÃÅù¤Ç fingerprint ¤ò³Îǧ¤¹¤ì¤Ð¤Ê¤ó¤È¤«¤Ê¤ë¤Ï¤º¡£
¤Þ¤¿¡¢¸ø³«¸°°Å¹æ¤Ç¤¢¤ë RSA ¤ÏÃÙ¤¤¤Î¤Ç¡¢¼ÂÍÑŪ¤Ë¤Ï AES Åù¤Î¶¦Ä̸°°Å¹æ¤Ç°Å¹æ²½¤·¤Æ¡¢RSA ¤Ç¤½¤Î¶¦Ä̸°¤ò°Å¹æ²½¤¹¤ë¤È¤¤¤¦»È¤¤Êý¤Ë¤Ê¤ë¡£
Äɵ: 2015-03-18
DSA ¤È ECDSA ¤ÏÅŻҽð̾¤Îµ¬³Ê¤Ê¤Î¤Ç¡¢¸ø³«¸°¤Ë¤è¤ë°Å¹æ²½¤ÈÉü¹æ²½ (encrypt, decrypt) ¤Ï½ÐÍè¤Ê¤¤ÌÏÍÍ¡£
½ð̾¤È¸¡¾Ú (sign, verify) ¤ÏÌäÂê¤Ê¤¯½ÐÍ褿¡£
openssl pkeyutl # EC ALGORITHM ¤Ç¤Ï sign, verify ¤Ç ECDSA ¤È derive ¤Ç ECDH ¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¤È¤Î»ö¡£
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È ECDH ¤Ë¤è¤êƱ¤¸Ãͤ¬ÆÀ¤é¤ì¤ë¡£
openssl pkeyutl -derive -inkey my_ecdsa -peerkey your_ecdsa.pub openssl pkeyutl -derive -inkey your_ecdsa -peerkey my_ecdsa.pubËè²óƱ¤¸Ãͤ·¤«ÆÀ¤é¤ì¤Ê¤¤¤Î¤Ç¡¢¤É¤Á¤é¤«°ìÊý¤¬»È¤¤¼Î¤Æ¤Î ec ¥Ú¥¢¤ò»È¤¨¤ÐÎɤ¤¤Î¤«¤Ê¡©
Äɵ: 2015-03-23
ECDSA ¥¡¼¥Ú¥¢¤È AES256 ¤Ë¤è¤ë°Å¹æ²½¥¹¥¯¥ê¥×¥È¤ò½ñ¤¤¤Æ¤ß¤¿¡£
- Gist / kou1okada / ec-aes256.sh
ÈëÌ©¸°¤Îµ¡Ì©À¤Ë¤Ä¤¤¤ÆôÊݽÐÍè¤Æ¤µ¤¨¤¤¤ë¤Ê¤é¡¢ÉáÄ̤Ϥ½¤³¤Þ¤Ç¤¹¤ëɬÍפϤʤ¤È¦¤À¤±¤É¡£
»²¹Í¡§
- ¤Þ¤Ë¤Ã¤ / 2012-09-11: ssh ¤Î RSA ¸°¤ò openssl ¥³¥Þ¥ó¥É¤Ç°·¤Ã¤Æ¤ß¤ë
- ¤³¤»¤¤Îµ»½ÑÆüµ / 2013-02-17: GitHub ¤Î¸ø³«¸°¤Ç°Å¹æ²½¤¹¤ë ghcrypt ¤Î½èÍýÆâÍÆ
~/.ssh/config ¤Ë°Ê²¼¤Î¤è¤¦¤Ëʤ٤Ƥª¤¯¤È¾å¤ÎÊý¤«¤é½ç¤Ë»î¤µ¤ì¤ë¤ß¤¿¤¤¡£
IdentityFile ~/.ssh/id_ecdsa IdentityFile ~/.ssh/id_rsa
¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤·¤¿¤¤¾ì¹ç¤Ï -o PubkeyAuthentication=no ÉÕ¤±¤È¤±¤Ð OK
ÆÃÄê¤Î¸°¤òÆͤùþ¤ß¤¿¤¤¤È¤¤Ï -i id_seckey ÉÕ¤±¤È¤±¤Ð OK
¤Ä¤¤¤Ç¤Ë -o PasswordAuthentication=no ¤âÉÕ¤±¤Æ¤âÎɤ¤¤«¤â¡£
ÆÃÄê¤Î¸°¤òÆͤùþ¤ß¤¿¤¤¤È¤¤Ï -i id_seckey ÉÕ¤±¤È¤±¤Ð OK
¤Ä¤¤¤Ç¤Ë -o PasswordAuthentication=no ¤âÉÕ¤±¤Æ¤âÎɤ¤¤«¤â¡£
¸ø³«¸°Ç§¾Ú¤¹¤ëºÝ
~/.ssh/authorized_keys ¤Ï 644 ¤Ç¤âÌäÂê¤Ê¤¤¤¬
~/.ssh ¤Ï 700 ¤¸¤ã¤Ê¤¤¤ÈÂÌÌܤߤ¿¤¤
¤¢¤È owner ¤Ë¤âÃí°Õ
chmod 700 ~/.ssh ¤Î¤Ä¤â¤ê¤Ç chown 700 ~/.ssh ¤Ê¤ó¤Æ¤·¤Æ¤·¤Þ¤¤¡¢¤·¤Ð¤é¤¯Æ¬¤òÊú¤¨¤Æ¤ë±©Ìܤ˴٤俤ΤÏÆâ½ï¤À
~/.ssh/authorized_keys ¤Ï 644 ¤Ç¤âÌäÂê¤Ê¤¤¤¬
~/.ssh ¤Ï 700 ¤¸¤ã¤Ê¤¤¤ÈÂÌÌܤߤ¿¤¤
¤¢¤È owner ¤Ë¤âÃí°Õ
chmod 700 ~/.ssh ¤Î¤Ä¤â¤ê¤Ç chown 700 ~/.ssh ¤Ê¤ó¤Æ¤·¤Æ¤·¤Þ¤¤¡¢¤·¤Ð¤é¤¯Æ¬¤òÊú¤¨¤Æ¤ë±©Ìܤ˴٤俤ΤÏÆâ½ï¤À
~/.ssh/authorized_keys ¤Ë¤Ï¤¤¤í¤¤¤í¤ÈÀßÄ꤬½ÐÍè¤ëÌÏÍÍ¡£
1¹Ô¤ËÁ´Éô²¡¤·¹þ¤à¤Î¤Ç¤Á¤ç¤Ã¤È²ÄÆÉÀ¤ËÌäÂ꤬¤¢¤ë¤¬¡¢Î㤨¤Ð¥È¥ó¥Í¥ë¼«Æ°µ¯Æ°ÍѤȤ·¤Æ¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò³°¤·¤¿ÈëÌ©¸°¤ËÂФ¹¤ë¥Ú¥¢ÍѤθø³«¸°¤Ê¤ó¤«¤ò¤Ê¤ë¤Ù¤¯°ÂÁ´¤Ë»È¤¤¤¿¤¤¾ì¹ç¤¬¤¢¤Ã¤¿¤È¤·¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È IP ¤òÀ©¸Â¤·¤Æ¡¢¤µ¤é¤Ë cat ¤ÎÆþÎÏÂÔ¤Á¤Ç²¿¤â½ÐÍè¤Ê¤¤¾õÂ֤˽ÐÍè¤ë¡£
20190514: Äɵ
µ¯Æ°»þ¤Ë¥È¥ó¥Í¥ë¤ò·¡¤Ã¤Æ screen ¾å¤Ç°Ý»ý¤·¤¿¤¤¤è¤¦¤Ê¾ì¹ç¤Ï°Ê²¼
1¹Ô¤ËÁ´Éô²¡¤·¹þ¤à¤Î¤Ç¤Á¤ç¤Ã¤È²ÄÆÉÀ¤ËÌäÂ꤬¤¢¤ë¤¬¡¢Î㤨¤Ð¥È¥ó¥Í¥ë¼«Æ°µ¯Æ°ÍѤȤ·¤Æ¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò³°¤·¤¿ÈëÌ©¸°¤ËÂФ¹¤ë¥Ú¥¢ÍѤθø³«¸°¤Ê¤ó¤«¤ò¤Ê¤ë¤Ù¤¯°ÂÁ´¤Ë»È¤¤¤¿¤¤¾ì¹ç¤¬¤¢¤Ã¤¿¤È¤·¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¤È IP ¤òÀ©¸Â¤·¤Æ¡¢¤µ¤é¤Ë cat ¤ÎÆþÎÏÂÔ¤Á¤Ç²¿¤â½ÐÍè¤Ê¤¤¾õÂ֤˽ÐÍè¤ë¡£
from="192.168.1.xxx/32",command="echo -e \"Tunnel: waiting forever.\nC-D to exit.\";cat" ¡Ápubkey¡Á¤½¤³¤«¤é¹¹¤Ë¥µ¡¼¥Ð¡¼Â¦¤Ç¥í¡¼¥«¥ë¤Ë ssh ¤«¤±¤Æ¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Ç¥í¥°¥¤¥óÂÔ¤Á¤µ¤»¤ë¤Ê¤é°Ê²¼¤Î¤è¤¦¤Ë¤·¤Æ¤â°¤¯¤Ê¤¤¤À¤í¤¦¡£
from="192.168.1.xxx/32",command="echo -e \"Tunnel: waiting forever.\nC-D to exit.\";ssh -oPubkeyAuthentication=no localhost" ¡Ápubkey¡Á»²¹Í:
- ¤½¤ì¥Þ¥°¤Ç¡ª / 2011-08-13: authorized_keys ¥Õ¥¡¥¤¥ë¤Ë¤Ä¤¤¤ÆÄ´¤Ù¤Æ¤ß¤¿¤é³Ú¤·¤«¤Ã¤¿¡¥
- Ask Ubuntu / 2011-06-10: How to create a restricted SSH user for port forwarding?
- Ubuntu / manual / sshd(8)
20190514: Äɵ
µ¯Æ°»þ¤Ë¥È¥ó¥Í¥ë¤ò·¡¤Ã¤Æ screen ¾å¤Ç°Ý»ý¤·¤¿¤¤¤è¤¦¤Ê¾ì¹ç¤Ï°Ê²¼
¿ÃÊ ssh ¤Ç¡¢³ÆÃÊ¡¢¥Ñ¥¹¥Õ¥ì¡¼¥º¾Êά¤·¤¿¶¦Ä̤θ°¤Ç¡¢
Ƨ¤ßÂæ¤È¤Ê¤ë 1 ÃÊÌܤΠremote-1st-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤»¤º¡¢
ÌÜŪÃϤȤʤë 2 ÃÊÌܤΠremote-2nd-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤¹¤ë
¤ß¤¿¤¤¤ÊÀßÄê
local host ¤Î ~/.ssh/config
Ƨ¤ßÂæ¤È¤Ê¤ë 1 ÃÊÌܤΠremote-1st-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤»¤º¡¢
ÌÜŪÃϤȤʤë 2 ÃÊÌܤΠremote-2nd-host ¤Ç¤Ï port forwarding ¤òµö²Ä¤¹¤ë
¤ß¤¿¤¤¤ÊÀßÄê
local host ¤Î ~/.ssh/config
Host remote-2nd-host ProxyCommand ssh -oIdentityFile=~/.ssh/seckey_for_tunnel remote-1st-host IdentityFile ~/.ssh/seckey_for_tunnel LocalForward localhost:10080 remotehost:80 PermitLocalCommand yes LocalCommand echo "Tunnel is opened."1ÃÊÌܤΠremote host ¤Î ~/.ssh/authorized_keys
command="nc remote-2nd-host 22",no-port-forwarding ¡Ápubkey_for_tunnel¡Á2ÃÊÌܤΠremote host ¤Î ~/.ssh/authorized_keys
command="echo -e \"Waiting forever.\nCtrl-D to exit.\"; cat" ¡Ápubkey_for_tunnel¡Á
password authentication ¤¬Í¸ú¤Ê´Ä¶¤Ç ~/.ssh/authorized_keys ¤ØÈëÌ©¸°¤ò¥³¥Ô¡¼¤¹¤ë¾ì¹ç¡¢
local ¤«¤é°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð°ìȯ¤À¤Ã¤¿¡£
°ìÊý¤Çºï½ü¤Ï remote host ¾å¤Ç ~/.ssh/authorized_keys ¤ÎÅö³º¹Ô¤òºï½ü¤¹¤ë¤·¤«¤Ê¤¤ÌÏÍÍ¡£
local ¤«¤é°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð°ìȯ¤À¤Ã¤¿¡£
ssh-copy-id <remote host name>´û¤ËÅÐÏ¿¤¬¤¢¤ë¾ì¹ç¡¢-f ¥ª¥×¥·¥ç¥ó¤Ç¶¯À©Åª¤ËÄɲäâ½ÐÍè¤ë¤è¤¦¤À¡£
°ìÊý¤Çºï½ü¤Ï remote host ¾å¤Ç ~/.ssh/authorized_keys ¤ÎÅö³º¹Ô¤òºï½ü¤¹¤ë¤·¤«¤Ê¤¤ÌÏÍÍ¡£
X, Y ¤Î 2 Âæ¤Î¥Û¥¹¥È¤¬¤¢¤Ã¤Æ¡¢X ·Ðͳ¤Ç Y ¤ËžÁ÷¤·¤¿¤¤¤È¤·¤¿¾ì¹ç¡¢~/.ssh/config ¤Ë°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Æ¤ª¤±¤Ð¤è¤¤¡£
Host Y ProxyCommand ssh -W %h:%p X
°Ê²¼¤Î¤è¤¦¤ÊÁàºî¤ò¤·¤¿¾ì¹ç¤Ë terminal ¤¬¸Ç¤Þ¤Ã¤Æ¤·¤Þ¤¦¾ì¹ç¤¬¤¢¤ë¡£
¤¿¤À¤· exit ¤·¤Æ¤âÀܳ¤¬ÀÚ¤ì¤Ê¤¯¤Ã¤Æ who ¥³¥Þ¥ó¥É¤Ç pts ¤ò³Îǧ¤·¤Æ¤ª¤¤¤Æ¡¢Àܳ¤·¤Æ¤¤¤ë sshd ¤ò kill ¤¹¤ë¤È Write failed: Connection reset by peer ¤Ç¤è¤¦¤ä¤¯Àܳ¤¬ÀÚ¤ì¤è¤¦¤Ê¾õ¶·¡£
Jambo Frame Âбþ¤·¤Æ¤â¤é¤¤¤¿¤¯¤Æ ssh server Æ°¤¤¤Æ¤ë Ubuntu Server ¦¤Î ifconfig ¤Ç mtu 16110¡¢ssh client Æ°¤¤¤Æ¤ë Windows 7 ¤Î NIC ¥Ç¥Ð¥¤¥¹¥É¥é¥¤¥Ð¡¼¾ÜºÙÀßÄ꥿¥Ö¤Î Jambo Frame ¤Ç 9KB MTU ¤òÀßÄꤷ¤Æ¤¿¤ó¤À¤±¤É¡¢¤³¤ì¤¬¤Þ¤º¤«¤Ã¤¿ÌÏÍÍ¡£
¤È¤ê¤¢¤¨¤º freeze ¤·¤¿¾õÂÖ¤Ç server ¦¤ò mtu 1500 ¤Ë¤¹¤ë¤È¡¢freeze ¤«¤éÉüµ¢½ÐÍ褿¡£
¤È¸À¤¦¤³¤È¤Ç¡¢MTU ¤ÎÀßÄê¤ò¥Ç¥Õ¥©¥ë¥È¤Î 1500 ¤Ë¤·¤Æ¤ª¤¯¤ÈÌäÂê¤Ï²ò·è¤·¤¿¡£
Jambo Frame Âбþ¤Ï¡¢ÀßÄêµÍ¤á¤ëɬÍפ¬¤¢¤ê¤½¤¦¡£
¤È¤ê¤¢¤¨¤º¡¢mtu 16110 ¤Î Ubuntu Server 13.04 ¤È 9KB MTU ¤Î Windows 7 ¤À¤ÈÉÑÈˤËȯÀ¸¡£
mtu 16110 ¤Î Ubuntu Server 13.04 ¤È mtu 6128 ¤Î Ubuntu Desktop 12.04 LTS ¤À¤Èº£¤Î¤È¤³¤í¤³¤ÎÉÔ¶ñ¹ç¤Ï³Îǧ½ÐÍè¤Æ¤Ê¤¤¡£
»²¹Í:
- ¤¢¤ëÄøÅÙ¹Ô¿ô¤¢¤ë¥Õ¥¡¥¤¥ë¤ò cat ¤¹¤ë
- ¤¢¤ëÄøÅ٤Υե¡¥¤¥ë¿ô¤Î¤¢¤ë¥Ç¥£¥ì¥¯¥È¥ê¤ò ls -l ¤¹¤ë
- lv ¤ä byobu Åù ncurses »È¤Ã¤Æ¤ë¥³¥Þ¥ó¥É¤Ç²èÌ̤ò¥¹¥¯¥í¡¼¥ë¤¹¤ë
¤¿¤À¤· exit ¤·¤Æ¤âÀܳ¤¬ÀÚ¤ì¤Ê¤¯¤Ã¤Æ who ¥³¥Þ¥ó¥É¤Ç pts ¤ò³Îǧ¤·¤Æ¤ª¤¤¤Æ¡¢Àܳ¤·¤Æ¤¤¤ë sshd ¤ò kill ¤¹¤ë¤È Write failed: Connection reset by peer ¤Ç¤è¤¦¤ä¤¯Àܳ¤¬ÀÚ¤ì¤è¤¦¤Ê¾õ¶·¡£
Jambo Frame Âбþ¤·¤Æ¤â¤é¤¤¤¿¤¯¤Æ ssh server Æ°¤¤¤Æ¤ë Ubuntu Server ¦¤Î ifconfig ¤Ç mtu 16110¡¢ssh client Æ°¤¤¤Æ¤ë Windows 7 ¤Î NIC ¥Ç¥Ð¥¤¥¹¥É¥é¥¤¥Ð¡¼¾ÜºÙÀßÄ꥿¥Ö¤Î Jambo Frame ¤Ç 9KB MTU ¤òÀßÄꤷ¤Æ¤¿¤ó¤À¤±¤É¡¢¤³¤ì¤¬¤Þ¤º¤«¤Ã¤¿ÌÏÍÍ¡£
¤È¤ê¤¢¤¨¤º freeze ¤·¤¿¾õÂÖ¤Ç server ¦¤ò mtu 1500 ¤Ë¤¹¤ë¤È¡¢freeze ¤«¤éÉüµ¢½ÐÍ褿¡£
¤È¸À¤¦¤³¤È¤Ç¡¢MTU ¤ÎÀßÄê¤ò¥Ç¥Õ¥©¥ë¥È¤Î 1500 ¤Ë¤·¤Æ¤ª¤¯¤ÈÌäÂê¤Ï²ò·è¤·¤¿¡£
Jambo Frame Âбþ¤Ï¡¢ÀßÄêµÍ¤á¤ëɬÍפ¬¤¢¤ê¤½¤¦¡£
¤È¤ê¤¢¤¨¤º¡¢mtu 16110 ¤Î Ubuntu Server 13.04 ¤È 9KB MTU ¤Î Windows 7 ¤À¤ÈÉÑÈˤËȯÀ¸¡£
mtu 16110 ¤Î Ubuntu Server 13.04 ¤È mtu 6128 ¤Î Ubuntu Desktop 12.04 LTS ¤À¤Èº£¤Î¤È¤³¤í¤³¤ÎÉÔ¶ñ¹ç¤Ï³Îǧ½ÐÍè¤Æ¤Ê¤¤¡£
»²¹Í:
OpenSSH 7.0 ¤Ç¤ÏÀȼåÀÂкö¤Î¤¿¤á DSA(ssh-dss) ¤¬¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï̵¸ú¤Ë¤µ¤ì¤¿¤é¤·¤¤¡£
¤³¤Î·ë²Ì¡¢ÀܳÀè¤Î¥µ¡¼¥Ð¡¼¤¬¸Å¤¤¤È°Ê²¼¤Î¤è¤¦¤Ê¥¨¥é¡¼¤ÇÀܳ½ÐÍè¤Ê¤¤¾ì¹ç¤¬¤¢¤ë¡£
»²¹Í:
Äɵ: 2016-07-04
¸À¤¦¤Þ¤Ç¤â¤Ê¤¤¤¬¡¢~/.ssh/config ¤ËÀßÄꤷ¤Ê¤¯¤Æ¤â ssh ¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤òÍ¿¤¨¤Æ¤âÎɤ¤¡£
¤³¤Î·ë²Ì¡¢ÀܳÀè¤Î¥µ¡¼¥Ð¡¼¤¬¸Å¤¤¤È°Ê²¼¤Î¤è¤¦¤Ê¥¨¥é¡¼¤ÇÀܳ½ÐÍè¤Ê¤¤¾ì¹ç¤¬¤¢¤ë¡£
Unable to negotiate with xxx.xxx.xxx.xxx: no matching host key type found. Their offer: ssh-dss¥»¥¥å¥ê¥Æ¥£Åª¤Ë¤Ï¥µ¡¼¥Ð¡¼¤ò¥Ð¡¼¥¸¥ç¥ó¥¢¥Ã¥×¤¹¤ë¤Î¤¬¶Ú¤À¤¬¡¢¥µ¡¼¥Ð¡¼¤¬¼«Ê¬¤Î´ÉÍý²¼¤Ë¤Ê¤¯¤ÆÂбþ¤·¤Æ¤â¤é¤¨¤Ê¤¤¤è¤¦¤Ê¾ì¹ç¡¢»ÅÊý¤¬¤Ê¤¤¤Î¤Ç ~/.ssh/config ¤Ë°Ê²¼¤ÎÍͤÊÀßÄê¤òÄɲ䷤Ƥª¤¯¤È ssh-dss ¤ò͸ú¤Ë½ÐÍè¤ëÌÏÍÍ¡£
servername HostKeyAlgorithms ssh-dssCygwin ¤¬ Linux ¤ä BSD ¤è¤ê¤âÀè¹Ô¤·¤Æ OpenSSH ¤Î¿·¤·¤¤¥Ð¡¼¥¸¥ç¥óÆþ¤ì¤Æ¤¿¤ê¤¹¤ë¤Î¤Ç¡¢ÆÃ¤Ë Cygwin ¤«¤é¸Å¤¤¥µ¡¼¥Ð¡¼¤ËÀܳ¤¹¤ëºÝ¤ËÌäÂ꤬½Ð°×¤¤¡£
»²¹Í:
- Tizen ¤Ë¤Ï moe ¤Æ¤¤¤Ê¤¤ blog / 2015-09-23: Gitbucket¤ÎSSH¤Ëmsys2¤Îssh¤«¤éÀܳ¤Ë¹Ô¤Ã¤¿¤é¥¨¥é¡¼¤Ë¤Ê¤Ã¤¿
Äɵ: 2016-07-04
¸À¤¦¤Þ¤Ç¤â¤Ê¤¤¤¬¡¢~/.ssh/config ¤ËÀßÄꤷ¤Ê¤¯¤Æ¤â ssh ¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤òÍ¿¤¨¤Æ¤âÎɤ¤¡£
-o HostKeyAlgorithms=ssh-dss
- ¥«¥Æ¥´¥ê¡§
- ¥Ñ¥½¥³¥ó
- ¥×¥í¥°¥é¥ß¥ó¥°
¥¿¥°
¥³¥á¥ó¥È¤ò¤«¤¯