[PukiWiki:wiki] BSD/FreeBSD/OpenSSH

最終更新日: 2008/12/10 09:33:19

SSH Memo

First Session

インストール時にsshdの自動起動設定をNoにした場合。

# vi /etc/rc.conf

sshd_enable="YES"

# /etc/rc.d/sshd start

一般ユーザーで認証鍵の作成。

% ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): (リターン)
Enter passphrase (empty for no passphrase): (パスフレーズを入力)
Enter same passphrase again: (再度同じパスフレーズを入力)
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@local

% cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
% chmod 600 ~/.ssh/authorized_keys

ここで一旦秘密鍵 ( ~/.ssh/id_dsa ) の内容を安全な方法で作業コンピュータにコピーする。

その後、サーバに残ってる秘密鍵を削除する。

% rm ~/.ssh/id_dsa

Setting

# vi /etc/ssh/sshd_config

Port 22
Protocol 2
AddressFamily inet
ListenAddress 192.168.1.100

PermitRootLogin no

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no
PermitEmptyPasswords no

ChallengeResponseAuthentication no

AllowUsers user

# /etc/rc.d/sshd restart

Memo

こんな所かな。

Link

Masashi Blog » FreeBSD (sshd & hosts.allow)