wA@As峹аѦo
|
@sW Internet WzӤHDA̭nOOH
jNOpzۤviHsuiJۤvDAåBiҿתyݾޱzFaI
]NOAziHb㦳sW Internet qAHݳsunsW Internet
AǥѱzDWݳsuAn鸪Ѫ\AnJzDӶiޱu@IɡAzNo{
Linux SnaoIb Unix Like AXG Telnet oӻݳsuAnALA
Telnet OHyXzӶǰezާ@ơAwWOȱoӫҭnn}oI
oӮɭԴNݭnAѤ@UǰeL{H[Kʧ@Ӷǰeƫʥ]
SSH oӻݳsuAnաI
t~AF¤rnJDӶiޱ~Ab{b Linux distributions A
٥iHQ X AȨUڭ̥HϧΤnJIܴΧaI ^_^
|
edzƤu@
boӳ`ڭ̷|ϥΥΤݪsunsuDݨӾާ@DAҥHAnAѨAD𥲶n}A
åBn SELinux ~It~AnJɷ|R쪺 PAM Ҳդ]ݭniAѧoI
b| X Window ݵnJAҥHA] X Server/client [cIAѤ~C
ݳsuA
ݳsuAڭ̨ӻAiO@ܦΪuڡILiHڭ̧KzDC
LAKOKAwʨꤣܦnҥHA~nSOjդ@UoӪNڡI
OݳsuA
Aڭ̭nAѤ@UAOy
ݳsuAzH
oӪF𫍧\ରHڷQAzӤwgťLA@Ө}nҷA@}
Internet WAAWALiHݭnùBLBƹtơA
unDOBCPUBRAMBwЦA[W@n@IdAåBsW
Internet IIznޱoDɭԡAunzLsuiӡAMiקYiI
KIҥHoAoӮɭԥD۵MݭnP]ưաI
HӤHҡAثezjCBKk Unix-Like DA
oǥDbP@ӦaAGbnxWUBIsM|}QoGA
Ϊ̬Oݭni@B~]wɭԡAO_H@wn{ܡHMݭnA
unzLsuӥDWANiHiu@FIuNnbDeu@@몺Pr֡I
^_^IoNOݳsuAաI
ݳsuA\M٤upI|ӨҤlӻGzu@ݭnϥΨ
Linux jjsĶ\ɡAz@wݭn Linux aIӥB̦nOBtק֤@IDA
oӮɭԱziHNzsdz̧֪@D}XӡA]w@UݳsuAAzǥͰաA
Ϊ̬OsǪPաAiHzLoL̶isu@AoӮɭԡAzDNiHhHi
Linux B⪺\աI
b@ɸ̡Aѩu Unix AӥBӤHq٤y檺ɭԡA
QnϥΤjDӶiƭȵ{B(bڭ̤u{ɡA`ϥ
Fortran o@{yAܩ C yhָI)ANݭnVǮճӽ Unix u@bA
åBHݳsu{siDAHϥ
Unix 귽Ӷiڭ̪ƭȼҦBIҥHաAӻݳsuA]wA
tκzOܭnIרju@
Unix-Like DAѩܦhHݭnϥΨLB\AΪ̬OLsĶ{(
compiler )ӶiBAoɪݳsuNέnաI
O_C@sW Internet WDӭn}ݳsu\OHäɵMA
٬OݭnwzDӶiWAڭ̩UAPu@ӻG
A( Server )su{G
b@}ںAȪAAѩ}Aȥi|nTA
ӻݳsu{siDAiHi檺u@SӦhF(XGNbDeu@@I)A
]ںݳsu{q`Ȱwֳtκ@̶}ӤwI
DnA_h
Server Dٯuij}suAȩOI
HҡAڪDѤFڭ̬sǨϥ
Mail P Internet W WWW AȡApG٥DʴѻݳsuܡA
U@p߳QJIAiN˸FI]Aȶ}yܤpztκzsiӡA
Lӷ IP @ߩסI\ϥλݳsu\OI
u@( Workstation )su{G
ܩu@pNAӤ@ˤFIu@``Ȱw鷺XӨϥΪ̶}ӤwA
q`OƱsW Internet աIӥBҿתu@۵MNOΨӰuI
Ҧp𫟺@ Linux NOMΨӶijƭȼҦpΡI
oӮɭԪݳsuAiNonhHҰʤFI
]u@jjB\iHܦhH@PϥΥLpOIӥB]iHKCqonw
compiler ~ҡInDAYǤu{Ϊ compiler OQ
ǥiѵnJH
ثeݳsuADnǡHpGHܪӤA
WrPϧΤءC
brnJ譱AADnHyXzǰeƪ
telnet AAΥH[KNiʥ][KӶǰe SSH AIM telnet
iH䴩 client ݳnhALѩLOϥΩXӶǰeơA
zƫܮeD즳ߤHh^IҥHӧڭ̳I~jahϥ
SSH o@سsu觋Aӱ˱ telnet oӤwNNoI
ܩϧΤAA²檺 Xdmcp A[] Xdmcp ²A
L client ݪn֡Ct~@ڥثeܱ`AANO VNC (Virtual Network Computing)A
zL VNC server/client nӶisCϧΤ̤juIOyϧΡzڡI
LA]OzLϧΨӶǰeAǿ骺ƶq۷jAҥHtPwʳݦҶqC
]Aڭ̶ȫijzNϧΤݵnJA}b (LAN) NnFI
OyXzPy[Kzƫʥ]ǰeҦOH
telnet ϥΩXNwHҿתXNOG
y
ڭ̪ƫʥ]bWy«ɡAӸƫʥ]eƪl榡zA
ٰOoڭ̦b
`ΫO`Ъ tcpdump aH
ڭ̦b telnet UFOPKXA|H ASCII 榡ǰeDݡA
ӥDݴNǥѳoǸƨӤUFOCpGoǸƫʥ]bgLY
broadcast Ϊ̬O Router ɡAQߤHhhALN|㪺ozƳI
ҥHաAU@zƫʥ]̭tHΥdơBKXBT{nTɡAO_ܦMIoHI
]Aثeڭ̳q`ƱϥΥiHNoǦbW]ƥ[KNAHW[Ʀb
Internet WǰewʰڡI
Telnet A
D telnet OܡHxINOs BBS uܡHSILT]O
BBS n@ӦAաILo̧ڭ̼Ȥ BBS I telnet
iHOv۷y[ݳsuAIӥB䴩Ln]۷hIҦpW
netterm N䴩LաIsu᪺ɭ]}GAb client ݪǿPJ]SDI
۷ΡILAL̳·ЪaNO.....wӤwա
Uڭ̽ͤ@ͫҰʻPϥ telnet AaI
wˡBҰʻPA
wˡG
~ӥѩ telnet OHXbǿ骺DAҥHbs Linux WA
wgN
telnet oӦAưbyoWz~A]NOAܦh Linux
distributions w]Ow telnet ALAbCӥDn Linux distributions
٬O
telnet MbзIҥHznX쪩СAåBw˦nLNiHΰաIpT{O_wgwˤF
telnet OH²檺kNOϥγ̼sxQϥΪ RPM աI
[root@linux ~]# rpm -qa | grep telnet
telnet-0.17-31.EL4.3
telnet-server-0.17-31.EL4.3
# WO CentOS 4.x w]MCpGOL distributionA
# ɦWi|Ӥ@ˡiQ yum apt 觋Ӧw˳I
|
ݭnSOdNOApGn telnet suAȡAq`ݭnw˨ RPM G
- @ӬO telnetAoӮMѪO telnet Τݪsu{F
- t@ӬO telnet-server MAoӤ~Ou Telnet server nI
pG䤣 telnet-server ܡAЮX쪩ШӦwˡAΪ̪ϥ yum aI
_hNLkiU@B]wաI^_^
ٰOoy
Linux pе -- ¦Dz߽gz̭
y
{ѪA( daemon )zӳ`aH
nOo super daemon I]ڭ̪
telnet NOb super daemon U@AȦӤwIөNNNOW xinetd oI
bYªMW]ϥ inetd AҰʪ觋IӤ@ˡALtjաI
uno`ѡAN|DoIҥH~|njaŪ
Linux ¦g աI
Ұʪ觋NOG
- N xinetd ̭ telnet ض}ҡAM
- sҰʤ@ xinetd N\աI
p} telnet ةOH²AӤ觋G
- ϥ ntsysv
chkconfigG
ٰOo Red Hat tC(t CentOS)M̭ ntsysv
oӦnΪFܡHFAb CentOS Uo@ӦnΪ]wuAziHϥ
ntsysv
X{AN telnet Ŀ_ӡAMU OK }YioI
- ϥ vi ק
/etc/xinetd.d/telnet oɮסG
pGO Red Hat tC Linux tΩOHWA ntsysv ]uOק /etc/xinetd.d
oӥؿUƦӤwAҥHڭ̷MiHʦۤvקLաI
[root@linux ~]# vi /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
# disable = yes
disable = no
# WAWoNFIN disable ]w no ܭnҰʡI
}
|
]w}ҤA۵MNOnҰʰաA责
telnet
Ob xinetd UAҥH۵MunsҰ xinetd NN /etc/xinetd.d/ Y]wsŪiA
ҥH]wҰʪ
telnet ۵M]NiHQҰʰաIӱҰʪ觋]ؤ觋A𫟺 service oӫOȤ䴩b
CentOS P Mandriva UAҥHq`٬OH /etc/init.d U scripts
ҰʪDnkաI
ȾAX Red Hat tC / Mandriva tCDҰʤ觋
[root@linux ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
AXUDҰʤ觋
[root@linux ~]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
# YǪèS restart ﶵAoӮɭԴNݭnGstop A start oI
|
nݦSҰʪAȩOHݡH]²աAٰOoڭ̦beX쪺y
Linux port su z@ܡHϥ
netstat
NiHաI
[root@linux ~]# netstat -tlup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:telnet *:* LISTEN 23817/xinetd
|
ݨFܡHSA telnet NOҰʪذաInpOHI
NuO²աINN𫍧BJA@AӱN]wܤ@UYiIBJpUաI
o̦Ҥ@ӰDA port AȦW٦b@ɮ̭dߨ쪺OH
bC@ Linux tγɮIѰOFrIHA^eݬ
Linux port su A
M
vi hݬݨ@ɮתeaI ^_^
Step 1: ק]w
[root@linux ~]# vi /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes <== NOo̰աINL令 yes NOI
}
Step 2: sҰ xinetd o super daemon
[root@linux ~]# /etc/init.d/xinetd restart
|
nΪsun
W쪺ObAݪ]wӤwIbȤݦnΪniHsW
Server OH̱`쪺ӴNO netterm oӹjWsunFaI
ڷQAunL BBS jooӳn~IҥHo̴NFI
t~AثeXGҦ@~tγѤF telnet oӵ{Aoӵ{iHNsW
telnet server OIҦpznb Linux WsWۤv telnet AAiHo˰G
[root@linux ~]# telnet localhost
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
CentOS release 4.4 (Final)
Kernel 2.6.9-42.0.2.EL on an i686
login: dmtsai <== NOo̰աIпJy@zbA root I
Password: <== o̿JӱbKXIЪ`NAJɡAù|TI
Last login: Fri Jul 1 09:31:21 from 127.0.0.1 <== WnJT?
[dmtsai@linux ~]$ <== o̴NOwgnJaIYݥDFI
[dmtsai@linux ~]$ exit <== o˴N} telnet PݥDI
|
o˴NsuiӰաI²aIb Windows ҩUOHP˪A]OiHϥ
telnet {su Linux telnet server ̭ӡISDաIiḨdzo˰G
- U Windows y}lz
- yz
- bX{J ytelnet your.IP.or.hostnamez
o˴NiHiJ Linux ҤFIܤKaIMաIz]iHϥ
netterm oӫܴΪsunӳsuAo̧ڭ̴NܽdաI
b Linux tty1 ~ tty6 ݾw]ҦUAڭ̬OSkݨ줤媺I
DwˬYǯS夶~Ip JMCCE NNI
]OܭnAҥHo̴N[ФFC ^_^
t~AݭndNOAFtΦwҶqA
w] telnet
Oy\zϥ root oӱbnJ
oӫܭnIznϥ root յnJ telnet ڡI ^_^
iptables, TCP_Wrappers, «ij
telnet oӦAKkKA
`O@ӤӦnsuѨMA
]LO@ӥHyXzǿ骺wAҥHܤAXb Internet WϥΰաI
A`ƱAbKXb Internet WQѨaHLApG telnet OҰʦbҷN٦nաI
ר𨷿ǪBͦ]³n骺YA٬OݭnϥΨ telnet ӳsuCڭ̴N@ǰ`NƶnFI
H]wɨӳWdsu IP G
ƹWA xinetd NwgѨdz\O@IFA
ziHwzDh(鷺Hι~I)ӴѤPO@ŪII
UCX@ӽdҡALAhTЦA^y
Linux pе -- ¦Dz߽gzhd\@U
y
{ѪA
z@̭Բӳ]wAΪ̪ man xinetd.conf aI
[root@linux ~]# vi /etc/xinetd.d/telnet
# This file had been modified by VBird 2002/11/04
# ѼƳ]w
service telnet
{
disable = no
bind = 192.168.1.2
only_from = 192.168.1.0/24
# Wo满ȴѤI
instance = UNLIMITED
nice = 0
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/telnetd
server_args = -a none
log_on_failure += USERID
}
# AӫhOw~쪺]w
service telnet
{
disable = no
bind = 140.116.142.196
only_from = 140.116.0.0/16
no_access = 140.116.32.{10,26}
# WoT]w~Y檺
instance = 10 <==̦h\P 10 ӳsu
umask = 022
nice = 10
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/telnetd
server_args = -a none
log_on_failure += USERID
}
|
JM telnet OܦwA۵Mw]pUNOLk\
root H telnet nJ Linux DIƹWA telnet
uOQΤ@Ǹw (NO PAM Ҳհ) Ө
root nJӤwҥHoApzTwzҰw(ҦpzDèSsW
Internet )AåBQn} root H telnet nJ Linux DܡAЪN /etc/securetty
ɦWYiI
[root@linux ~]# mv /etc/securetty /etc/securetty.bak
|
oˤ@ӡAroot NiHnJաILA۷ijo˰IOܦwաI~Az]iHǥѭק
pam ҲըӹFP˪\Iק /etc/pam.d/login oɮתĤG]wYiG
[root@linux ~]# vi /etc/pam.d/login
#%PAM-1.0
#auth required pam_securetty.so <== NOoˤ@ANLѧYiI
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
|
p@ӡA root NiHiJ Linux DFILAJMڭ̥iHzL su sudo ӤA
Fٻݭn} root telnet nJDOHuOSnҥHA
٬OijpI
[W iptablesG
w telnet [] iptables O@ӦnDNIpGzwgѦҤFe`쪺y
²[] z@AåBϥθ̭
scripts ܡAξ telnet աIWAL쥻Nȹ鷺} telnet
A~OLksWz telnet IOAYOzۤv]wFۤvAQnw
192.168.0.0/24 oӺA 61.xxx.xxx.xxx o IP i telnet }OHiHW[oXbz
iptables Wh(Ъ`NG𪺳WhǬOܭnIҥHA^Yݬ
²[] @OnI)
iptables -A INPUT -p tcp -i $INIF -s 192.168.0.0/24 --dport 23 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF -s 61.xxx.xxx.xxx --dport 23 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 23 -j DROP
|
WWhA$EXTIF O~suA$INIF hO鷺C
Ĥ@BGOwӷ IP Ӷ} port 23 YO telnet wաI
ӳ̫@hONLҦӷAQnsW
telnet suʥ]ᱼNIˡI²aI
𪺾OVhVnIû]hաIo̤]iHϥ TCP_Wrappers
OIO}F 192.168.0.0/24 oӺqAOpGzuQn𫟺
192.168.0.1 ~ 192.168.0.5 iJOHӨL IP un@gsuAN|QO
IP AH root dߩOHiHo˰G
[root@linux ~]# vi /etc/hosts.allow
in.telnetd: 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4
in.telnetd: 192.168.0.5
[root@linux ~]# vi /etc/hosts.deny
in.telnetd : ALL : spawn (/bin/echo Security notice from `/bin/hostname`; \
/bin/echo; /usr/sbin/safe_finger @%h ) | \
/bin/mail -s "%d -%h security" root@localhost & \
: twist ( /bin/echo -e "\n\nWARNING connectin not allowed. \n\n\n" )
|
ƹWA telnet ̤jwbƬOHXǿAҥHb Internet
oӤjasWaӶǿƮɡAbܤwIҥHG
- DnɡAnҰ telnet ApGuݭnҰ telnet
A]ЦbҰʨåBϥΧAߧYNLI
- pGTwunҰ telnet ɡAнTwnsudAϥ
iptables ӳ]wsuϰF
- [W TCP_Wrappers UA[j𪺥\I
- Hɪ`Nnɮ̭ login ƶIåBn
root H telnet nJ Linux DI
SSH A
JM telnet Ʀb Internet WOܦwAڤSݭnHݳsuAȨӾޱڪ Linux
DAӫrH̦nkMNOHwsuӸѨMsuDoI
ӦpѨMo˪DOHo]աAϥ
SSH YiC SSH OOHLS\H
²檺ӻA
SSH
O Secure SHell protocol ²gALiHgѱNsuʥ][KNA
ӶiƪǻA]AƷMNwoIo
SSH iHΨӨN Internet Ww finger, R Shell (rcp, rlogin,
rsh O), talk telnet suҦCUڭ̱N²@U SSH suҦAӻ
SSH |wOI
SO`NGo SSH wAbw]AANѨӦA\G
- @ӴNO telnet ݳsuϥ shell AAYOU٪ ssh F
- t@ӴNO FTP AȪ sftp-server Iѧw FTP AȡC
su[KN²G
Oyƥ[KzOH²檺ANONH̬ݪoqlơAgL@ǹBA
oǸܦSNq(ܤֹHӻ)NNAMoөNNiHbWǿA
ӷϥΪ̷Qnd\oӸƮɡAAzLϦVBANoǩNNϱXlqlơC
ѩoǸƤwgQsBzLAҥHAYϸƦb Internet WQ cracker
ťѨAL̤]eNoXӭlƤeC
ʥ][KNq`Oǥѩҿתy
@綠_Pp_z
Yy
Public and Private զX key pairz
Ӷi[KPѱKʧ@IpUϩҥܡCDݩҭnǵ client ݪơA|gѤ_[K~WǿC
ӨF client ݤAAgѨp_N[KƸѶ}ӡѩb Internet W]ƬO[KL᪺A
ҥHAƤeMNwաI
Ϥ@B_Pp_biƶǿɪܷN
ƥ[KNu۷hA]UuIABtק֡A
OwFwAO[K/ѱKtC
ثeb SSH ϥΤWADnOQ RSA/DSA/Diffie-Hellman I
oǤ_Pp_OpͪOHUڭ̨ӽͤ@ͥثe
SSH تsuҦoI
SSH protocol version 1G
C@ SSH ADiHϥ RSA [K觋Ӳͤ@ 1024-bit RSA Key A
o RSA [K觋ADnNOΨӲͤ_Pp_tkIo
version 1 ӳsu[KBJiH²檺oݡG
- C SSH daemon (sshd) ҰʮɡAN|ͤ@ 768-bit
_(κ٬ server key)sb Server F
- Y client ݪ ssh suݨDǰeӮɡA Server N|No@䤽_ǵ
client A client ]|@Uo䤽_TʡC諸kQ
/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts ɮפeC
- b Client o 768-bit server key AClient ۤv]|Hͤ@
256-bit p_(host key)AåBH[K觋N server key P host key X@粒㪺
Key pairAåBNo Key pair ]ǰe server F
- AServer P Client bosuANHo@ 1024-bit Key pair ӶiƪǻI
]NOAPublic Key Ob Server WA Client ݪn饲n Public Key HέpX
Private Key HզX@W@LG key pair A] Client ݨC 256-bit Key
OHAҥHzosuPUsu Key iN|@˰աI~b Client ݪϥΪ̮aؿU
~/.ssh/known_hosts |OgsuLD public key AΥHT{CӦ۸ӥDsuOTC
o ~/.ssh/known_hosts ɮתNqٷ|ЪC
b SSH version1 suL{A server ݱ client ݪ private key ANAwӦsu
key pair iCɭYcN cracker wӳsucN{XɡAѩDݤ|suTʡA
]i|ӵ{XAi@BytγQ±DC
F勵oӯʥASSH version 2 h[F@ӽT{suTʪ Diffie-Hellman A
bCƪǿ server ݳ|HӾˬdƪӷO_TA
ҥHiHקKsuL{QJcN{XDI
]NOA ssh version 2 OwI
ѩ SSH version 1 sb۪@ǰDA]Aӧڭ̳Ʊjaϥ ssh version 2 suҦA
|w@ICӳsu]whݭnb ssh DݻPȤݧ]wn~I
Ұ SSH AȡG
ƹWAbڭ̨ϥΪ Linux tηAw]Nwgt SSH ҦݭnMFI
o]tFiHͱKXw
OpenSSL
MP
OpenSSH
MAҥHOAnҰ SSH uO²FINLҰʴNOFI~Abثe
Linux Distributions A
Ow]Ұ SSH A
ҥH@I·СA]Υh]wALNwgҰʤFIzIuOn֡LצpA
ڭ٬Oo@oӱҰʪ觋aIҰʴNOH
SSH daemon A²٬ sshd ӱҰʪAҥHAʥiHo˱ҰʡG
[root@linux ~]# /etc/init.d/sshd restart
[root@linux ~]# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ssh *:* LISTEN 24266/sshd
|
ҰʫAQ
netstat d\@U
sshd oӵ{ǬO_Tb LISTEN YiIMAoӮɭԱz SSH A]wȧOϥΨtιw]ȡA
णȥθw version 2 Ahݭni@B]wOC
UӡApGzQnb}NҰ SSH (w]]OҰʪI)AiHQ
chkconfig
ӳ]w}ҰʧYiC
Ms Linux distributions w]| SSH sbAOªNȦ telnet ӤwC
Ҧp Red Hat 6.x eCpGzQnbª distributions w SSH ӦpOnH
KKIiHѦҤ@UegL@gNNAԲӪ tarball wˬy{I
ݭn`NOA SSH ѤF shell ڭ̨ϥΡAYO ssh protocol
DnتAPɥ紣ѤF@Ӹw FTP server AYO ssh-ftp server
ڭ̷O FTP ӨϥΡIҥHA
o sshd iHPɴ
shell P ftp IӥBO[cb port 22 WOIҥHAUڭ̴NӴ@A˥
Client ݳsW Server ݩOHPɡApH FTP AȨӳsW Server åBϥ
FTP \OH
ssh ΤݳsuG
ѩ Linux P Windows oӥΤ Client sun/Oä@ˡAҥHڭ̤OӤХiHϥΪOG
Linux Client: ssh
SSH b client ݨϥΪO ssh oӫOAoӫOiHwsu (version1, version2)A
٥iHwDW ssh port (W ssh port 22)CLA@몺ΪkiHϥΩU觋G
1. nJDkG
[root@linux ~]# ssh account@hostname
# sڭ̦ۤvW ssh AȡIhTA man ssh I
[root@linux ~]# ssh dmtsai@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is f8:ae:67:0e:f0:e0:3e:bb:d9:88:1e:c9:2e:62:22:72.
Are you sure you want to continue connecting (yes/no)? yes
# WܭnIȥJ㪺 "yes" ӤO Y y ӤwC
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
dmtsai@localhost's password: <== bo̶JKXAP˪Aù|TI
Last login: Fri Jul 1 14:23:27 2005 from localhost.localdomain
[dmtsai@linux ~]$ <== @IwgnJo
[dmtsai@linux ~]$ exit <== J exit N}DoI
2. nJDAbDOkG
[root@linux ~]# ssh dmtsai@localhost date
dmtsai@localhost's password:
Tue Nov 22 11:57:27 CST 2005
[root@linux ~]#
# ݡI٬O root IuOH dmtsai bݥDWF@ӫOӤwI
|
o̽ЯSOdNOApGHy
ssh hostname
zoӫOӳsiJ hostname oӥDɡAh
iJ hostname
oӥDybW١zN|OثezҦboҷϥΪ̱bI
HWҡA]ڬOH root bAҥHpGڰFy ssh host.domain.name zɡA
host.domain.name oDAN|H root ڶiKXT{nJʧ@I
]AFקKo˪·СAq`OH²檺 e-mail gkӵnJ𫍧DA
Ҧpy
ssh user@hostname zYܡA
OH user oӱbhnJ hostname oDNCMA]iHϥ
-l username o˪ΦӮѼgInJDALҦ欰b
Linux DSˡҥHAuO²aI ^_^ o˴NiHF컷ݱޥDتFI
~A
bw]pUA SSH Oy\zH root nJz
IIOnְաInSOdNOAzns𫍧DɡApGOsA
Server |ݱzAzsu Key |QإߡAnn Server ǨӪ Key
Aëإ߰_suOHIoӮɭԽСy
ȥnJ yes
ӤO y YzAo˵{~|I
Server Keys ơG ~/.ssh/known_hosts
pGz観sL SSH suy{ܡA|o{ client ݱӦ server ݪ
public key A|Dʪo Key TʡCӤ諸ɮO ~/.ssh/known_hosts C
YO쪺o public key èSQboɮפAW檺TA
NOnz^ yes/no ӰT~|X{ӱz^ yes A public key
TN|QO_ӡAHdݤUnJP@DɪˬdΰڡI
pG Server Key P ~/.ssh/known_hosts 令\A
zN|iJݱKXJeA
NConJ (yes/no) o
LAzγ\]|o{@ƱڡAڭ̪D SSH server Mϥ version 2 wg|ƻsy
server key (public key) FAOpGӥDsw˹Ls linux distributions ɡA
server key N|QܰڡI client S|ho public key P ~/.ssh/known_hosts A
Client N|o{̤PFAOGͦpU~TFG
[root@linux ~]# ssh dmtsai@localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f8:ae:67:0e:f0:a0:3e:aa:d9:77:19:c9:2e:62:22:72.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
|
oӿ~TbiDzAWҵn SSH D Keys
wgQLF(̥i]NO Server ݭs}/sw/sMաI)A
ҥHLk~nJIoӮɭԫH²ڡI
iJzaؿ
~/.ssh ̭As@U known_hosts ANsDW٪ Key LANiHssuաI
[root@linux ~]# vi ~/.ssh/known_hosts
localhost ssh-rsa AAAAB3NzaC1yc2Euowireffodjoiwjefmoeiwhoqhwupoi
t[egmlomowimvoiweo6VpTHTw2/tENp4U7Wn8J6nxYWP36YziFgxtWu4MPSKaRmr
E4eUpR1G/zV3TkChRZY5hGUybAreupTVdxCZvJlYvNiejfijoejwiojfijeoiwx5
eRkzvSj7a19vELZ5f8XhzH62E=
|
W檺eOP@檺㨺@Ny localhost oDAQΪO ssh-rsa suA
ӫƫhO Server Key eCzpGzTwoLk\O`A
ziHNo@浃LRAoˤUnAnJɡANS|AX{ (yes/no) eڡI
pϥ SSH FTP \OH]OܮeաINOϥ
sftp o{YiIӵnJ觋P ssh ۦPAOϥ sftp -l username hostname
Ϊ̪H sftp user@hosname ӮѼgI椧|UҼˡG
[root@linux ~]# sftp dmtsai@localhost
Connecting to localhost...
dmtsai@localhost's password: <== o̽пJKXڡI
sftp> <== o̴NObݱzJ ftp OaFI
|
iJ sftp ANb@ FTP ҦUާ@kSˤFIUڭ̴Nӽͤ@͡A
sftp oӤUϥΫOaI
| wﻷD(Server)欰 |
| ܴؿ /etc/test ΨLؿ |
cd /etc/test
cd PATH |
| CXثeҦbؿUɦW |
ls
dir |
| إߥؿ |
mkdir directory |
| Rؿ |
rmdir directory |
| ܥثeҦbؿ |
pwd |
| ɮשΥؿs |
chgrp groupname PATH |
| ɮשΥؿ֦ |
chown username PATH |
| ɮשΥؿv |
chmod 644 PATH
𫟺A644 PvI^hݰ¦gI |
| إ߳s |
ln oldname newname |
| RɮשΥؿ |
rm PATH |
| ɮשΥؿW |
rename oldname newname |
| }ݥD |
exit (or) bye (or) quit |
| w糧(Client)欰([W l, L pg ) |
| ܴؿ쥻 PATH |
lcd PATH |
| CXثeҦbؿUɦW |
lls |
| bإߥؿ |
lmkdir |
| ܥثeҦbؿ |
lpwd |
| wƤW/U欰 |
| NɮץѥWǨ컷ݥD |
put [ؿɮ] []
put [ؿɮ]
pGOoخ榡Ahɮ|mثeݥDؿUI |
| NɮץѻݥDU^ |
get [ݥDؿɮ] []
get [ݥDؿɮ]
YOoخ榡Ahɮ|mbثeҦbؿIiHϥθUΦrAҦpG
get *
get *.rpm
OiH榡I |
NӨA sftp b Linux UApGҼ{ϧΤALwgiHN
FTP FOI]Ҧ\ೣwg[\աI]AbҼ{ϧΤ FTP nɡAiH
FTP AȡAӧH sftp-server Ӵ FTP AȧaI ^_^
pGڭnbӥDƻsɮתܡAF sftp ~A٦S²檺觋H
ANOQ scp oӫOաIoӫOΪkP cp ܬ۹ALA
bݥDؿgkAݭn`NNOFC|ҦpUG
1. NƥѥWǨ컷ݥDWh
[root@linux ~]# scp /etc/crontab dmtsai@localhost:/home/dmtsai/
dmtsai@localhost's password: <== o̽пJKXڡI
crontab 100% 620 0.6KB/s 00:00
# oӨҤlbAڱNؿ /etc/crontab oɮǰe dmtsai
# oӨϥΪ̡AӳoӨϥΪ̬Ob "localhost" DWI
# JӬݤ@UA|@ӶǿƪT]XӳI
2. NƥѻݥDU쥻WI
[root@linux ~]# scp dmtsai@localhost:~/.bashrc .
# oӨҤlhObAڭnN localhost W dmtsai oӤHA
# LaؿU .bashrc ƻsڪWI
|
]NOAݥDWɮשΥؿnƻsɡAOHy
hostname:PATH z
觋ӮѼg㤣ngFIӦpGQnƻsؿܡAiH[W -r ѼơI
b Linux UQns SSH AAiHQ
ssh oӫO
ApGb Windows @~tΩUASӦps SSH AOHiHϥ
putty pietty osunOAL]OKOۥѳnIo觋iHѦҩUG
b putty xWܦh client niHϥΪA]A putty/pscp/psftp C
L̤OF ssh/scp/sftp oTӫONOFCӤWzT putty/pscp/psftp DnOb Windows
Ws Unix like SSH A Client nOCЦۦUӳnC
ƹWAwLwͪ piettyA]oӳn餣O䴩 putty
AӥBѪrsX״IA bܦnΡCbAUF pietty ᪽LA
|UϥܥX{C
ϤGBpietty ϥܤ@
bW 1 aжgDW٩Ϊ̬O IP A2 Mȥ SSH @A
ܩ 3 aAwX{˦AҥHڬOܿաIYSDAUysuzA
N|X{pU˦G
ϤTBpietty ϥܤ@
ܹbDeu@aIӥBWY٦iHHɽվrΡBrBrsXC
רOrsXCɭԧA|o{}ɮɡAMe|ýXӤO`ܡA
NOsXDCnѨMoӰDɡAAncOG
- rɮץbsɮɩҬD諸ytF
- Linux DҨϥΪyt (i LANG ܼƽվ)F
- pietty ҨϥΪytC
oTөNNytnۦPɤ~|TܥXIdnncOڡI
pվ pietty sXOH
ϥ|Bpietty ϥܤ@
byﶵzyrsXz̭iHD big5 Ϊ̬O utf8 sXA
LŦXA Linux PɮשxsƮ榡AN OK աI ^_^I
pGQn@ӳ]wɡAiHܹϥ|WY̩UӡyԲӳ]wzءA
N|X{pUϥܡC𫟺nOyLkƦrQnͮġzɡA
iHӤUϪܨӱҰʼƦr䪺\G
ϤBpietty ϥܤ@
pWϩҥܡAbAJyApplyzANiH۰ʪͮĤFI{bAiHLk䪺sFA
uKCAӧAiHվ pietty bOЦơAo˷ƤӦhɡAA¥iHվ㱲bӬd\eơC
]wkpUG
ϤBpietty ϥܤ@
վ㧹FùjpAAӳoO̭nGyznH@Ӫ SSH
tknJHIzeLAڭ̹w]OH version2 ӵnJAҥHo̧ڭ̥iHվ㬰
2 ӶءIo˨CnJ|H version 2 ҦnJDFI
ϤCBpietty ϥܤ@
pietty jPWy{NOoˡIp@ӡAzNiHb Windows WH
SSH wAnJݪ Linux DPIKaI ^_^ I
pGQn䴩ܡAثe
pietty wg䴩աIziHJILݭnק@UrA
ܹϥ|yﶵzyrzA|X{pUϥܡG
ϤKBpietty ϥܤ@
N(1)r]wө
(2)r]wyBig5zAp@ӡAz pietty N䴩媺JoI ^_^
Wڭ̧@odz]wȳOb̰ڡHIOb Windows nɷڡI
ziHb Windows tηAby}lz-->yzAX{خؤJyregeditzA
|X{@ӤjCЦb䪺eܡy
HKEY_CURRENT_USER --> Software --> SimonTatham --> PuTTY --> SessionszA
NiHݨz]woI ^_^I oˡA]NiHxsz]wo
b putty xW] psftp o{Co@{IhObH sftp
suW Server Csu觋iHI
psftp oɮסALҰʡAh|X{UϼˡG
psftp: no hostname specified; use "open host.name" to connect
psftp>
|
oӮɭԥiHJznsWhDW١AҦpڪϰ줺 linux.dmtsai.tw oӥD
psftp: no hostname specified; use "open host.name" to connect
psftp> open test.linux.org
login as: dmtsai
Using username "dmtsai".
dmtsai@linux.dmtsai.tw's password:
Remote working directory is /home/dmtsai
psftp> <== o̴NbݱzJ FTP OFI
|
Io˴NnJDաI²aIMLϥΤ觋e쪺 sftp @˭I[oϥΧaI
SSH ҴѪ sftp \uQί¤r psftp ӳsuܡHSϧΤnOHIMI
NOD`Ϊ Filezilla oIFilezilla OϧΤ@ FTP ΤݳnAϥΤWD`KA
ܩԲӪw˻Pϥάy{аѦ
vsftpd `I
Բӳ]w sshd A
WAҦ ssh ]wb
/etc/ssh/sshd_config
̭ILAC Linux distribution w]]wӬۦPA
ҥHڭ̦nAѤ@Uӳ]wȪNq~nI
[root@linux ~]# vi /etc/ssh/sshd_config
# 1. SSH Server ]wA]tϥΪ port աAHΨϥΪKXt觋
# dN@UAbw]ɮפAunOQѪ]w(#)AYyw]ȡIz
Port 22
# SSH w]ϥ 22 oportA]iHϥΦhportAYƨϥ port oӳ]wءI
# ҦpQn} sshd b 22 P 443 Ahh[@椺eG
# Port 443
# o˴NnFILAijק port number աI
Protocol 1,2
# ܪ SSH wAiHO 1 ]iHO 2 A
# pGnPɤ䴩̡ANnϥ 2,1 oӤjF(Protocol 1,2)I
# ثeڭ̷|ijzAϥ Protocol 2 YiI
#ListenAddress 0.0.0.0
# ťDdI|ӨҤlӻApGz IPA
# OO 192.168.0.100 192.168.2.20 AuQn
# } 192.168.0.100 ɡANiHgpPU˦G
ListenAddress 192.168.0.100
# uťӦ 192.168.0.100 o IP SSHsuC
# pGϥγ]wܡAhw]Ҧ SSH
#PidFile /var/run/sshd.pid
# iHm SSHD o PID ɮסICw]
#LoginGraceTime 2m
# ϥΪ̳sW SSH server A|X{JKXeAbӵeA
# bh[ɶS\sW SSH server AN_uIYLhw]ɶI
#Compression yes
# O_iHϥYOHMiHo
# 2. D Private Key mɮסAw]ϥΤUɮקYiI
#HostKey /etc/ssh/ssh_host_key # SSH version 1 ϥΪp_
#HostKey /etc/ssh/ssh_host_rsa_key # SSH version 2 ϥΪ RSA p_
#HostKey /etc/ssh/ssh_host_dsa_key # SSH version 2 ϥΪ DSA p_
# ٰOoڭ̦bD SSH suy{̭ͨ쪺Ao̴NO Host Key
# 2.1 version 1 @dz]wI
#KeyRegenerationInterval 1h
# ѫesuiHDA version 1 |ϥ server Public Key A
# pGo Public Key QܡAZJHҥHݭnCj@qɶ
# ӭsإߤ@Io̪ɶILڭ̳q`Ȩϥ version 2 A
# ҥHoӳ]wiHQI
#ServerKeyBits 768
# SIoӴNO Server key סIιw]ȧYiC
# 3. nɪTƩmP daemon W١I
SyslogFacility AUTHPRIV
# Hϥ SSH nJtΪɭԡASSH|OTAoӸTnOb daemon name
# UHw]OH AUTH ӳ]wAYO /var/log/secure ̭IHѰOFI
# ^ Linux ¦ h½@UCLiΪ daemon name GDAEMON,USER,AUTH,
# LOCAL0,LOCAL1,LOCAL2,LOCAL3,LOCAL4,LOCAL5,
#LogLevel INFO
# nOšIKKITIP˪AѰOFN^hѦҡI
# 4. w]wءInI
# 4.1 nJ]w
PermitRootLogin no
# O_\ root nJIw]O\AOij]w noI
#UserLogin no
# b SSH UӴN login oӵ{nJI
#StrictModes yes
# ϥΪ̪ host key ܤAServer NsuAiH׳차{I
#RSAAuthentication yes # O_ϥίª RSA {ҡIHȰw version 1 I
#PubkeyAuthentication yes # O_\ Public Key HM\աIȰw version 2
#AuthorizedKeysFile .ssh/authorized_keys
# WoӦb]wYnϥΤݭnKXnJbɡAӱbsɮשҦbɦWI
# oӳ]wȫܭnIɦWLO@UI
# 4.2 {ҳ
#RhostsAuthentication no
# tΤϥ .rhostsA]Ȩϥ .rhostsӤwFAҥHo̤@wn]w no
#IgnoreRhosts yes
# O_ϥ ~/.ssh/.rhosts Ӱ{ҡIMOI
#RhostsRSAAuthentication no #
# oӿﶵOM version 1 ΪAϥ rhosts ɮצb /etc/hosts.equiv
# tX RSA t觋Ӷi{ҡInϥΰڡI
#HostbasedAuthentication no
# oӶػPWALO version 2 ϥΪI
#IgnoreUserKnownHosts no
# O_aؿ ~/.ssh/known_hosts oɮשҰODeH
# MnAҥHo̴NO no աI
PasswordAuthentication yes
# KXҷMOݭnIҥHo̼g yes oI
#PermitEmptyPasswords no
# YW@pG]w yes ܡAo@N̦n]w no A
# oӶئbO_\HŪKXnJIM\I
ChallengeResponseAuthentication no
# \KX{ҡIҥHA login.conf Ww{Ҥ觋AiAΡI
# ثeڭ̤wϥ PAM Ҳz{ҡA]oӿﶵiH]w no I
UsePAM yes
# Q PAM zϥΪ̻{ҦܦhnBAiHOPzC
# ҥHo̧ڭ̫ijzϥ UsePAM B ChallengeResponseAuthentication ]w no
@
# 4.3 P Kerberos ѼƳ]wI]ڭ̨S Kerberos DAҥHUγ]wI
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosTgtPassing no
@
# 4.4 UOb X-Window UϥΪ]wI
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
# 4.5 nJ᪺ءG
PrintMotd no
# nJO_ܥX@ǸTOHҦpWnJɶBaIAw]O yes
# YOCLX /etc/motd oɮתeCOApGFwAiHҼ{אּ no I
PrintLastLog yes
# ܤWnJTIiHڡIw]]O yes I
KeepAlive yes
# @ӨApG]woتܡA SSH Server |ǰeKeepAlive T
# ClientݡAHTO̪su`IboӱpUA@ݦASSHiHߨ訚DI
# Ӥ|͵{Ǫo͡I
UsePrivilegeSeparation yes
# ϥΪ̪v]wءIN]w yes aI
MaxStartups 10
# Pɤ\Xө|nJsueHڭ̳sW SSH AO|JKXɡA
# oӮɭԴNOڭ̩ҿתsueաIboӳsueAFO@DA
# ҥHݭn]w̤jȡAw]̦hQӳsueAӤwgإ߳supboQӷ
# 4.6 ϥΪ̩ת]wءG
DenyUsers *
# ]wתϥΪ̦W١ApGOϥΪ̡ANOקaI
# YOϥΪ̡AiHNӱbJIҦpUCI
DenyUsers test
DenyGroups test
# P DenyUsers ۦPIȩ״XӸsզӤwI
# 5. SFTP AȪ]wءI
Subsystem sftp /usr/lib/ssh/sftp-server
|
WACentOS w] sshd AȤwgOwFAL٤I
ijA (1)N root nJvF (2)N ssh ]w 2 C
L]wȴNбz̷Ӧۤvߦnӳ]wFCq`ijiHKקաI
t~ApGzקLWoɮ(/etc/ssh/sshd_config)ANݭnsҰʤ@
sshd o daemon ~IYOG
s@αKXiߧYnJ ssh ΤG
xIJM SSH iHϥ Key ӤơAåBѨϥΪ̸ƪ[K\A
iiQγo Key NѨϥΪ̦ۤviJDAӤݭnJKXOH
InDNIڭ̥iHN Client ͪ Key L Server AҥHA
H Client nJ Server ɡAѩ̦b SSH nsuTǻANwgL Key FA
]AiHߧYiJƶǿ馉AӤݭnAJKXOIb@WBJiHOG
- Ab Client Wإ Public Key Private Key o_͡AQΪO
ssh-keygen oөROF
- AӡAN Private Key b Client WaؿAY $HOME/.ssh/ A
åBקvȦ User iŪAF
- ̫AN Public Key b@ӱzQnΨӵnJD Server ݪY
User aؿ .ssh/ ̭{ɮקYiӵ{ǡC
OnܧxˤlABJu²Aڭ̨̧ǨӶi@~nFI]eG
- Server linux.dmtsai.tw o 192.168.0.2 DAϥΪ User test oӱbF
- Client test2.dmtsai.tw o 192.168.0.100 PC test2 oӱbA
LnΨӵnJ 192.168.0.2 oD test oӱbC
- b Client ݫإ Public P Private Key G
إߪkuO²줣Ib 192.168.0.100 o Client WAH
test2 oӱbAϥ ssh-keygen oӫOӶi Key ͧYiILAݭn`NOA
version 1 P version 2 ϥΪKXt觋PA~A version 2
ѨӱKXt⪺kAڭ̳o̶Ȱw version 2 RSA oӺtki满I
[test2@test2 ~]$ ssh-keygen -t rsa <==oӨBJb Key pair
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test2/.ssh/id_rsa): <==o̫UEnter
Enter passphrase (empty for no passphrase): <==o̫ Enter
Enter same passphrase again: <==A@ Enter
Your identification has been saved in /home/test2/.ssh/id_rsa. <==oOp_
Your public key has been saved in /home/test2/.ssh/id_rsa.pub. <==oO_
The key fingerprint is:
c4:ae:d9:02:d1:ba:06:5d:07:e6:92:e6:6a:c8:14:ba test2@test2.linux.org
# `NG -t OyϥΦرKXt觋Hzѩڭ̨ϥ RSA A
# ҥHJ -t rsa Yiإߨ Keys I
# ~Aإߪ Keys mbaؿU .ssh oӥؿI
# ݤ@Uo Keys aI
[test2@test2 ~]$ ll ~/.ssh
total 12
-rw------- 1 test2 test2 887 Nov 12 22:36 id_rsa
-rw-r--r-- 1 test2 test2 233 Nov 12 22:36 id_rsa.pub
-rw-r--r-- 1 test2 test2 222 Oct 31 11:20 known_hosts
|
Ъ`NWAڪO test2 AҥHڰ ssh-keygen ɡA
~|bڪaؿU .ssh/ oӥؿ̭ͩһݭn Keys
AOOp_(id_rsa)P_(id_rsa.pub)Ct~@ӭnSO`NNO
id_rsa ɮvաILnO -rw-------
~nI_heQHaDFAz Keys Ni~FHҥHЯSOdNLvI
id_rsa.pub hOy_IzoɮץnQm Server ݤ~I
- b Client ݩmp_G
bw]Aڭ̪p_ݭnmbaؿU .ssh ̭ApGO
version 2 RSA tkANݭnmb $HOME/.ssh/id_rsa IxInϥ
ssh-keygen NOwgͦboӥؿUFAҥH۵MNݭnhվLFIHڪ
test2.dmtsai.tw ӬݡAڪɮ״N|mb /home/test2/.ssh/id_rsa oɮ״NOp_աI
- b Server ݩmiHnJ_G
JMڭ̭n test2 iH test oӱbnJ linux.dmtsai.tw oDAoD۵MݭnO
test2 public key oI諸IҥHڭ̥ݭnN Client ݫإߪ id_rsa.pub
ɮL linux.dmtsai.tw Y test oӨϥΪ̪aؿUIpGzٰOoW
sshd_config oɮת]wܡAӴNOoy
AuthorizedKeysFile zoӳ]waIOI
bQnJDYӱbAL_mɮצWٹw]NOoӶةҰOIӥLw]ɦWNO
authorized_keys
oɮצWٰաIӫOH
1. b Client ݥH sftp N_ test WhI
[test2@test2 ~]$ cd ~/.ssh
[test2@test2 .ssh]$ scp id_rsa.pub test@192.168.0.2:~/
test@192.168.0.2's password:
id_rsa.pub 100% 233 0.2KB/s 00:00
2. Server WAN_s authorized_keys ɮפI
[test@linux ~]$ cd ~/.ssh
[test@linux .ssh]$ cat ../id_rsa.pub >> authorized_keys
|
Ъ`NWIѩ authorized_keys iHOs۷h_eA]A
iHϥ >> 觋ӱN Client ݪ_sWɮפIIo@B@A
test2 NiHb test2.dmtsai.tw H
[test2@test2 ~]$ ssh test@linux.dmtsai.tw
|
o˴NiHݭnJKXoIOЪ`NA test H test2 nJ test2.linux.org I
²檺BJaIoˤ@ӡANiHݱKXFILצpAznOoOG
- Client s@X Public & Private o keysAB Private ݩ ~/.ssh/ F
- Server n Public Key ABmϥΪ̮aؿU ~/.ssh/authorized_keysF
ӡAzٷQnnJLDɡAunNz public key (NO id_rsa.pub oɮ) L
copy LDWhAåBsWYb ~/.ssh/authorized_keys oɮפII\I
w]wG
ѹ껡AjaQy
SSH OӦwAȡzҴFFI
sshd äwI½} openssh LhvӬݡAT꦳ܦhHOQ ssh {|}ӨoݥD root
vAi@B±𫍧DI
sshd ҿתywzOy
sshd ƬO[KLAҥHLƦb Internet WǻɬOwC
ܩ sshd oӪAȥNO˦wFIҥHGy
DnAnN sshd
Internet }inJvAɶq]bXӤpd IP ΥDW٧YiI
oܭnI
nFAw]w譱ASȱo`NOHMOաI
ڭ̥iHijXӶاaIOiHѡG
- /etc/ssh/sshd_config
- /etc/hosts.allow, /etc/hosts.deny
- iptables
oT譱ӵۤiIUڭ̴N@aI
/etc/ssh/sshd_config
@ӨAoɮתw]شNwgܧƤFIҥHAƹWOӻݭnʥLI
OApGzǨϥΪ̤譱U{AiHo˭ץ@ǰDOI
- T root nJG
ɭԡA\ root Hݳsu觋nJA|O@ӦnDNIҥHoZijjaN
root nJvaIҥHAiHק /etc/ssh/sshd_config oɮתeG
[root@linux ~]# vi /etc/ssh/sshd_config
PermitRootLogin no <== NL令 no aI
[root@linux ~]# /etc/init.d/sshd restart
|
p@ӡAH root NH ssh nJoIo٬OnաI ^_^
- \YӸsյnJG
ǯSpAڭ̷QnϥΪ̥uϥ
sendmail, pop3, ftp AOƱLiHݳsuiӡAziHo˰G
1. NoǨϥΪ̳kǦbY@ӯSsդUAҦp nossh oӸsզnFF
2. b /etc/ssh/sshd_config [Jo@Gy
DenyGroups nossh z
3. sҰ sshd G /etc/init.d/sshd restart
o˴NOKաI
- \YӨϥΪ̵nJG
DenyGroups Aϥ DenyUsers YiIѦ sshd_config ]wI
²檺kNOG
[root@linux ~]# vi /etc/hosts.allow
sshd: 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4, 192.168.0.5: allow
[root@linux ~]# vi /etc/hosts.deny
sshd : ALL : spawn (/bin/echo Security notice from host `/bin/hostname`; \
/bin/echo; /usr/sbin/safe_finger @%h ) | \
/bin/mail -s "%d -%h security" root@localhost & \
: twist ( /bin/echo -e "\n\nWARNING connectin not allowed.". )
|
hXhO@]ܦnIҥH]iHϥ iptables IѦҡG
²[] @oI
̫Ay
I~jaAn} SSH nJvҦ Internet WDz
oܭn]pGiH ssh iJzDA......ӦMIF
XDMCP A
Ҽ{@ӱpApGz Linux DWDnOΨӧ@ϧγBzɡAӥBPɦhHݭnΨ쨺ӥ\A
@ Linux O_@ȯണѤ@ӤHBzӳnOHKKIi@wI] Linux
۷uq X Window System ڡI
X Window Server/Client [c
X Window System [c``Bͨӻ(o]]AաI @_@)bӦnzѡ
] X Window System bB@L{AP˥]tF X Server P X Client oӪFA
OL@ΫoPD Server/Client [cjӻ X Server/Client ҭtdFG
- X ServerG LDntdOùeøsPC
X Server iHӦ X client ƾڡA
NoǼƾøse{ϭbùWC~Aڭ̲ʷƹBIơBLJƵA
]|zL X Server ӶǹF X Client ݡAӥ X Client ӥ[HBF
- X ClientG LDntdOƪBC
X Client b X Server ǨӪƫA|gѥBAӱoƹӭnpʡB
IGӭnX{˪ơBLJGӭnpe{A
MNoǵGi X Server ALۦhøsùWC
o˻iHzѶܡH]NOAڭ̲ʷƹκVLɡA X server iHoǵwҿJơA
LDӭn@~nANoǸƧiD X Client AɡA X Client N|NoǸƭpA
̫oƹӭnpʻPLӭnpe{AñNoǵGi X Server A
X Server N|g X Client iAӱNǼƾڸƦbùWe{XӡC
ƹWA X Server P X Client q`ObP@WA
Ҧpڭ̦b Linux W榳W KDE oӮୱ@ˡC
O X Server/Client oM@wnbP@WA
]NOAڭ̥iHzLsⳡD X tΩOI
o]O̦ X tζ}oɪCLAoӮɭԪ X server O@OH
|ӨҤlӻAڭ̥iHb Windows tΤW@M X Win32 nA
LiHs Linux X WYϥΪ̥HϧΤnJ Linux C
ɡA]yX Win 32zDnObùWܡALδNOùøsA]LO X Server C
HܡA@Uڭ̴թUƮɡAz|o{AҰ X win32 oMnA
b Windows tΤWN|X{ port 6000 o X server port OӳoӮɭ X Win 32
nNOs Linux Yӵ{ǡAڭ̵@UnЪ XDMCP NO𫟺@ءC
o XDMCP iHN X Win32 ǰeLӪƹB⦨iHøsƾڦӦ^ǵ X win 32 MnA
ɪ XDMCP {ǴNO@ X Client o
ҥHաIpGz Windows Qns Linux DܡA Windows NoniH檺 X Server nա
Linux DhnҰʤ@ӥiH X Server ƹB⪺ X Client ա
NOo˻
OAo˰nBOH̤jnBNOA
bAW X Client ݭnD
X Server wO]tdܪO X server ƱAzw骺ʧ@]O X server bA
bDW X Client uONoǷƹʻPI٦LJƦbDݹBA
̫NGǰe X Server ܦӤwC(MաA
X Client B⤺e٬O|ΨDݪ]wɻP祃wNOFC)
ϤEBX server/client [c
ɭԷ|X{hϥΪ̳sJ X DpOHHҤlӻAڭ̹Ǧ@ Linux biƭȼA
LXGO NetCDF ɮסAڭ̥ϥ PAVE o@MnhBzoǸơA
Høs@ϵCOڭ̦TӤHPɳ|ϥΨ쨺ӥ\A
Linux DOb[ḓAnڭbӤppŶeyۡzާ@qA
iuOQHڡoӮɭԡAڭ̴N|[]ϧΤݵnJAA
ڭ̥iHy
hHPɥHϧΤnJ Linux DzӾާ@ڭ̦ۤv{ǡI
ܴΡAOܡHI
]w XDMCP
XDM O X Display Manager ²١AL\OOH
²檺ANOzޱ X Server ܰաLDnغz觋A
pG X Server/Client bP@WAҰ xdm AN|ͤ@ X server FF
ӦpG X server/client bP@DWAҰ xdm ALN|zLhzݨD
X server FC XDMCP (X Display Manager Control Protocol) NOtdťӦۺW
xdm nDա
X11 (CentOS ϥΪO Xorg oӭpe X11)Ѫ display manager xdm A]wɦb
/etc/X11/xdm/xdm-config A
ӵۦW KDE P GNOME ]ۤv display manager z{ǡAOO kdm P gdm A
]wɫhO
/etc/X11/xdm/kdmrc P /etc/X11/gdm/gdm.conf
(P distribution oɮשmؿӤ@)Cڭ̥iHzLT̤@̪ display manager
]wɨӱҰ xdmcp oӨwO
nҥ xdmcp \u²ApGznҥ xdm ܡAק /etc/X11/xdm/xdm-config oɮסA
쩳Uo@(@b̫@)G
DisplayManager.requestPort: 0
|
NLק令G
!DisplayManager.requestPort: 0
|
YOѱAMAsҰ xdm NnFC kdm P gdm ]w]AUDnH kdm
Ӷi xdmcp []CLn`NOAYϦb Linux Dݤҥ X Server (port 6000)
]OiHTL~ X nJNpPW쪺@
OApGnoTTA٬OijzA
ҥ kdm ɤ@֥TҰ X A
uOwʤWNn`N@ǤFInFAhLqAӹ@aI
1. kdm 䴩 xdmcp Ҧ
[root@linux ~]# cd /etc/X11/xdm
[root@linux xdm]# vi kdmrc
[Xdmcp]
Enable=1
# jOb 70 楪kCnháIuuno˴NnFI
2. client iHzL X ӵnJtΡIPv]w
[root@linux xdm]# vi Xaccess
*
# FwʤWݭnAQnnJ X ܡAonqLoɮתҤ~C
# Wo@ApGSo@檺(u@ * )A
# Nۦ[JCoܡyרӦ̡ۭAڳ X nJzNI
3. Ұ kdm I
[root@linux xdm]# /etc/init.d/xfs start
# NpPڭ̤W쪺A kdm AiܡA|bݱҰʤ@ X server A
# ӧڭ̳o@ Xorg nQҰʡAonҥ X font Server ~A
# _hܡAzNon /etc/X11/Xorg.conf ̭h]wnCӦr|~C
[root@linux xdm]# kdm
[root@linux xdm]# netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 5920/X
tcp 0 0 :::6000 :::* LISTEN 5920/X
udp 0 0 :::177 :::* 5918/kdm
# nݨ즳 177 udp port X{~ ]O xdmcp wťfC
# LApGnݬݬO_\Ұ X ܡANond\ 6000 o port o
# pGSݨ port 6000 ܡAЬd\ /var/log/Xorg.0.log I
# pGQn]w}N۰ʰ檺ܡAiHQ chkconfig [J xfs A
# ]iHN kdm oӫOg /etc/rc.d/rc.local oɮפ
|
MODƪALFקKxZAo٬OonjaC(] CentOS ݭnҰ X N xdmcp nJ)
WլOb run level 3 ҤUABb檺ɭԡA
/var/log/messages P /var/log/Xorg.0.log oɮפeèS kdm ~T
ܭnڡI]YǮMpGS\Ұ X ɡALNLkѵnJO
ΤݵnJ
ΤݬO Linux DG
pGQni XDMCP Ѫ X nJ Linux DɡAb Linux UiOeܡ
Uy{ObyΤݡz檺㤣O诊 XDMCP Ҧb Linux DաI
0. аȥnb X Window AiJ X Window 觋G
[root@client ~]# startx
#
[root@client ~]# init 5
@
1. b X Window eAҥΤ@ shell AMJG
[root@client ~]# xhost + 192.168.1.100
192.168.1.100 being added to access control list
# ]ڭ诊 Linux D IP 192.168.1.100
[root@client ~]# init 3 <== X Server
2. brUJG
[root@client ~]# X -query 192.168.1.100
# iJ X Window oI
|
pG@QܡAzӴN X Window eUhnJݥDo
XDMCP
pGQnܡANo˰G
[root@linux xdm]# killall -9 kdm
[root@linux xdm]# /etc/init.d/xfs stop
|
o˴NiHN xdmcp Lo ^_^
VNC A
M xdmcp NwgܦnΤFALANHǿtפWALuOCڡ
oӮɭԡAڭ̥iHQ VNC (Virtual Network Computing) oӦnΪNNӶi@B]wڭ̪
X Window nJtγC
VNC nzL VNC Server P VNC client n骺I۷ftANiHiֳt@IƶǿC
VNC pGQn}G@IܡA]Oݭnft xdmcp ա]pGOºϥ VNC s Xorg
( XFree86) ²檺eAuO....InΡ
VNC Server |bDh}@ӵ{Ǧb Client nJnDA
Client nJA~h Window manager ҰʡCӳo Window manager Ұʤ觋ܦhءA
̶KNOQ Xorg w] twm oӵz{ALuOnݡ
eIoˡG
19 Bϥ twm su VNC Server d
uܦnݳ㨺Hڭ̥iHzL VNC Ұʳ]wɡG xstartup ӳ]wP Window manager A
t~Aڭ̤]iHzLҥ kdm gdm oӦnΪ display manager ӥNz Window manager O
wϥάd (Query) XDMCP 觋ӱҰ VNC AӤOҰ startkde oӵ{
ҥHAUڭ̴Nӳ]wiHs xdmcp W VNC Server aI
1. kdm 䴩 xdmcp Ҧ
[root@linux ~]# cd /etc/X11/xdm
[root@linux xdm]# vi kdmrc
[Xdmcp]
Enable=1
2. client iHzL X ӵnJtΡIPv]w
[root@linux xdm]# vi Xaccess
*
3. Ұ kdm I
[root@linux xdm]# /etc/init.d/xfs start
[root@linux xdm]# kdm
[root@linux xdm]# netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 5920/X
tcp 0 0 :::6000 :::* LISTEN 5920/X
udp 0 0 :::177 :::* 5918/kdm
# nݨ즳 177 udp port P port 6000 ~F
# pGSݨ쪺ܡANondߩUXɮתeAݬݿ~TFI
# a. d\ netstat -tlunp
# b. d\ /var/log/Xorg.log.0
# c. d\ /var/log/messages
# d. d\ /var/log/kdm.log
4. άYإ passfile VNC suɨϥ
# ] VNC }C port OYSwϥΪ̵nJA]A
# C VNC server |ҥΦۤv port Oڻ̤ji} 10 ӡ
# o̰]Q dmtsai oӨϥΪ̨Ӱ VNC ALNnUXӰʧ@G
4.1 إ߳suαKX
[root@linux xdm]# su dmtsai
[dmtsai@linux xdm]$ vncpasswd
Password: <== o̽пJKX
Verify: <== AJ@
# SO`NAFw_AKXOI
# ܤ֭njӦrABPbۦP
# KXإ߫A|b /home/dmtsai/.vnc/passwd oɮפOFAKX
# PɡAboӥؿUA٦]w xstartup iHQγI ^_^
4.2 ק]w xstartup
[dmtsai@linux xdm]$ vi /home/dmtsai/.vnc/xstartup
# NoɮפҦƳqqLѱ㤣ݭnOd
4.3 }@ϥΪ̪e
[dmtsai@linux xdm]$ exit
5. ק /etc/sysconfig/vncserver ɮפe
# oɮO FC4 w]Ұ VNC ŪɡAҥHڭ̥iHקL
[root@linux xdm]# vi /etc/sysconfig/vncservers
# N쥻Ƨ令oˡG
VNCSERVERS="2:dmtsai"
VNCSERVERARGS[2]="-geometry 800x600 -query localhost"
# NOAڭ̭nҰʤ@ VNC b port 5900+2 Y 5902 NA
6. Ұ VNC server
[root@linux xdm]# /etc/init.d/vncserver start
# ɦb /home/dmtsai/.vnc/ ̭ӷ|Xɮױzӭn`NA
# ̭nNO dmtasi.linux.dmtsai.tw:2.log oɮסAɦWѨӬOG
# username.hostname.domainname:[port number].log A]ڭ̬Oҥ 5902 A
# ҥHN :2.log ɦWաȥݨ̭S~~
# pGo{䤣/usr/X11R6/lib/X11/xserver/SecurityPolicy ~ALn
7. d\]wG
[root@linux xdm]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5802 0.0.0.0:* LISTEN 15287/Xvnc
tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 15287/Xvnc
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 15019/X
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 15287/Xvnc
tcp 0 0 :::6000 :::* LISTEN 15019/X
tcp 0 0 :::6002 :::* LISTEN 15287/Xvnc
udp 0 0 0.0.0.0:32924 0.0.0.0:* 15287/Xvnc
udp 0 0 :::177 :::* 15017/kdm
|
]wn]²㨺FohzH
]LLA]ƱjaiHbP Linux distributions ]Q[]n
XDMCP P VNC ApGzεnɪeTA
ӷ|e debug ա ^_^
t~AƹWҰ VNC script O vncserver oӫOұҥΪA
z]iHQάYӨUFG
[root@linux ~]# vncserver :3
You will require a password to access your desktops.
Password: <== NJKXaI
Verify: <== AJKXaI
New 'dmtsai.linux.dmtsai.tw:3 (dmtsai)' desktop is dmtsai.linux.dmtsai.tw:3
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/dmtsai.linux.dmtsai.tw:3.log
|
p@ӡANiHҥΤ@ port 5903 VNC Ao
ziHAתh logfile d@dڡܩܡAiHΡG
[root@linux ~]# vncserver -kill :3
|
o˴NoIpGQns VNC Server ܡA
b Linux UiHQ KDE krdc o价ݳsu{ApGO Windows ܡA
Noݭn VNC Client oziHeUG
U Free Edition ӴլݬݴNnFCw˹L{ڭ̴NF
w˧Ay}lz-->y{z-->yRealVNCz-->yRun VNC viewerzA
X{pUG
20 BVNC viewer d
JFzD IP P VNC port A|X{@ӱKXG
21 BVNC viewer d
Ooڡo̪KXOyzQ vncpasswd ҫإߪKXzAӤOnJ̪KXڡ
U Enter ApGQܡAN|X{pUϥo
22 BVNC viewer d
23 BVNC viewer d
ܤaI ^_^ o˴Nb Client ݵnJ Linux Do
ӥB٥iHhH@ΩOuOΡ ^_^COApGz]wA
bnɦѬOX{oөNNG
yXDMCP fatal error: Manager unwilling Host unwillingzA
NO /etc/X11/xdm/Xaccess oɮת]wݭnܧFI
t~AǪBͤ@w|ıo_ǡANOAƻڪ VNC A server / client ݵeäOPBO?
oO] Linux Ѧh VNC server Ao̬OUۿWߪAҥHMN|P tty7 ePBFC
OpGzQnP Linux tty7 PBܡAiHQ VNC X X Server ϥΪҲըӥ[H]wYiC
pGzO CentOS 4.x o distribution ܡA߱zAtιw]wgN vnc.so oӼҲXFAziHd\
/usr/X11R6/lib/modules/extensions/ oɮסAYiDS vnc.so oӼҲաCpGzSoӼҲժܡA
аѦ
http://phorum.study-area.org/viewtopic.php?t=25713 o@g峹A
̧Ǩӳ]wa!
[root@linux ~]# vi /etc/X11/xorg.conf ( XF86Config)
Section "Module"
....
Load "vnc"
EndSection
# b Module o section [J vnc oӼҲէYi
Section "Screen"
Identifier "Screen0"
Device "Videocard0"
Monitor "Monitor0"
Option "passwordFile" "/etc/vnc/passwd"
DefaultDepth 16
......
EndSection
# ]z vnc KXɮשmb /etc/vnc/passwd YA
# oӮɭԴNonNKXɤeg Screen o section F
|
ɵLsҰʤ@U kdm Ϊ̬OsiJ run level 5 ɭԡAzN|o{hF@ port 5900 OA
KKAdzƦPBnJa ^_^
RSH A
O RSH AOHAoOPDۡyާ@z귽@ӤkC
NnϥΡy ssh dmtsai@localhost date zkաI
ڭ̥iHzL rsh Ӿާ@DڡCo RSH NOQ٬ R Shell NNo
ثe RSH ܤֳQϥΨ@몺AWAרO Internet }DA
oO] RSH MIʫܰILOXǿAӥB@ӳ]w}Ai|ҦHϥ RSH ӵnJDI
LARSH oOާ@Oq (cluster) ̭̱`AȤ@I
ҿתOqA²檺NOy
NܦhDzLsb@_A
H𫟺@D@Dnޱq (Ϊ̺٬ master) ALDȭtdӦ master nD
(ҥHQ٬ slave)FҦqu@O master ҴxA slave ȭtdB⪺Cz
o]NOA slave jNȴ CPU B椸ALƳO master tdӹB@C
MAڭ̤]Ounޱ master DnqӤwCbo˪pUA slave master OA
̥DnNOzL RSH ڡI (MA]iHzL SSH tX_ӹFo˪u@I)C
h cluster СAiHѦҤ@Ueg@gp峹G
ܩ RSH server P Client ʥiHϥΤUϥܨӬd\G
24 BRHS Server/Client ʥܷN
WϤb RSH server Xӳ]wɬOo˪G
- /etc/hostsGDnWd RSH server/client DWٻP IP I
- /etc/hosts.equivGWdX@ client iHsWo RSH serverF
- ~user/.rhostsGWdXӨϥΪ̥iHݭnJKXYi RSHF
- /etc/pam.d/rshGWd root _ϥ RSH ]wɡC
M RSH ثewgܤֳQϥΡAObDsuW٬OLsbȰաI
]AUڭ̴Nӽͤ@ͦp˳o RSH aI
RSH Server
R Shell ܦhuPҰʪ port A` R Shell u㦳 rexec, rlogin, rsh A
ӳoǤu㳣줣P port WAAiH /etc/services Wd\@U 512, 513, 514 oT port aI
RSH Server ҰʡG
p
24 ҥܡAڭ̦b RSH Client qWQnϥ RSH Server WYƮɡA
RSH server ۵MNonҰ RSH oAoIpҰʩOH²檺ܡ
NQ super deamon ӱҰʡA
ڭ̻ݭn rsh rsh-server ӮM~IЦۦw˧aI
t~A rsh-server @ѤTӪAȡAOOy rexec, rlogin, rsh zAڭ̥°Q rsh aI
w˧AҰʧYiG
[root@linux ~]# vi /etc/xinetd.d/rsh
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
}
# SIunN disable 令 no YiI
[root@linux ~]# /etc/init.d/xinetd restart
[root@linux ~]# netstat -tlnp | grep 514
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 23369/xinetd
# ݨ 514 port X{NFI
|
]wiHϥ RSH ӷDPbG /etc/hosts,
/etc/hosts.equiv, ~user/.rhosts
]ڤwgb /etc/hosts ̭nFڤD IP PDW٪FA
ҦpA 192.168.1.2 /etc/hosts ̭Oo˪G
[root@linux ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.2 rsh.server rshserver
192.168.1.100 rsh.client rshclient
# WȦⳡDA] RSH server IP O 192.168.1.2 աI
|
oɮܭnA]ڭ̪ RSH q`OQΥDW٨ӧ@OUFA
ҥHoAzϰDWٻP IP n]w_ӡA_hDNjFC
bWAA|o{A곾IO rsh.server A
ڷQn 192.168.1.100 YO rsh.client si rsh.server @ǫOܡA
ڴNonҰv~IɴNon /etc/hosts.equiv ӳBzFCoɮת榡Oo˪G
[root@linux ~]# vi /etc/hosts.equiv
rsh.client dmtsai
# oɮת榡O [hostname] [username]
# NAn}ϥΪ̻PYDLngWhYiI
|
o˴NnF]wFIӥQnnJo rsh.server DAunNLDWٻP IP gJ
/etc/hosts AMANӥDWټgJ /etc/hosts.equiv AN\FI
oɮת]punObWdyiHοJKXNiJOz]wաI
OЪ`NAy
bw]pUA root O\ϥ rsh
nJ rsh.server CzoӫܭnInϥ root @հڡISΪC
h hosts.equiv ]wȡAаѦ man hosts.equiv oI
Ai|o{@ơANOCDPϥΪ̳ݭntXܡA /etc/hosts.equiv w]Ȧ root iקA
p@ӹbnzIɧڭ̥iHϥΨϥΪ̮aؿɮרӳBzINO ~/.rhosts oI
oɮת]wN²FIunNϥΪ̹wpnnJDWټgJYiI
[root@linux ~]# vi ~dmtsai/.rhosts
rsh.client
|
o˴N OK աINOAڳo rsh.server W dmtsai ϥΪ̡ALiH rsh.client
oӥDnJåBݭnKXYii R Shell OUFu@I
P˪ApGٷQLϥΪ̥iHѤPDnJo rsh.server i RSH ܡA
P˦bLaؿsW .rhosts oɮקYiIpGQnӷsWϥΪ̳㦳oӥ\A
No˰G
[root@linux ~]# vi /etc/skel/.rhosts
rsh.client
|
ӷsWϥΪ̮ɡAL̪aؿUN|۰ʲ .rhosts ɮoI ^_^
root ]iHϥ RSH G
q@nAijzo˰IOApGU@zݭnYǪAȬO root ]ݭnA
γ\Non} root ϥ RSH nJDFC root ϥ rsh
O] PAM DӤwAҥHAAunN /etc/pam.d/rsh oɮѱ@YiG
[root@linux ~]# vi /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
#auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts_auth.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
|
NWo@ѱAߨN root nJ rsh DաIMաApGzߦDA
קt@ɮפ]iHG
[root@linux ~]# vi /etc/securetty
.....(ٲ).....
rsh
|
[Jo@]I`NAWoɮO㦳ʪAҥHAzunק@ӧYiA
ӦPɶiIMNDWٻP root gJ
/etc/hosts.equiv
ɮפYiIA root Nϥ rsh oIOA٬Oܫij} root ϥ RSH I`N`NI
RSH Client
o RSH client O rsh w]O root 檺IҥHnϥ root ӴաI
t~A RSH Client ̦nP RSH server 㦳ۦPbӰ rsh |DI
RSH G
UӡAMnioШ rsh.client WAϥ rsh oӫOӤUFOaI
[dmtsai@rshclient ~]$ rsh [-l ݱb] [ݥDW] [ݥDO]
ѼơG
-l G@ӻA server P client ynۦPϥΪ̱bW١znI
pGSܡAznw server ϥΪ̱bW~I
ݥDW GznnJ rsh.server DW١AOoP /etc/hosts I
ݥDOGznbݾWUFOH
dҤ@Gb rsh.server WUF ls -l / oӫOG
[dmtsai@rshclient ~]$ rsh rsh.server 'ls -l /'
.....Xٲ.....
# `NAڬOϥ dmtsai oӤ@먭ϥΪ̡AӥB rshserver rshclient
# ⳡDW@ӦW dmtsai ϥΪ̱b~Iܩ ls -l /
# hOb rsh.server DWOIdNdNI
|
@ӻAѩ RSH server/client ̦nOnۦPbAp@Ӥ~קKܦhnvD(
permission denied. )CҥHAq` RSH i|ft|~ͨ쪺 NIS/NFS A~OI
oAIH
t~A rsh Oq`ȾAX@OӤwAҥHpGAOܪ (FܦhѼ)A
̦nN@OγA_ӡAiHקKOUF~DI ^_^
Q rcp ƻsG
F rsh iHbݪޱtΥ~Aڭ̥iHzL rcp ӶiƻsIo rcp P scp XG@Ҥ@˰աI
ӥB rcp ѼƴXGP cp @Ҥ@˭It~A rcp ]OzL RSH o 514 port Ӷiƪǿ骺C
²檺pUG
dҡGd\ݥDơAMNLƻsLӡG
[dmtsai@rshclient ~]# rsh rsh.server 'ls -l ~'
drwx------ 3 dmtsai dmtsai 4096 Dec 27 2005 Desktop
-rw-r--r-- 1 dmtsai dmtsai 3385 May 29 17:52 bashrc
drwx------ 3 dmtsai dmtsai 4096 Mar 6 2006 mail
-rw-r--r-- 1 dmtsai dmtsai 883888 May 29 17:51 netcdf.tar.gz
drwxr-xr-x 2 dmtsai dmtsai 4096 Jul 26 16:05 test
-rw-rw-r-- 1 dmtsai dmtsai 34816 Mar 19 2006 testing.ppt
[dmtsai@rshclient ~]# rcp -r dmtsai@rsh.server:~/mail .
# [W -r OFnƻsؿI_hܡAiHƻsYiI
|
A@Ao RSH ثeȦbYǯSX~|ΨFI
ҦpӬy檺sTy Cluster zILpGn Cluster ܡA
on[J NIS/NFS AINznnoiաI ^_^
H rsync iPB۳ƥ
ڭ̴b¦g̭L
Linux ƥA
ӽgб`ΪƥOA]A tar, dd, cp ALɨåкAҥHӫܴΪuSСA
NOoӦanͨ쪺 rsync աIo rsync iH@@Ӭ۷ΪaƴtΪƥOI
] rsync iHFy (mirror) z\OI
rsync ̦OQnN rcp oӫOA] rsync ǿ骺tק֡AӥBLbǿɡA
iH糧aݻPݥDƻsɮפeAӶȽƻsݦtɮצӤwAҥHǿ骺ɶN۹諸CܦhI
~A rsync ǿ觋ܤ֥iHzLTؤ觋ӹB@G
- bWB@AΪkNP cp XG@Ҥ@ˡAҦpG
rsync -av /etc /tmp (N /etc/ Ƴƥ /tmp/etc )
- zL rsh ssh qDb server / client iƶǿAҦpG
rsync -av -e ssh user@rsh.server:/etc /tmp (N rsh.server /etc ƥ쥻aD /tmp )
- zL rsync ѪA (daemon) ӶǿA rsync DݭnҰ 873 portG
1. Anb server ݱҰ rsync A /etc/xinetd.d/rsync YiF
2. As /etc/rsyncd.conf ]wɡF
3. A]wn client ݳsuKXơF
4. b client ݥiHQΡGrsync -av user@hostname::/dir/path /local/path
TضǿҦtbS_ (:) ӤwAaݶǿ餣ݭn_AzL ssh rsh ɡANonQΤ@ӫ_ (:)A
pGOzL rsync daemon ܡANonӫ_ (::) AӤzѰաI]aݳBz²A
ӧڭ̪tΥӴN ssh AȡAҥHAUNЧQ rsync zL ssh ӳƥʧ@C
LAbe̥Ӭݬ rsync ykaI
[root@linux ~]# rsync [-avrlptgoD] [-e ssh] [user@host:/dir] [/local/path]
ѼơG
-v G[ҦAiHCXhTF
-q GP -v ۤϡAwRҦAXT֡F
-r GjƻsIiHwyؿzӳBzIܭnI
-u Gȧs (update)A|л\ؼЪsɮסF
-l GƻssɪݩʡAӫDsؼЭlɮפeF
-p GƻsɡAsPݩ (permission) ]OsܡI
-g GOslɮת֦sաF
-o GOslɮת֦HF
-D GOslɮת˸mݩ (device)
-t GOslɮתɶѼơF
-I Gsɶ (mtime) ݩʡAɮפW|ֳtF
-z G[WYѼơI
-e GϥΪqDwAҦpϥ ssh qDAh -e ssh
-a G۷ -rlptgoD AҥHo -a O̱`ΪѼƤFI
hаѦ man rsync ѻI
dҤ@GN /etc Ƴƥ /tmp UG
[root@linux ~]# rsync -av /etc /tmp
....eXٲ....
sent 23007335 bytes received 32280 bytes 5119914.44 bytes/sec
total size is 22870014 speedup is 0.99
# Ĥ@B@ɷ|[ɶA]إ߹IpGAƥOH
[root@linux ~]# rsync -av /etc /tmp
building file list ... done
sent 77105 bytes received 20 bytes 154250.00 bytes/sec
total size is 22870014 speedup is 296.53
# @IߨN]FIǿ骺Ƥ]ܤ֡I]AAȦtɮ|QƻsC
dҤGGQ dmtsai AN rsh.server ϥΪ̮aؿƻs /tmp
[root@linux ~]# rsync -av -e ssh dmtsai@rsh.server:~ /tmp
The authenticity of host 'rsh.server (192.168.1.2)' can't be established.
RSA key fingerprint is 29:b8:a9:32:ea:d8:ff:97:6c:42:3b:aa:11:ab:55:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rsh.server' (RSA) to the list of known hosts.
dmtsai@rsh.server's password:
receiving file list ... done
....ɮXٲ....
sent 8436 bytes received 43224862 bytes 2789245.03 bytes/sec
total size is 43189031 speedup is 1.00
[root@linux ~]# ll -d /tmp/dmtsai
drwxr-xr-x 22 dmtsai dmtsai 4096 Sep 18 23:25 /tmp/dmtsai
# @Io˴NnƥաI²aI
|
AiHQΤWdҤGӰƥ script ѦҡILn`NOA
] rsync OzL ssh ӶǿƪAҥHAiHw dmtsai oӳås@XKαKXnJ ssh _I
p@өᲧaƴtδN۰ʪH crontab ӶiƥFI²zI
KKX ssh bڭ̦bWYwgLFAg shell script O]OnI
Q rsync ӶiAƥu@aI ^_^I
ܩh rsync ΪkiHѦҥ᭱ҦCX
ѦҸI
I^UG
- ݳsuAiHϥΪ̦b@qnJDAHϥΥD귽κzP@DF
- `ݵnJAȦ rsh, telnet, ssh, vnc, xdmcp F
- telnet P rsh OHXǿơAƦb Internet WǿɸwF
- telnet P rsh w]Lk root nJALiHǥ pam Ҳժקӱҥ root nJ\F
- ssh ѩϥΪ_tΡA]Ʀb Internet WǿɬO[KLAҥHwF
- ssh ٬OݩMIAȡAФn Internet } ssh inJvAiQ iptables WdinJdF
- ssh public Key ObDݡA private key Ob client ݡF
- ssh suتAijϥΥiT{suTʪ version 2 F
- ϥ ssh ɡAɶqϥ email 觋ӵnJAYG ssh username@hostname
- client ݥiH server ǨӪ public key @PʡAQΪɮ ~user/.ssh/known_hostsF
- ssh client ݳn鸪 ssh, scp, sftp {F
- b /etc/ssh/sshd_config iH root nJvPק䴩 ssh _F
- s@ݭnKX ssh biQ ssh-keygen -t rsa ӻs@ public, private Key pairF
- WzOһs@X public key nWǨ server ~user/.ssh/authorized_keys ɮפF
- pGQH X ϧΨtεnJ Linux DAhAnb Client DҰ X server A
ݭnb Linux DҰ X client F
- Xdmcp OzL X display manager (xdm, gdm, kdm ) ҴѪ\wF
- Y client ݬ Linux ɡAݭnb X ҤUH xhost W[is쥻 X Server IP ~F
- F Xdmcp ~Aڭ̥iHQ VNC Ӷi X ݵnJ[cF
- VNC w]} port number 5900 }lAC port Ȥ\@ӳsuF
- rsh client O_iHsuiJ]wɦb /etc/hosts.equiv ~username/.rhosts F
- rsh 䴩 client ݳn驰 rsh, rlogin, rcp F
- rsync izL ssh AȳqD rsync --daemon 觋ӳsuǿADn\iHzL𫏆ƥA
ȳƥsơA]ǿƥt۷ֳtI
ҫm
- Telnet P SSH OݳsuAAڭ̳|˨ϥ SSH קKϥ Telnet OH]bH
] Telnet FϥΡyXzǰeƥ~A telnet NOܮeQJI@ӦAAҥHM]NMIFC
ܩ ssh ]OܦwIѥxWqMBzpժiH㪺o{ openssl + openssh
]O``|}boGILA_ telnet ӻATOyLw@ǡI
- йջ SSH b Server P Client ݳsuɪʥ][KF
Q key pair ӹF[KGServer Public Key Client ݺt Private key AHѫʥ]ǰeɪ[KBѱKI
- а SSH ]wɬO@ӡHpGڭnק root Lkϥ SSH suiJڪ
SSH DAӦp]wHSApGn badbird oӨϥΪ̵LknJ SSH DAӦp]wH
SSH ]wɦW sshd_config Aq`mb /etc/ssh/sshd_config FpGQ root nJAiHק
sshd_config ѼƦGyPermitRootLogin no zAísҰ ssh ӳ]wIpGn badbird
ϥΪ̵LknJAP˦b sshd_config ̭]wGyDenyUsers badbirdzYiI
- b Linux WAw] Telnet P SSH AϥΪf(port number)Uh֡H
telnet P ssh fOOG23 P 22IаѦ /etc/services I
- pGo{ڵLkb Client ݨϥ ssh {nJڪ Linux DAO Linux
Do@`Ai]H(Bknown_hosts...)
LknJ]iܦhA̦ndߤ@U /var/log/messages ̭~TӧP_AMA٦Li]G
- QצFAХH iptables -L -n ӹݡAM]n /etc/hosts.denyF
- iѩDs}LA public key ܤFAЭקz ~/ssh/known_hosts ̭D IP F
- iѩ /etc/ssh/sshd_config ̭]wDAɭPzoӨϥΪ̵LkϥΡF
- b /etc/passwd ̭Az user 㦳iHnJ shell F
- L](pbKXL)
- JM ssh Owƫʥ]ǰe觋AڴNiHb Internet W}ڪ
Linux D SSH AȤFܡHIлzܪת]I
̦nn Internet }z SSH AȡA] SSH [K祃wϥΪO openssl A@ Linux distribution ϥΪ
SSH hO openssh AoӮMƹW֪|}QoGLA]A̦nn Internet }A
SSH DϥvOܰI
- pGڷQnN server nƳƥ backserverApGiHϥ rsync zL ssh qDA
AiHйճo˰G
- b server WH root ظm ssh public P private key pair F
- N public key ǰeP]w backserver WYӨϥΪҤUF
- b backserver Ws@nwpnsƥƪؿIIbyvz]wWI
- b server W]wn rsync ƥ script
- Q crontab Cj@qɶ۰ʲaƥC
Ш̷ӤWz@kbzⳡDWiջP@C(Ѹѵ)
ѦҸ귽
2002/11/14GĤ@
2003/03/08G[JYAPקﳡeAҦp Telnet An骺w˵AH SSH putty ϥΤ媬AI
2003/09/09GNi@ǭqA~A[JFҫmߡI
2005/07/02GNª峹ʨ o C
2005/07/07GneN VNC ٦ XDMCP LgFgjaѦҬݬݰڡ
2005/07/09G[JF VNC P tty7 PB vnc.so Ҳժ
2005/11/22G[JF RSH A ơI
2006/09/18GN putty ন pietty СI] pietty nΡIt~]N rsh sg@UAսZLI
2006/09/19G[J rsync ²Pާ@I̤好DiH@@@I
