LinuC（Linux技術者認定資格）＆リナックスサーバ構築設定事例

[root]# vi /etc/ssh/sshd_config　←SSHサーバ設定ファイル
■該当箇所を以下のように編集↓■
PasswordAuthentication no
AllowUsers      reverie

[root]# su - reverie　←ユーザ切替

[reverie]$ ssh-keygen -t rsa1　←SSHの鍵を作成
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/reverie/.ssh/identity):
Created directory '/home/reverie/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/reverie/.ssh/identity.
Your public key has been saved in /home/reverie/.ssh/identity.pub.
The key fingerprint is:
23:46:16:33:65:37:88:94:b4:f7:33:a0:5d:b5:4e:ad reverie@reverie.example.com

[reverie]$ cd /home/reverie/.ssh　←共通鍵の格納場所へ移動
[reverie]$ ls -al
合計 16
drwx------    2 reverie  reverie      4096 11月 29 14:22 .
drwx------   11 reverie  500          4096 11月 29 14:21 ..
-rw-------    1 reverie  reverie       542 11月 29 14:22 identity
-rw-r--r--    1 reverie  reverie       346 11月 29 14:22 identity.pub

[reverie]$ cat identity.pub >> authorized_keys　←サーバに渡す公開鍵
[reverie]$ chmod 0600 *　←所有者のみ読み書き可能
[reverie]$ ls -al
合計 20
drwx------    2 reverie  reverie      4096 11月 29 14:25 .
drwx------   11 reverie  500          4096 11月 29 14:21 ..
-rw-------    1 reverie  reverie       346 11月 29 14:25 authorized_keys
-rw-------    1 reverie  reverie       542 11月 29 14:22 identity
-rw-------    1 reverie  reverie       346 11月 29 14:22 identity.pub

[reverie]$ smbclient '\\win50\LINUX' -I 192.168.0.50 -U Administrator　←クライアントへ接続
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/smb.conf":
        Permission denied
Can't load /etc/samba/smb.conf - run testparm to debug it
added interface ip=192.168.0.99 bcast=192.168.0.255 nmask=255.255.255.0
Password:　←パスワード入力
Domain=[EXAMPLE.COM] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \> put identity　←クライアント側に秘密鍵を渡す
putting file identity as \identity (13.2 kb/s) (average 13.2 kb/s)
smb: \> quit　←smbclient終了
[reverie]$exit　←rootへ戻る

←WindowsクライアントからSSH接続する

[root]# tail /var/log/secure
Nov 23 14:04:06 reverie sshd[1042]: Server listening on 0.0.0.0 port 22.
Nov 23 14:27:57 reverie sshd[1345]: Accepted password for reverie from 192.168.0.21 port 57414 ssh2
Nov 23 15:32:10 reverie sshd[1347]: Received disconnect from 192.168.0.21: 2: disconnected by server request
Nov 23 15:32:11 reverie sshd[1042]: Received signal 15; terminating.
Nov 29 13:17:26 reverie sshd[1042]: Server listening on 0.0.0.0 port 22.
Nov 29 13:19:58 reverie sshd[1344]: Accepted password for reverie from 192.168.0.21 port 56761
Nov 29 13:22:39 reverie useradd[1416]: new user: name=testuser, uid=501, gid=501, home=/home/testuser, shell=/bin/bash
Nov 29 13:32:50 reverie sudo: testuser : command not allowed ; TTY=pts/0 ; PWD=/home/testuser ; USER=root ; COMMAND=/bin/more /etc/sudoers
Nov 29 13:33:39 reverie sudo:  reverie : TTY=pts/0 ; PWD=/home/reverie ; USER=root ; COMMAND=/bin/more /etc/sudoers
Nov 29 14:37:59 reverie sshd[8082]: Accepted rsa for reverie from 192.168.0.50 port 3009