soramineの日記: ssh 2
sshを入れてみようと思ったです。この前 pkg_add で味をしめたので、同じようにやってみるですの。
fairy# pkg_add ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.7-release/All/openssh-3.4_4.tgz
Fetching ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.7-release/All/openssh-3.4_4.tgz... Done.
Fetching ftp://ftp.jp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.7-release/All/openssl-0.9.6g.tgz... Done.
Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf and edit it to fit your needs.
pkg_add: command '[ -f /usr/local/etc/ssh_config ] && [ ! -f /usr/local/etc/ssh/ssh_config ] && ln /usr/local/etc/ssh_config /usr/local/etc/ssh/ssh_config' failed
pkg_add: command '[ -f /usr/local/etc/sshd_config ] && [ ! -f /usr/local/etc/ssh/sshd_config ] && ln /usr/local/etc/sshd_config /usr/local/etc/ssh/sshd_config' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_key ] && [ ! -f /usr/local/etc/ssh/ssh_host_key ] && ln /usr/local/etc/ssh_host_key /usr/local/etc/ssh/ssh_host_key' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_key.pub ] && [ ! -f /usr/local/etc/ssh/ssh_host_key.pub ] && ln /usr/local/etc/ssh_host_key.pub /usr/local/etc/ssh/ssh_host_key.pub' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_rsa_key ] && [ ! -f /usr/local/etc/ssh/ssh_host_rsa_key ] && ln /usr/local/etc/ssh_host_rsa_key /usr/local/etc/ssh/ssh_host_rsa_key' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_rsa_key.pub ] && [ ! -f /usr/local/etc/ssh/ssh_host_rsa_key.pub ] && ln /usr/local/etc/ssh_host_rsa_key.pub /usr/local/etc/ssh/ssh_host_rsa_key.pub' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_dsa_key ] && [ ! -f /usr/local/etc/ssh/ssh_host_dsa_key ] && ln /usr/local/etc/ssh_host_dsa_key /usr/local/etc/ssh/ssh_host_dsa_key' failed
pkg_add: command '[ -f /usr/local/etc/ssh_host_dsa_key.pub ] && [ ! -f /usr/local/etc/ssh/ssh_host_dsa_key.pub ] && ln /usr/local/etc/ssh_host_dsa_key.pub /usr/local/etc/ssh/ssh_host_dsa_key.pub' failed
>> Generating a secret RSA1 host key.
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh/ssh_host_key.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@fairy.Cookie
>> Generating a secret RSA host key.
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@fairy.Cookie
>> Generating a secret DSA host key.
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@fairy.Cookie
To enable this port, please add sshd_program=/usr/local/sbin/sshd and make sure sshd_enable is set to YES in your /etc/rc.conf
You may also want to put NO_OPENSSH= true in your /etc/make.conf and make sure your path is setup to /usr/local/bin before /usr/bin so that you are running the port version of openssh and not the version that comes with FreeBSD
'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in the base system. Please be aware of this when upgrading your OpenSSH port, and if truly necessary, re-enable remote root login by readjusting this option in your sshd_config.
Users are encouraged to create single-purpose users with ssh keys and very narrowly defined sudo privileges instead of using root for automated tasks.
fairy#
何かメッセージは出ているですが、英語はよくわからないので「たぶんインストールできた」ということにして・・・
・・・
・・・この後何をしたらいいのかなあ?
/etc/rc.conf では sshd_enable="YES" になっているですから、このままでいいのかな。
(再起動)
あれれ、まだ telnet で接続できるし ssh で接続できない……。
なんだか設定足りないみたいだけれど、解決できないし来週以降にするです・・・
#セキュリティ対策が進まない原因の一つは、ボクみたいのがいるからですの。でも、「何も考えないで」対策できるようになるといいなあとも思うですし……。
いれてみるもなにも (スコア:0)
> 何かメッセージは出ているですが(以下略
こういう state なら最新版じゃなきゃ、とか言う前に仕組みを調べるところからな。
Re:いれてみるもなにも (スコア:1)
仕組みは……おいおい理解していきたいと思うです。
-------- SORAMINE Yukino