---------------------------------------------------------------------- sshdの設定 ========== クライアントのm-itoさんが(sshd)サーバのm-itoさんにログインする場合 サーバ側にopensshのインストール =============================== ./configure; make; make install /etc/local/etc/sshd_config #--- ここから --- # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 HostKey /usr/local/etc/ssh_host_key # HostKeys for protocol version 2 HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt no X11Forwarding no X11DisplayOffset 10 #X11UseLocalhost yes PrintMotd yes #PrintLastLog yes KeepAlive yes #UseLogin no UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/local/libexec/sftp-server #--- ここまで --- /etc/hosts.allow #--- ここから --- ALL: 192.168.0. 127.0.0.1 sshd: 192.168.0. 127.0.0.1 123.456.789. #--- ここまで --- mkdir /vat/empty groupadd sshd useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd クライアント側で ================ m-itoさんでログイン ssh-keygen -t rsa1 パスフレーズ入力 ssh-keygen -t rsa パスフレーズ入力 ssh-keygen -t dsa パスフレーズ入力 サーバ側で ========== m-itoさんでログイン クライアントで作成した ~/.ssh/*pub をftpで持ってきて cat *pub >>~/.ssh/authorized_keys cat *pub >>~/.ssh/authorized_keys2 sshによる接続(クライアント->sshdサーバ) ======================================= クライアントにm-itoさんでログイン slogin sshdサーバ パスフレーズ入力 ---------------------------------------------------------------------- delegatedを使ったプロキシリレー接続(proxy.foo1.org->proxy.foo2.org) =================================================================== proxy.foo1.org ============== /etc/rc.d/rc.local --- ここから --- if [ -x /usr/local/bin/delegated ]; then /usr/local/bin/delegated -P8080 \ ADMIN=root@foo1.org \ SERVER=http \ PERMIT="*:*:192.168.1.0/255.255.255.0" \ PROXY="proxy.foo2.org:8080:*.リレーしたいドメイ名" \ LOGFILE= echo -n ' delegated ' fi --- ここまで --- proxy.foo2.org ============= /etc/rc.d/rc.local --- ここから --- if [ -x /usr/local/bin/delegated ]; then /usr/local/bin/delegated -P8080 \ ADMIN=root@foo2.org \ SERVER=http \ PERMIT="*:*:172.21.15.0/255.255.255.0,172.21.100.0/255.255.255.0,123.456.789.0/255.255.255.0" \ RELAY=proxy,delegate \ LOGFILE= echo -n ' delegated ' fi --- ここまで --- クライアントでのURL多段接続指定の仕方 ===================================== w3m http://proxy.foo2.org:8080/-_-http://hogehoge.com/index.html