1002
|
1 |
-*- coding: utf-8 -*-
|
|
2 |
|
|
3 |
===========
|
|
4 |
SSH/sshd.
|
|
5 |
===========
|
|
6 |
|
|
7 |
Maintaining key pair.
|
|
8 |
=====================
|
|
9 |
::
|
|
10 |
|
|
11 |
$ ssh-keygen -t dsa # for DSA
|
|
12 |
$ ssh-keygen -t rsa # for RSA
|
|
13 |
$ ssh-keygen -t dsa -C comment # put own comment instead user@host
|
|
14 |
$ ssh-keygen -t dsa -f my_dsa_key # store priv key under my_dsa_key
|
|
15 |
# and pub key under my_dsa_key.pub
|
|
16 |
|
|
17 |
$ ssh-keygen -y -f my_dsa_key # recover pub key from priv
|
|
18 |
|
|
19 |
$ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa
|
|
20 |
# change passphrase of priv key
|
|
21 |
|
|
22 |
$ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub
|
|
23 |
# public pub key on remote host
|
|
24 |
|
|
25 |
Shell login.
|
|
26 |
============
|
|
27 |
::
|
|
28 |
|
|
29 |
$ ssh $user@$host
|
|
30 |
$ ssh $user@$host:$port
|
|
31 |
|
|
32 |
$ ssh -i ~/.ssh/my_dsa_key $user@$host
|
|
33 |
|
|
34 |
or::
|
|
35 |
|
|
36 |
$ ssh -l $user $host
|
|
37 |
$ ssh -l $user $host:$port
|
|
38 |
|
|
39 |
X session.
|
|
40 |
==========
|
|
41 |
::
|
|
42 |
|
|
43 |
$ ssh -X $user@$host
|
|
44 |
|
|
45 |
Multiply private keys.
|
|
46 |
======================
|
|
47 |
|
|
48 |
ssh try use all listen keys::
|
|
49 |
|
|
50 |
$ ssh -i ./priv1 -i ./priv2 $user@$host
|
|
51 |
|
|
52 |
or place in ~/.ssh/config::
|
|
53 |
|
|
54 |
Host *
|
|
55 |
IdentityFile ~/.ssh/identity # standard search path for protocol ver. 1
|
|
56 |
IdentityFile ~/.ssh/id_dsa # standard search path for RSA key protocol ver. 2
|
|
57 |
IdentityFile ~/.ssh/id_rsa # standard search path for DSA key protocol ver. 2
|
|
58 |
IdentityFile ~/.ssh/my_dsa
|
|
59 |
IdentityFile ~/.ssh/another_dsa
|
|
60 |
|
|
61 |
or per host private key::
|
|
62 |
|
|
63 |
Host host1 # alias, that user provide at CLI
|
|
64 |
HostName host1.example.com # real host name to log into
|
|
65 |
User iam
|
|
66 |
IdentifyFile ~/.ssh/iam_priv_dsa
|
|
67 |
Host host2 # alias, that user provide at CLI
|
|
68 |
HostName 192.168.1.2 # real host IP to log into
|
|
69 |
User admin
|
|
70 |
IdentifyFile ~/.ssh/admin_priv_dsa
|
|
71 |
|
|
72 |
Installing sshd on Cygwin.
|
|
73 |
==========================
|
|
74 |
|
|
75 |
* Install base packages and openssh.
|
|
76 |
* Set CYGWIN env var to 'binmode tty ntsec'.
|
|
77 |
* Create Windows user.
|
|
78 |
* Recreate /etc/passwd::
|
|
79 |
$ mkpasswd -l -u user >>/etc/passwd
|
|
80 |
or::
|
|
81 |
$ mkpasswd -l >/etc/passwd
|
|
82 |
|
|
83 |
* Register sshd::
|
|
84 |
$ mkdir -p /home/user
|
|
85 |
$ ssh-host-config -y
|
|
86 |
* Start::
|
|
87 |
$ net start sshd
|
|
88 |
or::
|
|
89 |
$ cygrunsrv -S sshd
|
|
90 |
|
|
91 |
* Check from remote host::
|
|
92 |
$ ssh $gygwin_host -l user
|
|
93 |
|
|
94 |
To stop service use::
|
|
95 |
|
|
96 |
$ net stop sshd
|
|
97 |
|
|
98 |
or::
|
|
99 |
|
|
100 |
$ cygrunsrv -E sshd
|
|
101 |
|
|
102 |
Запускаем SSH server на правах произвольного пользователя.
|
|
103 |
----------------------------------------------------------
|
|
104 |
|
|
105 |
* Создаем пользователя, например с именем user, задаем ему пароль,
|
|
106 |
права (т.е. в какие группы будет входить) и т.д., пользователя не блокируем.
|
|
107 |
* В консоле MMC добавляем оснастку "Параметры безопасности.". Модифицируем параметры:
|
|
108 |
|
|
109 |
"Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
|
|
110 |
->"Вход в качестве службы."->добавить 'user'.
|
|
111 |
|
|
112 |
"Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
|
|
113 |
->"Отклонить локальный вход."->удалить 'user' (если был установлен).
|
|
114 |
|
|
115 |
XXX "Принудительное удаленнон завершение."
|
|
116 |
|