|
1 -*- coding: utf-8 -*- |
|
2 |
|
3 =========== |
|
4 SSH/sshd. |
|
5 =========== |
|
6 |
|
7 Maintaining key pair. |
|
8 ===================== |
|
9 :: |
|
10 |
|
11 $ ssh-keygen -t dsa # for DSA |
|
12 $ ssh-keygen -t rsa # for RSA |
|
13 $ ssh-keygen -t dsa -C comment # put own comment instead user@host |
|
14 $ ssh-keygen -t dsa -f my_dsa_key # store priv key under my_dsa_key |
|
15 # and pub key under my_dsa_key.pub |
|
16 |
|
17 $ ssh-keygen -y -f my_dsa_key # recover pub key from priv |
|
18 |
|
19 $ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa |
|
20 # change passphrase of priv key |
|
21 |
|
22 $ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub |
|
23 # public pub key on remote host |
|
24 |
|
25 Shell login. |
|
26 ============ |
|
27 :: |
|
28 |
|
29 $ ssh $user@$host |
|
30 $ ssh $user@$host:$port |
|
31 |
|
32 $ ssh -i ~/.ssh/my_dsa_key $user@$host |
|
33 |
|
34 or:: |
|
35 |
|
36 $ ssh -l $user $host |
|
37 $ ssh -l $user $host:$port |
|
38 |
|
39 X session. |
|
40 ========== |
|
41 :: |
|
42 |
|
43 $ ssh -X $user@$host |
|
44 |
|
45 Multiply private keys. |
|
46 ====================== |
|
47 |
|
48 ssh try use all listen keys:: |
|
49 |
|
50 $ ssh -i ./priv1 -i ./priv2 $user@$host |
|
51 |
|
52 or place in ~/.ssh/config:: |
|
53 |
|
54 Host * |
|
55 IdentityFile ~/.ssh/identity # standard search path for protocol ver. 1 |
|
56 IdentityFile ~/.ssh/id_dsa # standard search path for RSA key protocol ver. 2 |
|
57 IdentityFile ~/.ssh/id_rsa # standard search path for DSA key protocol ver. 2 |
|
58 IdentityFile ~/.ssh/my_dsa |
|
59 IdentityFile ~/.ssh/another_dsa |
|
60 |
|
61 or per host private key:: |
|
62 |
|
63 Host host1 # alias, that user provide at CLI |
|
64 HostName host1.example.com # real host name to log into |
|
65 User iam |
|
66 IdentifyFile ~/.ssh/iam_priv_dsa |
|
67 Host host2 # alias, that user provide at CLI |
|
68 HostName 192.168.1.2 # real host IP to log into |
|
69 User admin |
|
70 IdentifyFile ~/.ssh/admin_priv_dsa |
|
71 |
|
72 Installing sshd on Cygwin. |
|
73 ========================== |
|
74 |
|
75 * Install base packages and openssh. |
|
76 * Set CYGWIN env var to 'binmode tty ntsec'. |
|
77 * Create Windows user. |
|
78 * Recreate /etc/passwd: |
|
79 $ mkpasswd -l -u user >>/etc/passwd |
|
80 or |
|
81 $ mkpasswd -l >/etc/passwd |
|
82 * Register sshd: |
|
83 $ mkdir -p /home/user |
|
84 $ ssh-host-config -y |
|
85 * Start: |
|
86 $ net start sshd |
|
87 or |
|
88 $ cygrunsrv -S sshd |
|
89 * Check from remote host: |
|
90 $ ssh $gygwin_host -l user |
|
91 |
|
92 To stop service use:: |
|
93 |
|
94 $ net stop sshd |
|
95 |
|
96 or:: |
|
97 |
|
98 $ cygrunsrv -E sshd |
|
99 |
|
100 Запускаем SSH server на правах произвольного пользователя. |
|
101 ---------------------------------------------------------- |
|
102 |
|
103 * Создаем пользователя, например с именем user, задаем ему пароль, |
|
104 права (т.е. в какие группы будет входить) и т.д., пользователя не блокируем. |
|
105 * В консоле MMC добавляем оснастку "Параметры безопасности.". Модифицируем параметры: |
|
106 |
|
107 "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя." |
|
108 ->"Вход в качестве службы."->добавить 'user'. |
|
109 |
|
110 "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя." |
|
111 ->"Отклонить локальный вход."->удалить 'user' (если был установлен). |
|
112 |
|
113 XXX "Принудительное удаленнон завершение." |
|
114 |