[네트워크] ssh 2.4 설치와 활용
다음은 openssl 과 ssh 의 설치과정과 실행방법입니다.
LAN환경에서 Packet Sniffing을 방지하기 위해 telnet통신을 ssh로 대처하는 것도
보안에 대한 대비책이라고 생각합니다.
먼저 ssh 설치전에 ssl이 설치되어야 한다는 군요..
ftp.openssl.org/source/openssl-0.9.6.tar.gz
[선결요건]
————————————
* Perl 5
* an ANSI C compiler
* a supported Unix operating system
————————————
[설치]
—————————————
$ ./config –prefix=/usr/local/openssl
$ make
$ make test
$ make install
—————————————
[설치되는 디렉토리]
—————————————————————————
certs Initially empty, this is the default location for certificate files.
man/man1 Manual pages for the ‘openssl’ command line tool
man/man3 Manual pages for the libraries (very incomplete)
misc Various scripts.
private Initially empty, this is the default location for private key files.
bin Contains the openssl binary and a few other utility programs.
include/openssl
Contains the header files needed if you want to compile programs with libcrypto
or libssl.
lib Contains the OpenSSL library files themselves.
————————————————————————
ftp.ssh.com/pub/ssh-2.4.0.tar.gz
[설치]
—————————————
$ ./config –prefix=/usr/local/ssh
$ make
$ make test
$ make install
—————————————
[설치되는 파일들]
————————————————————————
ssh2 The SSH2 client.
sshd2 The SSH2 daemon.
sftp2 The SFTP client (needs ssh2). Type “?” in the command line for
help.
sftp-server2 The SFTP server (executed by sshd2).
scp2 The SCP client.
ssh-keygen2 The utility for generating keys. Use -h for help.
ssh-add2 Add identities to the authentication agent.
ssh-agent2 The authentication agent.
ssh-askpass2 X11 utility for querying passwords.
ssh-signer2 A small program that signs “hostbased” authentication
packets. Executed by ssh2, and for proper function,
must be suid root. (This is done by ‘make install’.)
ssh-pam-client Helper program, that the server uses with PAM authentication.
ssh-probe2 Program to probe a given network for ssh2
servers. See ssh-probe(1) and sshd2_config(5)
for MaxBroadcastsPerSecond.
ssh-pubkeymgr Utility script for generating user public keys and
uploading them and setting up the ~/.ssh2/authorization
and ~/.ssh2/identification files.
ssh-chrootmgr Utility to ease setting up chrooted environment for users.
———————————————————————
[StartUp 파일]
# cp /usr/local/src/ssh-2.4.0/sshd2.startup /etc/rc.d/init.d/sshd
# ln -s /etc/rc.d/init.d/sshd /etc/rc.d/rc3.d/S??sshd //??는 적당한 숫자
vi로 /etc/rc.d/init.d/sshd 파일을 열어 /usr/local/sbin/sshd2 라고 되어 있는
부분을 /usr/local/ssh/sbin/sshd2 로 모두 변경해 준다.
[Secure Shell Deamon의 실행]
# /etc/rc.d/init.d/sshd start
Starting sshd2 in port 22: sshd2: SSH Secure Shell 2.4.0 (non-commercial version
) on i586-pc-linux-gnu
done.
[ssh 를 사용한 접속]
# ssh -l root localhost
Host key not found from database.
Key fingerprint:
124334dr-4235g-balot-rroh-kinep-cy656v-878l-v656575-ty6557in-m56g-va75757x
You can get a public key’s fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes <Enter>
Host key saved to /root/.ssh2/hostkeys/key_22_localhost.pub
host key for localhost, accepted by root Fri Apr 06 2001 16:18:24 +0900
root’s password: ************ <Enter>
Authentication successful.
Last login: Thu Apr 05 2001 19:54:43 +0900 from
No mail.