[네트워크] ssh 2.4 설치와 활용

다음은 openssl 과 ssh 의 설치과정과 실행방법입니다.

LAN환경에서 Packet Sniffing을 방지하기 위해 telnet통신을 ssh로 대처하는 것도

보안에 대한 대비책이라고 생각합니다.  

먼저 ssh 설치전에 ssl이 설치되어야 한다는 군요..

ftp.openssl.org/source/openssl-0.9.6.tar.gz

[선결요건]

————————————

* Perl 5

* an ANSI C compiler

* a supported Unix operating system

————————————

[설치]

—————————————

$ ./config –prefix=/usr/local/openssl

$ make

$ make test

$ make install

—————————————  

[설치되는 디렉토리]

—————————————————————————

certs       Initially empty, this is the default location for certificate files.

man/man1    Manual pages for the ‘openssl’ command line tool

man/man3    Manual pages for the libraries (very incomplete)

misc        Various scripts.

private     Initially empty, this is the default location for private key files.

bin         Contains the openssl binary and a few other utility programs.

include/openssl  

Contains the header files needed if you want to compile programs with libcrypto

or libssl.

lib         Contains the OpenSSL library files themselves.  

————————————————————————

ftp.ssh.com/pub/ssh-2.4.0.tar.gz

[설치]

—————————————

$ ./config –prefix=/usr/local/ssh

$ make

$ make test

$ make install

—————————————  

[설치되는 파일들]

————————————————————————

ssh2            The SSH2 client.

sshd2           The SSH2 daemon.

sftp2           The SFTP client (needs ssh2). Type “?” in the command line for

help.

sftp-server2    The SFTP server (executed by sshd2).

scp2            The SCP client.

ssh-keygen2     The utility for generating keys. Use -h for help.

ssh-add2        Add identities to the authentication agent.

ssh-agent2      The authentication agent.

ssh-askpass2    X11 utility for querying passwords.

ssh-signer2     A small program that signs “hostbased” authentication

                packets. Executed by ssh2, and for proper function,

                must be suid root. (This is done by ‘make install’.)

ssh-pam-client  Helper program, that the server uses with PAM authentication.

ssh-probe2      Program to probe a given network for ssh2

                servers. See ssh-probe(1) and sshd2_config(5)

                for MaxBroadcastsPerSecond.

ssh-pubkeymgr   Utility script for generating user public keys and

                uploading them and setting up the ~/.ssh2/authorization

                and ~/.ssh2/identification files.

ssh-chrootmgr   Utility to ease setting up chrooted environment for users.  

———————————————————————

[StartUp 파일]

# cp /usr/local/src/ssh-2.4.0/sshd2.startup /etc/rc.d/init.d/sshd

# ln -s /etc/rc.d/init.d/sshd /etc/rc.d/rc3.d/S??sshd //??는 적당한 숫자

vi로 /etc/rc.d/init.d/sshd 파일을 열어 /usr/local/sbin/sshd2 라고 되어 있는  

부분을 /usr/local/ssh/sbin/sshd2 로 모두 변경해 준다.

[Secure Shell Deamon의 실행]

# /etc/rc.d/init.d/sshd start

Starting sshd2 in port 22: sshd2: SSH Secure Shell 2.4.0 (non-commercial version

) on i586-pc-linux-gnu

done.  

[ssh 를 사용한 접속]

# ssh -l root localhost

Host key not found from database.

Key fingerprint:

124334dr-4235g-balot-rroh-kinep-cy656v-878l-v656575-ty6557in-m56g-va75757x

You can get a public key’s fingerprint by running

% ssh-keygen -F publickey.pub

on the keyfile.

Are you sure you want to continue connecting (yes/no)? yes <Enter>

    

Host key saved to /root/.ssh2/hostkeys/key_22_localhost.pub

host key for localhost, accepted by root Fri Apr 06 2001 16:18:24 +0900

root’s password: ************ <Enter>

Authentication successful.

Last login: Thu Apr 05 2001 19:54:43 +0900 from

No mail.