$Date: 2020/04/14 01:21:14 $
ユーザ名 | 管理ユーザへの昇格 | 接続種別 | ログインタイマ |
---|---|---|---|
aaa | ○ | すべて接続可能 | clear(*1) |
bbb | × | TELNET | 180秒 |
ccc(*2) | - | - | - |
その他のユーザ | × | TELNET、SSH | 120秒 |
ユーザ登録 login user aaa 1111111 login user bbb 2222222 login user ccc ... パスワードを省略した場合は、対話形式でパスワードの設定を行う。 NEW_Password: NEW_Password: ユーザの属性を設定 user attribute aaa login-timer=clear user attribute bbb administrator=off connection=telnet login-timer=180 user attribute * administrator=off connection=telnet,ssh login-timer=120
# show status user (*: 自分自身のユーザ情報, +: 管理者モード) ユーザ名 接続種別 ログイン アイドル IPアドレス -------------------------------------------------------------------------------- *+user ssh1 6/07 16:38 0:00:00 192.168.0.2 +user1 ssh2 6/02 07:27 0:13:30 2001:260:5:200:2e0:deff:fe0 7:f26f/64 user1 telnet1 6/07 09:17 1:05:08 192.168.0.244 test2 remote 6/07 14:00 0:01:27 200.100.100.100 #
# show status user (*: 自分自身のユーザ情報, +: 管理者モード) ユーザ名 接続種別 ログイン アイドル IPアドレス -------------------------------------------------------------------------------- *+test telnet1 2/03 09:50 0:00:00 133.176.78.80 +test telnet2 1/29 08:57 0:12:58 2001:260:5:200:2e0:deff:fe0 7:f26f/64 test2 remote 2/08 15:00 0:02:37 200.100.100.100 (noname) serial 2004/12/01 28:12:15 # # disconnect user /serial ...シリアルで接続していたユーザが切断される。 # # show status user (*: 自分自身のユーザ情報, +: 管理者モード) ユーザ名 接続種別 ログイン アイドル IPアドレス -------------------------------------------------------------------------------- *+test telnet1 2/03 09:50 0:00:00 133.176.78.80 +test telnet2 1/29 08:57 0:13:00 2001:260:5:200:2e0:deff:fe0 7:f26f/64 test2 remote 2/08 15:00 0:02:39 200.100.100.100 # # disconnect user test ...自分自身を除く、ユーザ名が「test」で接続しているユーザが切断される。 # # show status user (*: 自分自身のユーザ情報, +: 管理者モード) ユーザ名 接続種別 ログイン アイドル IPアドレス -------------------------------------------------------------------------------- *+test telnet1 2/03 09:50 0:00:00 133.176.78.80 test2 remote 2/08 15:00 0:02:42 200.100.100.100 #
# ssh host key generate # ホスト鍵生成 Generating public/private dsa key pair ... |**************** # 経過表示 Generating public/private rsa key pair ... |******************* # 経過表示 # # show sshd host key # ホスト鍵表示 ssh-dss AAAAB3NzaC1kc3MAAACBAIG1hUlA7rWC2F2N+Jj1lNgky0Ef2KeLu8Eny2PJ5u2Cc8NAQsa FFf5jXcYwydl7nEsMlXlyWTxtG+tKRxA+6X3vY9+azycdxjyR53GQvRmo9HEIkT8X5lojP7Maaxriso BExfMCTgZD/WN0mgt4Hg2f8eejUkrCLnOLx1+LyHXBAAAAFQCMv2AyRx2GXNR4so1x3mjYk1owTwAAA IAhOTha+To7UCT8LQc1JVylfoRb32CoP5Vg8tGbDrLu2QQMJQoFp8tdA70Cjid+BTBVDzLFj5K+VPRd 8g3uP8iZUh8cQtjMexzU05WH85SHJqVhbXan0Pc5CYAgb1onMCoAG67aZDwQBBFvIqysZdMs0eBX9NV vvd8oPEBCYPERkAAAAIAy878FtTrYyKt7YCM+/0WEqyhgVS6bOCmv0kQIiymKcfWFP9GhcTUtgWLsn9 x5fuUucMYAtQJbu3JzsrqAaa6pFC09JLlGXEXnZrUqRFWogQhFq/4NbLtFv8mQPfdJODJpkpYu/lrlH 0dg6EzmhfW7HjSRvNJgri53TComlpduLw= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2uVDcSxQdACXoA4sPcbLehOEFhdDXQgvBktG+AtgXuZ M2gkZCFj7XSuFJ+Kl3mebToYQ01mnpEi96IxkkcbLQeqyR9eP06zPB3vZv11Aq7Z7gA6Tti5Ng4FUHh L4WiH6Sy/jBRAUfQHgy3uP6aOuO3YIYOcTFgtZedJAu8IVyvk= #
[作成された公開鍵の例] ファイル名: id_ecdsa.pub ファイルの内容: ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF5Nyu JyIgDjzocT0H+b/2bDEFUc6b5lXIoEAcXee4eF9DzzkHCQRNeV3AKX9I+RZxFqt1DbrPywCoD+7//89 zP0QAglXYrRoJ+gq37gIun1iKOnqFvgJvjwoQWx7mDiJWFtBSagaUlkbjVpRZ1XEqgVC/bScSND4eOm YqXHoHxsBMfjA== user1
user1@yamaha:~ % ssh-keygen -t ecdsa -b 521 (*1)(*2) Generating public/private ecdsa key pair. Enter file in which to save the key (/home/user1/.ssh/id_ecdsa): (*3) Enter passphrase (empty for no passphrase): (*4) Enter same passphrase again: Your identification has been saved in /home/user1/.ssh/id_ecdsa. Your public key has been saved in /home/user1/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:UeQ0Yw5g+3T1UhV2eWDDDabpKi4A6QKDZyKhJXQwiic user1@yamaha The key's randomart image is: +---[ECDSA 521]---+ |.+.. o...B ..BB=| |= + . . B + Boo+| |E+.. . o + + . .| |Bo= o o . . | |o* . S . | |. . . . | | . . . . | | .. . | | .. | +----[SHA256]-----+ user1@yamaha:~ %
user1@yamaha:~ % more /home/user1/.ssh/id_ecdsa.pub ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF5Nyu JyIgDjzocT0H+b/2bDEFUc6b5lXIoEAcXee4eF9DzzkHCQRNeV3AKX9I+RZxFqt1DbrPywCoD+7//89 zP0QAglXYrRoJ+gq37gIun1iKOnqFvgJvjwoQWx7mDiJWFtBSagaUlkbjVpRZ1XEqgVC/bScSND4eOm YqXHoHxsBMfjA== user1
login user user1 * sshd host key generate sshd service on sshd auth method publickey (*1) sshd authorized-keys filename user1 path=/ssh/authorized_keys/user1 (*2)
# show sshd host key type=fingerprint 1024 SHA256:2cmHU3gOcDYB6UP+O/prNH285GTzC3FTqpGCIyGwtzk (DSA) 1024 SHA256:CV61GYLcw6fhURiVWrrntGMMwg4uZZxYmP2kqNcRnMo (RSA)
# import sshd authorized-keys user1 インポート先のファイル: /ssh/authorized_keys/user1 公開鍵を1つ入力してください: ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1Mj EAAAAIbmlzdHA1MjEAAACFBAF5NyuJyIgDjzocT0H+b/2bDEFUc6b5lXIoEAcXee4eF9DzzkHCQRNeV 3AKX9I+RZxFqt1DbrPywCoD+7//89zP0QAglXYrRoJ+gq37gIun1iKOnqFvgJvjwoQWx7mDiJWFtBSa gaUlkbjVpRZ1XEqgVC/bScSND4eOmYqXHoHxsBMfjA== user1 公開鍵をインポートしますか? (Y/N)Y インポートしました。 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF5Nyu JyIgDjzocT0H+b/2bDEFUc6b5lXIoEAcXee4eF9DzzkHCQRNeV3AKX9I+RZxFqt1DbrPywCoD+7//89 zP0QAglXYrRoJ+gq37gIun1iKOnqFvgJvjwoQWx7mDiJWFtBSagaUlkbjVpRZ1XEqgVC/bScSND4eOm YqXHoHxsBMfjA== user1 #
user1@yamaha:~ % cd /home/user1/.ssh/ user1@yamaha:/home/user1/.ssh/ % cat id_ecdsa.pub >> user1
# show file list usb1:/ yyyy/mm/dd XX:XX:XX 260 user1 # # show file list / all (*1) # # make directory /ssh # # make directory /ssh/authorized_keys # # show file list / all [ / ] yyyy/mm/dd XX:XX:XX <DIR> ssh [ /ssh ] yyyy/mm/dd XX:XX:XX <DIR> authorized_keys # # copy usb1:/user1 /ssh/authorized_keys/user1 # # show file list /ssh/authorized_keys yyyy/mm/dd XX:XX:XX 260 user1
# show sshd authorized-keys user1 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAF5Nyu JyIgDjzocT0H+b/2bDEFUc6b5lXIoEAcXee4eF9DzzkHCQRNeV3AKX9I+RZxFqt1DbrPywCoD+7//89 zP0QAglXYrRoJ+gq37gIun1iKOnqFvgJvjwoQWx7mDiJWFtBSagaUlkbjVpRZ1XEqgVC/bScSND4eOm YqXHoHxsBMfjA== user1または、
# show sshd authorized-keys user1 type=fingerprint 521 SHA256:UeQ0Yw5g+3T1UhV2eWDDDabpKi4A6QKDZyKhJXQwiic user1 (ECDSA)
user1@yamaha:~ % ssh -o PreferredAuthentications=publickey -i /usr/home/user1/. ssh/id_ecdsa user1@192.168.100.1 (*1)(*2)(*3) The authenticity of host '192.168.100.1 (192.168.100.1)' can't be established. RSA key fingerprint is SHA256:CV61GYLcw6fhURiVWrrntGMMwg4uZZxYmP2kqNcRnMo. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? yes (*4) Warning: Permanently added '192.168.100.1' (RSA) to the list of known hosts. Enter passphrase for key '/usr/home/user1/.ssh/id_ecdsa': (*5)
関連文書