| Client | Server | |
|---|---|---|
| 1. 事前準備 | ||
(キーペア作成) student$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/student/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/student/.ssh/id_rsa. Your public key has been saved in /home/student/.ssh/id_rsa.pub. The key fingerprint is: 78:25:e5:e2:c9:24:d3:ae:ab:2a:dc:bc:1f:6c:fd:ce student@h006.s142.la.net |
(ユーザ作成) # useradd sshguest # passwd sshguest Changing password for user sshguest. New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: passwd: all authentication tokens updated successfully. |
|
| 2.公開鍵送付 | ||
student$ scp ~/.ssh/id_rsa.pub student@server:/tmp/yakoshi.id student@server's password: id_rsa.pub 100% 406 0.4KB/s 00:00 ETA |
この例では、公開鍵を student で /tmp(誰でも利用できる作業領域) へコピー。 ユーザ sshguest を使っても良い。サーバのどこに置いたかをサーバ管理者に正しく伝えることが重要。 |
|
| - | 3.公開鍵取り込み | |
|
一度も ssh を使用していないユーザの場合、.ssh ディレクトリの作成が必要。 スーパユーザで .ssh や authorized_keys を作成したら、所有者の変更が必要。 .ssh, authorized_keys とも本人以外からアクセスできないパーミッションが必要。 |
# mkdir ~sshguest/.ssh # cat /tmp/yakoshi.id >> ~sshguest/.ssh/authorized_keys # chown -R sshguest:sshguest ~sshguest/.ssh # chmod 700 ~sshguest/.ssh # chmod 600 ~sshguest/.ssh/authorized_keys |
|
| 4.動作確認 | ||
student$ ssh sshguest@server Enter passphrase for key '/home/student/.ssh/id_rsa': | Passphrase を聞かれれば正解。password であれば失敗 | |