現在、大幅な、ロボット環境の変更を行っています。
それに、伴い、RSAの再設定などを行ったので、その手順と考え方をメモ。
この例は、RSAの設定方法の忘備録です。RDCSの実際の設定方法ではありません。
ちなみに、この例は、RDCSのセキュリティーポリシーに反します。
じゃぁ、なんで書くんだ? メモなので、、
Router
|
|
|---------+---------+----------+---------+---------|
RDCS RDCS RDCS RDCS RDCS RDCS
Server Client Client Client Client Client
(1) RDCS Server
RDCS Serverの公開鍵の作成
[root@rcmp-sv01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ac:51:61:b8:90:a1:8b:7a:61:e7:1c:cf:47:c7:05:8d root@rcmp-sv01
The key's randomart image is:
+--[ RSA 2048]----+
| .o .o .o |
| .o .. .E.. |
| . . .. . |
| . . .o . . |
|. + o . S o |
|.. = + + . |
|. . o + . |
| . . |
| |
+-----------------+
[root@rcmp-sv01 ~]# ls -al .ssh
total 16
drwx------ 2 root root 4096 Aug 16 11:13 .
drwxr-x--- 4 root root 4096 Aug 15 16:40 ..
-rw------- 1 root root 1675 Aug 16 11:13 id_rsa
-rw-r--r-- 1 root root 396 Aug 16 11:13 id_rsa.pub
[root@rcmp-sv01 .ssh]# cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
(2) RDCS Client
RDCS Clientの公開鍵の作成
[root@rcmp-r02 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
58:93:66:72:e3:c2:ba:6d:29:a7:52:62:52:f5:54:7b root@rcmp-r02
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| . . o |
| . o. X E |
| . ..O + |
| . + S |
|. o .. . |
| o o. . |
| . .o+ |
| .o=. |
+-----------------+
[root@rcmp-r02 ~]# cd .ssh
[root@rcmp-r02 .ssh]# ls -al
total 16
drwx------ 2 root root 4096 Aug 16 11:12 .
drwxr-x--- 4 root root 4096 Aug 16 11:12 ..
-rw------- 1 root root 1675 Aug 16 11:12 id_rsa
-rw-r--r-- 1 root root 395 Aug 16 11:12 id_rsa.pub
[root@rcmp-r02 .ssh]# cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
[root@rcmp-r02 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtzD2RAdTTcxWUx4q0Qi/ujTejJdWuW6rS3t+Dgvxrmz5TLeZo7H0UCm361duF4rksMNGeDQe8mpZpQfB50H3ZOY/LiLXQ5SL6bOXM2y1d9OF6yjQZWw2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gtR1n6RHi/R3xndBm47kCQZjis9Tusnb1zHlg9afETQDFDiyfFZsmLtSldcc+Bkg9sOgD0TMGK6lwngBT2lSWgYx6agNLUpi+bNkwj6iAkIvkYvdUuTKDgVqHHym8ksd9UgRWd5U9CKOcgOrmAJ1S21
(3) RDCS Server
RDCS Server の.ssh/authorized_keysに、RDCS Clientの.ssh/id_rsa.pub (公開鍵)を追加する。
これにより、RDCS ClientからRDCS Serverへのscpは、パスワードなしで可能になる。
実際のオペレーションは、いろいろな方法があるので、ここでは記述しない。
ちなみに、RDCS Serverから、RDCS Clientにパスワード無しscpを行う場合には、
RDCS Serverの公開鍵を、RDCS Clientの .ssh/authorized_keysに追記する。
(4) RDCS Client
RDCS Clientから、最初のscpを、Serverに行う。
[root@rcmp-r02 ~]# touch qq
[root@rcmp-r02 ~]# scp qq root@192.168.11.70:/root
The authenticity of host '192.168.11.70 (192.168.11.70)' can't be established.
ECDSA key fingerprint is df:44:09:55:a1:03:1f:0b:86:51:d0:4e:8a:50:78:26.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.11.70' (ECDSA) to the list of known hosts.
qq 100% 0 0.0KB/s 00:00
[root@rcmp-r02 .~]# ls -al .ssh
total 24
drwx------ 2 root root 4096 Aug 16 11:17 .
drwxr-x--- 4 root root 4096 Aug 16 11:16 ..
-rw-r--r-- 1 root root 395 Aug 16 11:14 authorized_keys
-rw------- 1 root root 1675 Aug 16 11:12 id_rsa
-rw-r--r-- 1 root root 395 Aug 16 11:12 id_rsa.pub
-rw-r--r-- 1 root root 175 Aug 16 11:17 known_hosts
[root@rcmp-r02 ~]# cat .ssh/known_hosts
192.168.11.70 ecdsa-sha2-nistp256 fdafdaawexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxYMWN3TcTnsxxxxxxxxVp4zixHzvuP7g6slxUTxm55BVZh5f+bituIVSf1ZjOBUSUYv5c=
(3) RDCS Server
RDCS Clientの最初のscp処理後
[root@rcmp-sv01 ~]# ls -al
total 36
drwxr-x--- 4 root root 4096 Aug 16 11:17 .
drwxr-xr-x 17 root root 4096 Jul 18 13:38 ..
-rw------- 1 root root 6174 Aug 16 10:12 .bash_history
-rw-r--r-- 1 root root 550 Feb 3 2013 .bash_profile
-rw-r--r-- 1 root root 114 Jan 15 2013 .bashrc
-rw-r--r-- 1 root root 40 Jan 15 2013 .exrc
drwx------ 2 root root 4096 Aug 16 11:46 .ssh
drwxr-xr-x 2 root root 4096 Feb 5 2013 bin
-rw-r--r-- 1 root root 0 Aug 16 11:17 qq
[root@rcmp-sv01 ~]# ls -al .ssh
total 20
drwx------ 2 root root 4096 Aug 16 11:46 .
drwxr-x--- 4 root root 4096 Aug 16 11:17 ..
-rw-r--r-- 1 root root 791 Aug 16 11:16 authorized_keys
-rw------- 1 root root 1675 Aug 16 11:13 id_rsa
-rw-r--r-- 1 root root 396 Aug 16 11:13 id_rsa.pub
peace!!
0 件のコメント:
コメントを投稿