SSH\u901a\u4fe1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u65b9\u6cd5\u3092\u307e\u3068\u3081\u307e\u3059\u3002<\/p>\n
SSH\u901a\u4fe1\u306e\u6982\u8981\u306b\u3064\u3044\u3066\u6574\u7406\u3057\u307e\u3059\u3002
\n\u30fbSSH\u901a\u4fe1\u306e\u7528\u9014
\n\u30fbSSH\u901a\u4fe1\u306e\u4ed5\u7d44\u307f
\n\u30fbSSH\u901a\u4fe1\u3092\u884c\u3046\u305f\u3081\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2<\/p>\n
SSH\u901a\u4fe1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3068\u3057\u3066\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3092\u6574\u7406\u3057\u307e\u3059\u3002
\n\u30fb\u516c\u958b\u9375\u306e\u751f\u6210\u3068\u914d\u9001\u306e\u554f\u984c
\n\u30fbSSH\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u9078\u629e
\n\u30fb\u8a8d\u8a3c\u65b9\u5f0f\u306e\u9078\u629e
\n\u30fb\u516c\u958b\u9375\u306e\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u9078\u629e
\n\u30fb\u516c\u958b\u9375\u306e\u9375\u9577\u306e\u9078\u629e
\n\u30fb\u9375\u4ea4\u63db\u65b9\u5f0f\u306e\u9078\u629e
\n\u30fb\u5171\u901a\u9375\u306b\u3088\u308b\u6697\u53f7\u5316\u901a\u4fe1\u65b9\u5f0f\u306e\u9078\u629e
\n\u30fb\u30e1\u30c3\u30bb\u30fc\u30b8\u8a8d\u8a3c\u30b3\u30fc\u30c9\u306e\u9078\u629e
\n\u30fbIP\u30a2\u30c9\u30ec\u30b9\u306b\u3088\u308b\u30a2\u30af\u30bb\u30b9\u5236\u9650
\n\u30fb\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4<\/p>\n
SSH\u30b5\u30fc\u30d0\u8a2d\u5b9a\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3068\u3057\u3066\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3092\u6574\u7406\u3057\u307e\u3059\u3002
\n\u30fb\u30ed\u30b0\u30a4\u30f3\u6210\u529f\u307e\u3067\u306e\u6642\u9593
\n\u30fbroot\u30e6\u30fc\u30b6\u306e\u30ed\u30b0\u30a4\u30f3\u7981\u6b62
\n\u30fb\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u6a29\u9650\u306e\u691c\u8a3c<\/p>\n
\u305d\u306e\u4ed6\u306eSSH\u306b\u95a2\u3059\u308b\u30c8\u30d4\u30c3\u30af\u3092\u53d6\u308a\u4e0a\u3052\u307e\u3059\u3002
\n\u30fb\u30d1\u30b9\u30ef\u30fc\u30c9\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u306e\u5229\u7528<\/p>\n
SSH\u901a\u4fe1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3092\u5b9f\u8df5\u3057\u3066\u307f\u307e\u3059\u3002
\n\u30fbOpenSSH\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u3092\u53ce\u96c6
\n\u30fbOpenSSH\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u78ba\u8a8d
\n\u30fbOpenSSH\u306b\u3088\u308b\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3067\u306e\u63a5\u7d9a\u3068\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d
\n\u30fbOpenSSH\u306e\u30ed\u30b0\u8a2d\u5b9a\u3068\u30ed\u30b0\u78ba\u8a8d
\n\u30fbOpenSSH\u306e\u30db\u30b9\u30c8\u9375\u306e\u751f\u6210\u3068\u5909\u66f4\uff08\u30b5\u30fc\u30d0\u5074\uff09
\n\u30fbOpenSSH\u306e\u8a8d\u8a3c\u7528\u306e\u9375\u306e\u751f\u6210\u3068\u914d\u7f6e\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\uff09
\n\u30fb\u9375\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97
\n\u30fb\u8a8d\u8a3c\u65b9\u5f0f\u3092\u516c\u958b\u9375\u8a8d\u8a3c\u306e\u307f\u306b\u5236\u9650
\n\u30fb\u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d\u3068\u5236\u9650<\/p>\n
SSH\u901a\u4fe1\u306e\u6982\u8981\u306b\u3064\u3044\u3066\u6574\u7406\u3057\u307e\u3059\u3002<\/p>\n
SSH\u306f\u4ee5\u4e0b\u306e\u7528\u9014\u3067\u4f7f\u7528\u3057\u307e\u3059\u3002
\n\u30fbTELNET\u306e\u4ee3\u66ff\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u3001\u30bf\u30fc\u30df\u30ca\u30eb\u6a5f\u80fd\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002
\n\u30fbFTP\u306e\u4ee3\u66ff\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u3001\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002
\n\u30fbR\u30b3\u30de\u30f3\u30c9\u306e\u4ee3\u66ff\u3068\u3057\u3066\u4f7f\u7528\u3057\u3066\u3001\u30ea\u30e2\u30fc\u30c8\u5b9f\u884c\u306e\u6a5f\u80fd\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002
\n\u30fbX11\u8ee2\u9001\u6a5f\u80fd\u3092\u4f7f\u7528\u3057\u3066\u3001X11\u306e\u901a\u4fe1\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002
\n\u30fb\u30dd\u30fc\u30c8\u30d5\u30a9\u30fc\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u6a5f\u80fd\u3092\u4f7f\u7528\u3057\u3066\u3001\u69d8\u3005\u306a\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u901a\u4fe1\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002<\/p>\n
SSH\u306e\u4ed5\u7d44\u307f\u306e\u6982\u7565\u3092\u793a\u3057\u307e\u3059\u3002
\n\uff1c\u69cb\u6210\uff1e
\n\u30fb\u30b5\u30fc\u30d0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u69cb\u6210\u3055\u308c\u307e\u3059\u3002
\n\uff1cSSH\u63a5\u7d9a\u6642\u958b\u59cb\u6642\uff08\u6697\u53f7\u5316\u901a\u4fe1\u524d\uff09\uff1e
\n\u30fb\u30b5\u30fc\u30d0\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u4f7f\u7528\u53ef\u80fd\u306a\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u4ea4\u63db\u3092\u884c\u3044\u3001\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u6c7a\u5b9a\u3057\u307e\u3059\u3002
\n\u30fb\u30b5\u30fc\u30d0\u306f\u3001\u30db\u30b9\u30c8\u9375\u306e\u516c\u958b\u9375\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u9001\u4ed8\u3057\u307e\u3059\u3002
\n\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u3001\u4fdd\u7ba1\u6e08\u307f\u306e\u30db\u30b9\u30c8\u540d\u3068\u516c\u958b\u9375\u306e\u6307\u7d0b\u306e\u7d44\u307f\u5408\u308f\u305b\u304c\u5b58\u5728\u3059\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002
\n\u30fb\u30db\u30b9\u30c8\u540d\u3068\u516c\u958b\u9375\u306e\u6307\u7d0b\u306e\u7d44\u307f\u5408\u308f\u305b\u304c\u5b58\u5728\u3059\u308b\u5834\u5408\u306f\u3001\u6697\u53f7\u5316\u901a\u4fe1\u3092\u958b\u59cb\u3057\u307e\u3059\u3002
\n\u30fb\u30db\u30b9\u30c8\u540d\u3068\u516c\u958b\u9375\u306e\u6307\u7d0b\u306e\u7d44\u307f\u5408\u308f\u305b\u304c\u5b58\u5728\u3057\u306a\u3044\u5834\u5408\u306f\u3001\u516c\u958b\u9375\u3092\u53d7\u3051\u5165\u308c\u308b\u304b\u30e6\u30fc\u30b6\u306b\u78ba\u8a8d\u3057\u3001\u53d7\u3051\u5165\u308c\u305f\u5834\u5408\u306f\u516c\u958b\u9375\u306e\u6307\u7d0b\u3092\u4fdd\u7ba1\u3057\u3001\u6697\u53f7\u5316\u901a\u4fe1\u3092\u958b\u59cb\u3057\u307e\u3059\u3002
\n\u30fb\u30db\u30b9\u30c8\u540d\u3068\u516c\u958b\u9375\u306e\u6307\u7d0b\u306e\u7d44\u307f\u5408\u308f\u305b\u304c\u7570\u306a\u308b\u5834\u5408\u306f\u3001\u516c\u958b\u9375\u306e\u6539\u3056\u3093\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u3092\u30e6\u30fc\u30b6\u306b\u8b66\u544a\u3057\u307e\u3059\u3002
\n\uff1c\u6697\u53f7\u5316\u65b9\u5f0f\u6c7a\u5b9a\u5f8c\uff08\u6697\u53f7\u5316\u901a\u4fe1\uff09\uff1e
\n\u30fb\u6697\u53f7\u5316\u901a\u4fe1\u306f\u3001DH\u9375\u4ea4\u63db\u65b9\u5f0f\u306a\u3069\u3092\u4f7f\u7528\u3057\u3066\u3001\u5171\u901a\u9375\u306b\u3088\u308b\u6697\u53f7\u5316\u901a\u4fe1\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n
\u4ee3\u8868\u7684\u306aSSH\u30b5\u30fc\u30d0\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002
\n\u30fbOpenSSH(UNIX,Linux)<\/p>\n
\u4ee3\u8868\u7684\u306aSSH\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002
\n\u30fbOpenSSH\uff08CUI\uff0fUNIX,Linux,macOS\uff09
\n\u30fbTeraTerm Pro (GUI\uff0fWindows)
\n\u30fbPutty (GUI\uff0fWindows)
\n\u30fbWinSCP\uff08GUI\uff0fWindows\uff09<\/p>\n
SSH\u901a\u4fe1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3059\u308b\u65b9\u6cd5\u306b\u3064\u3044\u3066\u6574\u7406\u3057\u307e\u3059\u3002<\/p>\n
\u30db\u30b9\u30c8\u9375\u306f\u3001\u30b5\u30fc\u30d0\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u969b\u306b\u81ea\u52d5\u7684\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3059\u304c\u3001\u4ed6\u306e\u30b5\u30fc\u30d0\u3068\u540c\u3058\u9375\u304c\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u53ef\u80fd\u6027\u3092\u6392\u9664\u3057\u305f\u308a\u3001\u5f31\u3044\u9375\u304c\u4f7f\u7528\u3055\u308c\u308b\u3053\u3068\u3092\u907f\u3051\u308b\u305f\u3081\u3001\u81ea\u5206\u3067\u5b89\u5168\u306a\u9375\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n
\u8a8d\u8a3c\u7528\u306e\u9375\u306f\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u516c\u958b\u9375\u8a8d\u8a3c\u306b\u4f7f\u7528\u3057\u307e\u3059\u3002\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u5b89\u5168\u306a\u9375\u3092\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n
\u6697\u53f7\u5316\u901a\u4fe1\u306e\u5927\u304d\u306a\u554f\u984c\u306f\u3001\u6697\u53f7\u5316\u524d\u306e\u6700\u521d\u306e\u9375\u914d\u9001\u3092\u5b89\u5168\u306b\u884c\u3046\u3053\u3068\u304c\u96e3\u3057\u3044\u3053\u3068\u3067\u3059\u3002\u3053\u306e\u554f\u984c\u306f\u3001\u516c\u958b\u9375\u6697\u53f7\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u89e3\u6d88\u3092\u8a66\u307f\u307e\u3059\u304c\u3001\u305d\u308c\u3067\u3082\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u901a\u4fe1\u306b\u3088\u3063\u3066\u914d\u9001\u3057\u305f\u516c\u958b\u9375\u304c\u6539\u3056\u3093\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u306f\u3001\u4e8b\u524d\u306b\u5b89\u5168\u306a\u65b9\u6cd5\u3067\u5165\u624b\u3057\u305f\u516c\u958b\u9375\u306e\u6307\u7d0b\u3068\u7167\u5408\u3059\u308b\u3053\u3068\u3067\u3001\u6b63\u3057\u3044\u516c\u958b\u9375\u3067\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
SSH\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u304c\u9078\u629e\u53ef\u80fd\u3067\u3059\u3002
\n\u30fbSSH1\uff08\u4f7f\u7528\u3057\u306a\u3044\uff09
\n\u30fbSSH2
\nSSH1\u306f\u8106\u5f31\u6027\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3001SSH2\u306e\u307f\u3092\u4f7f\u7528\u53ef\u3068\u3057\u307e\u3059\u3002<\/p>\n
SSH\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u304c\u9078\u629e\u53ef\u80fd\u3067\u3059\u3002
\n\u30fb\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c
\n\u30fb\u516c\u958b\u9375\u8a8d\u8a3c
\n\u30fb\u30c1\u30e3\u30ec\u30f3\u30b8\u30ec\u30b9\u30dd\u30f3\u30b9\u8a8d\u8a3c
\n\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u306f\u7c21\u4fbf\u3067\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3057\u305f\u3044\u5834\u5408\u306b\u306f\u3001\u516c\u958b\u9375\u8a8d\u8a3c\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n
\u516c\u958b\u9375\u6697\u53f7\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u304c\u9078\u629e\u53ef\u80fd\u3067\u3059\u3002
\n\u30fbRSA1\uff08\u4f7f\u7528\u3057\u306a\u3044\uff09
\n\u30fbDSA\uff08\u4f7f\u7528\u3057\u306a\u3044\uff09
\n\u30fbRSA
\n\u30fbECDSA
\n\u30fbED25519
\nRSA1\u306f\u3001SSH1\u7528\u306e\u305f\u3081\u4f7f\u7528\u3057\u307e\u305b\u3093\u3002OpenSSH\u3067\u306f\u3001\u8907\u6570\u306e\u9375\u3092\u767b\u9332\u3067\u304d\u307e\u3059\u306e\u3067\u3001\u5371\u6b86\u5316\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308bDSA\u4ee5\u5916\u306eRSA\u3001ECDSA\u3001ED25519\u305d\u308c\u305e\u308c\u306b\u3064\u3044\u3066\u3001\u5b89\u5168\u306a\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n
RSA\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u9375\u9577\u304c\u4f7f\u7528\u53ef\u80fd\u3067\u3059\u3002
\n\u30fb1024\uff08\u4f7f\u7528\u3057\u306a\u3044\uff09
\n\u30fb2048
\n\u30fb4096
\n1024\u30d3\u30c3\u30c8\u306f\u5371\u6b86\u5316\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u30012048\u30d3\u30c3\u30c8\u4ee5\u4e0a\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n
ECDSA\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u9375\u9577\u304c\u4f7f\u7528\u53ef\u80fd\u3067\u3059\u3002
\n\u30fb256
\n\u30fb384
\n\u30fb521<\/p>\n
ED25519\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u9375\u9577\u306e\u307f\u304c\u4f7f\u7528\u53ef\u80fd\u3067\u3059\u3002
\n\u30fb256<\/p>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eIP\u30a2\u30c9\u30ec\u30b9\u304c\u56fa\u5b9a\u3067\u3042\u308b\u5834\u5408\u306b\u306f\u3001IP\u30a2\u30c9\u30ec\u30b9\u306b\u3088\u308b\u63a5\u7d9a\u5236\u9650\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n
\u30b5\u30fc\u30d0\u5074\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u306f\u300c22\u300d\u3067\u3059\u304c\u3001\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4\u3092\u691c\u8a0e\u3057\u307e\u3059\u3002<\/p>\n
\u305d\u306e\u4ed6\u306eSSH\u306b\u95a2\u3059\u308b\u30c8\u30d4\u30c3\u30af\u3092\u53d6\u308a\u4e0a\u3052\u307e\u3059\u3002<\/p>\n
\u30d1\u30b9\u30ef\u30fc\u30c9\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u540c\u3058\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u4e0a\u3067SSH\u3092\u4f7f\u7528\u3059\u308b\u305f\u3073\u306b\u8a8d\u8a3c\u3092\u884c\u3046\u624b\u9593\u3092\u7701\u304f\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5229\u4fbf\u6027\u304c\u5897\u3057\u307e\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u30ec\u30d9\u30eb\u304c\u4f4e\u4e0b\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u306e\u3067\u3001\u4ed5\u7d44\u307f\u3092\u7406\u89e3\u3057\u3066\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n
SSH\u901a\u4fe1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3092\u5b9f\u8df5\u3057\u3066\u307f\u307e\u3059\u3002\u30b5\u30fc\u30d0\u5074\u3082\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3082Ubuntu 16.04 LTS\u306eOpenSSH\u3092\u4f7f\u7528\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n
OpenSSH\u306e\u30b5\u30a4\u30c8\u3067\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002 \u300cssh -V\u300d\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001OpenSSH\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u3042\u308b\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u53e4\u3044\u5834\u5408\u306b\u306f\u3001OpenSSH\u3092\u8106\u5f31\u6027\u306e\u306a\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3057\u307e\u3059\u3002<\/p>\n \u300cssh -vvv\u300d\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066\u3001\u5b9f\u969b\u306b\u63a5\u7d9a\u3067\u4f7f\u7528\u3057\u3066\u3044\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u30b5\u30fc\u30d0\u5074\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3084\u3001\u4f7f\u7528\u53ef\u80fd\u306a\u6697\u53f7\u5316\u306e\u7a2e\u985e\u3001\u9078\u629e\u3055\u308c\u305f\u6697\u53f7\u5316\u65b9\u5f0f\u306a\u3069\u69d8\u3005\u306a\u60c5\u5831\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n OpenSSH\u306e\u52d5\u4f5c\u304a\u3088\u3073\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306b\u306f\u3001OpenSSH\u306e\u30b5\u30fc\u30d0\u5074\u306e\u30ed\u30b0\u306e\u78ba\u8a8d\u304c\u5fc5\u9808\u306b\u306a\u308a\u307e\u3059\u3002\u300c\/etc\/ssh\/sshd_config\u300d\u3068\u300c\/etc\/rsyslog.d\/50-default.conf\u300d\u306e\u8a2d\u5b9a\u304b\u3089\u300c\/var\/log\/auth.log\u300d\u306b\u51fa\u529b\u3055\u308c\u307e\u3059\u3002 \u30fb\/etc\/rsyslog.d\/50-default.conf<\/p>\n SSH\u306e\u901a\u4fe1\u30d7\u30ed\u30c8\u30b3\u30eb\u304cSSH2\u306b\u5236\u9650\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002 \u30fb\u300csshd -T\u300d\u30b3\u30de\u30f3\u30c9<\/p>\n \u30fbSSH1\u3067\u63a5\u7d9a<\/p>\n \u30db\u30b9\u30c8\u9375\u3092\u751f\u6210\u3057\u3001\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n \uff1c\u30db\u30b9\u30c8\u9375\u306e\u78ba\u8a8d\uff1e \uff1c\u30db\u30b9\u30c8\u9375\u306e\u751f\u6210\uff1e \u30fbRSA<\/p>\n \u30fbECDSA<\/p>\n \u30fbED25519<\/p>\n \uff1c\u30db\u30b9\u30c8\u9375\u306e\u7f6e\u304d\u63db\u3048\uff1e \uff1cDSA\u9375\u306e\u7121\u52b9\u5316\uff1e \uff1c\u30b5\u30fc\u30d0\u306e\u518d\u8d77\u52d5\uff1e \uff1c\u30c6\u30b9\u30c8\uff1e \u767b\u9332\u6e08\u307f\u306e\u30db\u30b9\u30c8\u9375\u306e\u6307\u7d0b\u3092\u524a\u9664\u3057\u3066\u3001\u63a5\u7d9a\u3057\u76f4\u3057\u307e\u3059\u3002\u63a7\u3048\u3066\u304a\u3044\u305f\u30db\u30b9\u30c8\u9375\u306e\u6307\u7d0b\u3068\u7167\u5408\u3057\u3001\u6b63\u3057\u3051\u308c\u3070\u63a5\u7d9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n \u8a8d\u8a3c\u7528\u306e\u9375\u3092\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n \uff1c\u8a8d\u8a3c\u7528\u306e\u9375\u306e\u4f5c\u6210\uff1e \u30fbRSA<\/p>\n \u30fbECDSA<\/p>\n \u30fbED25519<\/p>\n \u516c\u958b\u9375\u6697\u53f7\u65b9\u5f0f\u3068\u3057\u3066\u3001ECDSA\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3068\u3057\u3001\u4ee5\u4e0b\u306e\u516c\u958b\u9375\u3092\u30b5\u30fc\u30d0\u306b\u79fb\u9001\u3057\u307e\u3059\u3002 \u516c\u958b\u9375\u3092\u914d\u7f6e\u3059\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n \u79fb\u9001\u3057\u305f\u516c\u958b\u9375\u3092\u3001\u63a5\u7d9a\u5148\u30e6\u30fc\u30b6\u306e\u300cauthorized_keys\u300d\u30d5\u30a1\u30a4\u30eb\u306b\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u3001\u5225\u306e\u30bf\u30fc\u30df\u30ca\u30eb\u3092\u8d77\u52d5\u3057\u3066\u3001\u8a8d\u8a3c\u9375\u3092\u4f7f\u7528\u3057\u3066\u30ea\u30e2\u30fc\u30c8\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u306e\u9375\u306e\u6d88\u5931\u5bfe\u7b56\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97\u3057\u3066\u304a\u304d\u307e\u3059\u3002 \u73fe\u72b6\u3067\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3082\u5f15\u304d\u7d9a\u304d\u53ef\u80fd\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3092\u4e0d\u53ef\u306b\u3057\u3066\u3001\u516c\u958b\u9375\u8a8d\u8a3c\u306e\u307f\u306b\u5236\u9650\u3057\u307e\u3059\u3002<\/p>\n \u4ee5\u4e0b\u306e\u901a\u308a\u3001\/etc\/ssh\/sshd_config\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n \u5ff5\u306e\u305f\u3081\u3001\u4ee5\u4e0b\u3067\u3042\u308b\u3053\u3068\u3082\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n SSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n \u9375\u306a\u3057\u306e\u5834\u5408\u306f\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n \u4ee5\u964d\u3001\u53b3\u5bc6\u306b\u9375\u306a\u3057\u3067\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u304f\u306a\u308b\u305f\u3081\u3001\u9375\u306e\u7d1b\u5931\u3084\u8a2d\u5b9a\u30df\u30b9\u306b\u5099\u3048\u3066\u3001\u8907\u6570\u306e\u7ba1\u7406\u8005ID\u3092\u7528\u610f\u3059\u308b\u306a\u3069\u306f\u691c\u8a0e\u3057\u305f\u307b\u3046\u304c\u826f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n \u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u8106\u5f31\u6027\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308b\u30d7\u30ed\u30c8\u30b3\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u7121\u52b9\u5316\u3057\u307e\u3059\u3002 \u30fb\u9375\u4ea4\u63db\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\uff08\u901a\u4fe1\u306b\u4f7f\u7528\u3059\u308b\u5171\u901a\u9375\u306e\u9375\u4ea4\u63db\u65b9\u5f0f\uff09<\/p>\n \u30fb\u5171\u901a\u9375\u6697\u53f7\uff08\u901a\u4fe1\u306b\u4f7f\u7528\u3059\u308b\u5171\u901a\u9375\u6697\u53f7\u5316\u65b9\u5f0f\uff09<\/p>\n \u30fb\u30e1\u30c3\u30bb\u30fc\u30b8\u8a8d\u8a3c\u30b3\u30fc\u30c9\uff08\u901a\u4fe1\u306e\u6539\u3056\u3093\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3046\u65b9\u5f0f\uff09<\/p>\n \uff1c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d\uff1e \u30a2\u30af\u30bb\u30b9\u3059\u308b\u7aef\u672b\u306eIP\u30a2\u30c9\u30ec\u30b9\u304c\u56fa\u5b9a\u3067\u6c7a\u307e\u3063\u3066\u3044\u308b\u5834\u5408\u306b\u306f\u3001\u300c\/etc\/ssh\/ssh_config\u300d\u306e\u300cAllowUsers\u300d\u306e\u6307\u5b9a\u3092\u4f7f\u7528\u3057\u3066\u3001\u7279\u5b9a\u306eIP\u30a2\u30c9\u30ec\u30b9\u304b\u3089\u306e\u307f\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n \u5fc5\u8981\u306b\u5fdc\u3058\u3066\u3001\u300c\/etc\/ssh\/ssh_config\u300d\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306e\u30b5\u30fc\u30d0\u306e\u5834\u5408\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u300c22\u300d\u30921024\u4ee5\u4e0a\u306e\u5024\u306b\u5909\u66f4\u3059\u308b\u3068\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u6e1b\u3089\u3059\u3053\u3068\u304c\u3067\u304d\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n \u5fc5\u8981\u306b\u5fdc\u3058\u3066\u3001\u300c\/etc\/ssh\/ssh_config\u300d\u306e\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002 \u30fbOpenSSH<\/a><\/p>\n
\n\u30fbOpenSSH Security<\/a><\/p>\nOpenSSH\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u78ba\u8a8d<\/h3>\n
\r\n$ ssh -V\r\nOpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\n<\/pre>\n
OpenSSH\u306b\u3088\u308b\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3067\u306e\u63a5\u7d9a\u3068\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d<\/h3>\n
\r\n$ ssh -vvv user0001@serv0001\r\nOpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data \/etc\/ssh\/ssh_config\r\ndebug1: \/etc\/ssh\/ssh_config line 19: Applying options for *\r\ndebug2: resolving "serv0001" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to serv0001 [X.X.X.X] port 22.\r\ndebug1: Connection established.\r\n\uff1c\u7701\u7565\uff1e\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\r\ndebug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to serv0001:22 as 'user0001'\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,zlib@openssh.com,zlib\r\ndebug2: compression stoc: none,zlib@openssh.com,zlib\r\ndebug2: languages ctos:\r\ndebug2: languages stoc:\r\ndebug2: first_kex_follows 0\r\ndebug2: reserved 0\r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\r\ndebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,zlib@openssh.com\r\ndebug2: compression stoc: none,zlib@openssh.com\r\ndebug2: languages ctos:\r\ndebug2: languages stoc:\r\ndebug2: first_kex_follows 0\r\ndebug2: reserved 0\r\ndebug1: kex: algorithm: curve25519-sha256@libssh.org\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\r\ndebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:2GxRY9LjL9OXDFdtVUCW8BEylz0RsKvuWrcRoW2aHeo\r\nThe authenticity of host 'serv0001 (X.X.X.X)' can't be established.\r\nECDSA key fingerprint is SHA256:2GxRY9LjL9OXDFdtVUCW8BEylz0RsKvuWrcRoW2aHeo.\r\nAre you sure you want to continue connecting (yes\/no)? yes\r\nWarning: Permanently added 'serv0001' (ECDSA) to the list of known hosts.\r\n\uff1c\u7701\u7565\uff1e\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: keyboard-interactive,password\r\n\uff1c\u7701\u7565\uff1e\r\nuser0001@serv0001's password:\r\n\uff1c\u7701\u7565\uff1e\r\n$\r\n$ ls -l\r\ntotal 4\r\n-rw-r--r-- 1 user0001 user0001 222 2\u6708 18 10:49 known_hosts\r\n$ cat known_hosts\r\n|1|7b69bvx4LoOEaDUe6mKHBRZEFYg=|qJgM1T9z3+20p+95CjSj1Og6m9s= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJJIEUX2ugh4Yx5EMVteTtUiUuzd6NddKyzZbbsxmlDhqE0KSOB62xS7uR7+IkArsflcdgTkXEyfB9puwY1AHgI=\r\n<\/pre>\n
OpenSSH\u306e\u30ed\u30b0\u8a2d\u5b9a\u3068\u30ed\u30b0\u78ba\u8a8d<\/h3>\n
\n\u30fb\/etc\/ssh\/sshd_config<\/p>\n\r\nSyslogFacility AUTH\r\nLogLevel INFO\r\n<\/pre>\n
\r\nauth,authpriv.*\t\t\t\/var\/log\/auth.log\r\n<\/pre>\n
SSH\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3092SSH2\u306b\u5236\u9650<\/h3>\n
\n\u30fb\/etc\/ssh\/ssh_config<\/p>\n\r\n$ grep Protocol \/etc\/ssh\/ssh_config\r\n<\/pre>\n
\r\n$ sudo \/usr\/sbin\/sshd -T | grep protocol\r\nprotocol 2\r\n<\/pre>\n
\r\n$ ssh -1 user0001@serv0001\r\nProtocol major versions differ: 1 vs. 2\r\n<\/pre>\n
OpenSSH\u306e\u30db\u30b9\u30c8\u9375\u306e\u751f\u6210\u3068\u5909\u66f4<\/h3>\n
\n\u30b5\u30fc\u30d0\u5074\u3067\u3001\u300cssh-keygen -l\u300d\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001\u30db\u30b9\u30c8\u9375\u306e\u6697\u53f7\u5316\u65b9\u5f0f\u3068\u9375\u9577\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\r\n$ ssh-keygen -l -f \/etc\/ssh\/ssh_host_dsa_key.pub\r\n1024 SHA256:MzlKLYVl2lxIP\/g0h9S5zNqDGaAJMGRKg8EOI4mP6E0 root@serv0001 (DSA)\r\n$ ssh-keygen -l -f \/etc\/ssh\/ssh_host_rsa_key.pub\r\n2048 SHA256:L7XUvrkkJzDd0hLbRbdwiCIWVly19yCEtyDyKKtofhE root@serv0001 (RSA)\r\n$ ssh-keygen -l -f \/etc\/ssh\/ssh_host_ecdsa_key.pub\r\n256 SHA256:2GxRY9LjL9OXDFdtVUCW8BEylz0RsKvuWrcRoW2aHeo root@serv0001 (ECDSA)\r\n$ ssh-keygen -l -f \/etc\/ssh\/ssh_host_ed25519_key.pub\r\n256 SHA256:qCbno8Mg3RmCz85qb1512Bkes4OsVAdTooYZFUy9hDA root@serv0001 (ED25519)\r\n<\/pre>\n
\nssh-keygen\u30b3\u30de\u30f3\u30c9\u3067\u30db\u30b9\u30c8\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u30db\u30b9\u30c8\u9375\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306f\u3001\u7121\u3057\u3067\u4f5c\u6210\u3057\u307e\u3059\u3002\u4f5c\u696d\u306f\u3001\u30db\u30b9\u30c8\u9375\u306e\u79d8\u5bc6\u9375\u3092\u30b5\u30fc\u30d0\u5074\u306b\u9001\u4ed8\u3057\u306a\u304f\u3066\u6e08\u3080\u3088\u3046\u306b\u3001\u30b5\u30fc\u30d0\u5074\u3067\u884c\u3044\u307e\u3059\u3002\u307e\u305f\u3001\u30db\u30b9\u30c8\u9375\u306e\u6307\u7d0b\u306f\u3001\u521d\u56de\u63a5\u7d9a\u306e\u78ba\u8a8d\u7528\u306b\u63a7\u3048\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n\r\n$ ssh-keygen -t rsa -b 4096 -C "root@serv0001 serialno=1"\r\nGenerating public\/private rsa key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_rsa): \/home\/user0001\/.ssh\/ssh_host_rsa_key\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/ssh_host_rsa_key.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/ssh_host_rsa_key.pub.\r\nThe key fingerprint is:\r\nSHA256:fAYqa74xSClOHRhd9BfBgcjJH3UbX9NGxX00TENeaeo root@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+---[RSA 4096]----+\r\n| .. =oo +=oo +@X|\r\n| o. =.o .o + o+@|\r\n| . . ..o. . .oo.|\r\n| ... +.. . |\r\n|..o.. . S o . |\r\n|oo . o o E |\r\n| .. = |\r\n| o o |\r\n| o. |\r\n+----[SHA256]-----+\r\n<\/pre>\n
\r\n$ ssh-keygen -t ecdsa -b 521 -C "root@serv0001 serialno=1"\r\nGenerating public\/private ecdsa key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_ecdsa): \/home\/user0001\/.ssh\/ssh_host_ecdsa_key\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/ssh_host_ecdsa_key.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/ssh_host_ecdsa_key.pub.\r\nThe key fingerprint is:\r\nSHA256:4GwvIwK\/NPAFGkCIOwJZG0DNFFHc3CLQExT0Rj7RPPc root@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+---[ECDSA 521]---+\r\n|B**=X*=o+ |\r\n|* = =++.= . |\r\n|o.o +=. o . |\r\n|+o . o... E |\r\n|=. . + S |\r\n| = . . . |\r\n| * . o . |\r\n| . + . o |\r\n| . |\r\n+----[SHA256]-----+\r\n<\/pre>\n
\r\n$ ssh-keygen -t ed25519 -C "root@serv0001 serialno=1"\r\nGenerating public\/private ed25519 key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_ed25519): \/home\/user0001\/.ssh\/ssh_host_ed25519_key\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/ssh_host_ed25519_key.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/ssh_host_ed25519_key.pub.\r\nThe key fingerprint is:\r\nSHA256:d3857YdEFCBWe\/PSJsBusSNd4lKZibEjPLs4pq5AKTE root@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+--[ED25519 256]--+\r\n| +.o... |\r\n| . . * =. |\r\n|E + + @.+ |\r\n| o. + * B.+ |\r\n|.o S + O.o +|\r\n|o . o = o.+o|\r\n|. + . ..+o|\r\n| . o . .oo|\r\n| .oo o|\r\n+----[SHA256]-----+\r\n<\/pre>\n
\n\u4f5c\u6210\u3057\u305f\u9375\u3067\u4ee5\u4e0b\u306e\u30db\u30b9\u30c8\u9375\u3092\u7f6e\u304d\u63db\u3048\u307e\u3059\u3002
\n\u30fb\/etc\/ssh\/ssh_host_rsa_key
\n\u30fb\/etc\/ssh\/ssh_host_ecdsa_key
\n\u30fb\/etc\/ssh\/ssh_host_ed25519_key<\/p>\n
\n\u300c\/etc\/ssh\/sshd_config\u300d\u3092\u4fee\u6b63\u3057\u3066\u3001DSA\u9375\u3092\u7121\u52b9\u5316\u3057\u307e\u3059\u3002<\/p>\n\r\n#HostKey \/etc\/ssh\/ssh_host_dsa_key\r\n<\/pre>\n
\nSSH\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\r\n$ sudo service sshd restart\r\n<\/pre>\n
\n\u518d\u63a5\u7d9a\u3092\u8a66\u307f\u308b\u3068\u30db\u30b9\u30c8\u9375\u304c\u5909\u66f4\u3055\u308c\u3066\u3001\u30ed\u30b0\u30a4\u30f3\u306b\u5931\u6557\u3057\u307e\u3059\u3002<\/p>\n\r\n$ ssh user0001@serv0001\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\r\nSHA256:4GwvIwK\/NPAFGkCIOwJZG0DNFFHc3CLQExT0Rj7RPPc.\r\nPlease contact your system administrator.\r\nAdd correct host key in \/home\/user0001\/.ssh\/known_hosts to get rid of this message.\r\nOffending ECDSA key in \/home\/user0001\/.ssh\/known_hosts:1\r\n remove with:\r\n ssh-keygen -f "\/home\/user0001\/.ssh\/known_hosts" -R localhost\r\nECDSA host key for serv0001 has changed and you have requested strict checking.\r\nHost key verification failed.\r\n<\/pre>\n
\r\n$ ssh-keygen -R serv0001\r\n# Host localhost found: line 1\r\n\/home\/user0001\/.ssh\/known_hosts updated.\r\nOriginal contents retained as \/home\/user0001\/.ssh\/known_hosts.old\r\n$ ssh user0001@serv0001\r\nThe authenticity of host 'serv0001 (X.X.X.X)' can't be established.\r\nECDSA key fingerprint is SHA256:4GwvIwK\/NPAFGkCIOwJZG0DNFFHc3CLQExT0Rj7RPPc.\r\nAre you sure you want to continue connecting (yes\/no)? yes\r\n<\/pre>\n
OpenSSH\u306e\u8a8d\u8a3c\u7528\u306e\u9375\u306e\u751f\u6210\u3068\u914d\u7f6e\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\uff09<\/h3>\n
\nssh-keygen\u30b3\u30de\u30f3\u30c9\u3067\u8a8d\u8a3c\u7528\u306e\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u8a8d\u8a3c\u7528\u306e\u9375\u3067\u306f\u3001\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306e\u8a2d\u5b9a\u3092\u5fd8\u308c\u305a\u306b\u884c\u3044\u307e\u3059\u3002\u4f5c\u696d\u306f\u3001\u8a8d\u8a3c\u7528\u306e\u9375\u306e\u79d8\u5bc6\u9375\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306b\u914d\u9001\u3057\u306a\u304f\u3066\u6e08\u3080\u3088\u3046\u306b\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u884c\u3044\u307e\u3059\u3002<\/p>\n\r\n$ ssh-keygen -t rsa -b 4096 -C "user0001@client01 serialno=1"\r\nGenerating public\/private rsa key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_rsa):\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/id_rsa.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/id_rsa.pub.\r\nThe key fingerprint is:\r\nSHA256:WDjNcNey1iCmpx85YQGrqLrNg67Bw4MEMZC6B4Xo75o user0001@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+---[RSA 4096]----+\r\n|*o o.. .. |\r\n|+o. B+.o . |\r\n|+. +o+o = |\r\n|+. . ..++ o . |\r\n| +o . .+S+ |\r\n|*... . + |\r\n|+B. . o |\r\n|o+=. . |\r\n|*E+. |\r\n+----[SHA256]-----+\r\n<\/pre>\n
\r\n$ ssh-keygen -t ecdsa -b 521 -C "user0001@client01 serialno=1"\r\nGenerating public\/private ecdsa key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_ecdsa):\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/id_ecdsa.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/id_ecdsa.pub.\r\nThe key fingerprint is:\r\nSHA256:RctV77\/+rSTNEIcO8RelCX\/fJZobp\/SZXw2X1GfPXD8 user0001@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+---[ECDSA 521]---+\r\n| o o.o..|\r\n| o = + =.|\r\n| = + B.O|\r\n| . o *.BX|\r\n| S B oEX|\r\n| . X =+|\r\n| + B +|\r\n| o .+|\r\n| o+=|\r\n+----[SHA256]-----+\r\n<\/pre>\n
\r\n$ ssh-keygen -t ed25519 -C "user0001@client01 serialno=1"\r\nGenerating public\/private ed25519 key pair.\r\nEnter file in which to save the key (\/home\/user0001\/.ssh\/id_ed25519):\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/home\/user0001\/.ssh\/id_ed25519.\r\nYour public key has been saved in \/home\/user0001\/.ssh\/id_ed25519.pub.\r\nThe key fingerprint is:\r\nSHA256:9C8A0k5ukUod3jvbvnte4dzEoSCYvH4pzoodCJzI6hQ user0001@serv0001 serialno=1\r\nThe key's randomart image is:\r\n+--[ED25519 256]--+\r\n| . |\r\n| +.+o |\r\n| o O+o. . . |\r\n|+ .. * +.o. . ...|\r\n|.E . +.S . .. o|\r\n|. o ... =.. o + |\r\n|.. . . o.oo . + .|\r\n|o o + o. ... |\r\n| . . o.o +=. |\r\n+----[SHA256]-----+\r\n<\/pre>\n
\n\u30fbid_ecdsa.pub
\n\u203b\u3067\u304d\u308c\u3070\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8d8a\u3057\u306f\u907f\u3051\u305f\u3044\u304c\u30fb\u30fb\u30fb<\/p>\n\r\n$ scp .\/id_ecdsa.pub user0001@serv0001:\/home\/user0001\r\n<\/pre>\n
\r\n$ mkdir \/home\/user0001\/.ssh\r\n$ chmod 700 \/home\/user0001\/.ssh\r\n$ ls -ld \/home\/user0001\/.ssh\r\ndrwx------ 2 user0001 user0001 4096 2\u6708 18 20:48 \/home\/user0001\/.ssh\r\n<\/pre>\n
\r\n$ cat .\/id_ecdsa.pub >> \/home\/user0001\/.ssh\/authorized_keys\r\n$ chmod 600 \/home\/user0001\/.ssh\/authorized_keys\r\n$ ls -l \/home\/user0001\/.ssh\/authorized_keys\r\n-rw------- 1 user0001 user0001 282 2\u6708 18 20:48 \/home\/user0001\/.ssh\/authorized_keys\r\n$ rm -i .\/id_ecdsa.pub\r\n<\/pre>\n
\r\n$ ssh user0001@serv0001\r\nEnter passphrase for key '\/home\/user0001\/.ssh\/id_ecdsa':\r\n<\/pre>\n
\u9375\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u53d6\u5f97<\/h3>\n
\n\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u79d8\u5bc6\u9375\u3068\u516c\u958b\u9375
\n\u30fb\u30b5\u30fc\u30d0\u9375\u306e\u6307\u7d0b\uff08known_hosts\uff09
\n\u203b\u30b5\u30fc\u30d0\u5074\u306e\u9375\u306e\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u306f\u3001\u79d8\u5bc6\u9375\u304c\u6f0f\u6d29\u3057\u306a\u3044\u3088\u3046\u306b\u53d6\u5f97\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u5b89\u6613\u306b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8d8a\u3057\u306b\u8ee2\u9001\u3057\u306a\u3044\u3088\u3046\u306b\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n\u8a8d\u8a3c\u65b9\u5f0f\u3092\u516c\u958b\u9375\u8a8d\u8a3c\u306e\u307f\u306b\u5236\u9650<\/h3>\n
\r\nPasswordAuthentication no\r\n<\/pre>\n
\r\nPubkeyAuthentication yes\r\nChallengeResponseAuthentication no\r\nUsePAM yes\r\n<\/pre>\n
\r\n$ sudo service sshd restart\r\n<\/pre>\n
\r\n$ ssh user0001@serv0001\r\nPermission denied (publickey).\r\n<\/pre>\n
\u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d\u3068\u5236\u9650<\/h3>\n
\n\uff1c\u30b5\u30fc\u30d0\u5074\u3067\u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u78ba\u8a8d\uff1e
\n\u30b5\u30fc\u30d0\u5074\u3067\u4f7f\u7528\u3055\u308c\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u8106\u5f31\u6027\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308b\u30d7\u30ed\u30c8\u30b3\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u300c\/etc\/ssh\/sshd_config\u300d\u3067\u7121\u52b9\u5316\u3057\u307e\u3059\u3002
\n\u30fb\u516c\u958b\u9375\u6697\u53f7\uff08\u30db\u30b9\u30c8\u9375\u3001\u8a8d\u8a3c\u7528\u306e\u9375\u306e\u751f\u6210\u306b\u4f7f\u7528\u3059\u308b\u6697\u53f7\u5316\u65b9\u5f0f\uff09<\/p>\n\r\n$ sudo \/usr\/sbin\/sshd -T | grep pubkeyacceptedkeytypes\r\npubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\n<\/pre>\n
\r\n$ sudo \/usr\/sbin\/sshd -T | grep kexalgorithms\r\nkexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\n<\/pre>\n
\r\n$ sudo \/usr\/sbin\/sshd -T | grep ciphers\r\nciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\r\n<\/pre>\n
\r\n$ sudo \/usr\/sbin\/sshd -T | grep macs\r\nmacs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\n<\/pre>\n
\n\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u4f7f\u7528\u53ef\u80fd\u306a\u6697\u53f7\u5316\u65b9\u5f0f\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u30fb\u516c\u958b\u9375\u6697\u53f7\u300cssh -Q key\u300d
\n\u30fb\u9375\u4ea4\u63db\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u300cssh -Q kex\u300d
\n\u30fb\u5171\u901a\u9375\u6697\u53f7\u300cssh -Q cipher\u300d
\n\u30fb\u30e1\u30c3\u30bb\u30fc\u30b8\u8a8d\u8a3c\u30b3\u30fc\u30c9\u300cssh -Q mac\u300d
\n\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3084\u512a\u5148\u9806\u4f4d\u306f\u3001\u300cman 5 ssh_config\u300d\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u6709\u52b9\u5316\u3001\u7121\u52b9\u5316\u306f\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3067\u884c\u3044\u307e\u3059\u3002
\n\u30fb\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u306e\u8a2d\u5b9a\u300c\/etc\/ssh\/ssh_config\u300d
\n\u30fb\u30e6\u30fc\u30b6\u6bce\u306e\u8a2d\u5b9a\u300c~\/.ssh\/config\u300d
\n\u30fb\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u306b\u3088\u308b\u6307\u5b9a<\/p>\nIP\u30a2\u30c9\u30ec\u30b9\u306b\u3088\u308b\u30a2\u30af\u30bb\u30b9\u5236\u9650<\/h3>\n
\r\nAllowUsers *@X.X.X.X\r\n<\/pre>\n
\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4<\/h3>\n
\r\nPort 22\r\n<\/pre>\n
SSH\u30b5\u30fc\u30d0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316<\/h3>\n
\n\u30fb\u30ed\u30b0\u30a4\u30f3\u6210\u529f\u307e\u3067\u306e\u6642\u9593
\n\u30fbroot\u30e6\u30fc\u30b6\u306e\u30ed\u30b0\u30a4\u30f3\u7981\u6b62
\n\u30fb\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u6a29\u9650\u306e\u691c\u8a3c<\/p>\n\r\nLoginGraceTime 120\r\nPermitRootLogin prohibit-password\r\nStrictModes yes\r\n<\/pre>\n
\u53c2\u8003\u60c5\u5831<\/h2>\n
\u5e83\u544a\uff08\u66f8\u7c4d\uff09<\/h2>\n