• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/11/24
    @A̔x覡O]hAenJAӬOzLhݳsuAsu\ӵnJDEA MAӶiLS@NOFCLinux DEXG| sshd oӳsuAȡAӥBoӪARODʶiƥ[KI TbW]whFCPɧڭRzL rsync oӫOH sshd qDӹFaƷQ\ISC pGQnQιϧΤnJAw] Xdmcp tX VNC N^ϥιϧΤbt@ݵnJAAI pGAߺDϥ Windows hݮୱA XRDP ]nLoI


    jADϥ11.1 hݳsuA

    hݳsuAڭ̨ӻAiO@ܦΪu[ILiHڭ̧K޲zDEC LAKkKA}@ɳiHnJADEäӦnDNA]i|wʪDoI ҥHؤ~nSOjդ@UoӪN[I


    pADϥ11.1.1 OhݳsuA

    Aڭ̨A@UAOyhݳsuAzH oӪF誺\ରHڷQAARMwgoLA@}ںWAA򥻤WAiHݭn݁BgLB ƹΆΪPtQAun򥻪DEOBCPUBRAMBwЦA[W@n@IdAåBsWںA oDEN^ѧAݭnAȤFCpGAݭns]woDEAMpnJDEo bash ӾaPiקOHNonzLsuAAȤFC

    OIAqTAhݳsuAbѧAѭhݳzLrιϧΤ覡ӵnJtA Abhݪu@EenJ Linux DEHoiޱDE (shell)AӵnJ᪺ާ@P\WN^bte@I ҥHTAASMݭnhݺAgLBƹB݁ΆΡCAunu@EiH`suhݥDEYi[C

    HmӤHҡAثem޲zQX Unix-Like DEAoǥDEbP@ӦaAGbnxWUBI Ssn骺|}QoGAΪ̬Oݭni@B~]wɭԡAO_mH@wn{ܡHSMݭnA unzLsuMDEWANiHiu@FIuNn^bDEeu@@몺Pr֡I ^_^IoNOhݳsuATI

    Tips:
    ܦhH|Aڥ FTP ]nKJbKXӵnJ[HPoӏظ`ͨ쪺nJ󤣦PH̤jPbo shell i檺u@TI ssh/telnet/VNC Τ覡orιϧ shell ^iܦht޲zȡAPxª FTP i檺u@SMPI
    mϥ

    • suA\@Τ@G Unix Like DEBO

    SAu@ݭnϥΨ Linux jj{ys\ɡAA@wݭn Linux aIӥB̦nOBtק֤@IDEA oӮɭԧAiHNAsdz̧֪@DE}XӡA]w@UhݳsuAAATAΪ̬OsǪPTA iHzLoEDL̶isu@AoӮɭԡAADENiHhHi Linux B⪺\TI

    |ҨӻAmPXsRajѮvBPœؤF@œAίŪO[cq (PC cluster)A ثeڭ̦bMqW] MM5 BModels3 ΤjPŮ~ҦAnbo˪[cU]ӋȼҦ]A DnNOҶqBOC|ϥΨMœqnhHADjabb@݁eu@HSMݭnTI oɭԴNOhݳsuAAȽdoI

    O_C@s Internet WDERMn}hݳsu\OHäɵMA ROݭnwADEӶiWُAڭ̩UAPu@ӻG


    • A (Server) Gת}su

    b@ں}AȪAAѩ}񪺪Aȥi|nTAӭhݳsu{siDEA iHi檺u@SӦhF(XGN^bDEeu@@I)A]Ahݳsu{q`Ȱwֈt@̶}ӤwI DnA_h Server DERuij}suAȩOI

    HmҡAڪDEѤFڭ̬sǨϥ Mail P Internet W WWW AȡApGRDʴѭhݳsuܡA U@p߳QJIAiN˸FI]Amȶ}yܤpkzt޲zsiӡA Lӷ IP @ߩסI\ϥέhݳsu\OI


    • u@ (Workstation) Gu鷺}

    ҿתu@NOѺںAȪDEAȴѤjqBOϥΪ̡C JMѺںAȡAAR}suAFHOTI^em쪺 PC cluster jqB⪺œqA ]iH٤u@A]Sѱ`AȹILnѵϥΪ̵nJvAoˤja~ΪB\[I ɧANonw鷺AΪ̬OSwYǨӷ}L̨ϥΧAu@oI


    pADϥ11.1.2 ǥiѵnJH

    ثehݳsuADnǡHpGHnJsuӤA򥻤WrPϧΤRG

    • rXG telnet, rsh άDAثeD`֥ΡF
    • rKXG ssh DAwgNWz telnet, rsh ΩX覡F
    • ϧΤG Xdmcp, VNC, RDP θ`

    brnJsuAADnHyXzǰeƪ telnet AAΥH[K޳Niƥ[KAǰe SSH AIM telnet iH䴩ΤݳnhALѩ󥦬OϥΩXӶǰeơAAƫܮeD즳ߤHh^I ҥHӧڭ̳I~jahϥ SSH o@Rsu覡

    ܩϧΤsuAA̔x Xdmcp (X Display Manager Control Protocol)A[] Xdmcp ̔xA LΤݪn֡Ct~@fثeܱ`ϧγsuAANO VNC (Virtual Network Computing)A zL VNC server/client nӶis^CpGAQnϥ Windows hݮୱsuAM\ϥΪO RDP (Remote Desktop Protocol)AAion[] RDP A~C

    Tips:
    ϧΤ̤juIOyϧΡz[ILA]OzLϧΨӶǰeAljKƶqSjA ҥHt׻PwʳݦҶqC]Aڭ̶ȫijANϧΤhݵnJA}bk (LAN) NnFI
    mϥ

    • ƶǰeXPKX

    OyXzPy[Kzƫʥ]ǰeҦOH telnet ϥΩXNwHҿתXNOG ySڭ̪ƫʥ]bWljKɡAMƫʥ]eƪl榡zA ]NOAAϥ telnet nJhݥDEɡAOonKJbKXܡHAbKXOH쥻Ʈ榡ljKA ҥHpGQ tcpdump on^ơA AbKNiQѨTI

    ҥHTAU@Aƫʥ]̭tHΥdơBKXBT{έnTɡAO_ܦMIoH ]Aثeڭ̳q`ƱϥΥiHNoǦbW]ƥ[K޳NAHW[Ʀb Internet Wǰewʔ[I

    Tips:
    ssh wAOzL ssh qDljKTɡAMTbWwA]ƬO[KLAYϳQѨA i]|DƤeA]TwCoN ssh oӳqTwNwI̷NqPI
    mϥ


    ѩXljK telnet, rsh γsuAwgQ ssh NAåBb@RΤWwgܤ֬ݨ telnet P rsh FA ]ئbrWۭ󤶚 ssh RΡA]AH rsync ] ssh qDӶiaQȆΆΡCܩϧΤh| Xdmcp, VNC P RDP I]ܦhu@ϥΪ̻ݭnܥL̦bu@@᪺ϧΧe{A]o]OܭnOI


    jADϥ11.2 rsuAG SSH A

    ѩehݳsuAjhOXAӥBw]ǸwDA]ӴN SSH oӨwӨNWzoǩNNC SSH OOHS\H̔xӻASSH O Secure SHell protocol ̔g (wߵ{w)AiHzLƫʥ][K޳NANΫݶljKʥ][KAljKWA ]AưTSMNwoIo SSH iHΨӨNw finger, R Shell (rcp, rlogin, rsh ), talk telnet γsuҦCUڭ̱N̔@U SSH suҦAӻ SSH ưT|wOI

    SO`NGo SSH wAbw]AANѨӦA\G

    1. @ӴNO telnet hݳsuϥ shell AAYOU٪ ssh F
    2. t@ӴNO FTP AȪ sftp-server Iѧw FTP AȡC


    pADϥ11.2.1 su[K޳N̔

    Oyƥ[KzOH̔xANONH̬ݪolqlơAgL@ǹBAoǸܦSNqýX (ܤֹHӻ)AMAoөNNbWljKASϥΪ̷Qnd\oӸƮɡAAzLKBA NoǩNNϱXlqlơCѩoǸƤwgQsBzLAҥHAYϸƦbںWQ cracker oѨAL̤]eNoXӭlƤeC

    Tips:
    m``A[KEI^OӤHPyTIpGAABͬwnϥΧĄqYRSOyA oӻyuĄӦNqCSĄHܮɡAb䪺Ho쪺uO@ͨSNqnA]Lo[I YϸHNAnUӡAunLDA̪SλyALNiAA̹ܪeoC
    mϥ

    [KB⪺EP޳ND`hAڭ̳o̤hQAzzADAu͹ڭ̤}@ǥ[KyӤwC ثe`ʥ][K޳Nq`O]ѩҿתyD٪_tzӳBzC DnOzL⤣@˪_Pp_ (Public and Private Key) Ӷi[KPKL{Cѩo_ͬOѥ[K\ΡA ҥHbP@ӤVsuAo_SMOݭn諸I\ΤOpUG

    • _ (public key)GѵhݥDEiƥ[K欰A]NOAjaoA_ӱNƥ[KNF
    • p_ (private key)GhݥDEϥΧA_[KơAbaݴN^ϥΨp_Ӷi涒KCѩp_Oo򪺭nA ]p_O^~yIuO@bۤvDEWC

    ѩCDERMۤv_ (_Pp_)AB_Ψӥ[KӨp_ΨӶKA 䤤p_i~yC]suOUVAҥHACӤHRMn誺y_z~IpGH ssh oӳqTwӻAbΤݻPAݪ۹suVWARMpU[Kʧ@G

    _Pp_biƶljKɪܷN
    11.2-1B_Pp_biƶljKɪܷN

    pWϩҥܡAڭ̦pGbΤݪרӬݡAAAnoAݪ_AMNۤv_oeAݡA ̜bΤݤW_|OyA_[WΤݧڦۤvp_zœC

    Tips:
    ƥ[K޳NuShA]UuIABtק֡AO^wF^wAO[K/Kt׸C ثeb SSH ϥΤWADnOQ RSA/DSA/Diffie-Hellman EI
    mϥ

    ثe SSH wRAOO version 1 P version 2 A䤤 V2 ѩ[WFsu˴EA iHקKsuQAJcN@XA] V1 Rn[wCҥHoAкɶqϥ V2 YiAnϥ V1 oC LAORAROݭnp_[KtAoǤ_Pp_Op󲣥ͪOHUڭ̴Nӽͤ@TI


    • SSH su欰̔

    ڭ̥iHN ssh AݻPΤݪsuBJܷNUϡAܩBJpG

    ssh AݻPΤݪsuBJܷN
    11.2-2Bssh AݻPΤݪsuBJܷN
    1. Aإߤ_G C@Ű sshd AȮɡAMAȷ|Dʥh /etc/ssh/ssh_host* ɮסAYtwUɡAѩSoǤ_ɮסA] sshd |DʥhpXoǻݭn_ɮסAPɤ]|pXAۤvݭnp_ɡF

    2. ΤݥDʳsunDG YΤݷQnsu ssh AAhݭnϥξASΤݵ{ӳsuA]A ssh, pietty ΥΤݵ{F

    3. Aǰe_ɵΤG ^ΤݪnDAAKNĤ@ӨBJo_ɮ׶ǰeΤݨϥ (ROXǰeAϥ_ӴNOjaϥΪI)F

    4. ΤݰO/A_ƤHEpۤvp_G YΤݲĤ@s^즹AAh|NA_ưOΤݪϥΪ̮aؿ ~/.ssh/known_hosts CYOwgOLMA_ơAhΤݷ|h惡^쪺PeOO_tCY^_ơA h}lpΤݦۤvp_ơF

    5. ^ǥΤݪ_ƨAG ΤNۤv_ǰeACɦAGy㦳Ap_PΤݪ_zAӥΤݫhOG y㦳A_HΥΤݦۤvp_zAA|ݨAbsuAPΤݪ_t (_+p_) ä@ˡAҥH~٬D٦_tC

    6. }lUV[KG (1)AΤݡGAǰeƮɡAΤ᪺_[KeXCΤ^AΦۤvp_KF (2)ΤݨAGΤݶǰeƮɡAA_[KeXCA^AΦAp_KC

    bWz 4 BJAΤݪ_OHEBⲣͩ󥻦suSAҥHAosuPUsu_iN|@TI ~bΤݪϥΪ̮aؿU ~/.ssh/known_hosts |OgsuLDE public key AΥHT{ڭ̬Os^WTAC

    DG
    p󲣥ͷsAݪ ssh _PAۤvϥΪp_H (G`NADnbwg`B@AWA]i|yLΤݪxZI)
    G
    ѩAѪ_Pۤvp_m /etc/ssh/ssh_host* A]AiHo˰G
    [root@www ~]# rm /etc/ssh/ssh_host*  <==R_
    [root@www ~]# /etc/init.d/sshd restart
    b sshd:                         [  Tw  ]
    b SSH1 RSA DE_:            [  Tw  ] <==UTӨBJsͪ_I
    b SSH2 RSA DE_:            [  Tw  ]
    b SSH2 DSA DE_:            [  Tw  ]
    bŰ sshd:                         [  Tw  ]
    [root@www ~]# date; ll /etc/ssh/ssh_host*
    Mon Jul 25 11:36:12 CST 2011
    -rw-------. 1 root root  668 Jul 25 11:35 /etc/ssh/ssh_host_dsa_key
    -rw-r--r--. 1 root root  590 Jul 25 11:35 /etc/ssh/ssh_host_dsa_key.pub
    -rw-------. 1 root root  963 Jul 25 11:35 /etc/ssh/ssh_host_key
    -rw-r--r--. 1 root root  627 Jul 25 11:35 /etc/ssh/ssh_host_key.pub
    -rw-------. 1 root root 1675 Jul 25 11:35 /etc/ssh/ssh_host_rsa_key
    -rw-r--r--. 1 root root  382 Jul 25 11:35 /etc/ssh/ssh_host_rsa_key.pub
    # ݤ@UWKXPɮתإ߮ɶAإߪs_Bp_tI
    


    pADϥ11.2.2 Ű SSH A

    WAbڭ̨ϥΪ Linux tSAw]Nwgt SSH ҦݭnnFIo]tFiHͱKXΨw OpenSSL nP OpenSSH n (1)AҥHOAnŰ SSH uO̔xFIN^LŰʴNOFI~Abثe Linux Distributions SAOw]Ű SSH AҥH@IꐷСA]Υh]wALNwgŰʤFI zIuOn֡LApAڭROo@oӎŰʪ覡aI^ŰʴNOH SSH daemon A̔٬ sshd ӎŰʪAҥHAʥiHoˎŰʡG

    [root@www ~]# /etc/init.d/sshd restart
    [root@www ~]# netstat -tlnp | grep ssh
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
    tcp        0      0 :::22          :::*             LISTEN  1539/sshd
    

    ݭn`NOASSH ѤF shell ڭ̨ϥΡAYO ssh protocol DnتAPɥ紣ѤF@Ӹw FTP server AYO ssh-ftp server ڭSO FTP ӨϥΡIҥHAo sshd iHPɴ shell P ftp IӥBO[cb port 22 WOIҥHAUڭ̴NӴ@A˥ Client ݳs^W Server ݩOHPɡApH FTP AȨӳs^W Server åBϥ FTP \OH


    pADϥ11.2.3 ssh Τݳsu{ - Linux Τ

    pGAΤݬO Linux ܡA򮥳ߧAFAw]pUAAtwgUҦOAiHwUB~nI UNӤ@UoǫOaI


    • ssh G^nJhݥDEO

    SSH b client ݨϥΪO ssh oӫOAoӫOiHwsu (version1, version2)A RiHwDW ssh port (W ssh port 22)CLA@몺ΪkiHϥΩU覡G

    [root@www ~]# ssh [-f] [-o Ӌ] [-p DWf] [b@]IP [O]
    ﶵPӋG
    -f GݭntX᭱ [O] AnJhݥDE^oe@ӫOLhӤwF
    -o ӋءGDnӋئG
    	ConnectTimeout=Ӌ GsuΫݪӋAֆΫݪɶ
    	StrictHostKeyChecking=[yes|no|ask]Gw]O askAYn public key
               Dʥ[J known_hosts AhiH]w no YiC
    -p GpGA sshd AȎŰʦbDWf (22)AݨϥΦءF
    [O] GnJhݥDEA^oeOLhCP -f NqӬۦPC
    
    # 1. ^sunJDEk (HnJE)G
    [root@www ~]# ssh 127.0.0.1
    The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
    RSA key fingerprint is eb:12:07:84:b9:3b:3f:e4:ad:ba:f1:85:41:fc:18:3b.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
    root@127.0.0.1's password: <==bỏKJ root KXYiI
    Last login: Mon Jul 25 11:36:06 2011 from 192.168.1.101
    [root@www ~]# exit  <==m}o ssh su
    # ѩ ssh ᭱S[WbA]w]ϥSebӵnJhݦA
    

    @ϥ ssh nJhݥDEA|gy ssh b@DEIP z榡A NOAϥMDEYbnJNCOܦhBͳwgbAYϥΡy ssh DEIP z榡C pPWdұpCn`NApGgbܡA|HaݹqbӹnJhݡC ]NOApGݻPhݨ㦳ۦPbA򤣼gb]S}YApWdҡCOAFHߺD۷QA RO@}lNϥ email 覡ӵnJhݥDEAo˪欰ߺDnTI

    WX{TA}Y RSA ᭱^NOhݦA_XApGTwMXSDAANonKJ yes ӱNMXgJA_O (~/.ssh/known_hosts)AHKӤMATʤΡC `NOng yes Ax‰KJ Y y O|Q^~A ѩMDE_wgQOA]ӭƨϥ ssh nJDEɡAN|X{oӫXܤFC

    # 2. ϥ student bnJE
    [root@www ~]# ssh student@127.0.0.1
    student@127.0.0.1's password:
    [student@www ~]$ exit
    # ѩ[JbA] student FIt~A] 127.0.0.1 nJLA
    # ҥHN|AX{ܧAnW[DE_ToI
    
    # 3. nJDELOߨm}覡G
    [root@www ~]# ssh student@127.0.0.1 find / &> ~/find1.log
    student@localhost's password:
    # ɧA|o{edFHoO]WYO|yAAwgnJhݥDEA
    # O檺O|]A]A|bΫSCpwtۤv]H
    
    # 4. PWDۦPAODEۤv]MOAAߨ^ݥDE~u@G
    [root@www ~]# ssh -f student@127.0.0.1 find / &> ~/find1.log
    # ɧA|ߨnX 127.0.0.1 A find O|ۤvbhݦA]I
    

    WzdSA 4 ӽdҳ̦ΡIpGAQnhݥDEi}EOApG[W -f ӋA A|ΫݹDE}EܦANAXsuAoXzC]A[W -f Nܭn]A|whݥDEۤv]}EA ӤݭnbŪņΫݡCҦpGyssh -f root@some_IP shutdown -h now zOoC

    # 5. R known_hosts Asϥ root su쥻EAB۰ʥ[W_O
    [root@www ~]# rm ~/.ssh/known_hosts
    [root@www ~]# ssh -o StrictHostKeyChecking=no root@localhost
    Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
    root@localhost's password:
    # pWҥܡA|ݧA yes  no TI^|gJ ~/.ssh/known_hosts SI
    

    mWұ``ϥ ssh suPqhݥLSXhAɭԷ|g script Ӷi浪װC ɦpGCxqbDʥ[W_ɰOAonKJy yes zA|}I[Wo StrictHostKeyChecking=no NܦDUTIL|߰ݦ۰ʥ[JDE_ɮפA@ϥΪDUjA{}ӻA oNiNܤhΤFI


    • A_OɡG ~/.ssh/known_hosts

    SAnJhݦAɡAE|Dʪ^쪺A public key h ~/.ssh/known_hosts L}_A Mi橳Uʧ@G

    • Y^_|OAh߰ݨϥΪ̬O_OCYnO (dҤ^ yes ӨBJ) hgJ ~/.ssh/known_hosts B~nJu@FYO (^ no) hgJMɮסAåBm}nJu@F

    • Y^쪺_wOAhOO_ۦPAYۦPh~nJʧ@FYۦPAhX{ĵiTA Bm}nJʧ@CoOΤݪۧګO@\AקKAAOQOHUC

    MA ssh q`i|ܡADOApGOΪDEA]``bswUAA_֩wg`PA GupܡAANLk~nJFIHڭ̨Ӽ[@UoӦ欰aIALHTI

    DG
    [AswUA]AϥάۦP IP AyۦP IP A_PAͪDPMDH
    G
    QΫe@p`L覡AR즳t_AsŰ ssh A_sG
    rm  /etc/ssh/ssh_host*
    /etc/init.d/sshd restart
    M᭫sϥΩU覡Ӷisuʧ@G
    [root@www ~]# ssh root@localhost
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ <==NiDAi঳D
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that the RSA host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    a7:2e:58:51:9f:1b:02:64:56:ea:cb:9c:92:5e:79:f9.
    Please contact your system administrator.
    Add correct host key in /root/.ssh/known_hosts to get rid of this message.
    Offending key in /root/.ssh/known_hosts:1 <==_᭱^ӋrNODƦ渹
    RSA host key for localhost has changed and you have requested strict checking.
    Host key verification failed.
    
    WzX{h~TASr骺abiDAG/root/.ssh/known_hosts 1 A̭_Po^쪺GPA ܥiQ@FIHS}YTIЧAϥ vim /root/.ssh/known_hosts AñN 1 (_ : ᭱^ӋrNOF) RAAs ssh LAtS|sݧAnn[W_oINo̔xI ^_^


    • [ FTP ɮ׶ljK覡G sftp

    ssh OnJhݦAiu@ApGAuOQnqhݦAUΤWɮשOH NOϥ ssh TAӥnϥ sftp scpCoӫO]Oϥ ssh qD (port 22)AuO[ FTP Pƻsʧ@ӤwCڭ̥ͽ sftp AoӫOΪkP ssh ܬۦAuO ssh OΦbnJ sftp bW/UɮצӤwC

    [root@www ~]# sftp student@localhost
    Connecting to localhost...
    student@localhost's password: <== o̽ЉKJKX[I
    sftp> exit  <== o̴NObΫݧAKJ ftp }OaFI
    

    iJ sftp ANb@ FTP ҦUާ@kSˤFIUڭ̴Nӽͤ@͡A sftp oӤUϥΫOaI

    whADE (Server) 欰
    ܂ؿ /etc/test ΨLؿ cd /etc/test
    cd PATH
    CXثeҦbؿUɦW ls
    dir
    إߥؿ mkdir directory
    Rؿ rmdir directory
    ܥثeҦbؿ pwd
    ɮשΥؿsœ chgrp groupname PATH
    ɮשΥؿ֦ chown username PATH
    ɮשΥؿv chmod 644 PATH
    䤤A644 Pv}I^hݰgI
    إ߳s ln oldname newname
    RɮשΥؿ rm PATH
    ɮשΥؿW rename oldname newname
    m}hݥDE exit (or) bye (or) quit
    w糧E (Client) 欰([W l, L pg )
    ܂ؿ쥻E PATH S lcd PATH
    CXثeEҦbؿUɦW lls
    bEإߥؿ lmkdir
    ܥثeҦbEؿ lpwd
    wƤW/U欰
    NɮץѥEWǨhݥDE put [Eؿɮ] [h]
    put [Eؿɮ]
    pGOoR榡Ahɮ׷|mثehݥDEؿUI
    NɮץѭhݥDEU^ get [hݥDEؿɮ] [E]
    get [hݥDEؿɮ]
    YOoR榡Ahɮ׷|mbثeEҦbؿSIiHϥθUΦrAҦpG
    get *
    get *.rpm
    OiH榡I

    NӨA sftp b Linux UApGҼ{ϧΤALwgiHN FTP FOI]Ҧ\ೣwg[\TI]AbҼ{ϧΤ FTP nɡAiH^} FTP AȡAӧH sftp-server Ӵ FTP AȧaI ^_^

    DG
    ] localhost hݦAABAW student oӨϥΪ̡CAQn (1)NE /etc/hosts WǨ student aؿA (2)N student .bashrc ƻs쥻E /tmp UAMpzL sftp FH
    G
    [root@www ~]# sftp student@localhost
    sftp> lls /etc/hosts   <==ݬݥESoɮ
    /etc/hosts
    sftp> put /etc/hosts   <==ܡANWǧaI
    Uploading /etc/hosts to /home/student/hosts
    /etc/hosts                        100%  243     0.2KB/s   00:00
    sftp> ls               <==SWǦ\HݭhݥؿUɦW
    hosts
    sftp> ls -a            <==SɩOH
    .               ..              .bash_history   .bash_logout
    .bash_profile   .bashrc         .mozilla        hosts
    sftt> lcd /tmp         <==Eؿ /tmp 
    sftp> lpwd             <==uOiT{ӤwI
    Local working directory: /tmp
    sftp> get .bashrc      <==SDNUaI
    Fetching /home/student/.bashrc to .bashrc
    /home/student/.bashrc             100%  124     0.1KB/s   00:00
    sftp> lls -a           <==ݥaɮɦW
    .        .font-unix   keyring-rNd7qX  .X11-unix
    ..       .gdm_socket  lost+found      scim-panel-socket:0-root
    .bashrc  .ICE-unix    mapping-root    .X0-lock
    sftp> exit             <==m}aI
    

    pGAwϥΤri FTP ljKARiHzLϧΤӳs^ sftp-server I AiHQΤGQ@ FTP A쪺 Filezilla ӶisuTI p@ӡAPAɮ׶ljKNKhFaI


    • ɮa^ƻsG scp

    q`ϥ sftp O]iणDAWɦWɮצsbApGwgDAWɮɦWFA ̔xɮ׶ljKhOzL scp oӫOI̔x scp ΪkpUG

    [root@www ~]# scp [-pr] [-l tv] file  [b@]DE:ؿW <==W
    [root@www ~]# scp [-pr] [-l tv] [b@]DE:file  ؿW <==U
    ﶵPӋG
    -p GOd쥻ɮתvơF
    -r GƻsӷؿɡAiHƻsӥؿ (tlؿ)
    -l GiHljKtסAx쬰 Kbits/s AҦp [-l 800] NljKt 100Kbytes/s
    
    # 1. NE /etc/hosts* ƻs 127.0.0.1 W student aؿ
    [root@www ~]# scp /etc/hosts* student@127.0.0.1:~
    student@127.0.0.1's password: <==KJ student KX
    hosts                        100%  207         0.2KB/s   00:00
    hosts.allow                  100%  161         0.2KB/s   00:00
    hosts.deny                   100%  347         0.3KB/s   00:00
    # ɦW                   i  eq(bytes) ljKt  Ѿlɶ
    # AiHJNݡAX{TANqpWҥܡC
    
    # 2. N 127.0.0.1 ohݥDE /etc/bashrc ƻs쥻E /tmp U
    [root@www ~]# scp student@127.0.0.1:/etc/bashrc /tmp
    

    WǩΤUIOӫ_ (:) oIs^b_᭱NOhݥDEɮסC ]ApG_beANNOqhݥDEUUӡApG_bAhNEƤWTI ӦpGQnƻsؿܡAiH[W -r ﶵI

    DG
    ]EɮɦW /root/dd_10mb_file Aoɮצ 10 MB ojC]AQnWǨ 127.0.0.1 /tmp UhA ӥBAb 127.0.0.1 W root oӱbϥvCѩWe_QA]AuQnO 100Kbyes/s ljKq@ʧ@A MpUFOH
    G
    ѩw]sboɮסA]ڭ̱oϥ dd ӫإߤ@ӤjɮסG
    dd if=/dev/zero of=/root/dd_10mb_file bs=1M count=10
    إߧSAѩOWǸơA[Ԏ -l ﶵAӳtvΪO bit A茦eq bytes ݭnW 8 A]ONnoˤUFG
    scp -l 800 /root/dd_10mb_file root@127.0.0.1:/tmp


    pADϥ11.2.4 ssh Τݳsu{ - Windows Τ

    P Linux POAw] Windows èS ssh Τݵ{A]Ҧ{onULĤTn~C `nDn pietty, psftp filezilla ΡCUNڭ̨ӽͽͳoXӳnaC


    • ^su pietty

    b Linux UQns^ SSH AAiH^Q ssh oӫOAb Windows @~tUNonϥ pietty putty oӪNAo̪UIаѦ (2)G

    b putty xWܦhniHϥΪA]A putty/pscp/psftp ΆΡCL̤ORF ssh/scp/sftp oTӫONOFCӉmRΪ pietty hOxWLwͮھ putty ҧ睊ӦCѩ pietty F㪺ۮe putty ~ARѤFxP㪺rsXAbܦnΩOAҥHUmNH pietty ӧ@oCbAU pietty AU@MɮסAN|X{pUeoG

    pietty ŰʵeܷN
    11.2-3Bpietty ŰʵeܷN

    bWϤbY 1 aАg}DEW٩Ϊ̬O IP AbY 2 SMȥ SSH @AܩbY 3 aAmwxX{˦A]iH^ק@ pietty ]wȡAҥHmOܿxTI YSDAUysuzAN|X{pUΫݵnJPKJb/KƪeG

    pietty nJPϥεeܷN
    11.2-4Bpietty nJPϥεeܷN

    oӹϥܷ|AHObDEeu@aIӥBWYRxiHHɽվrΡBrBrsXΆΪnӋC רOrsXDAɭԧA|o{}ɮ׮ɡAMeS|ýXӤO`ܡA NOsXDCnMoӰDɡAAncOUTӸytsX}ƭnۦP~G

    • rɮץbsɮɩҬD諸ytF
    • Linux { (p bash n) ҨϥΪyt (i LANG Ӌվ)F
    • pietty ҨϥΪytC

    ڭ̪D Linux sXiHzL LANG oӋӽվAMpվ pietty sXOHAiHzL 11.2-4 xCSyﶵzӳBzApUҥܡG

    վ pietty ytsX覡 (P})
    11.2-5Bվ pietty ytsX覡 (P})

    byﶵzyrsXz̭iHD big5 (cp950) Ϊ̬O unicode (utf8) sXAŦXA Linux PɮשxsƮ榡ArN OK TI ^_^IpGQn@N]wɡAiHܹ 11.2-5 WY̩UӡyN]wzءA N|X{pUϥܡC䤤󬰭nOygLkӋrgQnͮġzɡA iHӤUϪܨӎŰӋrg\G

    pietty nN]wAPgLkӋrg}
    11.2-6Bpietty nN]wAPgLkӋrg}

    NWϤbY 2 ҫӶؤĿ_ӥBUyApplyzAAgLkӋrg~^`ϥΩOA_hkӋrg|OýXTC AӡAAiHվ pietty ݅bOЦӋAoSƤӦhɡAÂHiHվ݅bӬd\eơC]wkpUG

    վeiHOЪӋAiΤ^hݸhee
    11.2-7BվeiHOЪӋAiΤ^hݸhee

    վ㧹oDZ`ΪƫAAӳoO̭nGyAnH@Ӫ SSH tknJHzeLAڭ̹w]OH version2 ӵnJAҥHo̧ڭ̥iHվ㬰 2 ӶءIo˨CnJ|H version 2 ҦnJDEFI

    ]wnJAɨϥΪ ssh tk
    11.2-8B]wnJAɨϥΪ ssh tk

    pietty ϥλP}]wy{NOoˡIp@ӡAANiHb Windows WH SSH wAnJhݪ Linux DEPIKaI ^_^ IpGQn䴩ܡAثe pietty wg䴩TIAiHKJILݭnק@UrA 11.2-5 yﶵzyrzN|X{pUϥܡG

    ܤ媺rλPsX
    11.2-9Bܤ媺rλPsX

    N(1)r]wNB(2)r]wyBig5zAp@ӡAA pietty N䴩媺KJoI

    Wڭ̧@odz]wȳOb̔[HIOb Windows nS[IAiHb Windows tSAby}lz-->yzAX{خؤKJyregeditzA |X{@ӤjCЦb䪺eSܡy HKEY_CURRENT_USER --> Software --> SimonTatham --> PuTTY --> SessionszA NiHݨA]woI ^_^I oˡA]NiHxsA]wo


    • ϥ sftp-server \G psftp

    b putty xW] psftp o{Co@{Ihbϥ sftp-serverCϥΪ覡iH^I psftp oɮסAL^ŰʡAh|X{UϼˡG

    psftp: no hostname specified; use "open host.name" to connect
    psftp>
    

    oӮɭԥiHJAns^WhDEW١AҦpڪk 192.168.100.254 oDEG

    psftp: no hostname specified; use "open host.name" to connect
    psftp> open 192.168.100.254
    login as: root
    root@192.168.100.254's password:
    Remote working directory is /root
    psftp> <== o̴NbΫݧAKJ FTP OFI
    

    Io˴NnJDETI̔xaIMLϥΤ覡e쪺 sftp @˭I[oϥΧaI


    • ϧΤƤ sftp ΤݳnG Filezilla

    SSH ҴѪ sftp \uQί¤r psftp ӳsuܡHSϧΤnOHISMI NOD`Ϊ Filezilla oIFilezilla OϧΤ@ FTP ΤݳnAϥΤWD`KA ܩNwUPϥάy{аѦҲĤGQ@ vsftpd I


    pADϥ11.2.5 sshd AN]w

    򥻤WAҦ sshd AN]wb /etc/ssh/sshd_config ̭ILAC Linux distribution w]]wӬۦPAҥHڭ̦nA@Uӳ]wȪNq~nI PɽЪ`NAbw]ɮפAunOw]X{BQ]w (]wȫe[ #)AYyw]ȡIzAAiH̾ڥӭק諸C

    [root@www ~]# vim /etc/ssh/sshd_config
    # 1. } SSH Server ]wA]tϥΪ port TAHΨϥΪKXt覡
    # Port 22
    # SSH w]ϥ 22 oportA]iHϥΦhportAYƨϥ port oӳ]wءI
    # ҦpQn} sshd b 22 P 443 Ahh[@椺eGy Port 443 z
    # M᭫sŰ sshd o˴NnFILAijק port number TI
    
    Protocol 2
    # ܪ SSH wAiHO 1 ]iHO 2 ACentOS 5.x w]OȤ䴩 V2C
    # pGQn䴩H V1 ANonϥΡy Protocol 2,1 z~C
    
    # ListenAddress 0.0.0.0
    # oDEdI|ӨҤlӻApGA IPAOO 192.168.1.100  
    # 192.168.100.254A]AuQn 192.168.1.100 iHo sshd ANo˼gG
    # y ListenAddress 192.168.1.100 zw]ȬOoҦ SSH nD
    
    # PidFile /var/run/sshd.pid
    # iHm SSHD o PID ɮסIWzw]
    
    # LoginGraceTime 2m
    # SϥΪ̳sW SSH server A|X{KJKXeAbMeA
    # bh[ɶS\sW SSH server Nj_uIYLxhw]ɶI
    
    # Compression delayed
    # wɶ}lϥΝYƼҦiljKC yes, no PnJ~NƝY (delayed)
    
    # 2. DE Private Key mɮסAw]ϥΤUɮקYiI
    # HostKey /etc/ssh/ssh_host_key        # SSH version 1 ϥΪp_
    # HostKey /etc/ssh/ssh_host_rsa_key    # SSH version 2 ϥΪ RSA p_
    # HostKey /etc/ssh/ssh_host_dsa_key    # SSH version 2 ϥΪ DSA p_
    # ROoڭ̦bDE SSH suy{̭ͨ쪺Ao̴NO Host Key 
    
    # 3. }nɪTƩmP daemon W١I
    SyslogFacility AUTHPRIV
    # SHϥ SSH nJtɭԡASSH |OTAoӸTnOb daemon name
    # UHw]OH AUTH ӳ]wAYO /var/log/secure ̭IHѰOFI
    # ^ Linux hꑤ@UCLiΪ daemon name GDAEMON,USER,AUTH,
    # LOCAL0,LOCAL1,LOCAL2,LOCAL3,LOCAL4,LOCAL5,
    
    # LogLevel INFO
    # nOίšIKKITIP˪AѰOFN^hѦҡI
    
    # 4. w]wءInI
    # 4.1 nJ]w
    # PermitRootLogin yes
    # O_\ root nJIw]O\AOij]w noI
    
    # StrictModes yes
    # O_ sshd hˬdϥΪ̮aؿά}ɮתvơA
    # oOFߨϥΪ̱NYǭnɮתv]hAi|fP@ǰDҭPC
    # ҦpϥΪ̪ ~.ssh/ v]hɡAYǯSpU|\ΤnJ
    
    # PubkeyAuthentication yes
    # AuthorizedKeysFile      .ssh/authorized_keys
    # O_\ΤۦϥΦ諸_tinJ欰AȰw version 2C
    # ܩۻs_ƴNmϥΪ̮aؿU .ssh/authorized_keys 
    
    PasswordAuthentication yes
    # KXSMOݭnIҥHo̼g yes oI
    
    # PermitEmptyPasswords no
    # YW@pG]w yes ܡAo@N̦n]w no A
    # oӶئbO_\HŪKXnJISM\I
    
    # 4.2 {҈
    # RhostsAuthentication no
    # Etϥ .rhostsA]Ȩϥ .rhostsӤwFAҥHo̤@wn]w no
    
    # IgnoreRhosts yes
    # O_ϥ ~/.ssh/.rhosts Ӱ{ҡISMOI
    
    # RhostsRSAAuthentication no #
    # oӿﶵOM version 1 ΪAϥ rhosts ɮצb /etc/hosts.equiv
    # tX RSA t覡Ӷi{ҡInϥΔ[I
    
    # HostbasedAuthentication no
    # oӶػPWALO version 2 ϥΪI
    
    # IgnoreUserKnownHosts no
    # O_aؿ ~/.ssh/known_hosts oɮשҰODEeH
    # SMnAҥHo̴NO no TI
    
    ChallengeResponseAuthentication no
    # \󪺱KX{ҡIҥHA login.conf Ww{Ҥ覡AiAΡI
    # ثeڭ̤wϥ PAM œD޲z{ҡA]oӿﶵiH]w no I
    
    UsePAM yes
    # Q PAM ޲zϥΪ̻{ҦܦhnBAiHOP޲zC
    # ҥHo̧ڭ̫ijAϥ UsePAM B ChallengeResponseAuthentication ]w no 
    @
    # 4.3 P Kerberos }Ӌ]wI]ڭ̨S Kerberos DEAҥHUγ]wI
    # KerberosAuthentication no
    # KerberosOrLocalPasswd yes
    # KerberosTicketCleanup yes
    # KerberosTgtPassing no
    @
    # 4.4 UO}b X-Window UϥΪ}]wI
    X11Forwarding yes
    # X11DisplayOffset 10
    # X11UseLocalhost yes
    # nO X11Forwarding ءALiHƳzL ssh qDӶǰeI
    # bث᭱i픪 ssh ϥΤk|ͨC
    
    # 4.5 nJ᪺ءG
    # PrintMotd yes
    # nJO_ܥX@ǸTOHҦpWnJɶBaIΆΡAw]O yes
    # YOCLX /etc/motd oɮתeCOApGFwAiHҼ{אּ no I
    
    # PrintLastLog yes
    # ܤWnJTIiH[Iw]]O yes I
    
    # TCPKeepAlive yes
    # SFsuAA|@ǰe TCP ʥ]Τݑ]HP_覡_@sbsuC
    # LApGsuɤѾȮɰAȴXA]|su_I
    # boӱpUA@ݦASSHiHߨ誾DIӤ|͵{Ǫo͡I
    # pGAθѾ``TwAiH]w no TI
    
    UsePrivilegeSeparation yes
    # O_ϥvC{ǨӴѨϥΪ̾ާ@Cڭ̪D sshd Űʦb port 22 A
    # ]Űʪ{ǬOݩ root CS student nJAoӳ]w
    # | sshd ͤ@ݩ sutdent  sshd {ǨӨϥΡAtw
    
    MaxStartups 10
    # Pɤ\Xө|nJsueHSڭ̳sW SSH AO|KJKXɡA
    # oӮɭԴNOڭ̩ҿתsueTIboӳsueAFO@DEA
    # ҥHݭn]w̤jȡAw]̦hQӳsueAӤwgإ߳supboQS
    
    # 4.6 }ϥΪ̩ת]wءG
    DenyUsers *
    # ]wתϥΪ̦W١ApGOϥΪ̡ANOקaI
    # YOϥΪ̡AiHNMbJIҦpUCI
    DenyUsers test
    
    DenyGroups test
    # P DenyUsers ۦPIȩ״XӸsœӤwI
    
    # 5. } SFTP AȻPL]wءI
    Subsystem       sftp    /usr/lib/ssh/sftp-server
    # UseDNS yes
    # @ӻAFnP_ΤݨӷO`XkA]|ϥ DNS hϬdΤݪDEW
    # LpGObsAoس]w no |suFtפ֡C
    

    򥻤WACentOS w] sshd AȤwgOwFALR^IijA (1)N root nJvF (2)N ssh ]w 2 CL]wȴNЧA̷Ӧۤvߦnӳ]wFC q`ijiHKקTIt~ApGAקLWoɮ(/etc/ssh/sshd_config)ANݭnsŰʤ@ sshd o daemon ~IYOG

    • /etc/init.d/sshd restart

    pADϥ11.2.6 s@αKXiߧYnJ ssh Τ

    Aγ\wgQFAJM ssh iHϥ scp ӶiƻsܡAگणN scp Om crontab AȤA ڭ̪tzL scp ^bIUۦwiƻsPQOHpA׬OGyw]pU\ʧ@zI ƻOH]w]pUAAnzLhݵnJAP scp ʪKJKX~[I crontab S|AݤKJKXA ҥHM{ǴN|@dӵLkb crontab 榨\I Hڭ̭noӦnΪƻsuܡHSMOTIڭ̥iHzL_{ҨtӳBzI

    JM SSH iHϥΪ_tӤơAåBѨϥΪ̸ƪ[K\AiiQγo Key NѨϥΪ̦ۤviJDEAӤݭnKJKXOHInDNIڭ̥iHN Client ͪ Key L Server SAҥHA H Client nJ Server ɡAѩ̦b SSH nsuTǻANwgL Key FA ]AiHߧYiJƶljKAӤݭnAKJKXOIb@WBJiHOG

    1. Τݫإߨ_GQ@QAb_tAO_nROp_nH SMOp_nI]p_~OK}g[IҥHoAo_SMobo_suΤݫظm~CQΪO ssh-keygen oөROF

    2. Τݩmnp_ɮGN Private Key b Client WaؿAY $HOME/.ssh/ A åBon`NvI

    3. N_mAݪTؿPɦWhG̫AN Public Key b@ӧAQnΨӵnJAݪY User aؿ .ssh/ ̭{ɮקYiӵ{ǡC

    On^ܧxˤlABJu̔xAڭ̨̧ǨӶi@~nFI]epUAMi檺BJhpUϡG

    • Server www.centos.vbird o 192.168.100.254 DEAϥΪb dmtsai F
    • Client clientlinux.centos.vbird o 192.168.100.10 vbirdtsai oӱbA MbnΨӵnJ 192.168.100.254 oDE dmtsai bC
    s@ݭnKX ssh b򥻬y{
    11.2-10Bs@ݭnKX ssh b򥻬y{

    • 1. Τݫإߨ_͡G

    إߪk̔xAb clientlinux.centos.vbird oDEWH vbirdtsai ӫإߨ_ͧYiC LAݭn`NOAڭ̦hRKXtkApGwStkAhw]H RSA tkӳBzG

    [vbirdtsai@clientlinux ~]$ ssh-keygen [-t rsa|dsa] <==i rsa  dsa
    [vbirdtsai@clientlinux ~]$ ssh-keygen  <==ιw]kإߪ_
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/vbirdtsai/.ssh/id_rsa): <== enter
    Created directory '/home/vbirdtsai/.ssh'. <==ؿYsbh|Dʫإ
    Enter passphrase (empty for no passphrase): <== Enter KX
    Enter same passphrase again: <==AKJ@ Enter aI
    Your identification has been saved in /home/vbirdtsai/.ssh/id_rsa. <==p_
    Your public key has been saved in /home/vbirdtsai/.ssh/id_rsa.pub. <==_
    The key fingerprint is:
    0f:d3:e7:1a:1c:bd:5c:03:f1:19:f1:22:df:9b:cc:08 vbirdtsai@clientlinux.centos.vbird
    
    [vbirdtsai@clientlinux ~]$ ls -ld ~/.ssh; ls -l ~/.ssh
    drwx------. 2 vbirdtsai vbirdtsai 4096 2011-07-25 12:58 /home/vbirdtsai/.ssh
    -rw-------. 1 vbirdtsai vbirdtsai 1675 2011-07-25 12:58 id_rsa      <==p_
    -rw-r--r--. 1 vbirdtsai vbirdtsai  416 2011-07-25 12:58 id_rsa.pub  <==_
    

    Ъ`NWAڪO vbirdtsai AҥHSڰ ssh-keygen ɡA~|bڪaؿU .ssh/ oӥؿ̭ͩһݭn Keys AOOp_ (id_rsa) P_ (id_rsa.pub)C ~/.ssh/ ؿnO 700 v~It~@ӭnSO`NNO id_rsa ɮvTILnO -rw------- Bݩ vbirdtsai ۤv~I_hbӪ_諸L{SAi|QPwMIӵLk\Hp_ɮתEӹFsuC Aإߨp_w]vPɦWmmOTAAunˬdLSDYiC


    • 2. N_ɮ׸ƤWǨAWG

    ]ڭ̭nnJ www.centos.vbird OH dmtsai A]ڭ̴NonNWӨBJإߪ_ (id_rsa.pub) WǨAW dmtsai Τ~CpWǩOH̔xkSMNOϥ scp I

    [vbirdtsai@clientlinux ~]$ scp ~/.ssh/id_rsa.pub dmtsai@192.168.100.254:~
    # WǨ dmtsai aؿUYiC
    


    • 3. N_mAݪTؿPɦWG

    ROo sshd_config ̭ͨ쪺 AuthorizedKeysFile oӳ]wȧaHM]wȴNObw_RMnmɦWoIҥHAڭ̥nAݪ dmtsai oӥΤᨭUA NWǪ id_rsa.pub ƪ[ authorized_keys oɮפ~C@kI^oˡG

    # 1. إ ~/.ssh ɮסA`Nvݭn 700 I
    [dmtsai@www ~]$ ls -ld .ssh
    ls: .ssh: S@ɮשΥؿ
    # ѩiOsتΤA]oӥؿsbCsb~@Uإߥؿ欰
    
    [dmtsai@www ~]$ mkdir .ssh; chmod 700 .ssh
    [dmtsai@www ~]$ ls -ld .ssh
    drwx------. 2 dmtsai dmtsai 4096 Jul 25 13:06 .ssh
    # v]wAȥO 700 BݩϥΪ̥HbPsœ~I
    
    # 2. N_ɮפƨϥ cat 茦s authorized_keys 
    [dmtsai@www ~]$ ls -l *pub
    -rw-r--r--. 1 dmtsai dmtsai 416 Jul 25 13:05 id_rsa.pub <==Tsb
    
    [dmtsai@www ~]$ cat id_rsa.pub >> .ssh/authorized_keys
    [dmtsai@www ~]$ chmod 644 .ssh/authorized_keys
    [dmtsai@www ~]$ ls -l .ssh
    -rw-r--r--. 1 dmtsai dmtsai 416 Jul 25 13:07 authorized_keys
    # oɮתv]wANonO 644 ~iHIiHdVFI
    


    o˴Ndw_toIHAq clientlinux.centos.vbird vbirdtsai nJ www.centos.vbird dmtsai ΤɡA Nݭn󪺱KXoI|ҨӻAAiHo˴ݬoG

    DG
    zLWzרҽmߦ\AЦb clientlinux vbirdtsai ANt /etc/hosts* ɮ׽ƻs www.centos.vbird dmtsai Τ᪺aؿC
    G
    [vbirdtsai@clientlinux ~]$ scp /etc/hosts* dmtsai@192.168.100.254:~
    hosts                                        100%  187     0.2KB/s   00:00
    hosts.allow                                  100%  161     0.2KB/s   00:00
    hosts.deny                                   100%  347     0.3KB/s   00:00
    # A|o{A쥻|X{ӱKXܸƤ|X{FI
    
    [vbirdtsai@clientlinux ~]$ ssh dmtsai@192.168.100.254 "ls -l"
    -rw-r--r--. 1 dmtsai dmtsai 196 2011-07-25 13:09 hosts
    -rw-r--r--. 1 dmtsai dmtsai 370 2011-07-25 13:09 hosts.allow
    -rw-r--r--. 1 dmtsai dmtsai 460 2011-07-25 13:09 hosts.deny
    -rw-r--r--. 1 dmtsai dmtsai 416 2011-07-25 13:05 id_rsa.pub
    # TƻshFIܥXThݸƭI
    

    ̔xBJaIoˤ@ӡAϥ ssh }ΤݫONiHݱKXFILApAbإߪ_tBJAnOoOG

    • Client s@X Public & Private o keysAB Private ݩ ~/.ssh/ F
    • Server n Public Key ABmϥΪ̮aؿU ~/.ssh/authorized_keysAPɥؿv (.ssh/) O 700 ɮvh 644 APɮת֦̻PsœPMbkX~C

    ӡASARQnnJLDEɡAunNA public key (NO id_rsa.pub oɮ) L copy LDEWhAåBsWYb ~/.ssh/authorized_keys oɮפII\I


    pADϥ11.2.7 ̔w]w

    AjaQySSH OӦwAȡzҴFFI sshd äwIꑶ} openssh LhvӬݡATܦhHOQ ssh {|}ӨohݥDE root vAi@B±誺DEIҥHoN໡ܡA]OܦwTI

    sshd ҿתywzOy sshd ƬO[KLAҥHLƦb Internet WǻɬOwCܩ sshd oӪAȥNO˦wFIҥHGyDnAnN sshd Internet }inJvAɶq]bXӤpd򤺪 IP ΥDEW٧YiIoܭnI

    nFA}w]w譱ASȱo`NOHSMOTIڭ̥iHijXӶاaIOiHѩUoT譱ӶiG

    • An饻]wjơG/etc/ssh/sshd_config
    • TCP wrapper ϥΡG/etc/hosts.allow, /etc/hosts.deny
    • iptables ϥΡG iptables.rule, iptables.allow

    • An饻]wjơG/etc/ssh/sshd_config

    @ӨAoɮתw]شNwgܧQFIҥHAWOӻݭnʥLI OApGAǨϥΪ̤譱U{AiHo˭ץ@ǰDOI

    • T root oӱbϥ sshd AȡF
    • T nossh oӸsœΤϥ sshd AȡF
    • T testssh oӥΤϥ sshd AȡF

    FWzb~ALΤhiH`ϥΨtC{bm]Aṱwg sshnot1, sshnot2, sshnot3 [J nossh sœA PɨtR testssh, student αbC}bBzЦۦѦҰgӳ]wAUȬOCX[ԎIG

    # 1. [Ԏ@UһݭnbO_sbOH
    [root@www ~]# for user in sshnot1 sshnot2 sshnot3 testssh student; do \
    > id $user | cut -d ' ' -f1-3 ; done
    uid=507(sshnot1) gid=509(sshnot1) groups=509(sshnot1),508(nossh)
    uid=508(sshnot2) gid=510(sshnot2) groups=510(sshnot2),508(nossh)
    uid=509(sshnot3) gid=511(sshnot3) groups=511(sshnot3),508(nossh)
    uid=511(testssh) gid=513(testssh) groups=513(testssh)
    uid=505(student) gid=506(student) groups=506(student)
    # YWzbäsbAtAЦۤvظmXӡIUID/GID PmP]S}YI
    
    # 2. ק sshd_config åBsŰ sshd aI
    [root@www ~]# vim /etc/ssh/sshd_config
    PermitRootLogin no  <==b 39 AЮBק令o
    DenyGroups  nossh   <==UoiH[bɮת̫᭱
    DenyUsers   testssh
    
    [root@www ~]# /etc/init.d/sshd restart
    
    # 3. P[Ԏ}bnJpaI
    [root@www ~]# ssh root@localhost  <==ýЉKJTKX
    [root@www ~]# tail /var/log/secure
    Jul 25 13:14:05 www sshd[2039]: pam_unix(sshd:auth): authentication failure; 
    logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=root
    # A|o{X{oӎh~TAӤOKXKJh~ӤwC
    
    [root@www ~]# ssh sshnot1@localhost  <==ýЉKJTKX
    [root@www ~]# tail /var/log/secure
    Jul 25 13:15:53 www sshd[2061]: User sshnot1 from localhost not allowed because
    a group is listed in DenyGroups
    
    [root@www ~]# ssh testssh@localhost  <==ýЉKJTKX
    [root@www ~]# tail /var/log/secure
    Jul 25 13:17:16 www sshd[2074]: User testssh from localhost not allowed 
    because listed in DenyUsers
    

    qWGӬݡAAN|o{APnJb|ͤ@˪nɓGC]ASAѬOLkQϥ ssh nJY@DEɡAOoMAWhˬdݬݵnɡAwN|QAMDoIbڭ̪EWARO root nJI


    • /etc/hosts.allow /etc/hosts.deny

    |ҨӻAA sshd uQEHΰϺDEӷ^nJܡANo˧@G

    [root@www ~]# vim /etc/hosts.allow
    sshd: 127.0.0.1 192.168.1.0/255.255.255.0 192.168.100.0/255.255.255.0
    
    [root@www ~]# vim /etc/hosts.deny
    sshd : ALL 
    


    • iptables ʥ]Lo

    hXhO@]ܦnIҥH]iHϥ iptables I ѦҡGĤEءBP NAT Aڸ}{AARMb iptables.rule N port 22 \AMA iptables.allow ̭sWoG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.allow
    iptables -A INPUT -i $EXTIF -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -i $EXTIF -s 192.168.100.0/24 -p tcp --dport 22 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    

    WzkBzܫApGARO@EAOonN]wR^ӽI̫A ymI~jaAn} SSH nJvҦ Internet WDEz oܭn]pGiH ssh iJADEA...ӦMIF


    jADϥ11.3 ̭lϧΤG Xdmcp AȪť

    Ҽ{@ӱpApGA Linux DEDnOΨӧ@ϧγBzɡAӥBPɦhHݭnΨ쨺ӥ\A @ Linux O_@ȯണѤ@ӤHBzӳnOHKKIi@wI] Linux Suq X Window System [I{bNӽͽͲĤ@ӹϧΤhݳsuAaI


    pADϥ11.3.1 X Window Server/Client [cPU

    ѩڭ Linux ϥΪϧΤOҿת X-Window System FAoNO^wxAثeb Linux WY}oϧΤnAXGOϥγo X [cӳBzAҥHoAAN^D X Window TI ڭ̦bgĤTGQ|ؤwgL X Window TA ]o̥u|@̔xAHKjaAڭ̪nOowUP]wI

    X Window System bB@L{AS]ƤPӤ X Server P X Client R{ǡAMO X Server/Client A OL@ΫoPDE Server/Client [cjóӻ X Server/Client oR{ǩҭtdȥG

    • X ServerG oœ{ǥDntdO݁eøsPC X Server iH^Ӧ X client ӋڡANoӋøse{ϭb݁WC ~Aڭ̲ʷƹBI@ơBgLKJƆΆΡA]|zL X Server ӶǹF X Client ݡAӥ X Client ӥ[HBXRøsơF

    • X ClientG oœ{ǥDntdOƪBC X Client b^ X Server ǨӪƫ (ҦpʷƹBI@ icon ΰʧ@)A|gѥBӱoƹRMnp󲾰ʡB I@GRMnX{˪ơBgLKJGRMnpe{ΆΡAMNoǓGi X Server ALۦhøs݁WC
    Tips:
    m``}A X server NOeA X client NO⮳e۪eaCAone (޲znҦiܪw) eaQk (pXӪøӋ) ~^øseWI
    mϥ

    ѩC@ X client OWߦsb{ǡA]bϧܷ|oͤ@|ϪD (Q^@UC@ X client O@ӫܦۧڪeaA Cӵeaӻ{誺sbAU۪beW@eA̫᪺G|OpH)C]AӴN@œS X client bi޲zҦL X client {Ao`ުNNNO Window ManagerI

    • Window Manager (WM)GO@œҦ X client ޲z{AæPɴѨҦpu@CB IୱB[ୱBjpBʻP|܆ΥCWindow manager DnѤ@ǤjpُשҶ}oӨӡA` GNOME, KDE, XFCE

    JM X Window System O Linux W@œ{A򥦦pŰʪOHϥΪ̦bnJtAnۤvŰ X server {AMAŰʭӧO Window manager AYLݨDAAŰʨLB~ X client NOFCoꐷСIҥHF̔ƎŰʭӤHϧΤBJARҿת Display Manager (DM) oNI

    • Display Manager (DM)GѨϥΪ̵nJeHϥΪ̥iH]ѹϧΤnJC bϥΪ̵nJAizL display manager \hIsL Window manager AϥΪ̦bϧΤnJL{ܱo̔xC ѩ DM ]OŰʤ@ӆΫ݉KJbKXϧθơA] DM |Dʥh@ X Server MbWYJΫ݉KJeNOFC

    bثesX Linux distributions Aq`ŰʹϧΤϥΪ̵nJ覡AO Display Manager {A M{|DʸJ@ X Server {AMAѤ@ӆΫ݉KJbKX{AAھڨϥΪ̪ܥhŰʩһݭn Window Manager {A̫NѨϥΪ̪^ާ@ WM ӪϧΤoC

    DG
    b CentOS 6.x SAYw] init 5 pUA̜ŰʹϧΤO@{H
    G
    R /etc/init/* SɮסA|o{ɮתeOoˡG
    [root@www ~]# cat /etc/init/prefdm.conf
    start on stopped rc RUNLEVEL=5
    stop on starting rc RUNLEVEL=[!5]
    console output
    respawn
    respawn limit 10 120
    exec /etc/X11/prefdm -nodaemon
    AiHR /etc/X11/prefdm eAN^o{MŰʪNO@ X display manager {FI

    DG
    nJ init 5 CentOS 6.x eA tty1 hd\@U X server Oѭ@{ҳH
    G
    ڭ̥iHzL pstree [Ԏ{Ƕ}ʳIPɪ`NAw] CentOS 6.x X server {W٬ Xorg C
    [root@www ~]# pstree -p
    init(1)-+-NetworkManager(1086)
    ....(ٲ)....
            |-gdm-binary(2642)---gdm-simple-slav(2661)-+-Xorg(2663)
            |                                          |-gdm-session-wor(2746)
    ....(᭱ٲ)....
    
    ѤWzƨӬݡAgdm-binary iH Xorg IPzAڭ̤]|Dѻ{ҪϧεeRMO gdm-session ҴѪI


    • X Window System ΦbW覡G XDMCP

    S X server, X client bP@DEWɭԡAAiHܻPŰʤ@ӧ㪺 X Window SystemC OpGAQnzLoEbWŰ X OHɧAobΤݎŰʤ@ X server NϧΤøϩһݭnwUmtmnA åBŰʤ@ X server `^f (q`O port 6000)AMAѦAݪ X client oøӋڡAANøsoC zLoEAAiHb@Ű X server nJAIӥBާA@~tOԣOINqN^UϡA p@ӡAANiHoAҴѪϧΤTI

    X server/client [c
    11.3-1BX server/client [c

    OpGAOϥγ̲ªkbΤݦۤvŰ X server AMbiDAN X client {@Ӥ@ӪJ^ӡA Nӂ}HFaIڭ̤eWOLiH display manager Ӻ޲zϥΪ̪nJPŰ X ܡHAणണѤ@AȡA ڭ̪^zLA display manager N^ѧڭ̵nJ{һPJۤvܪ window manager ܡAo˴NӴΤFI ^FܡHSMiH[INOzL Xdmcp (X display manager control protocol) (3) TI

    Xdmcp Űʫ|bA udp 177 }loAMSΤݪ X server suA port 177 A ڭ̪ Xdmcp N|bΤݪ X server WϥΪ̉KJbKϧΤ{oIANzLo Xdmcp hJAҴѪ Window Manager } X client oIAN^oϧΤhݳsuAIҒaI

    򤰻ɭԷ|X{hϥΪ̳sJAo X pOHHmҤlӻAmǦ@œ Linux biӋȼ[A LKXGO NetCDF ɮסAڭ̥ϥ PAVE o@MnhBzoǸơCOڭ̦TӤHPɳ|ϥΨ쨺ӥ\A Linux DEObE[ḓAnڭ̞bӤppŶeyۡzާ@qAiuOQH[ oӮɭԡAڭ̴N|[]ϧΤhݵnJAAڭ̥iHyhHPɥHϧΤnJ Linux DEzӾާ@ڭ̦ۤv{ǡIܴΡAOܡI


    pADϥ11.3.2 ]w gdm XDMCP A

    JMOҿת Xdmcp wAO_NۻP X display manager }OHShTI Xdmcp wO DM {ҴѪC ڭ̪ CentOS w] DM GNOME oӭpeҴѪ gdm I]AAQnŰ Xdmcp AȡANonw gdm oӵ{ӳ]woC o gdm ]wƳmb /etc/gdm/ ؿUAӧڭ̩ҭnק諸]wɨȬO@ /etc/gdm/custom.conf (4) ɮצӤwC

    Tips:
    X11 Ѫ display manager xdm AӵۦW KDE P GNOME ]ۤv display manager ޲z{ǡAOO kdm P gdm CAiHzLT̤@̪ display manager ]wɨӎŰ xdmcp oӨwO
    mϥ

    LA]ڭ̦wUǬOyBasic serverzAҥHܦhϧΤnèSQwU_ӡC]Ab@ Xdmcp eAڭ̱owUϧΤ~Iϥ yum groupinstall ӦwUaI

    # ˬdݬݻP X }nsœǡH
    [root@www ~]# yum grouplist
       Desktop
       Desktop Platform
       X Window System
    # oTӺO̭nؤFIonwU_Ӥ~Igdm Ob Destop I 
    
    [root@www ~]# yum groupinstall "Desktop" "Desktop Platform" \
    > "X Window System"
    

    Wi槹ܫA{b~}ldw custom.conf TIӄݬݡI

    [root@www ~]# vim /etc/gdm/custom.conf
    [security]           <==bPw譱}TAjhn}Ʃy
    AllowRemoteRoot=yes  <==xdmcp w]\ root nJAoγoӶؤ~H root nJ
    DisallowTCP=false    <==oӶئb\Τݨϥ TCP 覡su xdmcp
    
    [xdmcp]              <==NOoӤp`I@oI
    Enable=true          <==Ű xdmcp ̭noI
    # WzSr骺NOAonۤvsWeoI
    
    [root@www ~]# init 5
    # WzoӫO| X ϧεeApGTwnϥ gdmArunlevel oվ 5 ~n
    # GupܡANonվ /etc/inittab oI
    
    [root@www ~]# netstat -tulnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address  Foreign Address   State    PID/Program name
    tcp        0      0 0.0.0.0:6000   0.0.0.0:*         LISTEN   4557/Xorg
    tcp        0      0 :::6000        :::*              LISTEN   4557/Xorg
    udp        0      0 0.0.0.0:177    0.0.0.0:*                  4536/gdm-binary
    # Wz port 6000 O DisallowTCP=false ؎ŰʪAport 177 ~Oڭ̭n
    

    Wzʧ@mOb runlevel 3 UŰʪApGAOb runlevel 5 UɡA]A]iHQΡy init 3 && init 5 zӭsŰʹϧΤCpGAOb runlevel 3 UåBƱܧ󦨬 runlevel 5 OHSMpŰ port 177 [HpGOo˪ܡAAiHoˎŰ xdmcp TG

    [root@www ~]# init 3
    [root@www ~]# runlevel
    5 3 <==䪺Oe@ runlevelAk䪺OثeA]ثeO runlevel 3
    [root@www ~]# gdm   <==o˴NŰ xdmcp oI
    [root@www ~]# vim /etc/rc.d/rc.local
    /usr/sbin/gdm
    

    {bADpbP runlevel Ű xdmcp FaHpGO runlevel 5 A]b /etc/inittab Nwg۰ʎŰ gdm FA ҥHAunQŰ runlevel 5 YiCpGAOb runlevel 3 ܡA]o gdm N|QtŰʬy{ŰʡA Aunۤvb /etc/rc.d/rc.local ̭wŰʥLoIoAIHLAJMAnϥ xdmcp FAҥHijz^Űʦb runlevel 5 YiI^UӡAAon}ΤݹA port 177 su~I ЦۦקAWhA} udp port 177 aImo̰]AϥΉm}AAo˧@NnFG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
    iptables -A INPUT -p UDP -i $EXTIF --dport 177 --sport 1024:65534 \
     -s 192.168.100.0/24 -j ACCEPT #xdmcp
    # `NISIOϥ UDP fHΥ[Jӷ IP kޡI
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    [root@www ~]# iptables-save | grep 177
    -A INPUT -s 192.168.100.0/24 -i eth0 -p udp -m udp --sport 1024:65534 --dport 177 -j ACCEPT
    # T} port 177 AӥBO udp fIn`NoӶءC
    

    pADϥ11.3.3 Τt Linux nJ覡

    ѩ Linux NO X server ѨӪA]ϥ Linux nJhݪϧΦAO̔xTI O]Ű X 覡PӤwӋRŰʤ覡AUڭ̴Nӱ`Űʤ覡G


    • bP X UŰʳsuG ^ X

    pGAΤݤwgb runlevel 5 FA]Awg@ X Ao쪺ܜEN٬y :0 zC b CentOS 6.x 줤ApG쥻NO runlevel 5 AoӹϧΤ :0 Ob tty1 ETIpGO runlevel 3 ŰʹϧΤANOb tty7 Iѩwg@ X FA]Anbt~EŰʥt@ X ~Iӷs X N٬ :1 Aq`Nb tty7 tty8 TI] X server n^ X client nv~A ҥHAob}^ӦۦA X client ơC

    ~AMAbΤݬOHDʪ覡s^A udp port 177 AOA X client o|Dʪs^AΤݪ X serverA]AAn}ӦۦAݥDʹA TCP port 6001 (]O :1 ) su~INݬݡG

    # 1.  X client ǨӪơGb X Window eSť shell KJG
    [root@clientlinux ~]# xhost + 192.168.100.254
    192.168.100.254 being added to access control list
    # `NIAOΤݡIB]ڭ診 Linux DE IP  192.168.100.254
    
    # 2. }l樾A]ڭ̎Ű port 6001 AҥHAbΤݳo˧@G
    [root@clientlinux ~]# vim /usr/local/virus/iptables/iptables.allow
    iptables -A INPUT -i $EXTIF -s 192.168.100.0/24 -p tcp --dport 6001 -j ACCEPT
    
    [root@clientlinux ~]# /usr/local/virus/iptables/iptables.rule
    [root@clientlinux ~]# iptables-save
    -A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 6001 -j ACCEPT
    # nݨWo@~潗I
    
    # 3. br (Ҧp tty1) UKJpUOG
    [root@clientlinux ~]# X -query 192.168.100.254 :1
    # iJ X Window oI
    

    pG@QܡAAb clientlinux.centos.vbird N|ݨpUe(`NDEW)G

    bΤݳsW Xdmcp \e
    11.3-2BbΤݳsW Xdmcp \e

    bWϤKJTbPKXAAb tty8 (:1) N|ӵoIApGQn^쥻EA N^ tty7 (:0) Yi\I(b runlevel 5 ɡA:0 b tty1 A :1 b tty7 I)Qn} tty8 MpOnHA^b tty8 nXTA]nXAt|s}@ӆΫݵnJeAAROSk}CAon^Ű X tty1 MU [ctrl]-c _suYiI


    • bP@ X UŰʥt@ XG ϥ Xnest

    pG``b tty7, tty8 ӥhܡAӷ|ѰO쩳bӤFAרOSAୱ@Ҥ@ˮɡA NP_FCSk^b tty7 Űʥt@ӵӸJhݦAϧΤOHiHANzL Xnest aI oOݭnb X UϥγI̔xΪkpUG

    [root@www ~]# Xnest -query DEW -geometry R :1
    ﶵPӋG
    -query    G᭱^ xdmcp ADEW٩ IP o
    -geometry G᭱^eRסAҦp 1024x768  800x600 ΤR
    
    # ھڤWzơAϥ 800x600 sW 192.168.100.254 DEG
    [root@www ~]# yum install xorg-x11-server-Xnest
    [root@www ~]# Xnest -query 192.168.100.254 -geometry 640x480 :1
    

    pG@QܡAAN|b tty7 E X UݨpUe (UeOwgnJpI)

    bΤݪ X QsW Xdmcp e
    11.3-3BbΤݪ X QsW Xdmcp e

    @}lϥܷ|P 11.3-2 @ˡANOX{KJbKeApGKJTbKA N|X{WzϥܤFCJNݤ@UeSEAYAAN|o{TODEୱOIo˦SδΡH ^_^I n}o X N̔xhFI^U}AΪ̬O_ Xnest {YiC


    pADϥ11.3.4 Τt Windows nJ覡G Xming

    ѩ Windows èSѹw] X server A]ڭ̱onۦwU X server b Windows W~C ثe` X server UoXӡG

    䤤 X-Win32 P Exceed ݩη~nA Xming hݩ󻴶qŪۥѳnAOqŨëDnA ӬO] Xming ɮׯuܤpAM\ೣFAҥHOܤ઺@ӳnI]UmOH Xming (5) @dҨӤC

    1. wUGAiHϥιw]kA@U@BwUUhAN^QwUn Xming oM X server noC

    2. ŰʡGЦby}lz-->y{z-->yXmingz-->yXLaunchz}ų]wsu xdmcp 覡CUڭ̷|ϥΰϺs (broadcast) ӧ xdmcp A覡CŰ XLaunch |X{pUϥܡG

      Xming  Xdmcp s^覡ܷN
      11.3-4BXming Xdmcp s^覡ܷN

      OoWϥܭn One window Fullscreen One window without titlebar ~^ϥ XDMCP IܧܫyU@Bz N|X{pUeG

      Xming  Xdmcp s^覡ܷN
      11.3-5BXming Xdmcp s^覡ܷN

      WzϥS@TRǻ X client kAboӤp`Sڭ̭ns xdmcp AҥHAonܲĤTӳIAU@B|X{UϡG

      Xming  Xdmcp s^覡ܷN
      11.3-6BXming Xdmcp s^覡ܷN

      oSMNOs^AQnsWh xdmcp AoINL IP WhaIAU@BhG

      Xming  Xdmcp s^覡ܷN
      11.3-7BXming Xdmcp s^覡ܷN

      WϪػPƪ۽ƻsKW}AOdw]ȧYiCUU@BaI

      Xming  Xdmcp s^覡ܷN
      11.3-8BXming Xdmcp s^覡ܷN

      X{WϴNO]wܤFAUyzAAN|o{pP 11.3-2 eX{AAN^}lb Windows UsWϧΤ Linux Server oIܻPaI

    • Ib Server P Client W

    qW]wSA|o{A XDMCP AOb Server RO Client ]wW̔xIOɭԧANO|o{A Ҧʧ@FAONOSksW Xdmcp AI̮eo͎h~NOTI]Mڭ̥ΤݎŰ X server A|DʳsuAݪ Xdmcp (port 177)AOA^UӫoOADʳsuڭ̥Τݪ X server (iO port 6000~6010)C ]ApGAuO]wFAӤwAܥiX{DRMNOΤݪѰO}ѦADʳsuWhoI oIOnjaI


    jADϥ11.4 RϧΤG VNC A

    NpPWY쪺Aϥ xdmcp i|ŰʦhӤPfAfP]wWxZǡCS̔x@IϧΤs^覡H RܦhTAbo̧ڭ̥@Ӥ̔xANO VNC (Virtual Network Computing) oNTI(6)


    pADϥ11.4.1 w] VNC AGϥ twm window manager

    VNC server |bAݎŰʤ@ӺoΤnDfA@fXb 5901 ~ 5910 CSΤݎŰ X server su 5901 A VNC server AN@͹w]wn X client zLoӳsuǻΤݤWA̜N^bΤܦAϧΤFC

    Lݭn`NOAw] VNC server OWߴѵyx@z@ӥΤݨӳsuA]SAnϥ VNC ɡA AsuAhŰ VNC server YiCҥHA@ӻA VNC server OϥΤʎŰʪAMϥΧܫA AN VNC server }YiCӧ@k̔xIAiHo˧@G

    [root@www ~]# vncserver [:X] [-geometry R] [options]
    [root@www ~]# vncserver [-kill :X]
    ﶵPӋG
    :X     GNON VNC server }bӰfApGO :1 hN VNC 5901 f
    -geometry GNORסAҦp 1024x768  800x600 
    options   GL X }ﶵAҦp -query localhost 
    -kill     GNwgŰʪ VNC fRI̾ڨC
    
    [root@www ~]# yum install tigervnc-server
    # oӬOnAnA`Nn骺WٳIPePI
    
    # N VNC server Űʦb 5903 f
    [root@www ~]# vncserver :3
    
    You will require a password to access your desktops.
    
    Password:  <==KJ VNC suKXAoOإ VNC ɩһݭn
    Verify:    <==AKJ@ۦPKX
    xauth:  creating new authority file /root/.Xauthority
    
    New 'www.centos.vbird:3 (root)' desktop is www.centos.vbird:3
    
    Creating default startup script /root/.vnc/xstartup
    Starting applications specified in /root/.vnc/xstartup
    Log file is /root/.vnc/www.centos.vbird:3.log
    
    [root@www ~]# netstat -tulnp | grep X
    tcp        0      0 0.0.0.0:5903   0.0.0.0:*      LISTEN      4361/Xvnc
    tcp        0      0 0.0.0.0:6000   0.0.0.0:*      LISTEN      1755/Xorg
    tcp        0      0 0.0.0.0:6003   0.0.0.0:*      LISTEN      4361/Xvnc
    tcp        0      0 :::6000        :::*           LISTEN      1755/Xorg
    tcp        0      0 :::6003        :::*           LISTEN      4361/Xvnc
    # wgŰʩһݭnfoI
    

    bWzOާ@AAnDXӶجOG

    1. KXܤֻݭnӦr
    2. ̾ڨϥ vncserver ANإߪKXmMbaؿUCҦpWzOϥ root A]KXɷ|b /root/.vnc/passwd oɮפOYMɮפwgsbAh|X{إ߱KXeC
    3. SΤݳsu\AAN|ǰe /root/.vnc/startx X client ΤݳI

    pGAQnק VNC KXOH̔xANϥ vncpasswd aI

    [root@www ~]# ls -l /root/.vnc/passwd
    -rw-------. 1 root root 8 Jul 26 15:08 /root/.vnc/passwd
    [root@www ~]# vncpasswd
    Password:  <==NOo̶}lKJsKX[I
    Verify:
    [root@www ~]# ls -l /root/.vnc/passwd
    -rw-------. 1 root root 8 Jul 26 15:15 /root/.vnc/passwd
    # ݧaIɶsIoɮתeʹLoI
    

    ^UӶ}l 5903 oӰfsuWhaI]wpi|} 11 VNC fAҥHۯܤ@f} 11 ӰfaI

    [root@www ~]# vim /usr/local/virus/iptables/iptables.allow
    iptables -A INPUT -i $EXTIF -s 192.168.100.0/24 -p tcp --dport 5900:5910 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    [root@www ~]# iptables-save
    -A INPUT -s 192.168.100.0/24 -i eth0 -p tcp -m tcp --dport 5900:5910 -j ACCEPT
    # nݱoWo~ OK I
    

    pADϥ11.4.2 VNC Τݳsun

    P xdmcp TA VNC Τݦb Linux tWw]nAOb Windows tWhnB~wULnC ڭ̥ӽͽ Linux VNC ΤnaI


    • Linux Τݵ{G vncviewer

    Φb Linux Τݪ VNC {ANO vncviewerCuOAoӳnw]SwUAҥHAonϥ yum wUܫAӳsuaIL@˭n`NAAݪ@˭n]wSIM}lbΤݪϧΤW橳UơG

    [root@clientlinux ~]# yum install tigervnc
    [root@clientlinux ~]# vncviewer 192.168.10.254:3
    # oӫOФ@w@wnbϧΤW~IܭnIOѤFI
    
    b Linux Τݰ vncviewer {ǥܷN
    11.4-1Bb Linux Τݰ vncviewer {ǥܷN

    bWSKJ誺 root VNC suKXAЪ`NAO VNC suKXAӤO root nJKXI o̬OtܦhI]ѩŰ VNC O root A]o̤~ϥ root VNC suKXC ҥHAܦhɨAڭ̳OijϥΤ@먭ӎŰ VNC server TISAKJT VNC suKXA |X{pUϥoG

    b Linux Τݰ vncviewer {ǥܷN
    11.4-2Bb Linux Τݰ vncviewer {ǥܷN

    PHe VNC server jtAb CentOS 6.x SAtigervnc-server oMn|Dʪ̾ڦAݪϧΤnJ覡TϧܤAӤOHe˵@઺ twm ӤwI o˧ڭ̴NiHRonק@ǦS]wɤFIuOΡI su\AЦbΤ}o vncviewer suA]^Uӧڭ̭nǷQ Windows suA port 5903 oI


    • Windows Τݵ{G realvnc

    Windows UiΪ vnc client n餣֡AOmxO realvnc oaqX~ GNU ۥѳnI AiHbUsU̔xAOθQۥѳn骩I(mȤUΦwU viewer ӤwI)

    ^ vnc-viewer nAMN|ݨpUeG

    Windows Real VNC ΤݳsuܷN
    11.4-3BWindows Real VNC ΤݳsuܷN

    pWϩҥܡAAb server 쐺W IP:port ƧYiAMUyOKzaI

    Windows Real VNC ΤݳsuܷN
    11.4-4BWindows Real VNC ΤݳsuܷN

    ѩ VNC server ݭnȬOsu VNC KXӤwA]WϤ Username iHΐAAoӵ{]|A IUyOKzYiI^UӴN|X{TeoI

    Windows Real VNC ΤݳsuܷN
    11.4-5BWindows Real VNC ΤݳsuܷN

    pADϥ11.4.3 VNC ftE Xdmcp e

    pG]YǯS]AAonϥ VNC ӷft xdmcp KXɡAN^bAzLUOӳBzYiI n`NAAnwgŰʤF xdmcp FIӥBAڭ̩Uϥ student ӎŰʳo VNC aI

    # 1. nTw xdmcp wgŰʤF~iHG
    [root@www ~]# netstat -tlunp | grep 177
    udp        0      0 0.0.0.0:177   0.0.0.0:*      1734/gdm-binary
    # OK ITŰʪTIpGSݨ 177 ܡA^ 11.3 hBzBz
    
    # 2.  studentAåBŰ VNC server b :5
    [root@www ~]# su - student
    [student@www ~]$ vncserver :5 -query localhost
    You will require a password to access your desktops.
    
    Password:
    Verify:
    xauth:  creating new authority file /home/student/.Xauthority
    
    New 'www.centos.vbird:5 (student)' desktop is www.centos.vbird:5
    
    Creating default startup script /home/student/.vnc/xstartup
    Starting applications specified in /home/student/.vnc/xstartup
    Log file is /home/student/.vnc/www.centos.vbird:5.log
    
    # 3.  xstartup Űʤe
    [student@www ~]$ vim /home/student/.vnc/xstartup
    ....(eٲ)....
    #xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    #twm &
    # NoɮתeA[W # 
    
    # 4. sŰ vncserver I
    [student@www ~]$ vncserver -kill :5
    [student@www ~]$ vncserver :5 -query localhost
    

    ^UШϥ root [J 5905 fWhAMۦϥ Linux vncviewer Windows RealVNC ӳsuAAN|o{pUeG

    zL VNC qDo xdmcp e
    11.4-6BzL VNC qDo xdmcp e

    ڭ̳o VNC su{ǬO student AOڭ̫oiHzL xdmcp nJ\ӵnJ root I ]bAW Xvnc {ǬO student ֦Ao˷|nTIAIH


    pADϥ11.4.4 }ENŰ VNC server k

    Ъ`NAAnN vncserver OgJb /etc/rc.d/rc.local A_hi| localhost LknJDC MpA VNC server b@}ENŰʦӤnnJOOHiHAOAonק@U]wɡC ڭ̩Uϥ student Ű VNC serverAӎŰʪ覡ϥ xdmcp nJeAŰʪfNwb 5901 nFC ARMo˧@G

    [root@www ~]# vim /etc/sysconfig/vncservers
    VNCSERVERS="1:student"
    VNCSERVERARGS[1]="-query localhost"
    # Wz檺 1 NOӰf 5901 In`NI
    
    [root@www ~]# /etc/init.d/vncserver restart
    [root@www ~]# chkconfig vncserver on
    

    ^n̔xaIo˨C}ENdwA VNC server oI


    pADϥ11.4.5 PB VNC GiHzLϥܦPB

    t~AǪBͤ@w|\o_ǡANOAƻڪ VNC A server / client ݵeäOPBO? oO] Linux Ѧh VNC server Ao̬OUۿWߪAҥHSMN|P tty7 ePBFC OpGAQnP Linux tty7 PBܡAiHQ VNC X X Server ϥΪœӥ[H]wYiC

    ϥγoӼœƻnB[HNOiHӹϧΤb server/client O@˪A ҥHApGAQnABͧAOp]wANiHzLoEӳBzAABͦbhݴN^DA@B@Bi檺L{I o˫ܤaIN@kiHѦҩUsG

    ڭ̤]@Ua (b CentOS 6.x SèS xorg.conf oӳ]wɳIҥHApGAnϥγoǸƪܡA ȱonۦϥ X -configure hظm xorg.conf AA /etc/X11/ hAM~諸]wI)G

    [root@www ~]# yum install tigervnc-server-module
    [root@www ~]# vim /etc/X11/xorg.conf
    Section "Screen"
            Identifier "Screen0"
            Device     "Videocard0"
            DefaultDepth     24
            # VBird
            Option "passwordFile" "/home/student/.vnc/passwd"
            SubSection "Display"
                    Viewport   0 0
                    Depth     24
            EndSubSection
    EndSection
    
    # VBird
    Section "Module"
        Load    "vnc"
    EndSection
    # ]A vnc KXɮשmb /home/student/.vnc/passwd YA
    # oӮɭԴNonNKXɤeg Screen o section SF
    
    [root@www ~]# init 3 ; init 5
    [root@www ~]# netstat -tlunp | grep X
    tcp        0      0 0.0.0.0:5900   0.0.0.0:*      LISTEN      7445/Xorg
    tcp        0      0 0.0.0.0:6000   0.0.0.0:*      LISTEN      7445/Xorg
    tcp        0      0 :::6000        :::*           LISTEN      7445/Xorg
    # `NݳIoX port Űʪ PID @˳IҥH|Űʤ@ port 5900 oI
    

    AiHϥΡy vncviewer 192.168.100.254 zӳsuYiAݭn[W :0 fC MAiHݤ@UΤݻPAݪϧΤAA|o{̲ʷƹɡA̪e|PBB@I D`éOIuLoӰʧ@ROu\@ VNC suAҦΤݳs port 5900 AouOӥiFI


    jADϥ11.5 [hݮୱtG XRDP A

    ϥΤWϧΤsuA@ӰDAFsuEP~AWY Xdmcp P VNC hWAƳS[KC ]Wʧ@jhȾAXkB@AnsW Internet nCpGAuQnzL[K覡B@ VNCA ionzLU@p`~^nBzGCڭ̪D Windows hݮୱ (Remote Desktop Procotol, RDP, 7) O㦳su[K\઺AҥHAणb Linux WU@ RDP Server OHOiHANO XRDP A (8)C

    ܥiOAڭ̪ CentOS 6.x w]èS XRDP AApGAêܡAiHۦs xrdp nA m Fedora |Ѫ RHEL B~npe (9)AAiH쩳UshARG

    mRO\o yum OnFA]m쪺 CentOS 6.x x86_64 }AN]wb yum ]wɤANiHϥ yum wUFG

    [root@www ~]# vim /etc/yum.repos.d/fedora_epel.repo
    [epel]
    name=CentOS-$releasever - Epel
    baseurl=http://download.fedora.redhat.com/pub/epel/6/x86_64/
    gpgcheck=0
    enabled=1
    
    [root@www ~]# yum clean all
    [root@www ~]# yum install xrdp
    

    o˴NwUnF xrdp nFA^ۤUӴNon}lӳ]woIAb@몺DEWwUno xrdp AAڥݭnվ]wɡAOdn]wɴNnFAMŰʥAåB]w}EŰʡAӥunέhݳsusoDEA tN|Ű 5910~5920 HW VNC fAMAN^zL RDP wo VNC eA̫N^nJtoI

    [root@www ~]# /etc/init.d/xrdp start
    [root@www ~]# chkconfig xrdp on
    [root@www ~]# netstat  | grep xrdp
    tcp        0      0 127.0.0.1:3350  0.0.0.0:*     LISTEN    6615/xrdp-sesman
    tcp        0      0 0.0.0.0:3389    0.0.0.0:*     LISTEN    6611/xrdp
    # hݮୱfO 3389 AO xrdp |As쥻E 3350 h@ VNC suC
    # O|sueAä|_ʥ VNC fNOFC
    

    pGAOϥ Windows tAzLy}lz-->y{z-->yRε{z-->yhݮୱsuzA bX{eKJo xrdp A IP ApGQsWN|X{pUeG

    sWA XRDP AȫA|X{suT
    11.5-1BsWA XRDP AȫA|X{suT

    sWA XRDP AȫA|X{suT
    11.5-2BsWA XRDP AȫA|X{suT

    KJTbKXAKKIdwIeNX{oIpGARQni@BA xrdp ]wɡAШ /etc/xrdp/ ؿU@@AMAzL man hݬݬ}]wɸTAN^z]woImLAέק]wA ϥέhݮୱNwgܶZoI ^_^

    LAn`NOA] xrdp ̜|۰ʎť VNC A]AROnwU tigervnc-server ~I _h xrdp RMROLkB@I


    jADϥ11.6 SSH AiR

    W ssh uܦnΡIAƦܤݭnŰʬƻ xdmcp, vnc, xrdp ΆΪAȡAϥ ssh [KqDN^bΤݎŰʹϧΤI ~Aڭ̪DܦhAȳOS[KAणNoǪAȳzL ssh qDӥ[KOHKKISMOiHI boӏظ`SAڭ̴Nӽͽͤ@ ssh iRΧaI


    pADϥ11.6.1 Ű ssh bDWf (D port 22)

    qeظ`̭ڭ̴NgLA sshd oӪAȨäOܦwAҥHܦh ISP bJfBNwgN port 22 }FIno@OHoO]ܦh޲zèSwin update AӥBFKASܶ}ߪN port 22 @ɶ}Cѩܦh cracker |ϥαy{ñ Internet f|}Ao port 22 NO@ӫܱ`QyfTIFʎoӰDAҥH ISP DA}AN port 22 }Io]OFӰϺnI

    uOA^moRS ssh N֭nUhHA}F port 22 mYhFISku@[I HS}YAڭ̥iHN ssh }bDWfCp@ӡA cracker |yMfAӧA ISP SSMfi歭AAN^ϥ ssh oIܴΧaINӄݬݡCڭ̩UN ssh }b port 22 port 23 ݬ (Ъ`NA port 23 ^QϥγI)C


    • ]w ssh b port 22 23 Ӱf]w覡
    [root@www ~]# vim /etc/ssh/sshd_config
    Port 22
    Port 23    <==`NIn Port ]w~I
    
    [root@www ~]# /etc/init.d/sshd restart
    

    Oo@ CentOS oN SSH Wd port ȯŰʩ 22 ӤwAҥHɷ|X{@ SELinux h~IHS}YA ھ setroubleshoot ܡAڭ̥nۦwq@ SELinux Whœ~ISOHR̔xI y{Oo˪G

    # 1.  /var/log/audit/audit.log XP ssh } AVC TA茬aœ
    [root@www ~]# cat /var/log/audit/audit.log | grep AVC | grep ssh | \
    >  audit2allow -m sshlocal > sshlocal.te  <==ɦWnO .te ~
    [root@www ~]# grep sshd_t /var/log/audit/audit.log | \
    >  audit2allow -M sshlocal  <==sshlocal NOإߪ .te ɦW
    ******************** IMPORTANT ***********************
    To make this policy package active, execute:
    semodule -i sshlocal.pp   <==oӫO|sXoӭn .pp œI
    
    # 2. NoӼœJt SELinux ޲zSI
    [root@www ~]# semodule -i sshlocal.pp
    
    # 3. AsŰ sshd åB[ԎfaI
    [root@www ~]# /etc/init.d/sshd restart
    [root@www ~]# netstat -tlunp | grep ssh
    tcp        0      0 0.0.0.0:22   0.0.0.0:*    LISTEN      7322/sshd
    tcp        0      0 0.0.0.0:23   0.0.0.0:*    LISTEN      7322/sshd
    tcp        0      0 :::22        :::*         LISTEN      7322/sshd
    tcp        0      0 :::23        :::*         LISTEN      7322/sshd
    

    S̔xIo˧AN^ϥ port 22 port 23 suA sshd AȳI


    • DWfsu覡

    ѩw] ssh, scp, sftp Os^ port 22 ApϥγoǫOsu port 23 OH ڭ̨ϥ ssh SmߦnFG

    [root@www ~]# ssh -p 23 root@localhost
    root@localhost's password:
    Last login: Tue Jul 26 14:07:41 2011 from 192.168.1.101
    [root@www ~]# netstat -tnp | grep 23
    tcp  0  0 ::1:23               ::1:56645              ESTABLISHED 7327/2
    tcp  0  0 ::1:56645            ::1:23                 ESTABLISHED 7326/ssh
    # ]OUVA]ۤvsۤv (localhost)AN|ⰦsuI
    

    oˡAAN^׹L@ ISP Ϊ̬O cracker yFI`N@UAnN port }bYǬJfWA ҦpA}b port 80 ܡAANSkŰʥ` WWW ATI`N`NI


    pADϥ11.6.2 H rsync iPB^Q

    ڭ̼bgĤTĤGQظYͨ Linux QA Mg`ΪQOA]A tar, dd, cp ΆΡALSɨåAҥHӫܴΪuSA NOoӦanͨ쪺 rsync TIo rsync iH@@ӬSΪaQtQOI ] rsync iHFy (mirror) z\OI

    rsync ̦OQnN rcp oӫOA] rsync ljKtק֡AӥBLbljKɡA iH糧aݻPhݥDEƻsɮפeAӶȽƻsݦtɮצӤwAҥHljKɶN۹諸CܦhI ~A rsync ljK覡ܤ֥iHzLTR覡ӹB@G

    • bEW^B@AΪkNP cp XG@Ҥ@ˡAҦpG
      rsync -av /etc /tmp (N /etc/ ƷQ /tmp/etc )

    • zL rsh ssh qDb server / client iƶljKAҦpG
      rsync -av -e ssh user@rsh.server:/etc /tmp (N rsh.server /etc Q쥻aDE /tmp )

    • ^zL rsync ѪA (daemon) ӶljKA rsync DEݭnŰ 873 portG
      1. Anb server ݎŰ rsync A /etc/xinetd.d/rsync YiF
      2. As /etc/rsyncd.conf ]wɡF
      3. A]wn client ݳsuKXơF
      4. b client ݥiHQΡGrsync -av user@hostname::/dir/path /local/path

    TRljKҦtb󦳨S_ (:) ӤwAaݶljKݭn_AzL ssh rsh ɡANonQΤ@ӫ_ (:)A pGOzL rsync daemon ܡANonӫ_ (::) ARMzTI]aݳBz̔xA ӧڭ̪tӴN ssh AȡAҥHAUmN^Q rsync zL ssh ӷQʧ@C LAbe̥Ӭݬ rsync ykaI

    [root@www ~]# rsync [-avrlptgoD] [-e ssh] [user@host:/dir] [/local/path]
    ﶵPӋG
    -v G[ԎҦAiHCXhTA]A^ɪɮɦWΡF
    -q GP -v  ۤϡAwRҦAL`TA܎h~TF
    -r GjƻsIiHwyؿzӳBzIܭnI
    -u Gȧs (update)AY؊Aɮ׸sAhOdsɮפ|\F
    -l GƻssɪݩʡAӫDs؊AlɮפeF
    -p GƻsɡAsPݩ (permission) ]OsܡI
    -g GOslɮת֦sœF
    -o GOslɮת֦HF
    -D GOslɮתUmݩ (device)
    -t GOslɮתɶӋF
    -I Gsɶ (mtime) ݩʡAɮפW|ֳtF
    -z GbƶljKɡA[WYӋI
    -e GϥΪqDwAҦpϥ ssh qDAh -e ssh
    -a GS -rlptgoD AҥHo -a O̱`ΪӋFI
    hаѦ man rsync I
    
    # 1. N /etc ƷQ /tmp UG
    [root@www ~]# rsync -av /etc /tmp
    ....(eٲ)....
    sent 21979554 bytes  received 25934 bytes  4000997.82 bytes/sec
    total size is 21877999  speedup is 0.99
    [root@www ~]# ll -d /tmp/etc /etc
    drwxr-xr-x. 106 root root 12288 Jul 26 16:10 /etc
    drwxr-xr-x. 106 root root 12288 Jul 26 16:10 /tmp/etc <==@Iӥؿ@ˡI
    # Ĥ@B@ɷ|[ɶA]إ߹IpGAQOH
    
    [root@www ~]# rsync -av /etc /tmp
    sent 55716 bytes  received 240 bytes  111912.00 bytes/sec
    total size is 21877999  speedup is 390.99
    # @U⦸ rsync ljKP^ƶqAAN|o{ߨN]FI
    # ljKƤ]ܤ֡I]AAȦtɮ׷|QƻsC
    
    # 2. Q student nJ clientlinux.centos.vbird Naؿƻs쥻E /tmp
    [root@www ~]# rsync -av -e ssh student@192.168.100.10:~ /tmp 
    student@192.168.100.10's password:  <==KJDE student KX
    receiving file list ... done
    student/
    student/.bash_logout
    ....(ٲ)....
    sent 110 bytes  received 697 bytes  124.15 bytes/sec
    total size is 333  speedup is 0.41
    
    [root@www ~]# ll -d /tmp/student
    drwx------. 4 student student 4096 Jul 26 16:52 /tmp/student
    # @Io˴NnQTI̔xaI
    

    AiHQΤWdҤGӰQ script ѦҡILn`NOA] rsync OzL ssh ӶljKƪAҥHAiHw student oӳås@XKαKXnJ ssh _I p@өaQtN^۰ʪH crontab ӶiQFI̔xzI

    KKX ssh bڭ̦bWYwgLFAg shell script O]OnIQ rsync ӶiAQu@aI ^_^Iܩh rsync ΪkiHѦҥث᭱ҦCXѦҺ(10)I

    DG
    b clientlinux.centos.vbird (192.168.100.10) WAϥ vbirdtsai إߤ@}Ao}iHbCѪ 2:00am DʪH rsync tX ssh o www.centos.vbird (192.168.100.254) /etc, /root, /home Tӥؿ^ clientlinux.centos.vbird /backups/ UC
    G
    ѩ󥲶nzL ssh qDABnϥ crontab Ҧu@Ƶ{A]֩wnϥΪ_tKKXbCڭ̦b 11.2.6 p`wg͹L}@kA vbirdtsai wgF_Pp_ɮסA]nAϥ ssh-keygen FA^N_ɮ׽ƻs www.centos.vbird /root/.ssh/ UYiC ڧ@kiHOo˪G
    # 1. b clientlinux.centos.vbird N_ɽƻs www.centos.vbird  root
    [vbirdtsia@clientlinux ~]$ scp ~/.ssh/id_rsa.pub root@192.168.100.254:~
    
    # 2. b www.centos.vbird W root ظmn authorized_keys
    [root@www ~]# ls -ld id_rsa.pub .ssh
    -rw-r--r--. 1 root root  416 Jul 26 16:59 id_rsa.pub <==_
    drwx------. 2 root root 4096 Jul 25 11:44 .ssh       <== ssh }ؿ
    
    [root@www ~]# cat id_rsa.pub >> ~/.ssh/authorized_keys
    [root@www ~]# chmod 644 ~/.ssh/authorized_keys
    
    # 3. b clientlinux.centos.vbird Wg script ôG
    [vbirdtsai@clientlinux ~]$ mkdir ~/bin ; vim ~/bin/backup_www.sh
    #!/bin/bash
    localdir=/backups
    remotedir="/etc /root /home"
    remoteip="192.168.100.254"
    
    [ -d ${localdir} ] || mkdir ${localdir}
    for dir in ${remotedir}
    do
            rsync -av -e ssh root@${remoteip}:${dir} ${localdir}
    done
    
    [vbirdtsai@clientlinux ~]$ chmod 755 ~/bin/backup_www.sh
    [vbirdtsai@clientlinux ~]$ ~/bin/backup_www.sh
    # WbTIĤ@i|ѡA]mѰO /backups ݭn root
    # v~^إߡCҥHAбzAH root h mkdir  setfacl aI
    
    # 4. إ crontab u@
    [vbirdtsai@clientlinux ~]$ crontab -e
    0 2 * * * /home/vbirdtsai/bin/backup_www.sh
    


    pADϥ11.6.3 zL ssh qD[K쥻L[KA

    {bڭ̪D ssh oӳqDiH[KAӥBAڭ̧󪾹D rsync w]wgiHzL ssh qDӶi[KHi^ljKC JMpALAȯणzLo ssh iƥ[KӶǰeTOHSMiHIܴΩOoӥ\I neAڭ̥ιϥܨӽͤ@U@kC

    ]AWŰʤF VNC AȦb port 5901 AΤݫhϥ vncviewer nsuAW port 5901 NOFC {bڭ̦bΤݹqWŰʤ@ 5911 fAMAzLaݪ ssh suA sshd hAӦA sshd Ahs^A VNC port 5901 CӳsuϥܦpUҥܡG

    zLaݪ ssh [KsuhݪAܷN
    11.6-1BzLaݪ ssh [KsuhݪAܷN

    ]AwgzLWzUӤp`إߦnA (www.centos.vbird) W VNC port 5901 AӥΤݫhSŰʥ VNC fC AMpzL ssh Ӷi[KOH̔xAAiHbΤݹq (clientlinux.centos.vbird) 橳UOG

    [root@clientlinux ~]# ssh -L af:127.0.0.1:hݰf [-N] hݥDE
    ﶵPӋG
    -N GȎŰʳsuqDAnJh sshd A
    afGNO} 127.0.0.1 W@Ӻof
    hݰfGwsu᭱hݥDE sshd Asshd MsӰfiljK
    
    # 1. bΤݎŰʩһݭnfi檺O
    [root@clientlinux ~]# ssh -L 5911:127.0.0.1:5901 -N 192.168.100.254
    root@192.168.100.254's password:
       <==nJhݶȬO}Ť@ӺofAҥHʧ@
    
    # 2. bΤݦbt@ӜEݬݡAoӰʧ@ݭn@AuOd\Ӥw
    [root@clientlinux ~]# netstat -tnlp| grep ssh
    tcp  0   0 0.0.0.0:22           0.0.0.0:*            LISTEN      1330/sshd
    tcp  0   0 127.0.0.1:5911       0.0.0.0:*            LISTEN      3347/ssh
    tcp  0   0 :::22                :::*                 LISTEN      1330/sshd
    [root@clientlinux ~]# netstat -tnap| grep ssh
    tcp  0   0 192.168.100.10:55490 192.168.100.254:22   ESTABLISHED 3347/ssh
    # bΤݎŰ 5911 fO ssh ŰʪAP@ PID ]suhݳI
    

    ^UӧANiHbΤ (192.168.100.10, clientlinux.centos.vbird) ϥΡy vncviewer localhost:5911 zӳsuA OMsuo|s www.centos.vbird (192.168.100.254) DE port 5901 I۫HܡH SAF VNC suA www.centos.vbird DEW@@NDFG

    # 3. bAݴݬݡAoӰʧ@ݭn@AuOd\Ӥw
    [root@www ~]# netstat -tnp | grep ssh
    tcp   0  0 127.0.0.1:59442     127.0.0.1:5901        ESTABLISHED 7623/sshd: root
    tcp   0  0 192.168.100.254:22  192.168.100.10:55490  ESTABLISHED 7623/sshd: root
    # 㪺ݨ port 22 {ǦPɳsu port 5901 I
    

    poӳsuOH} VNC AMAN clientlinux.centos.vbird Ĥ@Ӱʧ@ (ssh -L ...) U [ctrl]-c N_oӥ[KqDoIo˷|ϥΤFܡHAiHNoӰʧ@ΦbAȤWI


    pADϥ11.6.4 H ssh qDtX X server ǻϧΤ

    qe@Ӥp`ڭ̪D ssh iHi{[KǻAY ssh qDTIiiHΦb X WOH NOAگणणnŰʬƻܽzANOb즳Uϥ ssh qDANکһݭnAWϧΤǹLӴNnFH OiHImΤ@ Windows W Xming X server @dҦnFCӰʧ@Oo˪G

    • b Windows WŰ XLaunchAó]wnsu www.centos.vbird }TF
    • Ű Xming {A|o@ xterm {AM{O www.centos.vbird {F
    • }lb xterm W X nAN|b Windows ୱWoI

    ڭ̴N}lӳBz@U Xming oӵ{aIŰ XLaunch X{UϼҼˡG

    Ű XLaunch {-ܼҦ
    11.6-2BŰ XLaunch {-ܼҦ

    OoWϤn Multiple windows |}GIMUyU@Bz|X{UϡG

    ]w XLaunch {-ܳsu覡
    11.6-3B]w XLaunch {-ܳsu覡

    ڭ̭nŰʤ@{AåBO}b ssh/putty nDi ssh qDإ߳IMU@BaC

    ]w XLaunch {-]whݳsu}Ӌ
    11.6-4B]w XLaunch {-]whݳsu}Ӌ

    Xming |DʪŰʤ@ putty {DAsi sshd AAҥHo̱onD]wnbKX}TC mo̰]A sshd | root nJA]ǫϥ root vI

    ]w XLaunch {-O_䴩ƻsKW\
    11.6-5B]w XLaunch {-O_䴩ƻsKW\

    ϥιw]ȧaI^U@BC

    ]w XLaunch {-]w
    11.6-6B]w XLaunch {-]w

    ̔xIo˴N]wFIЫUAAN|ݨ Windows ୱMX{pUϥܤFI

    Windows ୱX{ X client {
    11.6-7BWindows ୱX{ X client {

    Wo{NO xterm o X E{CAiHbWKJOAMO|ǰe Linux server A MANAn檺ϧθƳzL ssh qDǰeثe Windows W Xming AA Linux ΎŰ VNC, X, xrdp ΪAȡIun sshd NdwFINOo̔xIҦpmKJXӹCڵ{A A Windows (ݤu@CNDF) N|X{o˪pG

    Tips:
    WAڭ̪ basic server wU覡èSDAwU xterm IҥHAAonۤvwU xterm ~I yum install xterm NwUnTIMWʧ@AӤ@ANiH\oIөUϥܸ̭}nA ]OݭnAۤvwUI ^_^
    mϥ
    Windows ୱX{ X client {
    11.6-8BWindows ୱX{ X client {

    jADϥ11.7 I^U
    • hݳsuAiHϥΪ̦b@qnJDEAHϥΥDE귽κ޲zP@DEF
    • `hݵnJAȦ rsh, telnet, ssh, vnc, xdmcp RDP ΡF
    • telnet P rsh OHXljKơASƦb Internet WljKɸwF
    • ssh ѩϥΪ_tA]Ʀb Internet WljKɬO[KLAҥHwF
    • ssh ROݩMIAȡAФn Internet } ssh inJvAiQ iptables WdinJdF
    • ssh public Key ObAݡA private key Ob client ݡF
    • ssh suERAijϥΥiT{suTʪ version 2 F
    • ϥ ssh ɡAɶqϥ email 覡ӵnJAYG ssh username@hostname
    • client ݥiH server ǨӪ public key @PʡAQΪɮ׬ ~user/.ssh/known_hostsF
    • ssh client ݳn鴣 ssh, scp, sftp ε{F
    • s@ݭnKX ssh biQ ssh-keygen -t rsa ӻs@ public, private Key pairF
    • WzOһs@X public key nWǨ server ~user/.ssh/authorized_keys ɮפF
    • Xdmcp OzL X display manager (xdm, gdm, kdm ) ҴѪ\wF
    • Y client ݬ Linux ɡAݭnb X UH xhost W[is^쥻E X Server IP ~F
    • F Xdmcp ~Aڭ̥iHQ VNC Ӷi X hݵnJ[cF
    • VNC w]} port number 5900 }lAC port Ȥ\@ӳsuF
    • rsync izL ssh AȳqD rsync --daemon 覡ӳsuljKADn\iHzL^QA ȷQsơA]ljKQt׬SֳtI

    jADϥ11.8 زD
    • Telnet P SSH OhݳsuAAڭ̳|Vϥ SSH קKϥ Telnet OH]bH
      ] Telnet FϥΡyXzǰeƥ~A telnet NOܮeQJI@ӦAAҥHSM]NMIFC ܩ ssh ]OܦwIѥxWqMEBzpœiH㪺o{ openssl + openssh ]O``|}boGILA_ telnet ӻATOyLw@ǡI
    • й SSH b Server P Client ݳsuɪʥ][KEF
      Q key pair ӹF[KEGServer Public Key Client ݺt Private key AHѫʥ]ǰeɪ[KBKI
    • а SSH ]wɬO@ӡHpGڭnק root Lkϥ SSH suiJڪ SSH DEARMp]wHSApGn badbird oӨϥΪ̵LknJ SSH DEAMp]wH
      SSH ]wɦW sshd_config Aq`mb /etc/ssh/sshd_config FpGQ root nJAiHק sshd_config ӋGyPermitRootLogin no zAísŰ ssh ӳ]wIpGn badbird ϥΪ̵LknJAP˦b sshd_config ̭]wGyDenyUsers badbirdzYiI
    • b Linux WAw] Telnet P SSH AϥΪf(port number)Uh֡H
      telnet P ssh fOOG23 P 22IаѦ /etc/services I
    • pGo{ڵLkb Client ݨϥ ssh {nJڪ Linux DEAO Linux DEo@`Ai઺]H(Bknown_hosts...)
      LknJ]i঳ܦhA̦ndߤ@U /var/log/messages ̭h~TӧP_ASMARLi઺]G
      1. QצFAХH iptables -L -n ԎݡASM]nԎ /etc/hosts.denyF
      2. iѩDEs}ELA public key ܤFAЭקA ~/ssh/known_hosts ̭DE IP F
      3. iѩ /etc/ssh/sshd_config ̭]wDAfPAoӨϥΪ̵LkϥΡF
      4. b /etc/passwd ̭AA user 㦳iHnJ shell F
      5. L](pbKXLΆ)
    • JM ssh Owƫʥ]ǰe覡AڴNiHb Internet W}ڪ Linux DE SSH AȤFܡHIлAܪת]I
      ̦nn Internet }A SSH AȡA] SSH [K禡wϥΪO openssl A@ Linux distribution ϥΪ SSH hO openssh AoӮMW֪|}QoGLA]A̦nn Internet }Aܳ SSH DEϥvO@I

    jADϥ11.9 ѦҸƻP\Ū

    2002/11/14GĤ@
    2003/03/08G[JAYAPקeAҦp Telnet An骺wUΆΡAH SSH putty ϥΤ媬AI
    2003/09/09GNi@ǭ׭qA~A[JFҫmߡI
    2005/07/02GNHزʨ o C
    2005/07/07GneN VNC R XDMCP LgFgjaDmѦҬݬݔ[
    2005/07/09G[JF VNC P tty7 PB vnc.so œ
    2005/11/22G[JF RSH A }ơI
    2006/09/18GN putty 茦 pietty I] pietty nΡIt~]N rsh sg@UAսZLI
    2006/09/19G[J rsync ̔Pާ@I̤好DiH@@@I
    2011/02/15GNH CentOS 4.x زʨ B
    2011/02/17GԵhR telnet AAܳuܤ֥ΤF]A rsh ]AIêаѦ CentOS 4.x Hاa
    2011/02/20GN sshd A@̔xקFAW[@ǽgTӻ}DPAרO ~/.ssh/authorized_keys v
    2011/02/23GקF\h Xdmcp, VNC ]wPϥܡA̭nO[J xrdp wUPϥ
    2011/02/24G[J Xming zL X11 forward from ssh 覡I
    2011/07/25GN CentOS 5.x ʨB
    2011/07/26GNҦϥܥHά} IP qqאּ CentOS 6.x HβĤTؽͨ쪺Ϻ[coI
    2011/11/24GgѺͪ^NAb ssh su覡̭ͨ쪺p_tOh~IgLd߫AwgNTWhFI
    2011/11/24GѩOjTת睊AҥHH]NOdUӡAosuC

    2002/11/14HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ 0mc| kq0| yya| a1e| iyq| 1ks| ee1| swe| u1u| m1m| ums| 1aq| eg0| mmg| q0s| acu| 0kq| aa0| eie| y0o| oeo| 0yu| oos| oso| 9ia| se9| asi| q9e| aqk| 9ws| os9| sii| a0w| wko| 0cw| uws| ew8| cqi| k8o| aqm| 8ek| kk9| wmk| s9k| giq| 9wo| ko9| aec| kmu| k7u| mow| 8os| mqa| 8oo| su8| sus| e8m| kak| 8yk| gw6| koy| eaa| m7u| uku| 7so| es7| gak| m7i| kmw| 7uo| wy6| wai| k6y| eem| 6ea| 6ec| yc6| eoa| c6a| acq| s7g| amw| 7sg| ac5| wyu| w5q| iyw| 5gc| 5co| eg6|