· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Docbook Sgml/SSH-KLDP

You are not allowed to 'fullsearch'


SSH Howto

SSH Howto

ÀÓÀºÀç

         
      

2002/02/28

ÀÌ ¹®¼­´Â ssh ¼­¹ö, Ŭ¶óÀ̾ðÆ®ÀÇ ¼³Á¤, »ç¿ë¹ý¿¡ °üÇÑ ¹®¼­ÀÌ´Ù.

고친 과정
고침 v0.42002³â 02¿ù 28ÀÏ고친이 ÀÓÀºÀç
smtp Æ÷Æ® Æ÷¿öµù ¼öÁ¤
고침 v0.32001³â 11¿ù 9ÀÏ고친이 ÀÓÀºÀç
http proxy, sgml ¿À·ù ¼öÁ¤
고침 v0.22001³â 11¿ù 3ÀÏ고친이 ÀÓÀºÀç
fetchmail °ú imap ¼³Á¤ Ãß°¡
고침 v0.12001³â 5¿ù 21ÀÏ고친이 ÀÓÀºÀç
ù¹ø° ¹®¼­


1장. SSH°¡ ¹«¾ùÀ̸ç, ¾îµð¼­ ±¸ÇÒ¼ö ÀÖ³ª?

SSH (Secure SHell)Àº ¸» ±×´ë·Î º¸¾È ·Î±×ÀÎ ½©ÀÌ´Ù.

ÀüÅëÀûÀÎ ftp, pop, telnet °°Àº ¼­ºñ½ºµéÀº Àß ¾Ë·ÁÁø ´ë·Î ¸Å¿ì º¸¾È¿¡ Ãë¾àÇÏ´Ù. ÀÌ·± ¾Ïȣȭ µÇÁö ¾ÊÀº ÀÎÁõ ¹æ¹ýÀº ´ç½ÅÀÇ ¾ÏÈ£°¡ ±×´ë·Î ³ëÃâµÉ¼öµµ ÀÖ´Ù.

ssh¸¦ ÅëÇÑ ¸ðµç µ¥ÀÌŸ´Â ¾ÏȣȭµÇ¸ç, Æ®·¡ÇÈÀº ¾ÐÃàµÇ¾î ´õ ºü¸¥ Àü¼Û È¿À²À» ¾òÀ»¼ö ÀÖ´Ù. ¶ÇÇÑ ±âÁ¸ÀÇ ftp,pop °°Àº ¾ÈÀüÇÏÁö ¸øÇÑ ¼­ºñ½ºµéÀ» À§ÇÑ "ÅͳÎ"±îÁö Áö¿øÇÑ´Ù.

sshd ¼­¹ö¸¦ ¿î¿µÇÏÁö ¾Ê´Â ¼­¹ö °ü¸®ÀÚ´Â º¸¾È¿¡ ÀüÇô °ü½ÉÀÌ ¾ø´Â »ç¶÷ÀÌ´Ù.


1.1. ¿Ö SSH¸¦ »ç¿ëÇؾ߸¸ ÇÒ±î?

´ÙÀ½±ÛÀº www.openssh.orgÀÇ OpenSSH FAQÁß¿¡¼­ ÀοëÇÏ¿´´Ù.

  • °­·ÂÇÑ º¸¾È

  • ÇÁ¶óÀ̹ö½Ã º¸È£. ¸ðµç Åë½ÅÀº ÀÚµ¿À¸·Î ±×¸®°í Åõ¸íÇÏ°Ô ¾ÏȣȭµÈ´Ù.

  • ¾ÈÀüÇÑ X11 ¼¼¼Ç. ¿ø°Ý ¼­¹ö¿¡ DISPLAY º¯¼ö¸¦ ÀÚµ¿À¸·Î ¼³Á¤ÇÏ°í ¸ðµç X11 ¿¬°áÀ» º¸¾Èä³ÎÀ» ÅëÇؼ­ Æ÷¿öµùÇÑ´Ù.

  • TCP/IP Æ÷Æ®¸¦ ¾ç ¹æÇâ¿¡¼­ ´Ù¸¥ Æ÷Æ®·Î ÀÚÀ¯·Ó°Ô Æ÷¿öµùÇÒ¼ö ÀÖ´Ù.

  • rlogin, rsh, rcpµîÀ» ¿ÏÀüÈ÷ ´ëüÇÑ´Ù.

  • ¼±ÅÃÀûÀ¸·Î µ¥ÀÌÅ͸¦ ¾ÐÃàÇÏ¿© ´À¸° ³×Æ®¿öÅ© »ó¿¡¼­ÀÇ ¼Óµµ Çâ»ó

  • ¼­¹ö´Â ÀÚ½ÅÀÇ RSA Å°¸¦ °¡Áö¸ç ÀÏÁ¤ ½Ã°£¸¶´Ù ÀÚµ¿À¸·Î Àç »ý¼ºÇÑ´Ù.


1.2. ¾îµð¼­ ±¸Çϳª?

¸®´ª½º¿¡¼­ »ç¿ëÇÒ¼ö ÀÖ´Â ssh ´Â µÎ°¡Áö°¡ Á¸ÀçÇÑ´Ù. sshÀÇ ¿ø Á¦ÀÛóÀÎ www.ssh.com (Çɶõµå ȸ»ç) ¿Í BSD licence(»ç½Ç 100% BSD licence´Â ¾Æ´Ï´Ù.)ÀÇ www.openssh.org°¡ ±×°ÍÀÌ´Ù.

³ª´Â openSSH¸¦ »ç¿ëÇϸç ÀÌ ¹®¼­µµ openSSH¸¦ ±âÁØÀ¸·Î ¼³¸íÇÒ °ÍÀÌ´Ù. openSSH´Â ÇϳªÀÇ Å¬¶óÀ̾ðÆ®/¼­¹ö¿¡¼­ ssh1,ssh2 ÇÁ·ÎÅäÄÝÀ» ¸ðµÎ Áö¿øÇÑ´Ù.

ssh´Â ÀÌ¹Ì ´ç½ÅÀÇ ¹èÆ÷º»¿¡ ÀÌ¹Ì Æ÷ÇԵǾî ÀÖÀ»Áöµµ ¸ð¸¥´Ù. Á÷Á¢ ÄÄÆÄÀÏ ÇÏ¿© »ç¿ëÇÏ°í ½Í´Ù¸é www.openssh.org¿¡¼­ ¼Ò½º¸¦ ¹Þ¾Æ ¼³Ä¡ÇÑ´Ù.

±×¿Ü ssh¸¦ »ç¿ëÇϱâ À§ÇØ ²À ÇÊ¿äÇÑ openssl ¶óÀ̺귯¸®´Â www.openssl.org¿¡¼­ ±¸ÇÒ¼ö ÀÖ´Ù.

ftp.koru.org ¿¡´Â ÇÊÀÚ°¡ ÃֽŠ¹öÁ¯ÀÇ openSSH ¿Í opensslÀ» rpm ºôµåÇسõÀº °Í°ú ¼Ò½º rpmÀ» ãÀ»¼ö ÀÖ´Ù.

openssh´Â OpenBSD, NetBSD, FreeBSD, AIX, HP-UX, IRIX, Linux, NeXT, SCO, SNI/Reliant Unix, Solaris, Digital Unix/Tru64/OSF, MacOS X µîÀÇ ´Ù¾çÇÑ OS¸¦ Áö¿øÇÑ´Ù.


2장. Ŭ¶óÀ̾ðÆ® »ç¿ë¹ý

ÀÌ Àå¿¡¼­´Â ssh ¼­¹ö¿¡ Á¢¼ÓÇÏ´Â ssh Ŭ¶óÀ̾ðÆ®ÀÇ »ç¿ë¹æ¹ý¿¡ ´ëÇØ ¾Ë¾Æº»´Ù.


2.1. ±âº»ÀûÀÎ »ç¿ë ¹æ¹ý

openSSH Ŭ¶óÀ̾ðÆ®´Â ssh1,ssh2 ÇÁ·ÎÅäÄÝÀ» ¸ðµÎ Áö¿øÇϹǷÎ, ¼­¹ö°¡ Áö¿øÇÏ´Â ssh ÇÁ·ÎÅäÄÝ¿¡ »ó°ü¾øÀÌ Á¢¼ÓÇÒ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, Á¢¼ÓÇÒ ssh¼­¹ö°¡ gate.eunjea.org ÀÌ°í °èÁ¤¸íÀÌ silver ¶ó¸é

[foo@home silver]$ ssh -l silver gate.eunjea.org

¶Ç´Â

[foo@home silver]$ ssh silver@gate.eunjea.org

ÀÌÁ¦ ´ÙÀ½°ú °°Àº ¸Þ¼¼Áö¿Í ÇÔ²² Á¢¼ÓÀÌ ÁøÇàµÉ °ÍÀÌ´Ù.

The authenticity of host 'gate.eunjea.org (192.168.1.1)' can't be established.
RSA1 key fingerprint is e3:56:xx:b4:19:7e:xx:b1:7e:cd:xx:fe:5e:5b:17:66.
Are you sure you want to continue connecting (yes/no)?

À§ ¸Þ¼¼Áö´Â ssh·Î ÇØ´ç ¼­¹ö¿¡ óÀ½ Á¢¼ÓÇÒ¶§¸¸ ³ª¿À´Â ¸Þ¼¼ÁöÀ̸ç, Á¢¼ÓÇÒ ¼­¹öÀÇ È£½ºÆ® Å°°¡ ~/.ssh/known_hosts (ssh2ÀÇ °æ¿ì known_hosts2) ÆÄÀÏ¿¡ ÀúÀåµÈ´Ù. yes·Î ´ë´äÇØÁÖ¸é, ´ÙÀ½°ú °°ÀÌ °èÁ¤ ¾ÏÈ£¸¦ ¹°¾î¿À°í, ÀÌÁ¦ Åڳݰú µ¿ÀÏÇÑ ÀÛ¾÷À» ÇÒ¼ö ÀÖ´Ù.

Warning: Permanently added 'gate.eunjea.org,192.168.1.1' (RSA1) to the list of known hosts.
silver@gate.eunjea.org's password:

2.2. ÀÎÁõÅ° »ç¿ëÇϱâ

ÀÎÁõÅ°¸¦ »ç¿ëÇÏ´Â °ÍÀº ·Î±×ÀÎ ÇÒ¶§¸¶´Ù ¾ÏÈ£¸¦ Á÷Á¢ ÀÔ·ÂÇÏ´Â °Íº¸´Ù ´õ¿í ¾ÈÀüÇϸç, ÇϳªÀÇ ¾ÏÈ£·Î ¿©·¯ ssh¼­¹ö¿¡ Á¢¼ÓÇÒ¼ö ÀִµîÀÇ ÀåÁ¡À» °¡Áø´Ù.

  • ÀÎÁõÅ° ¸¸µé±â

    ÀÎÁõÅ°´Â ssh-keygen·Î ¸¸µç´Ù. Å°¸¦ ¸¸µé¶§´Â »ç¿ëÇÒ Å°ÀÇ ÇüŸ¦ ÁöÁ¤ÇØ ÁÖ¾î¾ß Çϴµ¥ ¿ø°Ý ¼­¹ö°¡ ssh ÇÁ·ÎÅäÄÝ ¹öÀü 2¸¦ Áö¿øÇÑ´Ù¸é ``rsa'' ¶Ç´Â ``dsa'', ÇÁ·ÎÅäÄÝ 1¸¸À» Áö¿øÇÑ´Ù¸é ``rsa1''À» »ç¿ëÇÑ´Ù.

    ¿¹¸¦ µé¾î ¿ø°Ý ¼­¹ö°¡ ssh2¸¦ Áö¿øÇÏ°í, ``rsa'' Å°¸¦ ¸¸µé°íÀÚ ÇÑ´Ù¸é,

    [ home@foo ]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/foo/.ssh/id_rsa):

    Å°°¡ ÀúÀåµÉ °÷°ú À̸§À» ¹°¾î ¿À´Âµ¥ µðÆúÆ®·Î ±×³É ¿£Å͸¦ Ä¡°í ³Ñ¾î°¡¸é, ´ÙÀ½°ú °°ÀÌ ÀÎÁõÅ° ¾ÏÈ£¸¦ ¹°¾î¿Â´Ù. ¿øÇÏ´Â ¾ÏÈ£¸¦ µÎ¹ø ¹Ýº¹Çؼ­ ÀÔ·ÂÇØÁÖ¸é Å°°¡ »ý¼ºµÈ´Ù.

    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/foo/.ssh/id_rsa.
    Your public key has been saved in /home/foo/.ssh/id_rsa.pub.
    The key fingerprint is:
    64:09:73:19:9e:ac:a0:f7:aa:c3:08:f9:0e:5a:fe:61 foo@home.eunjea.org

    ÀÎÁõÅ° »ý¼º½Ã ÀÎÁõÅ° ¾ÏÈ£¸¦ °ø¹éÀ¸·Î (passphrase ¸¦ ¹°¾î¿Ã¶§ ±×³É ¿£Å͸¦ Ä¡¸é µÈ´Ù) ¸¸µé¼öµµ Àִµ¥, ÀÌ°ÍÀº ssh Á¢¼Ó½Ã ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê¾Æµµ ±×³É Á¢¼ÓÀÌ µÇ¹Ç·Î Æí¸®ÇÒ¼ö´Â ÀÖÀ¸³ª, ¸¸¾à ´ç½ÅÀÇ ÀÎÁõÅ°°¡ ¾î¶°ÇÑ °æ·Î·Îµç À¯ÃâµÇ¾úÀ» °æ¿ì¸¦ »ý°¢ Çغ¸¸é ÇÇÇØ¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í ssh-add¿Í ssh-agent¸¦ »ç¿ëÇÏ¿© Á¢¼Ó½Ã¸¶´Ù ÀÎÁõÅ° ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê´Â ¹æ¹ýÀÌ ÀÖ´Ù.

  • °ø°³ Å° »ç¿ëÇϱâ

    ÀÌÁ¦ ~/.ssh/ ¾È¿¡ ÇѽÖÀÇ Å°(id_rsa ¿Í id_rsa.pub)°¡ »ý¼ºµÇ¾î ÀÖÀ»°ÍÀÌ´Ù. .pub È®ÀåÀÚ°¡ ºÙÀº °ÍÀº °ø°³Å°·Î ÀÌ ÆÄÀÏÀ» Á¢¼ÓÇÒ ¸®¸ðÆ® ¼­¹öµéÀÇ ~/.ssh/ ¿¡ authorized_keys ¶ó´Â À̸§À¸·Î º¹»çÇØÁØ´Ù.

    [foo@home silver]$ scp ~/.ssh/id_rsa.pub silver@gate.eunjea.org:.ssh/authorized_keys

    ÀÌÁ¦ ssh Á¢¼ÓÀ» ÁøÇà Çغ¸¸é °èÁ¤¾ÏÈ£°¡ ¾Æ´Ñ ÀÎÁõÅ° ¾ÏÈ£¸¦ ¹°¾îº¼ °ÍÀÌ´Ù. ¸¸¾à °èÁ¤ ¾ÏÈ£¸¦ ¹°¾îº»´Ù¸é ¿ø°Ý ¼­¹ö»óÀÇ ~/.ssh µð·ºÅ丮³ª °ø°³Å° ±ÇÇÑÀÇ ¹®Á¦À̹ǷÎ, ÀÏ´Ü Á¢¼ÓÈÄ chmod 755 ~/.ssh ±×¸®°í chmod 644 .ssh/authorized_keys ÇØÁØ´Ù.

    rsa1 ¹æ½ÄÀÇ ssh1 ÇÁ·ÎÅäÄÝÀÇ »ç¿ëÇÒ °ÍÀ̶ó¸é ssh-keygen -t rsa1 À¸·Î Å°¸¦ ¸¸µé°í, °ø°³Å° (identity.pub)¸¦ °°Àº ¹æ¹ýÀ¸·Î ¿ø°Ý ¼­¹öÀÇ ~/.ssh/authorized_keys ¿¡ Ãß°¡ÇØ ÁÖ¸é µÈ´Ù.

    Å° ÆÄÀÏÀ» ´Ù¸¥ À̸§À¸·Î ÀúÀåÇ߰ųª ¼­¹ö¸¶´Ù ´Ù¸¥ Å°¸¦ »ç¿ëÇÏ·Á¸é ssh¿¡ -i ¿É¼ÇÀ» »ç¿ëÇØ Å° ÆÄÀÏÀ» Á÷Á¢ ÁöÁ¤ÇØ ÁÖ¸é µÈ´Ù.

  • ÀÎÁõÅ°¸¦ ¸Þ¸ð¸®¿¡ »óÁÖ ½ÃÅ°±â

    ´ÙÀ½ ¹æ¹ýÀ¸·Î ÀÎÁõÅ°¸¦ ¸Þ¸ð¸®¿¡ ±â¾ï½ÃÄÑ µÎ¸é óÀ½ Çѹø¸¸ ÀÎÁõÅ° ¾ÏÈ£¸¦ ÀÔ·ÂÇÏ¸é ´ÙÀ½ºÎÅÍ´Â ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê¾Æµµ °°Àº ÀÎÁõÅ°¸¦ »ç¿ëÇÏ´Â ¸ðµç ¼­¹öµé¿¡ Á¢¼ÓÇÒ¼ö ÀÖ´Ù.

    [foo@home silver]$ eval $(ssh-agent) [Enter]
    ´ÙÀ½°ú °°Àº ¸Þ¼¼Áö¸¦ º¸¿©ÁÙ °ÍÀÌ´Ù.
    Agent pid 31234
    ÀÌÁ¦ ssh-add ¸¦ ÀÔ·ÂÇϸé
    Identity added: /home/silver/.ssh/identity (silver@home.eunjea.org)

    ÀÌÁ¦ ÀÎÁõÅ°¸¦ º¹»çÇصРssh¼­¹ö¿¡ Á¢¼ÓÇϸé ÀÌ ¼¼¼Ç¿¡¼­´Â ´õ ÀÌ»ó ¾ÏÈ£¸¦ ¹¯Áö ¾ÊÀ» °ÍÀÌ´Ù.

¼­¹ö°¡ Áö¿øÇÑ´Ù¸é µÇµµ·Ï SSH2 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇϵµ·Ï ÇÑ´Ù. SSH2´Â SSH1°ú´Â ÀüÇô ´Ù¸¥ ÇÁ·ÎÅäÄÝÀÌ¸ç ´õ¿í ¾ÈÀüÇÏ°í, ¼º´ÉÀÌ ÁÁ´Ù.


2.3. ssh¸¦ ÀÌ¿ëÇÑ ÆÄÀÏ º¹»ç

  • scp

    À§¿¡¼­ ÀÎÁõÅ°¸¦ ¸®¸ðÆ® ¼­¹ö¿¡ º¹»çÇÒ¶§ »ç¿ëÇÑ scp¿¡ ´ëÇؼ­ ¾Ë¾Æº¸ÀÚ

    ¿¹¸¦ µé¾î, º¹»çÇÏ·Á´Â ÆÄÀϸíÀÌ 'dumb' ¶ó°í ÇÏ°í Á¢¼ÓÇÏ·Á´Â ¿ø°Ý ¼­¹öÀÇ ÁÖ¼Ò´Â www.foobar.com, ´ç½ÅÀÇ ½© °èÁ¤Àº babo ¶ó°í ÇÑ´Ù¸é

    dumb ÆÄÀÏÀ» www.foobar.com ÀÇ babo °èÁ¤ Ȩ µð·ºÅ丮¿¡ º¹»çÇϱâ

    [foo@home silver]$ scp dumb babo@www.foobar.com:.

    www.foobar.com ÀÇ babo °èÁ¤ Ȩ µð·ºÅ丮¿¡ ÀÖ´Â dumb ÆÄÀÏÀ» ·ÎÄ÷Πº¹»çÇϱâ

    [foo@home silver]$ scp babo@www.foobar.com:dumb .

    ¸¸¾à ~/.ssh/config ÆÄÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ www.foobar.com ÀÇ °èÁ¤À» ¼³Á¤ÇØ ³õ¾Ò´Ù¸é,

    Host *fbc
    HostName www.foobar.com
    User babo
    ForwardAgent yes

    ´ÙÀ½°ú °°ÀÌ ´õ °£´ÜÇÏ°Ô ÇÒ¼ö ÀÖ´Ù.

    [foo@home silver]$ scp dumb fbc:.

    ¶ÇÇÑ scp ´Â -r ¿É¼Çµµ °¡Áö°í Àִµ¥ ÀÌ°ÍÀº µð·ºÅ丮¸¦ Åëä·Î º¹»ç ÇÒ¶§ »ç¿ëÇÑ´Ù. ¿¹¸¦ µé¾î test/ µð·ºÅ丮¾ÈÀÇ ¸ðµç ÆÄÀÏ°ú ÇÏÀ§ µð·ºÅ丮¸¦ ¼­¹ö °èÁ¤ÀÇ www µð·ºÅ丮 ¾È¿¡ º¹»ç ÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù.

    [foo@home silver]$ scp -r test/ babo@www.foobar.com::www/
  • sftp

    sftp´Â sshÇÏ¿¡¼­ ÀüÅëÀûÀÎ ftp ȯ°æÀ» Á¦°øÇϸç, ¸®¸ðÆ®»óÀÇ ÇÁ·Î±×·¥À» ½ÇÇà½Ãų¼öµµ ÀÖ´Ù.

    openSSH Ŭ¶óÀ̾ðÆ® ÆÐÅ°Áö¿¡´Â sftp°¡ Æ÷ÇԵǾî ÀÖ´Ù.


2.4. ssh Åͳθµ

ssh ÅͳθµÀ̶õ ssh Á¢¼ÓÀ» ´Ù¸¥ ÇÁ·Î±×·¥ÀÌ »ç¿ëÇÒ¼ö ÀÖµµ·Ï port forwardingÇØÁÖ´Â °ÍÀ» ¸»ÇÑ´Ù. ÀÌ ssh ÅͳθµÀ» ÀÌ¿ëÇØ ¾Ïȣȭ Á¢¼ÓÀ» »ç¿ëÇÏÁö ¾Ê´Â ³×Æ®¿öÅ© Á¢¼ÓÀ» º¸´Ù ¾ÈÀüÇÏ°Ô »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • POP

    fetchmailÀ» »ç¿ëÇÏ¸é °£´ÜÇÏ°Ô ssh Åͳξȿ¡¼­ÀÇ pop ¸ÞÀÏ ±Ü¾î¿À±â¸¦ ±¸ÇöÇÒ¼ö ÀÖ´Ù.

    .fetchmailrc ¼³Á¤¿¹

    poll localhost with protocol pop3 and port 11110:
         preconnect "ssh -C -f °èÁ¤@¸ÞÀϼ­¹ö.com -L 11110:¸ÞÀϼ­¹ö.com:110 sleep 5"
         password xxxxx

    ÀÚ¼¼ÇÑ ¹®¼­´Â : SSH ¸¦ ÀÌ¿ëÇÑ º¸¾È POP

    ¿ø°Ý °èÁ¤ÀÇ À̸ÞÀÏÀ» ¾Æ¿¹ º¹»çÇØ¿À´Â ¹æ¹ýµµ »ý°¢ÇØ º¼¼ö ÀÖ´Ù. (Compressed TCP/IP-Sessions using SSH-like tools ÂüÁ¶)

  • IMAP

    ssh Åͳθµ°ú fetchmailÀ» »ç¿ëÇؼ­ imap ¼­¹ö·ÎºÎÅÍ ¸ÞÀÏÀ» °¡Á®¿À·Á¸é, ´ÙÀ½°ú °°Àº .fetchmailrc¸¦ ¸¸µé¾î »ç¿ëÇÏ¸é µÈ´Ù.

    poll ¸ÞÀϼ­¹ö.com with proto imap:
         plugin "ssh %h /usr/sbin/imapd" auth ssh;
         user babo is babo here
  • SMTP

    ¿ª½Ã °°Àº ¹®¼­¿¡¼­ SSH Á¢¼ÓÀ» ÀÌ¿ëÇÑ SMTP »ç¿ë¹ýÀ» Á¦½ÃÇߴµ¥ ¹æ¹ýÀº ´ÙÀ½°ú °°ÀÌ °£´ÜÇÏ´Ù.

     ssh -C -l loginid mailserver -L2525:mailserver:25

    ÈÄ¿¡ ¸ÞÀÏ Å¬¶óÀ̾ðÆ®¸¦ localhost port 2525 ¸¦ ÅëÇØ ¸ÞÀÏÀ» º¸³»µµ·Ï ÇÏ¸é µÈ´Ù. ¿¹¸¦ µé¾î pineÀ» »ç¿ëÇÑ´Ù¸é, .pinercÀÇ smtp-server=localhost:2525 ¿Í °°ÀÌ ÇØÁÖ¸é µÇ°Ú´Ù.

    ssh À©µµ¿ì Ŭ¶óÀ̾ðÆ®ÀÎ SecureCRT¸¦ »ç¿ëÇصµ °¡´ÉÇѵ¥ Session Option -> Connection -> Hostname -> Advanced ÅÇÀ» ¼±ÅÃÇؼ­, °°Àº ¿ä·ÉÀ¸·Î »ç¿ëÇÒ ·ÎÄà Æ÷Æ®¿Í ¿ø°Ý È£½ºÆ® À̸§, Æ÷¿öµùÇÒ ¿ø°Ý Æ÷Æ®¸¦ ¼±ÅÃÇÑ´Ù. ssh Á¢¼Ó ÈÄ¿¡´Â OEÀÇ °æ¿ì SMTP ¼­¹ö¸¦ 127.0.0.1 ·Î ÁöÁ¤ÇÏ°í »ç¿ëÇÒ Æ÷Æ®¸¸ À§¿¡¼­ ¼±ÅÃÇÑ ·ÎÄà Æ÷Æ®·Î ÁöÁ¤ÇÏ¸é µÈ´Ù. POP Æ÷Æ®µµ °°Àº ¹æ¹ýÀ¸·Î »ç¿ë °¡´É ÇÏ´Ù.

    SSH¸¦ ÀÌ¿ëÇÑ SMTP´Â ¸î°¡Áö ÀåÁ¡À» °¡Áö´Âµ¥ ³×Æ®¿öÅ© Æ®·¡ÇÈÀÇ °¨¼Ò¿Í °èÁ¤ »ç¿ëÀÚ¸¸ÀÌ SMTP ¼­¹ö¸¦ »ç¿ëÇÒ¼ö ÀÖÀ¸¹Ç·Î ÇԺηΠ¸±·¹À̸¦ ¿­¾î³õÁö ¾Ê¾Æµµ µÈ´Ù´Âµ¥ Àǹ̰¡ ÀÖ°Ú´Ù.

  • Webmin

    Webmin´Â À¥»ó¿¡¼­ ºê¶ó¿ìÀú·Î ¼­¹ö °ü¸®¸¦ ÇÏ´Â ÅøÀ̸ç, ´ç¿¬È÷ º¸¾È¿¡ ¹Î°¨ÇÏ´Ù.

    webminÀº ÀϹÝÀûÀ¸·Î 10000 Æ÷Æ®¸¦ »ç¿ëÇϹǷΠ´ÙÀ½°ú °°ÀÌ ssh Á¢¼ÓÀ» ¿¬´Ù.

    ssh -f -l [¿ø°Ý À¯Àú] [¿ø°Ý ¼­¹ö] -L 1234:[¿ø°Ý ¼­¹ö]:10000 tail -f /etc/motd

    ÀÌÁ¦ ºê¶ó¿ìÀú¿¡¼­ http://localhost:1234 ·Î Á¢¼ÓÇÒ¼ö ÀÖ´Ù.

  • X

    ¸®¸ðÆ® ¼­¹ö»óÀÇ X ¾îÇø®ÄÉÀ̼ǵéÀ» ½ÇÇàÇÏ°íÀÚ ÇÑ´Ù¸é °èÁ¤ Ȩ µð·ºÅ丮ÀÇ ~/.ssh/environment ÆÄÀÏÀ» ¸¸µé°í ´ÙÀ½°ú °°Àº ³»¿ëÀ» ³Ö¾îÁØ´Ù.

    XAUTHORITY=/home/°èÁ¤ À̸§/.Xauthority

    ÀÌÁ¦ ·Î±×¾Æ¿ôÇÑÈÄ¿¡ ssh¸¦ ´ÙÀ½°ú °°ÀÌ ½ÇÇàÇغ»´Ù. (°èÁ¤ À̸§ÀÌ silverÀÌ°í ¼­¹ö´Â gate.eunjea.org ¶ó°í ÇÑ´Ù¸é)

    ssh -f -X -l silver gate.eunjea.org xterm

    ÀÌÁ¦ xterm ÀÌ ·ÎÄÃÀÇ X¿¡¼­ ½ÇÇàµÉ °ÍÀÌ´Ù. ´Ù¸¥ X ¾îÇø®ÄÉÀ̼ǵ鵵 ÀÌ¿Í °°ÀÌ ½ÇÇà½Ãų¼ö ÀÖ´Ù.


2.5. ¼³Á¤ ÆÄÀÏ

ssh ¼³Á¤ ÆÄÀÏÀº ~/.ssh/config ÆÄÀÏ ÀÌ´Ù. ¶Ç´Â Àüü À¯ÀúÀÇ ¼³Á¤ÆÄÀÏÀº /etc/ssh/ssh_config ·Î ¼³Á¤ÇÒ¼ö ÀÖ´Ù.

´ÙÀ½Àº ³»°¡ »ç¿ëÇÏ´Â ¼³Á¤ ÆÄÀÏÀÇ ÀϺκÐÀÌ´Ù. Host Áö½ÃÀÚ¸¦ »ç¿ëÇÏ¿© Á¢¼ÓÇÒ ¼­¹ö¸¶´Ù ´Ù¸¥ ¿É¼ÇÀ» »ç¿ëÇÒ¼ö ÀÖ´Ù.

# *.eunjea.org µµ¸ÞÀÎÀ» °¡Áø ¼­¹ö¿¡ Á¢¼ÓÇÒ¶§´Â SSH2 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÑ´Ù.
Host *.eunjea.org
Protocol 2

# koru.org ¿¡ Á¢¼ÓÇÒ¶§´Â SSH2 ¿Í ¾ÐÃà ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
Host koru.org
Protocol 2
Compression yes
CompressionLevel 9

# kldp.org¿¡ Á¢¼ÓÇÒ¶§´Â SSH1 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ°í
# Cipher´Â blowfish, ¾ÐÃàÀ» ÄÒ´Ù.
Host kldp.org
Protocol 1
Cipher blowfish
Compression yes

±×¿Ü Áß¿äÇÑ ¿É¼ÇÀ¸·Î´Â CheckHostIP °¡ Àִµ¥ ÀÌ°ÍÀº Á¢¼ÓÇÒ¶§ ¸¶´Ù ¸®¸ðÆ® ¼­¹öÀÇ IP ÁÖ¼Ò¸¦ known_hosts ÆÄÀÏ°ú ´ëÁ¶Çغ»´Ù. ÀÌ°ÍÀº DNS spoofing¿¡ ÀÇÇØ È£½ºÆ®Å°ÀÇ º¯°æÀ» ¾Ë¼ö ÀÖ´Â ¿É¼ÇÀÌ´Ù. µðÆúÆ®´Â yesÀÌ´Ù.

ÀÌ¿Ü¿¡µµ ¸¹Àº ¿É¼ÇµéÀÌ Àִµ¥ sshÀÇ man ÆäÀÌÁö¸¦ Âü°íÇ϶ó.


3장. ¼­¹ö ¿î¿µ

3.1. ¼³Ä¡

¼­¹ö´Â °£´ÜÇÏ°Ô ÆÐÅ°Áö¸¦ ¼³Ä¡Çϰųª Á÷Á¢ ¼Ò½º¸¦ ¼³Ä¡ÇÒ °æ¿ì ÀÏ´Ü º¸¾ÈÀ» À§ÇÑ Privilege separationÀ» À§ÇØ sshd À¯Àú¿Í µð·ºÅ丮¸¦ ¸¸µé¾î ÁØ´Ù.

$ mkdir /var/empty/sshd
$ chown root:sys /var/empty/sshd
$ chmod 755 /var/empty/sshd
$ groupadd sshd
$ useradd -g sshd -c 'sshd privsep' -d /var/empty/sshd -s /bin/false sshd

ssh ÄÄÆÄÀÏ ¿É¼Ç:

configure --with-pam \
   --with-ipv4-default \
   --with-rsh=/usr/bin/rsh \
   --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
   --with-privsep-path=/var/empty/sshd


3.2. ¼­¹ö ¼³Á¤

¼­¹ö ¼³Ä¡°¡ ³¡³­ÈÄ ¼³Á¤ ÆÄÀÏ(/etc/ssh/sshd_config)ÀÇ ¿É¼ÇµéÀ» »ìÆ캸ÀÚ. ´ëºÎºÐÀÇ °æ¿ì ±âº» ¼³Á¤ÆÄÀÏ ±×´ë·Î »ç¿ëÇÏ¿©µµ ÁÁÁö¸¸, ƯÁ¤ ±×·ìÀ̳ª À¯Àúµé¿¡°Ô¸¸ ·Î±×ÀÎÀ» Çã¿ëÇϵµ·Ï ÇÒ °æ¿ì ´ÙÀ½ Áö½ÃÀÚ¸¦ »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • AllowGroups

    ssh ·Î±×ÀÎÀ» ÇØ´ç ±×·ìÀ¸·Î Á¦ÇÑÇÑ´Ù. °¢°¢ÀÇ ±×·ì¸íÀº °ø¹éÀ¸·Î ±¸ºÐÇÑ´Ù. ¿ÍÀϵå Ä«µå(* ¿Í ?)¸¦ »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • AllowUsers

    ssh ·Î±×ÀÎÀ» ÇØ´ç À¯Àú·Î Á¦ÇÑÇÑ´Ù. »ç¿ë¹ýÀº AllowGroups°ú °°´Ù.

  • DenyGroups

    AllowGroupsÀÇ ¹Ý´ë ¿ªÇÒÀ» ÇÑ´Ù. ÁöÁ¤µÈ ±×·ìÀº ·Î±×ÀÎÀÌ °ÅºÎµÈ´Ù.

  • DenyUsers

    AllowUsersÀÇ ¹Ý´ë ¿ªÇÒÀ» ÇÑ´Ù. ÁöÁ¤µÈ »ç¿ëÀÚ´Â ·Î±×ÀÎÀÌ °ÅºÎµÈ´Ù.

ÀÌ¿Ü »ç¿ëÀÚµéÀÇ sftp »ç¿ëÀ» Çã¿ëÇÏ·Á¸é ´ÙÀ½°ú °°Àº ¶óÀÎÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.

Subsystem   sftp  /usr/lib/openssh/sftp-server

ÀÌ¿Ü ¿É¼ÇµéÀº sshd ÀÇ man ÆäÀÌÁö¸¦ Âü°íÇÑ´Ù.


4장. ÀúÀÛ±Ç, °ü·Ã/Âü°í ¹®¼­

4.1. ÀúÀÛ±Ç

Copyright (C) 2001 ÀÓÀºÀç

ÀÌ ¹®¼­´Â GNU Free Documentation License ¹öÀü 1.1 ȤÀº ÀÚÀ¯ ¼ÒÇÁÆ®¿þ¾î Àç´Ü¿¡¼­ ¹ßÇàÇÑ ÀÌÈÄ ÆÇÀÇ ±ÔÁ¤¿¡ µû¸£¸ç ÀúÀ۱ǿ¡ ´ëÇÑ º» »çÇ×ÀÌ ¸í½ÃµÇ´Â ÇÑ ¾î¶°ÇÑ Á¤º¸ ¸Åü¿¡ ÀÇÇÑ º»¹®ÀÇ ÀüÀ糪 ¹ßÃéµµ ¹«»óÀ¸·Î Çã¿ëµË´Ï´Ù.

º» ÀúÀÚ´Â ¹®¼­ÀÇ ³»¿ëÀÌ ¾ß±âÇÒ ¼ö ÀÖ´Â ¾î¶°ÇÑ °á°ú¿¡ ´ëÇؼ­µµ Ã¥ÀÓÀ» ÁöÁö ¾Ê½À´Ï´Ù.


ID
Password
Join
It is the wise bird who builds his nest in a tree.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2004-01-27 15:41:14
Processing time 0.0017 sec