· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Docbook Sgml/SSH-KLDP

You are not allowed to 'LikePages'


SSH Howto

SSH Howto

ÀÓÀºÀç

         
      

2002/02/28

ÀÌ ¹®¼­´Â ssh ¼­¹ö, Ŭ¶óÀ̾ðÆ®ÀÇ ¼³Á¤, »ç¿ë¹ý¿¡ °üÇÑ ¹®¼­ÀÌ´Ù.

고친 과정
고침 v0.42002³â 02¿ù 28ÀÏ고친이 ÀÓÀºÀç
smtp Æ÷Æ® Æ÷¿öµù ¼öÁ¤
고침 v0.32001³â 11¿ù 9ÀÏ고친이 ÀÓÀºÀç
http proxy, sgml ¿À·ù ¼öÁ¤
고침 v0.22001³â 11¿ù 3ÀÏ고친이 ÀÓÀºÀç
fetchmail °ú imap ¼³Á¤ Ãß°¡
고침 v0.12001³â 5¿ù 21ÀÏ고친이 ÀÓÀºÀç
ù¹ø° ¹®¼­


1장. SSH°¡ ¹«¾ùÀ̸ç, ¾îµð¼­ ±¸ÇÒ¼ö ÀÖ³ª?

SSH (Secure SHell)Àº ¸» ±×´ë·Î º¸¾È ·Î±×ÀÎ ½©ÀÌ´Ù.

ÀüÅëÀûÀÎ ftp, pop, telnet °°Àº ¼­ºñ½ºµéÀº Àß ¾Ë·ÁÁø ´ë·Î ¸Å¿ì º¸¾È¿¡ Ãë¾àÇÏ´Ù. ÀÌ·± ¾Ïȣȭ µÇÁö ¾ÊÀº ÀÎÁõ ¹æ¹ýÀº ´ç½ÅÀÇ ¾ÏÈ£°¡ ±×´ë·Î ³ëÃâµÉ¼öµµ ÀÖ´Ù.

ssh¸¦ ÅëÇÑ ¸ðµç µ¥ÀÌŸ´Â ¾ÏȣȭµÇ¸ç, Æ®·¡ÇÈÀº ¾ÐÃàµÇ¾î ´õ ºü¸¥ Àü¼Û È¿À²À» ¾òÀ»¼ö ÀÖ´Ù. ¶ÇÇÑ ±âÁ¸ÀÇ ftp,pop °°Àº ¾ÈÀüÇÏÁö ¸øÇÑ ¼­ºñ½ºµéÀ» À§ÇÑ "ÅͳÎ"±îÁö Áö¿øÇÑ´Ù.

sshd ¼­¹ö¸¦ ¿î¿µÇÏÁö ¾Ê´Â ¼­¹ö °ü¸®ÀÚ´Â º¸¾È¿¡ ÀüÇô °ü½ÉÀÌ ¾ø´Â »ç¶÷ÀÌ´Ù.


1.1. ¿Ö SSH¸¦ »ç¿ëÇؾ߸¸ ÇÒ±î?

´ÙÀ½±ÛÀº www.openssh.orgÀÇ OpenSSH FAQÁß¿¡¼­ ÀοëÇÏ¿´´Ù.

  • °­·ÂÇÑ º¸¾È

  • ÇÁ¶óÀ̹ö½Ã º¸È£. ¸ðµç Åë½ÅÀº ÀÚµ¿À¸·Î ±×¸®°í Åõ¸íÇÏ°Ô ¾ÏȣȭµÈ´Ù.

  • ¾ÈÀüÇÑ X11 ¼¼¼Ç. ¿ø°Ý ¼­¹ö¿¡ DISPLAY º¯¼ö¸¦ ÀÚµ¿À¸·Î ¼³Á¤ÇÏ°í ¸ðµç X11 ¿¬°áÀ» º¸¾Èä³ÎÀ» ÅëÇؼ­ Æ÷¿öµùÇÑ´Ù.

  • TCP/IP Æ÷Æ®¸¦ ¾ç ¹æÇâ¿¡¼­ ´Ù¸¥ Æ÷Æ®·Î ÀÚÀ¯·Ó°Ô Æ÷¿öµùÇÒ¼ö ÀÖ´Ù.

  • rlogin, rsh, rcpµîÀ» ¿ÏÀüÈ÷ ´ëüÇÑ´Ù.

  • ¼±ÅÃÀûÀ¸·Î µ¥ÀÌÅ͸¦ ¾ÐÃàÇÏ¿© ´À¸° ³×Æ®¿öÅ© »ó¿¡¼­ÀÇ ¼Óµµ Çâ»ó

  • ¼­¹ö´Â ÀÚ½ÅÀÇ RSA Å°¸¦ °¡Áö¸ç ÀÏÁ¤ ½Ã°£¸¶´Ù ÀÚµ¿À¸·Î Àç »ý¼ºÇÑ´Ù.


1.2. ¾îµð¼­ ±¸Çϳª?

¸®´ª½º¿¡¼­ »ç¿ëÇÒ¼ö ÀÖ´Â ssh ´Â µÎ°¡Áö°¡ Á¸ÀçÇÑ´Ù. sshÀÇ ¿ø Á¦ÀÛóÀÎ www.ssh.com (Çɶõµå ȸ»ç) ¿Í BSD licence(»ç½Ç 100% BSD licence´Â ¾Æ´Ï´Ù.)ÀÇ www.openssh.org°¡ ±×°ÍÀÌ´Ù.

³ª´Â openSSH¸¦ »ç¿ëÇϸç ÀÌ ¹®¼­µµ openSSH¸¦ ±âÁØÀ¸·Î ¼³¸íÇÒ °ÍÀÌ´Ù. openSSH´Â ÇϳªÀÇ Å¬¶óÀ̾ðÆ®/¼­¹ö¿¡¼­ ssh1,ssh2 ÇÁ·ÎÅäÄÝÀ» ¸ðµÎ Áö¿øÇÑ´Ù.

ssh´Â ÀÌ¹Ì ´ç½ÅÀÇ ¹èÆ÷º»¿¡ ÀÌ¹Ì Æ÷ÇԵǾî ÀÖÀ»Áöµµ ¸ð¸¥´Ù. Á÷Á¢ ÄÄÆÄÀÏ ÇÏ¿© »ç¿ëÇÏ°í ½Í´Ù¸é www.openssh.org¿¡¼­ ¼Ò½º¸¦ ¹Þ¾Æ ¼³Ä¡ÇÑ´Ù.

±×¿Ü ssh¸¦ »ç¿ëÇϱâ À§ÇØ ²À ÇÊ¿äÇÑ openssl ¶óÀ̺귯¸®´Â www.openssl.org¿¡¼­ ±¸ÇÒ¼ö ÀÖ´Ù.

ftp.koru.org ¿¡´Â ÇÊÀÚ°¡ ÃֽŠ¹öÁ¯ÀÇ openSSH ¿Í opensslÀ» rpm ºôµåÇسõÀº °Í°ú ¼Ò½º rpmÀ» ãÀ»¼ö ÀÖ´Ù.

openssh´Â OpenBSD, NetBSD, FreeBSD, AIX, HP-UX, IRIX, Linux, NeXT, SCO, SNI/Reliant Unix, Solaris, Digital Unix/Tru64/OSF, MacOS X µîÀÇ ´Ù¾çÇÑ OS¸¦ Áö¿øÇÑ´Ù.


2장. Ŭ¶óÀ̾ðÆ® »ç¿ë¹ý

ÀÌ Àå¿¡¼­´Â ssh ¼­¹ö¿¡ Á¢¼ÓÇÏ´Â ssh Ŭ¶óÀ̾ðÆ®ÀÇ »ç¿ë¹æ¹ý¿¡ ´ëÇØ ¾Ë¾Æº»´Ù.


2.1. ±âº»ÀûÀÎ »ç¿ë ¹æ¹ý

openSSH Ŭ¶óÀ̾ðÆ®´Â ssh1,ssh2 ÇÁ·ÎÅäÄÝÀ» ¸ðµÎ Áö¿øÇϹǷÎ, ¼­¹ö°¡ Áö¿øÇÏ´Â ssh ÇÁ·ÎÅäÄÝ¿¡ »ó°ü¾øÀÌ Á¢¼ÓÇÒ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, Á¢¼ÓÇÒ ssh¼­¹ö°¡ gate.eunjea.org ÀÌ°í °èÁ¤¸íÀÌ silver ¶ó¸é

[foo@home silver]$ ssh -l silver gate.eunjea.org

¶Ç´Â

[foo@home silver]$ ssh silver@gate.eunjea.org

ÀÌÁ¦ ´ÙÀ½°ú °°Àº ¸Þ¼¼Áö¿Í ÇÔ²² Á¢¼ÓÀÌ ÁøÇàµÉ °ÍÀÌ´Ù.

The authenticity of host 'gate.eunjea.org (192.168.1.1)' can't be established.
RSA1 key fingerprint is e3:56:xx:b4:19:7e:xx:b1:7e:cd:xx:fe:5e:5b:17:66.
Are you sure you want to continue connecting (yes/no)?

À§ ¸Þ¼¼Áö´Â ssh·Î ÇØ´ç ¼­¹ö¿¡ óÀ½ Á¢¼ÓÇÒ¶§¸¸ ³ª¿À´Â ¸Þ¼¼ÁöÀ̸ç, Á¢¼ÓÇÒ ¼­¹öÀÇ È£½ºÆ® Å°°¡ ~/.ssh/known_hosts (ssh2ÀÇ °æ¿ì known_hosts2) ÆÄÀÏ¿¡ ÀúÀåµÈ´Ù. yes·Î ´ë´äÇØÁÖ¸é, ´ÙÀ½°ú °°ÀÌ °èÁ¤ ¾ÏÈ£¸¦ ¹°¾î¿À°í, ÀÌÁ¦ Åڳݰú µ¿ÀÏÇÑ ÀÛ¾÷À» ÇÒ¼ö ÀÖ´Ù.

Warning: Permanently added 'gate.eunjea.org,192.168.1.1' (RSA1) to the list of known hosts.
silver@gate.eunjea.org's password:

2.2. ÀÎÁõÅ° »ç¿ëÇϱâ

ÀÎÁõÅ°¸¦ »ç¿ëÇÏ´Â °ÍÀº ·Î±×ÀÎ ÇÒ¶§¸¶´Ù ¾ÏÈ£¸¦ Á÷Á¢ ÀÔ·ÂÇÏ´Â °Íº¸´Ù ´õ¿í ¾ÈÀüÇϸç, ÇϳªÀÇ ¾ÏÈ£·Î ¿©·¯ ssh¼­¹ö¿¡ Á¢¼ÓÇÒ¼ö ÀִµîÀÇ ÀåÁ¡À» °¡Áø´Ù.

  • ÀÎÁõÅ° ¸¸µé±â

    ÀÎÁõÅ°´Â ssh-keygen·Î ¸¸µç´Ù. Å°¸¦ ¸¸µé¶§´Â »ç¿ëÇÒ Å°ÀÇ ÇüŸ¦ ÁöÁ¤ÇØ ÁÖ¾î¾ß Çϴµ¥ ¿ø°Ý ¼­¹ö°¡ ssh ÇÁ·ÎÅäÄÝ ¹öÀü 2¸¦ Áö¿øÇÑ´Ù¸é ``rsa'' ¶Ç´Â ``dsa'', ÇÁ·ÎÅäÄÝ 1¸¸À» Áö¿øÇÑ´Ù¸é ``rsa1''À» »ç¿ëÇÑ´Ù.

    ¿¹¸¦ µé¾î ¿ø°Ý ¼­¹ö°¡ ssh2¸¦ Áö¿øÇÏ°í, ``rsa'' Å°¸¦ ¸¸µé°íÀÚ ÇÑ´Ù¸é,

    [ home@foo ]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/foo/.ssh/id_rsa):

    Å°°¡ ÀúÀåµÉ °÷°ú À̸§À» ¹°¾î ¿À´Âµ¥ µðÆúÆ®·Î ±×³É ¿£Å͸¦ Ä¡°í ³Ñ¾î°¡¸é, ´ÙÀ½°ú °°ÀÌ ÀÎÁõÅ° ¾ÏÈ£¸¦ ¹°¾î¿Â´Ù. ¿øÇÏ´Â ¾ÏÈ£¸¦ µÎ¹ø ¹Ýº¹Çؼ­ ÀÔ·ÂÇØÁÖ¸é Å°°¡ »ý¼ºµÈ´Ù.

    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/foo/.ssh/id_rsa.
    Your public key has been saved in /home/foo/.ssh/id_rsa.pub.
    The key fingerprint is:
    64:09:73:19:9e:ac:a0:f7:aa:c3:08:f9:0e:5a:fe:61 foo@home.eunjea.org

    ÀÎÁõÅ° »ý¼º½Ã ÀÎÁõÅ° ¾ÏÈ£¸¦ °ø¹éÀ¸·Î (passphrase ¸¦ ¹°¾î¿Ã¶§ ±×³É ¿£Å͸¦ Ä¡¸é µÈ´Ù) ¸¸µé¼öµµ Àִµ¥, ÀÌ°ÍÀº ssh Á¢¼Ó½Ã ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê¾Æµµ ±×³É Á¢¼ÓÀÌ µÇ¹Ç·Î Æí¸®ÇÒ¼ö´Â ÀÖÀ¸³ª, ¸¸¾à ´ç½ÅÀÇ ÀÎÁõÅ°°¡ ¾î¶°ÇÑ °æ·Î·Îµç À¯ÃâµÇ¾úÀ» °æ¿ì¸¦ »ý°¢ Çغ¸¸é ÇÇÇØ¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í ssh-add¿Í ssh-agent¸¦ »ç¿ëÇÏ¿© Á¢¼Ó½Ã¸¶´Ù ÀÎÁõÅ° ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê´Â ¹æ¹ýÀÌ ÀÖ´Ù.

  • °ø°³ Å° »ç¿ëÇϱâ

    ÀÌÁ¦ ~/.ssh/ ¾È¿¡ ÇѽÖÀÇ Å°(id_rsa ¿Í id_rsa.pub)°¡ »ý¼ºµÇ¾î ÀÖÀ»°ÍÀÌ´Ù. .pub È®ÀåÀÚ°¡ ºÙÀº °ÍÀº °ø°³Å°·Î ÀÌ ÆÄÀÏÀ» Á¢¼ÓÇÒ ¸®¸ðÆ® ¼­¹öµéÀÇ ~/.ssh/ ¿¡ authorized_keys ¶ó´Â À̸§À¸·Î º¹»çÇØÁØ´Ù.

    [foo@home silver]$ scp ~/.ssh/id_rsa.pub silver@gate.eunjea.org:.ssh/authorized_keys

    ÀÌÁ¦ ssh Á¢¼ÓÀ» ÁøÇà Çغ¸¸é °èÁ¤¾ÏÈ£°¡ ¾Æ´Ñ ÀÎÁõÅ° ¾ÏÈ£¸¦ ¹°¾îº¼ °ÍÀÌ´Ù. ¸¸¾à °èÁ¤ ¾ÏÈ£¸¦ ¹°¾îº»´Ù¸é ¿ø°Ý ¼­¹ö»óÀÇ ~/.ssh µð·ºÅ丮³ª °ø°³Å° ±ÇÇÑÀÇ ¹®Á¦À̹ǷÎ, ÀÏ´Ü Á¢¼ÓÈÄ chmod 755 ~/.ssh ±×¸®°í chmod 644 .ssh/authorized_keys ÇØÁØ´Ù.

    rsa1 ¹æ½ÄÀÇ ssh1 ÇÁ·ÎÅäÄÝÀÇ »ç¿ëÇÒ °ÍÀ̶ó¸é ssh-keygen -t rsa1 À¸·Î Å°¸¦ ¸¸µé°í, °ø°³Å° (identity.pub)¸¦ °°Àº ¹æ¹ýÀ¸·Î ¿ø°Ý ¼­¹öÀÇ ~/.ssh/authorized_keys ¿¡ Ãß°¡ÇØ ÁÖ¸é µÈ´Ù.

    Å° ÆÄÀÏÀ» ´Ù¸¥ À̸§À¸·Î ÀúÀåÇ߰ųª ¼­¹ö¸¶´Ù ´Ù¸¥ Å°¸¦ »ç¿ëÇÏ·Á¸é ssh¿¡ -i ¿É¼ÇÀ» »ç¿ëÇØ Å° ÆÄÀÏÀ» Á÷Á¢ ÁöÁ¤ÇØ ÁÖ¸é µÈ´Ù.

  • ÀÎÁõÅ°¸¦ ¸Þ¸ð¸®¿¡ »óÁÖ ½ÃÅ°±â

    ´ÙÀ½ ¹æ¹ýÀ¸·Î ÀÎÁõÅ°¸¦ ¸Þ¸ð¸®¿¡ ±â¾ï½ÃÄÑ µÎ¸é óÀ½ Çѹø¸¸ ÀÎÁõÅ° ¾ÏÈ£¸¦ ÀÔ·ÂÇÏ¸é ´ÙÀ½ºÎÅÍ´Â ¾ÏÈ£¸¦ ÀÔ·ÂÇÏÁö ¾Ê¾Æµµ °°Àº ÀÎÁõÅ°¸¦ »ç¿ëÇÏ´Â ¸ðµç ¼­¹öµé¿¡ Á¢¼ÓÇÒ¼ö ÀÖ´Ù.

    [foo@home silver]$ eval $(ssh-agent) [Enter]
    ´ÙÀ½°ú °°Àº ¸Þ¼¼Áö¸¦ º¸¿©ÁÙ °ÍÀÌ´Ù.
    Agent pid 31234
    ÀÌÁ¦ ssh-add ¸¦ ÀÔ·ÂÇϸé
    Identity added: /home/silver/.ssh/identity (silver@home.eunjea.org)

    ÀÌÁ¦ ÀÎÁõÅ°¸¦ º¹»çÇصРssh¼­¹ö¿¡ Á¢¼ÓÇϸé ÀÌ ¼¼¼Ç¿¡¼­´Â ´õ ÀÌ»ó ¾ÏÈ£¸¦ ¹¯Áö ¾ÊÀ» °ÍÀÌ´Ù.

¼­¹ö°¡ Áö¿øÇÑ´Ù¸é µÇµµ·Ï SSH2 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇϵµ·Ï ÇÑ´Ù. SSH2´Â SSH1°ú´Â ÀüÇô ´Ù¸¥ ÇÁ·ÎÅäÄÝÀÌ¸ç ´õ¿í ¾ÈÀüÇÏ°í, ¼º´ÉÀÌ ÁÁ´Ù.


2.3. ssh¸¦ ÀÌ¿ëÇÑ ÆÄÀÏ º¹»ç

  • scp

    À§¿¡¼­ ÀÎÁõÅ°¸¦ ¸®¸ðÆ® ¼­¹ö¿¡ º¹»çÇÒ¶§ »ç¿ëÇÑ scp¿¡ ´ëÇؼ­ ¾Ë¾Æº¸ÀÚ

    ¿¹¸¦ µé¾î, º¹»çÇÏ·Á´Â ÆÄÀϸíÀÌ 'dumb' ¶ó°í ÇÏ°í Á¢¼ÓÇÏ·Á´Â ¿ø°Ý ¼­¹öÀÇ ÁÖ¼Ò´Â www.foobar.com, ´ç½ÅÀÇ ½© °èÁ¤Àº babo ¶ó°í ÇÑ´Ù¸é

    dumb ÆÄÀÏÀ» www.foobar.com ÀÇ babo °èÁ¤ Ȩ µð·ºÅ丮¿¡ º¹»çÇϱâ

    [foo@home silver]$ scp dumb babo@www.foobar.com:.

    www.foobar.com ÀÇ babo °èÁ¤ Ȩ µð·ºÅ丮¿¡ ÀÖ´Â dumb ÆÄÀÏÀ» ·ÎÄ÷Πº¹»çÇϱâ

    [foo@home silver]$ scp babo@www.foobar.com:dumb .

    ¸¸¾à ~/.ssh/config ÆÄÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ www.foobar.com ÀÇ °èÁ¤À» ¼³Á¤ÇØ ³õ¾Ò´Ù¸é,

    Host *fbc
    HostName www.foobar.com
    User babo
    ForwardAgent yes

    ´ÙÀ½°ú °°ÀÌ ´õ °£´ÜÇÏ°Ô ÇÒ¼ö ÀÖ´Ù.

    [foo@home silver]$ scp dumb fbc:.

    ¶ÇÇÑ scp ´Â -r ¿É¼Çµµ °¡Áö°í Àִµ¥ ÀÌ°ÍÀº µð·ºÅ丮¸¦ Åëä·Î º¹»ç ÇÒ¶§ »ç¿ëÇÑ´Ù. ¿¹¸¦ µé¾î test/ µð·ºÅ丮¾ÈÀÇ ¸ðµç ÆÄÀÏ°ú ÇÏÀ§ µð·ºÅ丮¸¦ ¼­¹ö °èÁ¤ÀÇ www µð·ºÅ丮 ¾È¿¡ º¹»ç ÇÏ·Á¸é ´ÙÀ½°ú °°ÀÌ ÇÑ´Ù.

    [foo@home silver]$ scp -r test/ babo@www.foobar.com::www/
  • sftp

    sftp´Â sshÇÏ¿¡¼­ ÀüÅëÀûÀÎ ftp ȯ°æÀ» Á¦°øÇϸç, ¸®¸ðÆ®»óÀÇ ÇÁ·Î±×·¥À» ½ÇÇà½Ãų¼öµµ ÀÖ´Ù.

    openSSH Ŭ¶óÀ̾ðÆ® ÆÐÅ°Áö¿¡´Â sftp°¡ Æ÷ÇԵǾî ÀÖ´Ù.


2.4. ssh Åͳθµ

ssh ÅͳθµÀ̶õ ssh Á¢¼ÓÀ» ´Ù¸¥ ÇÁ·Î±×·¥ÀÌ »ç¿ëÇÒ¼ö ÀÖµµ·Ï port forwardingÇØÁÖ´Â °ÍÀ» ¸»ÇÑ´Ù. ÀÌ ssh ÅͳθµÀ» ÀÌ¿ëÇØ ¾Ïȣȭ Á¢¼ÓÀ» »ç¿ëÇÏÁö ¾Ê´Â ³×Æ®¿öÅ© Á¢¼ÓÀ» º¸´Ù ¾ÈÀüÇÏ°Ô »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • POP

    fetchmailÀ» »ç¿ëÇÏ¸é °£´ÜÇÏ°Ô ssh Åͳξȿ¡¼­ÀÇ pop ¸ÞÀÏ ±Ü¾î¿À±â¸¦ ±¸ÇöÇÒ¼ö ÀÖ´Ù.

    .fetchmailrc ¼³Á¤¿¹

    poll localhost with protocol pop3 and port 11110:
         preconnect "ssh -C -f °èÁ¤@¸ÞÀϼ­¹ö.com -L 11110:¸ÞÀϼ­¹ö.com:110 sleep 5"
         password xxxxx

    ÀÚ¼¼ÇÑ ¹®¼­´Â : SSH ¸¦ ÀÌ¿ëÇÑ º¸¾È POP

    ¿ø°Ý °èÁ¤ÀÇ À̸ÞÀÏÀ» ¾Æ¿¹ º¹»çÇØ¿À´Â ¹æ¹ýµµ »ý°¢ÇØ º¼¼ö ÀÖ´Ù. (Compressed TCP/IP-Sessions using SSH-like tools ÂüÁ¶)

  • IMAP

    ssh Åͳθµ°ú fetchmailÀ» »ç¿ëÇؼ­ imap ¼­¹ö·ÎºÎÅÍ ¸ÞÀÏÀ» °¡Á®¿À·Á¸é, ´ÙÀ½°ú °°Àº .fetchmailrc¸¦ ¸¸µé¾î »ç¿ëÇÏ¸é µÈ´Ù.

    poll ¸ÞÀϼ­¹ö.com with proto imap:
         plugin "ssh %h /usr/sbin/imapd" auth ssh;
         user babo is babo here
  • SMTP

    ¿ª½Ã °°Àº ¹®¼­¿¡¼­ SSH Á¢¼ÓÀ» ÀÌ¿ëÇÑ SMTP »ç¿ë¹ýÀ» Á¦½ÃÇߴµ¥ ¹æ¹ýÀº ´ÙÀ½°ú °°ÀÌ °£´ÜÇÏ´Ù.

     ssh -C -l loginid mailserver -L2525:mailserver:25

    ÈÄ¿¡ ¸ÞÀÏ Å¬¶óÀ̾ðÆ®¸¦ localhost port 2525 ¸¦ ÅëÇØ ¸ÞÀÏÀ» º¸³»µµ·Ï ÇÏ¸é µÈ´Ù. ¿¹¸¦ µé¾î pineÀ» »ç¿ëÇÑ´Ù¸é, .pinercÀÇ smtp-server=localhost:2525 ¿Í °°ÀÌ ÇØÁÖ¸é µÇ°Ú´Ù.

    ssh À©µµ¿ì Ŭ¶óÀ̾ðÆ®ÀÎ SecureCRT¸¦ »ç¿ëÇصµ °¡´ÉÇѵ¥ Session Option -> Connection -> Hostname -> Advanced ÅÇÀ» ¼±ÅÃÇؼ­, °°Àº ¿ä·ÉÀ¸·Î »ç¿ëÇÒ ·ÎÄà Æ÷Æ®¿Í ¿ø°Ý È£½ºÆ® À̸§, Æ÷¿öµùÇÒ ¿ø°Ý Æ÷Æ®¸¦ ¼±ÅÃÇÑ´Ù. ssh Á¢¼Ó ÈÄ¿¡´Â OEÀÇ °æ¿ì SMTP ¼­¹ö¸¦ 127.0.0.1 ·Î ÁöÁ¤ÇÏ°í »ç¿ëÇÒ Æ÷Æ®¸¸ À§¿¡¼­ ¼±ÅÃÇÑ ·ÎÄà Æ÷Æ®·Î ÁöÁ¤ÇÏ¸é µÈ´Ù. POP Æ÷Æ®µµ °°Àº ¹æ¹ýÀ¸·Î »ç¿ë °¡´É ÇÏ´Ù.

    SSH¸¦ ÀÌ¿ëÇÑ SMTP´Â ¸î°¡Áö ÀåÁ¡À» °¡Áö´Âµ¥ ³×Æ®¿öÅ© Æ®·¡ÇÈÀÇ °¨¼Ò¿Í °èÁ¤ »ç¿ëÀÚ¸¸ÀÌ SMTP ¼­¹ö¸¦ »ç¿ëÇÒ¼ö ÀÖÀ¸¹Ç·Î ÇԺηΠ¸±·¹À̸¦ ¿­¾î³õÁö ¾Ê¾Æµµ µÈ´Ù´Âµ¥ Àǹ̰¡ ÀÖ°Ú´Ù.

  • Webmin

    Webmin´Â À¥»ó¿¡¼­ ºê¶ó¿ìÀú·Î ¼­¹ö °ü¸®¸¦ ÇÏ´Â ÅøÀ̸ç, ´ç¿¬È÷ º¸¾È¿¡ ¹Î°¨ÇÏ´Ù.

    webminÀº ÀϹÝÀûÀ¸·Î 10000 Æ÷Æ®¸¦ »ç¿ëÇϹǷΠ´ÙÀ½°ú °°ÀÌ ssh Á¢¼ÓÀ» ¿¬´Ù.

    ssh -f -l [¿ø°Ý À¯Àú] [¿ø°Ý ¼­¹ö] -L 1234:[¿ø°Ý ¼­¹ö]:10000 tail -f /etc/motd

    ÀÌÁ¦ ºê¶ó¿ìÀú¿¡¼­ http://localhost:1234 ·Î Á¢¼ÓÇÒ¼ö ÀÖ´Ù.

  • X

    ¸®¸ðÆ® ¼­¹ö»óÀÇ X ¾îÇø®ÄÉÀ̼ǵéÀ» ½ÇÇàÇÏ°íÀÚ ÇÑ´Ù¸é °èÁ¤ Ȩ µð·ºÅ丮ÀÇ ~/.ssh/environment ÆÄÀÏÀ» ¸¸µé°í ´ÙÀ½°ú °°Àº ³»¿ëÀ» ³Ö¾îÁØ´Ù.

    XAUTHORITY=/home/°èÁ¤ À̸§/.Xauthority

    ÀÌÁ¦ ·Î±×¾Æ¿ôÇÑÈÄ¿¡ ssh¸¦ ´ÙÀ½°ú °°ÀÌ ½ÇÇàÇغ»´Ù. (°èÁ¤ À̸§ÀÌ silverÀÌ°í ¼­¹ö´Â gate.eunjea.org ¶ó°í ÇÑ´Ù¸é)

    ssh -f -X -l silver gate.eunjea.org xterm

    ÀÌÁ¦ xterm ÀÌ ·ÎÄÃÀÇ X¿¡¼­ ½ÇÇàµÉ °ÍÀÌ´Ù. ´Ù¸¥ X ¾îÇø®ÄÉÀ̼ǵ鵵 ÀÌ¿Í °°ÀÌ ½ÇÇà½Ãų¼ö ÀÖ´Ù.


2.5. ¼³Á¤ ÆÄÀÏ

ssh ¼³Á¤ ÆÄÀÏÀº ~/.ssh/config ÆÄÀÏ ÀÌ´Ù. ¶Ç´Â Àüü À¯ÀúÀÇ ¼³Á¤ÆÄÀÏÀº /etc/ssh/ssh_config ·Î ¼³Á¤ÇÒ¼ö ÀÖ´Ù.

´ÙÀ½Àº ³»°¡ »ç¿ëÇÏ´Â ¼³Á¤ ÆÄÀÏÀÇ ÀϺκÐÀÌ´Ù. Host Áö½ÃÀÚ¸¦ »ç¿ëÇÏ¿© Á¢¼ÓÇÒ ¼­¹ö¸¶´Ù ´Ù¸¥ ¿É¼ÇÀ» »ç¿ëÇÒ¼ö ÀÖ´Ù.

# *.eunjea.org µµ¸ÞÀÎÀ» °¡Áø ¼­¹ö¿¡ Á¢¼ÓÇÒ¶§´Â SSH2 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÑ´Ù.
Host *.eunjea.org
Protocol 2

# koru.org ¿¡ Á¢¼ÓÇÒ¶§´Â SSH2 ¿Í ¾ÐÃà ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
Host koru.org
Protocol 2
Compression yes
CompressionLevel 9

# kldp.org¿¡ Á¢¼ÓÇÒ¶§´Â SSH1 ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ°í
# Cipher´Â blowfish, ¾ÐÃàÀ» ÄÒ´Ù.
Host kldp.org
Protocol 1
Cipher blowfish
Compression yes

±×¿Ü Áß¿äÇÑ ¿É¼ÇÀ¸·Î´Â CheckHostIP °¡ Àִµ¥ ÀÌ°ÍÀº Á¢¼ÓÇÒ¶§ ¸¶´Ù ¸®¸ðÆ® ¼­¹öÀÇ IP ÁÖ¼Ò¸¦ known_hosts ÆÄÀÏ°ú ´ëÁ¶Çغ»´Ù. ÀÌ°ÍÀº DNS spoofing¿¡ ÀÇÇØ È£½ºÆ®Å°ÀÇ º¯°æÀ» ¾Ë¼ö ÀÖ´Â ¿É¼ÇÀÌ´Ù. µðÆúÆ®´Â yesÀÌ´Ù.

ÀÌ¿Ü¿¡µµ ¸¹Àº ¿É¼ÇµéÀÌ Àִµ¥ sshÀÇ man ÆäÀÌÁö¸¦ Âü°íÇ϶ó.


3장. ¼­¹ö ¿î¿µ

3.1. ¼³Ä¡

¼­¹ö´Â °£´ÜÇÏ°Ô ÆÐÅ°Áö¸¦ ¼³Ä¡Çϰųª Á÷Á¢ ¼Ò½º¸¦ ¼³Ä¡ÇÒ °æ¿ì ÀÏ´Ü º¸¾ÈÀ» À§ÇÑ Privilege separationÀ» À§ÇØ sshd À¯Àú¿Í µð·ºÅ丮¸¦ ¸¸µé¾î ÁØ´Ù.

$ mkdir /var/empty/sshd
$ chown root:sys /var/empty/sshd
$ chmod 755 /var/empty/sshd
$ groupadd sshd
$ useradd -g sshd -c 'sshd privsep' -d /var/empty/sshd -s /bin/false sshd

ssh ÄÄÆÄÀÏ ¿É¼Ç:

configure --with-pam \
   --with-ipv4-default \
   --with-rsh=/usr/bin/rsh \
   --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
   --with-privsep-path=/var/empty/sshd


3.2. ¼­¹ö ¼³Á¤

¼­¹ö ¼³Ä¡°¡ ³¡³­ÈÄ ¼³Á¤ ÆÄÀÏ(/etc/ssh/sshd_config)ÀÇ ¿É¼ÇµéÀ» »ìÆ캸ÀÚ. ´ëºÎºÐÀÇ °æ¿ì ±âº» ¼³Á¤ÆÄÀÏ ±×´ë·Î »ç¿ëÇÏ¿©µµ ÁÁÁö¸¸, ƯÁ¤ ±×·ìÀ̳ª À¯Àúµé¿¡°Ô¸¸ ·Î±×ÀÎÀ» Çã¿ëÇϵµ·Ï ÇÒ °æ¿ì ´ÙÀ½ Áö½ÃÀÚ¸¦ »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • AllowGroups

    ssh ·Î±×ÀÎÀ» ÇØ´ç ±×·ìÀ¸·Î Á¦ÇÑÇÑ´Ù. °¢°¢ÀÇ ±×·ì¸íÀº °ø¹éÀ¸·Î ±¸ºÐÇÑ´Ù. ¿ÍÀϵå Ä«µå(* ¿Í ?)¸¦ »ç¿ëÇÒ¼ö ÀÖ´Ù.

  • AllowUsers

    ssh ·Î±×ÀÎÀ» ÇØ´ç À¯Àú·Î Á¦ÇÑÇÑ´Ù. »ç¿ë¹ýÀº AllowGroups°ú °°´Ù.

  • DenyGroups

    AllowGroupsÀÇ ¹Ý´ë ¿ªÇÒÀ» ÇÑ´Ù. ÁöÁ¤µÈ ±×·ìÀº ·Î±×ÀÎÀÌ °ÅºÎµÈ´Ù.

  • DenyUsers

    AllowUsersÀÇ ¹Ý´ë ¿ªÇÒÀ» ÇÑ´Ù. ÁöÁ¤µÈ »ç¿ëÀÚ´Â ·Î±×ÀÎÀÌ °ÅºÎµÈ´Ù.

ÀÌ¿Ü »ç¿ëÀÚµéÀÇ sftp »ç¿ëÀ» Çã¿ëÇÏ·Á¸é ´ÙÀ½°ú °°Àº ¶óÀÎÀÌ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù.

Subsystem   sftp  /usr/lib/openssh/sftp-server

ÀÌ¿Ü ¿É¼ÇµéÀº sshd ÀÇ man ÆäÀÌÁö¸¦ Âü°íÇÑ´Ù.


4장. ÀúÀÛ±Ç, °ü·Ã/Âü°í ¹®¼­

4.1. ÀúÀÛ±Ç

Copyright (C) 2001 ÀÓÀºÀç

ÀÌ ¹®¼­´Â GNU Free Documentation License ¹öÀü 1.1 ȤÀº ÀÚÀ¯ ¼ÒÇÁÆ®¿þ¾î Àç´Ü¿¡¼­ ¹ßÇàÇÑ ÀÌÈÄ ÆÇÀÇ ±ÔÁ¤¿¡ µû¸£¸ç ÀúÀ۱ǿ¡ ´ëÇÑ º» »çÇ×ÀÌ ¸í½ÃµÇ´Â ÇÑ ¾î¶°ÇÑ Á¤º¸ ¸Åü¿¡ ÀÇÇÑ º»¹®ÀÇ ÀüÀ糪 ¹ßÃéµµ ¹«»óÀ¸·Î Çã¿ëµË´Ï´Ù.

º» ÀúÀÚ´Â ¹®¼­ÀÇ ³»¿ëÀÌ ¾ß±âÇÒ ¼ö ÀÖ´Â ¾î¶°ÇÑ °á°ú¿¡ ´ëÇؼ­µµ Ã¥ÀÓÀ» ÁöÁö ¾Ê½À´Ï´Ù.


ID
Password
Join
The luck that is ordained for you will be coveted by others.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2004-01-27 15:41:14
Processing time 0.0022 sec