\u6b21\u306b\u3001TeraTerm \u306e\u30e1\u30cb\u30e5\u30fc\u30d0\u30fc\u306e[\u8a2d\u5b9a]-[SSH\u9375\u751f\u6210(N)\u2026] \u304b\u3089\u516c\u958b\u9375\u3068\u79d8\u5bc6\u9375\u3092[\u751f\u6210(G)] \u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u6c42\u3081\u3089\u308c\u308b\u306e\u3067\u5165\u529b\u3001\u518d\u5165\u529b\u3092\u3057\u3066\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n
![\"\"](\"https:\/\/www.stuffy.site\/wordpress\/wp-content\/uploads\/2017\/06\/2017-06-16-1.png\")
<\/p>\n
[\u516c\u958b\u9375\u306e\u4fdd\u5b58] \u3068[\u79d8\u5bc6\u9375\u306e\u4fdd\u5b58] \u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u3066\u305d\u308c\u305e\u308c\u3001id_rsa.pub, id_rsa \u3068\u3044\u3046\u540d\u524d\uff08\u30c7\u30d5\u30a9\u30eb\u30c8\uff09\u3067\u30db\u30b9\u30c8\u306e\u9069\u5f53\u306a\u30d5\u30a9\u30eb\u30c0\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/p>\n
\u6b21\u306b\u30a8\u30af\u30b9\u30d7\u30ed\u30fc\u30e9\u3067\u3001id_rsa.pub \u30d5\u30a1\u30a4\u30eb\u3092\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4e0a\u306eTeraTerm \u753b\u9762\u306b\u30c9\u30e9\u30c3\u30b0&\u30c9\u30ed\u30c3\u30d7\u3059\u308b\u3068\u4ee5\u4e0b\u306e\u753b\u9762\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u4e0b\u56f3\u306e\u3088\u3046\u306b\u3001SCP:[.ssh] \u3068\u5165\u529b\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u3057\u307e\u3059\u3002<\/p>\n
![\"\"](\"https:\/\/www.stuffy.site\/wordpress\/wp-content\/uploads\/2017\/06\/2017-06-16-2.png\")
<\/p>\n
\u518d\u3073\u30bf\u30fc\u30df\u30ca\u30eb\u306b\u623b\u308a\u3001\u8ee2\u9001\u3057\u305f\u516c\u958b\u9375\u3092authorized_keys \u3068\u3044\u3046\u540d\u524d\u306b\u5909\u66f4\u3002\uff08WinSCP\u306a\u3069\u8907\u6570\u306e\u9375\u3092\u8ffd\u52a0\u3059\u308b\u3068\u304d\u306f\u3001cat id_rsa.ppk >> authorized_keys \u306a\u3069\uff09\u9375\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092600 \u306b\u3001.ssh \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u30d1\u30fc\u30df\u30b7\u30e7\u30f3\u3092700 \u306b\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n
# cd .ssh\r\n# mv id_rsa.pub authorized_keys\r\n# chmod 600 authorized_keys\r\n# chmod 700 .<\/pre>\n\u305d\u308c\u304b\u3089\/etc\/pam.d\/sshd \u306b\u4ee5\u4e0b\u306e\u884c\u3092\u8ffd\u8a18\u3001<\/p>\n
account required pam_nologin.so\r\naccount\u00a0\u00a0\u00a0 required\u00a0\u00a0\u00a0\u00a0 pam_access.so \uff08\u8ffd\u8a18<\/pre>\n\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001\/etc\/security\/access.conf \u3092\u53c2\u7167\u3057\u307e\u3059\u304c\u3001<\/p>\n
account required\u00a0 pam_access.so accessfile=\/dir\/to\/ssh_access.conf<\/span><\/pre>\n\u3067\u6307\u5b9a\u3057\u305f\u30d1\u30b9\u306e.conf \u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/p>\n
\u4e00\u65b9\u3001\/etc\/security\/access.conf \u306b +:wheel:ALL<\/span> \u3068\u3001+:username:ALL<\/span> \u3068\u3001– : ALL: ALL<\/span> \u3092\u8ffd\u8a18\u3002<\/p>\n
# Disallow non-local logins to privileged accounts (group wheel). \uff08\u306e\u4ed8\u8fd1\r\n#\r\n#-:wheel:ALL EXCEPT LOCAL .win.tue.nl\r\n+:wheel:ALL<\/span> \uff08\u8ffd\u8a18\r\n+:username:ALL<\/span>\uff08\u8ffd\u8a18\r\n\r\n# All other users should be denied to get access from all sources.\r\n#- : ALL : ALL \uff08\u305d\u306e\u4ed6\u306e\u3059\u3079\u3066\u306e\u30e6\u30fc\u30b6\u30fc\u3092\u62d2\u5426\r\n- : ALL : ALL<\/span> \uff08wheel \u30b0\u30eb\u30fc\u30d7\u4ee5\u5916\u3092\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3059\u308b\u306b\u306f\u3001- : ALL EXCEPT wheel : ALL\r\n<\/span><\/pre>\n\u6700\u5f8c\u306b\/etc\/ssh\/sshd_config \u306b\u516c\u958b\u9375\u8a8d\u8a3c\u306e\u8a2d\u5b9a\u3092\u3057\u3066<\/p>\n
#ServerKeyBits 1024\r\nServerKeyBits 2048 \uff08\u305f\u3076\u3093\u3001\u5fc5\u8981\r\n\r\n#PubkeyAuthentication no\r\nPubkeyAuthentication yes \uff08\u516c\u958b\u9375\u8a8d\u8a3c\u3092yes\r\n\r\n#PasswordAuthentication yes\r\nPermitEmptyPasswords no\r\nPasswordAuthentication no \uff08\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3092no<\/pre>\nsshd \u518d\u8d77\u52d5\u3001\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u307e\u3059\u3002<\/p>\n
# systemctl restart sshd<\/pre>\nTeraTerm \u306e\u65b0\u3057\u3044\u30b7\u30e7\u30fc\u30c8\u30ab\u30c3\u30c8\u306e\u30d7\u30ed\u30d1\u30c6\u30a3\u3092\u4ee5\u4e0b\u306e\u5c5e\u6027\u3067\u4f5c\u308b\u3068\u3001\uff11\u30af\u30ea\u30c3\u30af\u3067\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u308b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\"C:\\Program Files (x86)\\teraterm\\ttermpro.exe\" localhost:22 \/ssh2 \/auth=publickey\u00a0 \/user=username \/ask4passwd \/keyfile=\"C:\\<\/span>pass\/to\/id_rsa\"<\/pre>\n\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u3044\u5834\u5408\u3001\u539f\u56e0\u306f\u3044\u308d\u3044\u308d\u3042\u308b\u3068\u601d\u3044\u307e\u3059\u304cfirewalld \u3067\u306e\u30dd\u30fc\u30c8\u958b\u653e\uff08SSH\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4\u3092\u3057\u305f\u3068\u304d\u3002\uff09\u3001\u9375\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u6240\u6709\u6a29\u3001SeLinux \u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306e\u78ba\u8a8d\u3001PAM \u306e\u66f8\u5f0f\uff08\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u884c\u306e\u524d\u5f8c\u4f4d\u7f6e\uff09\u3001\u30ed\u30fc\u30ab\u30eb\u3001\u30ea\u30e2\u30fc\u30c8\u3067\u306e\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3001IP\u306e\u8a2d\u5b9a\u306f\u3069\u3046\u306a\u3063\u3066\u3044\u308b\u306a\u3069\u3092\u78ba\u8a8d\u3057\u3066\u307f\u3066\u4e0b\u3055\u3044\u3002<\/p>\n
\u53c2\u8003URL:http:\/\/qiita.com\/tjinjin\/items\/ca6f5518e881bdf5488c<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4eca\u56de\u306f\u306fCentOS7 \u306b\u304a\u3051\u308b\u3001\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u306eTeraTerm \u30bf\u30fc\u30df\u30ca\u30eb\u30a8\u30df\u30e5\u30ec\u30fc\u30bf\u306b\u3088\u308bSSH \u30ed\u30b0\u30a4\u30f3\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u304d\u307e\u3059\u3002 \u307e\u305a\u3001wheel \u30b0\u30eb\u30fc\u30d7\u306b\u52a0\u3048\u305f\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3067\u516c\u958b\u9375\u3092\u4fdd\u5b58\u3059\u308b\u96a0\u3057\u30c7\u30a3 … \u7d9a\u304d\u3092\u8aad\u3080 CentOS7 \u306e\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u306eSSH\u30ed\u30b0\u30a4\u30f3<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,63,6,17,52],"tags":[],"class_list":["post-3563","post","type-post","status-publish","format-standard","hentry","category-linux","category-pam","category-settings","category-ssh","category-teraterm"],"_links":{"self":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3563"}],"version-history":[{"count":43,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3563\/revisions"}],"predecessor-version":[{"id":3640,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3563\/revisions\/3640"}],"wp:attachment":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}