{"id":494,"date":"2018-12-08T16:20:00","date_gmt":"2018-12-08T07:20:00","guid":{"rendered":""},"modified":"2020-10-02T22:28:00","modified_gmt":"2020-10-02T13:28:00","slug":"nw%e6%a9%9f%e5%99%a8%e3%82%82%e5%85%ac%e9%96%8b%e9%8d%b5%e8%aa%8d%e8%a8%bc%e3%81%a7ssh","status":"publish","type":"post","link":"https:\/\/wp.zassoul.com\/?p=494","title":{"rendered":"NW\u6a5f\u5668\u3082\u516c\u958b\u9375\u8a8d\u8a3c\u3067SSH"},"content":{"rendered":"

NW\u6a5f\u5668\u3082\u305d\u308d\u305d\u308dSSH\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u304d\u306f\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u3084\u308b\u3079\u304d\u304b\u3068\u601d\u3044, \u4e3b\u306b\u89e6\u308b\u3067\u3042\u308d\u3046NW\u6a5f\u5668\u306e\u8a2d\u5b9a\u3092\u307e\u3068\u3081\u305f\u3002<\/p>\n

– \u9375\u6e96\u5099<\/u><\/h3>\n

SSH\u3067\u5fc5\u8981\u3068\u306a\u308b\u516c\u958b\u9375\u3092\u6e96\u5099\u3059\u308b\u3002<\/h4>\n
$ ssh-keygen -t rsa -C user01 -f .\/rsa_id
$ ls rsa* 
rsa_id.pub  #\u516c\u958b\u9375
rsa_id      #\u79d8\u5bc6\u9375
<\/pre>\n
<\/p>\n
– Cisco IOS<\/u><\/h3>\n
\u53c2\u8003\uff1a SSH using public key authentication to IOS and big outputs.<\/a><\/p>\n
1. SSH\u8a2d\u5b9a<\/h4>\n
# conf t
(config)# ip ssh version 2
(config)# line vty 0 4
(config-line)# login local
(config-line)# transport input ssh
(config-line)# hostname R1
(config)# ip domain name test.local
(config)# crypto key gen rsa
<\/pre>\n
<\/p>\n
2. \u30e6\u30fc\u30b6\u3068\u516c\u958b\u9375\u7d10\u4ed8\u3051<\/h4>\n
(config)# ip ssh pubkey-chain
(conf-ssh-pubkey)# username cisco
(conf-ssh-pubkey-user)# key-string
(conf-ssh-pubkey-data)# 
\u203b \u6700\u5927\u3067\u8cbc\u308a\u4ed8\u3051\u3089\u308c\u308b\u6587\u5b57\u6570\u304c256\u5b57\u3068\u3044\u3046\u3053\u3068\u3067\u8907\u6570\u884c\u306b\u5206\u3051\u3066\u30da\u30fc\u30b9\u30c8\u3059\u308b\u3002
(conf-ssh-pubkey-data)# exit
(conf-ssh-pubkey-user)# end
#<\/pre>\n
<\/p>\n
\u30c6\u30b9\u30c8  <\/h4>\n
$ ssh -l cisco -i .\/rsa.id 172.16.1.1
R1>
<\/pre>\n

<\/u><\/p>\n
– VyOS<\/u><\/h3>\n
\u53c2\u8003\uff1aRemote access<\/a><\/p>\n
1. SSH\u8a2d\u5b9a<\/h4>\n
set service ssh port '22'<\/pre>\n
\n
2. \u30e6\u30fc\u30b6\u3068\u516c\u958b\u9375\u306e\u7d10\u4ed8\u3051\u8a8d\u8a3c\u8a2d\u5b9a<\/h4>\n<\/div>\n
set system login user user1 authentication public-keys '\u9375\u306e\u8b58\u5225\u5b50' key 'public key\u5185\u306e\u6587\u5b57\u5217\u306e\u307f\u5165\u529b'  #ssh-rsa \u3068 \u30e6\u30fc\u30b6\u306f\u629c\u304f<\/pre>\n
\n
3. \u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u7121\u52b9\u5316<\/h4>\n<\/div>\n
set service ssh disable-password-authentication<\/pre>\n
\n
4. \u30db\u30b9\u30c8\u30d0\u30ea\u30c7\u30fc\u30b7\u30e7\u30f3\u7121\u52b9\u5316(\u30aa\u30d7\u30b7\u30e7\u30f3)<\/h4>\n<\/div>\n
set service ssh disable-host-validation
<\/pre>\n
\n
<\/p>\n
\u30c6\u30b9\u30c8<\/h4>\n<\/div>\n
\n
$ ssh -l user1 -i .\/rsa_id 172.16.1.2
Welcome to VyOS

The programs included with the Debian GNU\/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in \/usr\/share\/doc\/*\/copyright.

Debian GNU\/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: 
user1@vyos:~$
<\/pre>\n
– Cisco ASA(9.x)<\/u><\/h3>\n
\u53c2\u8003\uff1aCisco ASA \u30b7\u30ea\u30fc\u30ba 9.8 CLI \u30b3\u30f3\u30d5\u30a3\u30ae\u30e5\u30ec\u30fc\u30b7\u30e7\u30f3 \u30ac\u30a4\u30c9\uff08\u4e00\u822c\u7684\u306a\u64cd\u4f5c\uff09<\/a><\/p>\n
1. SSH\u8a2d\u5b9a<\/h4>\n
\u3072\u3068\u307e\u305aOutside\u304b\u3089\u5168\u8a31\u53ef\u3002<\/p>\n
(config)# ssh 0.0.0.0 0.0.0.0 outside
<\/pre>\n
<\/div>\n
\n
2. \u516c\u958b\u9375\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u5909\u66f4<\/h4>\n
\u516c\u958b\u9375\u3092RFC4716\u5f62\u5f0f\u3067\u51fa\u529b\u3002<\/p><\/div>\n
$ ssh-keygen  -e -m rfc4716 -f .\/rsa_id.pub  # \u3053\u306e\u51fa\u529b\u7d50\u679c\u3092\u63a7\u3048\u3066\u304a\u304f
<\/pre>\n
3. \u30e6\u30fc\u30b6\u3068\u516c\u958b\u9375\u306e\u7d10\u4ed8\u3051<\/h4>\n
(config)# aaa authentication ssh console LOCAL
(config)# username user1 attributes
(config-username)# service-type admin
(config-username) ssh authentication pkf

Enter an SSH public key formatted file.
End with the word \"quit\" on a line by itself:
###  2\u3067\u5909\u63db\u3057\u305fPublic Key\u3092\u8cbc\u308a\u4ed8\u3051\u308b ###
---- BEGIN SSH2 PUBLIC KEY ----
Comment: \"2048-bit RSA, converted by ubuntu@HOST from OpenSSH\"
\uff5e\uff5e\uff5e
---- END SSH2 PUBLIC KEY ----
quit
<\/pre>\n
<\/p>\n
\u30c6\u30b9\u30c8<\/h4>\n
$ ssh -l user1 -i .\/rsa_id 172.16.1.3
User user1 logged in to ASA
Logins over the last 1 days: 2.  Last login: 06:54:33 UTC Dec 8 2018 from 192.168.1.10
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
ASA>
<\/pre>\n
<\/div>\n
– Cumulus linux<\/u><\/h3>\n
\n
0. NCLU(Network Command Line Utility)\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n<\/div>\n
\u53c2\u8003\uff1aNetwork Command Line Utility – NCLU<\/a>
\u203b \u3053\u3053\u306f\u7701\u7565<\/div>\n
\n
1. Linux\u306eSSH\u516c\u958b\u9375\u8a8d\u8a3c\u8a2d\u5b9a<\/h4>\n
\u30db\u30fc\u30e0\u306e.ssh\u914d\u4e0b\u306eauthorized_keys\u306b\u516c\u958b\u9375\u3092\u767b\u9332\u3002<\/p>\n
\u30c6\u30b9\u30c8<\/h4>\n
$ ssh -l cumulus -i .\/rsa_id 172.16.1.4

Welcome to Cumulus VX (TM)

Cumulus VX (TM) is a community supported virtual appliance designed for
experiencing, testing and prototyping Cumulus Networks' latest technology.
For any questions or technical support, visit our community site at:
http:\/\/community.cumulusnetworks.com

The registered trademark Linux (R) is used pursuant to a sublicense from LMI,
the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide
basis.
Last login: Sat Dec  8 04:45:53 2018 from 192.168.1.10
cumulus@cumulus:~$
<\/pre>\n
<\/div>\n
\n
– JUNOS<\/u><\/h3>\n
\u53c2\u8003\uff1aauthentication (Login)<\/a><\/p>\n
1. SSH\u8a2d\u5b9a<\/h4>\n
 set system services ssh protocol-version v2
<\/pre>\n
<\/p>\n
2. \u30e6\u30fc\u30b6\u3068\u516c\u958b\u9375\u7d10\u4ed8\u3051 <\/h4>\n
set system login user admin authentication ssh-rsa \"ssh-rsa \u7701\u7565 user01\"
<\/pre>\n
<\/p>\n
\u30c6\u30b9\u30c8 <\/h4>\n
$ ssh -l admin -i .\/user2_rsa 172.16.1.5
Last login: Thu Dec  6 18:07:53 2018 from 192.168.1.10
--- JUNOS 15.1X49-D140.2 built 2018-05-25 18:23:50 UTC
admin>
<\/pre>\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
NW\u6a5f\u5668\u3082\u305d\u308d\u305d\u308dSSH\u3067\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u304d\u306f\u516c\u958b\u9375\u8a8d\u8a3c\u3067\u3084\u308b\u3079\u304d\u304b\u3068\u601d\u3044, \u4e3b\u306b\u89e6\u308b\u3067\u3042\u308d\u3046NW\u6a5f\u5668\u306e\u8a2d\u5b9a\u3092\u307e\u3068\u3081\u305f\u3002 – \u9375\u6e96\u5099 SSH\u3067\u5fc5\u8981\u3068\u306a\u308b\u516c\u958b\u9375\u3092\u6e96\u5099\u3059\u308b\u3002 $ ssh-keygen -t rsa\u2026 \u7d9a\u304d\u3092\u8aad\u3080 »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,40,43,42,41,8],"tags":[],"class_list":["post-494","post","type-post","status-publish","format-standard","hentry","category-cisco","category-cumuluslinux","category-junos","category-nat","category-vyos","category-8"],"_links":{"self":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=494"}],"version-history":[{"count":1,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/494\/revisions"}],"predecessor-version":[{"id":631,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/494\/revisions\/631"}],"wp:attachment":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}