ファームウェア Ver.1.41 へ ssh
LS-VL
LS-XHL
LinkStationシリーズ ファームウェア アップデーター Ver.1.41
をインストールしたので、ssh でログインできるか確認する。
sshd は動いている?
まずは、sshd が動いているか確認するために、
標準ファームを起動して ssh でアクセスしてみる。
yasunari@sil:~$ ssh vl
The authenticity of host 'vl (192.168.2.55)' can't be established.
RSA key fingerprint is 17:60:bb:44:2f:36:d8:df:6b:98:fb:63:7f:52:a7:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vl,192.168.2.55' (RSA) to the list of known hosts.
Password:
Password:
Password:
yasunari@vl's password:
Permission denied, please try again.
yasunari@vl's password:
Permission denied, please try again.
yasunari@vl's password:
Permission denied (publickey,password,keyboard-interactive).
yasunari@sil:~$ ssh -l admin vl
Password:
Connection to vl closed by remote host.
Connection to vl closed.
yasunari@sil:~$
ログインはできなかったが、sshd は動いている
sshd_config の修正
sshd_config を修正して、ログインできるようにする
標準ファームの HDD を LS-QL に USB で接続
root@qube:~# tail -f /var/log/messages
:
:
Jun 11 16:36:14 qube kernel: usb 1-1: new high speed USB device using ehci_marvell and address 2
Jun 11 16:36:14 qube kernel: usb 1-1: configuration #1 chosen from 1 choice
Jun 11 16:36:14 qube kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Jun 11 16:36:19 qube kernel: scsi 2:0:0:0: Direct-Access ViPowER VP-89118(SD1) 2.10 PQ: 0 ANSI: 4
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: [sdc] 488283264 512-byte hardware sectors (250001 MB)
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: [sdc] Write Protect is off
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: [sdc] 488283264 512-byte hardware sectors (250001 MB)
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: [sdc] Write Protect is off
Jun 11 16:36:19 qube kernel: sdc: sdc1 sdc2 sdc3 sdc4 sdc5 sdc6
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: [sdc] Attached SCSI disk
Jun 11 16:36:19 qube kernel: sd 2:0:0:0: Attached scsi generic sg2 type 0
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: Attached scsi generic sg2 type 0
マウントする
root@qube:~# mkdir /tmp/root
root@qube:~# mount /dev/sdc2 /tmp/root
root@qube:~# ls /tmp/root
bin dev home lib proc sbin tmp var
boot etc initrd mnt root sys usr www
root@qube:~#
sshd_config の編集
root@qube:~# cd /tmp/root/etc/
root@qube:/tmp/root/etc# mv sshd_config{,.orig}
root@qube:/tmp/root/etc# cp sshd_config{.orig,}
root@qube:/tmp/root/etc# vi sshd_config
:
:
root@qube:/tmp/root/etc# !cp:s/cp/diff -u/
diff -u sshd_config{.orig,}
--- sshd_config.orig 2010-07-28 20:54:51.000000000 +0900
+++ sshd_config 2011-06-11 16:38:33.859141416 +0900
@@ -20,7 +20,7 @@
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key
-HostKey /etc/apache/server.key
+#HostKey /etc/apache/server.key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@@ -35,7 +35,7 @@
#LoginGraceTime 2m
#PermitRootLogin yes
-PermitRootLogin no
+PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
@@ -55,6 +55,7 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
+PermitEmptyPasswords yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
@@ -71,7 +72,7 @@
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
-UsePAM yes
+UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
root@qube:/tmp/root/etc#
shadow の確認
念のため、root にパスワードが付いていないことを確認
root@qube:/tmp/root/etc# grep root shadow
root::14895:0:99999:7:::
root@qube:/tmp/root/etc#
アンマウント
root@qube:/tmp/root/etc# cd /
root@qube:/# sync
root@qube:/# sync
root@qube:/# sync
root@qube:/# umount /tmp/root
root@qube:/#
sync は必ず3回(笑
HDD を LS-VL に戻す
LS-VL を起動
LS-VL に ssh
yasunari@sil:~$ ssh -l root vl
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6c:a6:4b:92:a6:26:89:de:00:0a:71:ef:3e:44:f6:69.
Please contact your system administrator.
Add correct host key in /home/yamasita/yasunari/.ssh/known_hosts to get rid of this message.
Offending key in /home/yamasita/yasunari/.ssh/known_hosts:1
RSA host key for vl has changed and you have requested strict checking.
Host key verification failed.
yasunari@sil:~$ rm -fr .ssh/
yasunari@sil:~$ ssh -l root vl
The authenticity of host 'vl (192.168.2.55)' can't be established.
RSA key fingerprint is 6c:a6:4b:92:a6:26:89:de:00:0a:71:ef:3e:44:f6:69.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vl,192.168.2.55' (RSA) to the list of known hosts.
root@LS-VL815:~#
良い子はまねをしてはいけません。
LS-XHL も
同上!
yasunari@sil:~$ ssh -l root brick
ssh: connect to host brick port 22: No route to host
yasunari@sil:~$ ssh -l root brick
The authenticity of host 'brick (192.168.2.49)' can't be established.
RSA key fingerprint is e1:db:3c:38:ae:ed:91:0a:a7:2e:99:37:6a:e2:6e:96.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'brick,192.168.2.49' (RSA) to the list of known hosts.
Last login: Fri Mar 11 10:54:36 2011 from t41l.yamasita.jp
root@LS-XHL8DF:~#
Copyright (C) 2003-2011 Yasunari Yamashita. All Rights Reserved.
yasunari @ yamasita.jp 山下康成@京都府向日市
