[index] AT-AR1050V コマンドリファレンス 5.5.4
awplus(config)# username admin privilege 15 password adkf8KH! ↓
awplus(config)# service ssh ↓
Noteservice sshコマンドの実行時に3種類(RSA、ECDSA、ED25519)のホスト鍵(Host Key)がすべて揃っていない場合は、存在していない種類のホスト鍵が自動的に生成されます。鍵長はRSAが2048ビット、ECDSAが384ビットです。
なお、鍵長を変えたい場合など、ホスト鍵を手動で生成するにはcrypto key generate hostkeyコマンドを使います。
awplus(config)# crypto key generate hostkey rsa 4096 ↓ Generating host key (4096 bits rsa) This may take a while. Please wait ... Done WARNING: The SSH server must now be enabled with "service ssh"
awplus(config)# ssh server allow-users manager ↓ awplus(config)# ssh server allow-users admin ↓
awplus(config)# end ↓ awplus# copy scp://pcuser@pchost.example.com/tmp/admin_id_rsa.pub flash ↓ Enter destination file name [admin_id_rsa.pub]: ↓ pcuser@pchost.example.com's password: XXXXXXXX ↓ (実際には表示されません) Copying.. Successful operation
Noteリモートコピーの方法については、copyコマンドのページや「運用・管理」の「ファイル操作」をご覧ください。
awplus# configure terminal ↓ Enter configuration commands, one per line. End with CNTL/Z. awplus(config)# crypto key pubkey-chain userkey admin admin_id_rsa.pub ↓
awplus(config)# ssh server allow-users manager 192.168.10.186 ↓
awplus(config)# ssh server allow-users manager 192.168.10.* ↓
Noteワイルドカードを用いてIPアドレスを範囲指定した場合、「% Warning: ssh server resolve-hosts is not enabled.」という警告メッセージが出ますが、次項で述べる「ホスト名による指定」を使っていない場合は無視してかまいません。
Noteアクセスが許可されていないホスト/ユーザーからSSHでログインしようとした場合、コンソール上に「sshd[3374]: fatal: mm_request_receive_expect: read: rtype 48 != type 46」のようなデバッグメッセージが表示されます。
awplus(config)# ip name-server 172.16.10.8 ↓ awplus(config)# ssh server resolve-hosts ↓ awplus(config)# ssh server allow-users admin delirium.example.com ↓
Notessh server resolve-hostsコマンドを実行せずにホスト名を指定した場合は「% Warning: ssh server resolve-hosts is not enabled.」という警告メッセージが出ます。ホスト名を指定する場合は必ずssh server resolve-hostsコマンドを実行して、ホスト名の逆引きを有効化してください。逆引きが無効の場合、ホスト名パターンを含むエントリーには一切マッチしませんのでご注意ください。
awplus# show ssh server ↓
awplus# show crypto key hostkey ↓ Type Bits Fingerprint --------------------------------------------------------------- rsa 2048 SHA256:wPo/qzwNsGLKnlVj9+U48gZQxHvtntmhmFxMqI5jd6M ecdsa 256 SHA256:1NJi1rtrI3uT2JPaWW6v/UW8xC66NWxs/MSrvdKppXs ed25519 256 SHA256:a0Tsz1PHpIIl9YDpsPYCzMiX13FDEaiO8uqblV+WqZc awplus# show crypto key hostkey rsa ↓ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKtnCsVoyQvP8LAoOp0OdiW118z8tG95iwTlo14IDH GyErnCC2OinCFwMH/nW/8qfuEpG/yQdI7cXVH6euTz4XnaL38gxsU02M1vyzCJv0DjKiI+L31g/UGCWw rZCrG9+NKTLbi6xbnmlxWruE4hhBYZi28lCnSIVADv3YadRLdcGMspnI6MEw4UTlZQb8y51Hjy2Io2cH a1aacYsgfxVLJ4hH8L79+UewM3YC9QAJUjJ/vyPHikxtnC6Aqpm30Pbd/S4fcs1Uix0xwDOmH2iw0tnA bYgEeoJnq2uiR3KvIWPeHdLbf4CCwsIARKPKE1Qg+EdUowbeEO6tEDePNCOJ
awplus# show crypto key pubkey-chain userkey admin ↓ No Type Bits Fingerprint Comment ------------------------------------------------------------------------------- 1 rsa 4096 SHA256:iJ18qK5lVV3sT/jMvflfAInORmLgsf3L5TmDZt3J admin@pc awplus# show crypto key pubkey-chain userkey admin 1 ↓ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCX5FS6ZRCR/Wkl3PiFxum0czn1QCViNUZoTiwbYWOW FCtg57erbjaC3OzsWWtHiC+q/pIahCvAGo8XJWBW1F0ckPWBIkhLmyLaxwtAEPLY/KT2lhDen9TJt3Uv nNNQImTL5ZA1+c3JvNjEsSwUun3mi6gLG/QpUsXSwnz6m5J6AJbnEWLnniYBlQHUelBgTmh6W9eDjfCW SNxvQco9aHpgQOg2vTAgxboGCAiiVSgrxAYR5SxUGnshuLw8d3mdQSI6W08BvTFA9QzuYaa4eBnf43Of utA7yeVQ3m/2845CKMjrgCvvQ7isxhK1qhHuSjcGR8H58mCf75V7Wnut+o3ksc8Ts4m1BK5JEE5BWV7H Zxx3pN01L1RgxNqqTUWcMpi53BDqhBaSxDmciUPW3ZzFkLs2V6oCZ82jl/KCPCOmENcVHjCU80l4YaOx 0OEyn1aYIbqlOC1+lBNGIpUByvfRx1W13TztrIXqqPwnsn5dsdcZlqm8jtOzf39vwD37tdH3F3bOL3ei xBlDlDl87q43sw5Y+RHRz/n7/nxRTnqbFEvnWf8f09bShFRbGWjm3NmbVq+b6NRRsaLgw7qRqOsLf7TG TQGMw+rpEpaAaAIFNd5Yn9pVOKYMNt+ibsNmkGMWF/j+D/aPh/PZSXidbo5mouMFnKvUXebX1cGhEQ+Q 2w== admin@pc
awplus> show users ↓
awplus# show ssh ↓ Secure Shell Sessions: ID Type Mode Peer Host Username State Filename ------------------------------------------------------------------------------ 3402 ssh server 192.168.20.2 admin open
awplus# clear ssh 3402 ↓
awplus# ssh user zein 192.168.10.5 ↓ The authenticity of host '192.168.10.5 (192.168.10.5)' can't be established. RSA key fingerprint is SHA256:32nmQJz0Gpc2EqMIDlb88qOypLOIUYmYLlNC3GTGcZU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes ↓ Warning: Permanently added '10.0.0.2' (RSA) to the list of known hosts. zein@192.168.10.5's password: XXXXXXXX ↓ (実際には表示されません) Last login: Wed Sep 14 14:01:55 2011 from awplus Welcome to Darwin! [1488] zein@bird:~%
The authenticity of host '192.168.10.5 (192.168.10.5)' can't be established. RSA key fingerprint is SHA256:32nmQJz0Gpc2EqMIDlb88qOypLOIUYmYLlNC3GTGcZU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Warning: Permanently added '192.168.10.5' (RSA) to the list of known hosts.
awplus> ssh user zein 192.168.10.5 ↓ zein@192.168.10.5's password:
awplus# ssh 192.168.10.5 ↓ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:BCoN+EMu4w0ZjnVID6lXSk8XnN+qllrJPssumaO7zeY. Please contact your system administrator. Host key for 192.168.10.5 has changed and you have requested strict checking. Host key verification failed. awplus#
awplus# show crypto key pubkey-chain knownhosts ↓ No Hostname Type Fingerprint --------------------------------------------------------------------------- 1 afrika.example.c rsa SHA256:OymhOr5zFTXvB4wrXg2BZJsRRscfzXM3bIbOhik1ZOk 2 192.168.10.2 rsa SHA256:I3Tbsf+kH0PWeOXyMTNOTLgkz5woddKO8cPlH4RzINQ 3 192.168.20.2 rsa SHA256:kfzd8fgJbyPp5z4o4Mk7cJUCEgvOFvsaw/8pcYbXLPo 4 172.16.10.3 rsa SHA256:KNYz1X4IkC27yyrdwv9bLh4gJtjLHD4XXp6OgxupGJU 5 192.168.10.5 rsa SHA256:32nmQJz0Gpc2EqMIDlb88qOypLOIUYmYLlNC3GTGcZU 6 10.100.10.100 rsa SHA256:yFI5+dCYk2SnVCOQ03UD2o/DP3Jz+RUrlfMq0p8w/m8
awplus# configure terminal ↓ Enter configuration commands, one per line. End with CNTL/Z. awplus(config)# no crypto key pubkey-chain knownhosts 5 ↓ awplus(config)# end ↓
awplus# ssh user zein 192.168.10.5 ↓ The authenticity of host '192.168.10.5 (192.168.10.5)' can't be established. RSA key fingerprint is SHA256:BCoN+EMu4w0ZjnVID6lXSk8XnN+qllrJPssumaO7zeY. Are you sure you want to continue connecting (yes/no)? yes ↓ Warning: Permanently added 'localhost' (RSA) to the list of known hosts. zein@192.168.10.5's password:
awplus(config)# crypto key pubkey-chain knownhosts 192.168.10.5 rsa ↓ 192.168.10.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDH2wYiMPwJEVxtgxgsIdbYc0XZUWYTm+V Zb8BmH7RUriJcLqYFYSxd/0PPfmy33JauqaPAmPttqyWVgOE+aakGC2CtaF7kTr5ZYI9Qfd1scVQVkekWpXK XVye0GYDqzHrSUcyhjbUlnNiQSWjnaA1drHCoGmgZl0yZ0OlWchVyxw== Are you sure you want to add this public key (yes/no)? yes ↓
Notesshコマンドでコマンド行を指定したときは、指定したコマンド行の実行後にコネクションが切断されます。コマンド行を指定しなかったときは、前述のとおりSSHサーバーにログインして対話型セッションを開始します。
awplus# ssh user zein 10.100.10.100 netstat -an -f inet ↓ zein@10.100.10.100's password: XXXXXXXX ↓ (実際には表示されません) Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.100.10.100.22 10.100.10.1.38199 ESTABLISHED tcp4 0 0 127.0.0.1.1033 127.0.0.1.976 ESTABLISHED tcp4 0 0 127.0.0.1.976 127.0.0.1.1033 ESTABLISHED tcp4 0 0 *.22 *.* LISTEN tcp4 0 0 *.* *.* CLOSED tcp4 0 0 *.80 *.* LISTEN tcp4 0 0 127.0.0.1.8005 *.* LISTEN tcp46 0 0 *.8009 *.* LISTEN tcp4 0 0 127.0.0.1.5432 127.0.0.1.49154 ESTABLISHED tcp4 0 0 127.0.0.1.49154 127.0.0.1.5432 ESTABLISHED tcp46 0 0 *.8080 *.* LISTEN tcp4 0 0 *.5432 *.* LISTEN tcp4 0 0 *.* *.* CLOSED tcp4 0 0 127.0.0.1.1033 127.0.0.1.1019 ESTABLISHED tcp4 0 0 127.0.0.1.1019 127.0.0.1.1033 ESTABLISHED tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp4 0 0 *.23 *.* LISTEN tcp4 0 0 *.139 *.* LISTEN tcp4 0 0 127.0.0.1.1033 *.* LISTEN ... awplus#
awplus# copy scp://zein@10.100.10.100/tmp/testtest.cfg flash ↓ Enter destination file name [testtest.cfg]: zein@10.100.10.100's password: XXXXXXXX ↓ (実際には表示されません) Copying.. Successful operation
awplus# copy testtest2.cfg scp://zein@10.100.10.100/tmp/ ↓ Enter destination file name [testtest2.cfg]: zein@10.100.10.100's password: XXXXXXXX ↓ (実際には表示されません) Successful operation
awplus# copy sftp://zein@10.100.10.100/tmp/aaaaa.txt flash ↓ Enter destination file name [aaaaa.txt]: zein@10.100.10.100's password: XXXXXXXX ↓ (実際には表示されません) Copying.. Successful operation
(C) 2019 - 2024 アライドテレシスホールディングス株式会社
PN: 613-002735 Rev.AD