SSH $B$K$D$$$F(B

Last Updated at $Date: 2016$BG/(B09$B7n(B06$BF|(B 21:55:08 $.

SSH (Secure SHell) $B$O(B, rsh/rlogin/rcp $B$J$I$N(B r $B7O%3%^%s%I$rBeBX$9$k$?$a$K:n$i$l$?%W%m%0%i%`$G$9(B. $B9-$/CN$i$l$F$$$k$h$&$K(B, r $B7O%3%^%s%I$OG'>Zo$KIOZe$G0BA4$JDL?.$r9T$&J}K!$rDs6!$7$^$9(B.

Port Forwarding $B$rMxMQ$7$?%M%C%H%o!<%/@\b3(b
SSH $B$r7PM3$7$?%a!<%k$n

Command not found $B$H%(%i!<$,=p$k(b
SOCKS $B7PM3$NDL?.(B
$BKI2PJI$r1[$($?DL?.(B
$BKI2PJIFbIt$H$NDL?.7PO)$r:n$k(B
Hostbased $BG'>Z(B
$B>&MQ(B SSH $B$H$NAj8_1?MQ(B
$B@_DjFbMF$N%G%P%C%0(B
$B%j%s%/=8(B

Port Forwarding $B$rMxMQ$7$?%M%C%H%o!<%/@\b3(b

$B%;%-%e%j%F%#>e$NM}M3$+$i(B, $B%"%/%;%9$rl9g(B,SSH $B$N(B Port Forwarding $B$N5!G=$rMxMQ$9$k$3$H$K$h$C$F(B, $BFCDj$N%[%9%H$+$iDL?.$7$F$$$k$h$&$K8+$;$+$1$k$3$H$,$G$-$^$9(B. $B$^$?(B,SSH $B$O(B Port Forwarding $B$NBP>]$H$J$k%M%C%H%o!<%/@\b3$r0e9f2=$7$^$9$+$i(b, $BMM!9$JDL?.$r0BA4$K9T$&$3$H$,=PMh$k$h$&$K$b$J$j$^$9(B.

$B$3$NJ}K!$N6qBNNc$K$D$$$F$O(B, FAQ $B$N!X(B4.8 ftp $B$d(B POP $B$J$I$N%5!<%s%9$r0ba4$k$9$k$?$a$k(b ssh $B$,;H$($^$9$+(B?$B!Y$,BgJQ;29M$K$J$j$^$9(B.

portfwd.el $B$r;H$&$H(B,Emacs $B>e$GF0:n$9$k%W%m%0%i%`$NDL?.$r(B Port Forwarding $B$K$h$C$FCf7Q$9$k$3$H$,$G$-$^$9(B.
Mew-2 $B$O(B,Port Forwarding $B$K$h$C$FDL?.$rCf7Q$9$k5!G=$rI8=`$GEk:\$7$F$$$^$9(B.
IM-133 $B0J9_$NHG$N(B IM $B$O(B, imput/imget $B$NDL?.$r(B SSH $B$K$h$C$FCf7Q$G$-$^$9(B.
fetchmail $B$O(B,$B@_Dj$r9)IW(B$B$9$k$3$H$K$h$C$F(B, SSH $B$r7PM3$7$F%a!<%k$r
$B$?$@$7(B,SSH $B$K$h$C$F:n@.$5$l$?(B Port Forwarding $BMQ$NDL?.7PO)$O(B, $B%/%i%$%"%s%H>e$NA4$F$N(B local process $B$+$i@\B3$9$k$3$H$,$G$-$^$9(B. $B$7$?$,$C$F(B,$B!V%/%i%$%"%s%H>e$NA4$F$N(B local user $B$,?.MQ$G$-$k!W$H$$$&4D6-$G$J$1$l$P(B, Port Forwarding $B$NMxMQ$O%;%-%e%j%F%#>e$N4m81$rA}2C$5$;$k2DG=@-$,$"$j$^$9(B.

SSH $B$r7PM3$7$?%a!<%k$n
OpenSSH-5.4 $B$h$j?7$7$$(B SSH $B$r;H$C$F$$$k>l9g$O(B,netcat mode $B$r;H$&J}K!$,$b$C$H$b4JC1$G$9(B. ~/.fetchmailrc $B$K(B,$B0J2<$n$h$&$k@_dj$7$f$/$@$5$$(b.
```
poll pop3-server
 protocol apop
 plugin "ssh -C ssh-server -W pop3-server:%p"
 username "username"
 password "password"
```
OpenSSH-5.4 $B$h$j8E$$(B SSH $B$r;H$C$F$$$k>l9g(B,$BCf7Q%5!<%p$g(b netcat $BAjEv$N%3%^%s%I$,MxMQ$G$-$l$P(B,$B0J2<$n$h$&$k@_dj$9$k$h(b netcat mode $B$HF1MM$KF0:n$7$^$9(B.
```
poll pop3-server
 protocol apop
 plugin "ssh -C ssh-server connect pop3-server %p"
 username "username"
 password "password"
```
$B$3$N@_DjNc$G$O(B,netcat $BAjEv$N%3%^%s%I$H$7$F(B connect $B%3%^%s%I$r;H$C$F$$$^$9(B. Debian GNU/Linux $B$G$O(B connect-proxy $B$H$$$&L>A0$N%Q%C%1!<%8$k$j$c$f$$$^$9$+$i(b,$bcf7q%5!<%p$g(b apt-get install connect-proxy $B$H%3%^%s%I$rl9g$O(B,$B8D?M$N%[!<%`%g%#%l%/%h%j0j2<$k%$%s%9%h!<%k$7$f(b$BE,@Z$K4D6-@_Dj(B$B$9$l$P(B,$BMxMQ$G$-$k$h$&$K$J$j$^$9(B.

OpenSSH-5.4 $B$h$j8E$$(B SSH $B$r;H$C$F$$$F(B,$BCf7Q%5!<%p$g(b netcat $BAjEv$N%3%^%s%I$bMxMQ$G$-$J$$>l9g$O(B,$B0J2<$n$h$&$k@_dj$7$f(b Port Forwarding $B$r;H$$$^$7$g$&(B.
```
poll pop3-server
 via localhost
 port 8236
 protocol apop
 preconnect 'ssh -f -P -C -L 8236:pop3-server:110 ssh-server sleep 15 </dev/null >/dev/null 2>&1'
 username "username"
 password "password"
```
$B$7$+$7(B,Port Fowarding $B$r;H$&J}K!$G$O(B,$B;XDj$5$l$?%]!<%h(b 8236 $BHV$,2?$i$+$NM}M3$G;HMQCf$N>l9g$K$&$^$/@\B3$G$-$^$;$s(B. $B$=$N$?$a(B,2012$BG/8=:_$G$O(B netcat mode $B$r;H$&J}K!$,:G$b$*$9$9$a$G$9(B.

Command not found $B$H%(%i!<$,=p$k(b

$BIaCJ;H$C$F$$$k%3%^%s%I$J$N$K(B,SSH $B7PM3$G
```
[client:~]% ssh server command
Command not found
```
$B$3$NLdBj$O(B,$B%m%0%$%s@h$N%[%9%H$G%7%'%k$,l9g$K$O(B, $BDL>o$N%7%'%k=i4|2=%U%!%$%k(B(~/.bashrc $B$d(B ~/.cshrc $B$J$I(B)$B$,FI$_9~$^$l$k$N$G(B,$B4D6-JQ?t(B PATH $B$OIaCJDL$j$K@_Dj$5$l$^$9(B. $B$7$+$7(B,$B$3$NNc$N$h$&$KC1$K%3%^%s%I$rl9g$O(B, $B%m%0%$%s@h$N%[%9%H$G$O%7%'%k$O8F$S=P$5$l$J$$$?$a(B,$B4D6-JQ?t(B PATH $B$,@_Dj$5$l$^$;$s(B. $B$=$N7k2L(B,$BIaCJ;H$C$F$$$k%3%^%s%I$J$N$K8+$D$+$i$J$$(B,$B$H$$$&$3$H$,5/$3$j$^$9(B.

SSH $B$O%3%^%s%I~/.ssh/environment $B$H$$$&%U%!%$%k$+$iFI$_9~$`$h$&$K$J$C$F$$$^$9(B.$B$7$?$,$C$F(B,$B0J2<$n%3%^%s%i$r~/.ssh/environment $B$rMQ0U$7$F$*$/$H(B, $BIaCJDL$j$N4D6-JQ?t$,@_Dj$5$l$k$h$&$K$J$j(B,$B%3%^%s%I$b$-$A$s$H8+$D$+$k$h$&$K$J$j$^$9(B.
```
[client:~]% ssh server
[server:~]% printenv | egrep '^PATH=' > ~/.ssh/environment
```
$B$7$+$7(B,NFS $B$J$I$G%[!<%`%g%#%l%/%h%j$r6&m-$7$f$$$k0[l9g$K$O(B, $B>e=R$N$h$&$J@EE*$J~/.ssh/rc $B$H$$$&%U%!%$%k$K%7%'%k%9%/%j%W%H$r5-=R$9$k$3$H$,$G$-(B, $B$=$N$h$&$J4D6-$G$bBP1~$9$k$3$H$,$G$-$^$9(B. $B0J2<$o(b,$b;d$n;h$c$f$$$k(b ~/.ssh/rc $B$G$9(B.
```
if [ -d /var/lib/dpkg ]; then
 PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
else
 PATH=/usr/local/bin/X11:/usr/local/bin:/usr/bin:/bin:/usr/ccs/bin:/usr/ucb
fi
if read proto cookie && [ -n "$DISPLAY" ]; then
 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
 echo add unix:`echo $DISPLAY | cut -c11-` $proto $cookie
 else
 echo add $DISPLAY $proto $cookie
 fi | xauth -q -
fi
```
$B$J$*(B,$B>e5-%9%/%j%W%H$N8eH>ItJ,$O(B,X11$BE>Aw$r=hM}$9$k$?$a$N%9%/%j%W%H$G$9(B. $B>\$7$/$O(B sshd $B$N%^%K%e%"%k$r;2>H$7$F$/$@$5$$(B.

SOCKS $B7PM3$NDL?.(B

OpenSSH $B$K$O(B,$BC1BN$G(B SOCKS $B7PM3$NDL?.$r9T$&5!G=$O$"$j$^$;$s(B. $B$=$NBe$o$j$K(B,ProxyCommand $B$H$$$&%*%W%7%g%s$rMxMQ$7$F(B, SOCKS $B%5!<%p!<$k@\b3$9$k30it%w%m%0%i%`$r8f$s=p$9$3$h$k$h$c$fdl?.$r9t$$$^$9(b.

ProxyCommand $B$K$O(B,$B;XDj$5$l$?%[%9%H!&%]!<%h$kbp$9$kdl?.$ri8=`f~=pno$k(b redirect $B$9$k%3%^%s%I$r;XDj$7$^$9(B.$B$=$N$h$&$J%3%^%s%I$H$7$F(B,$B8eF#$5$s$K$h$C$F:n$i$l$?(B connect $B%3%^%s%I$rMxMQ$9$k$3$H$,$G$-$^$9(B.$B6qBNE*$K$O(B,$B0J2<$n$h$&$k(b ~/.ssh/config $B$K@_Dj$7$^$9(B.
```
Host *
 ProxyCommand connect -S socks-server %h %p
```
connect $B%3%^%s%I$O(B,Debian GNU/Linux $B$G$O(B connect-proxy $B$H$$$&L>A0$N%Q%C%1!<%8$k$j$c$f$$$^$9(b.ssh $B$rapt-get install connect-proxy $B$7$F%$%s%9%H!<%k$7$f$/$@$5$$(b.

$BKI2PJI$r1[$($?DL?.(B

$BKI2PJI$N30$+$iKI2PJIFb$N%^%7%s$K%m%0%$%s$9$k>l9g(B,$B;XDj$5$l$?Cf7Q%5!<%p$k%m%0%$%s$7$j$1$l$p$j$i$j$$(b,$b$h$$$&>u67$ODA$7$/$"$j$^$;$s(B. OpenSSH-5.6 $B$h$j?7$7$$(B SSH $B$r;H$C$F$$$k>l9g$O(B,netcat mode $B$HJ#?t%;%C%7%g%s$N6&M-$rAH$_9g$o$;$F;H$&J}K!$,$b$C$H$b$*4+$a$G$9(B. $B0J2<$n$h$&$k(b ~/.ssh/config $B$K@_Dj$7$F2<$5$$(b.
```
Host relay-server.example.net
 ProxyCommand none
 ControlMaster auto
 ControlPath ~/.ssh/mux-%r@%h:%p
 ControlPersist 10
Host *.example.net
 ProxyCommand ssh -C relay-server.example.net -W %h:%p
```
$B$J$*(B,$BCf7Q%5!<%p>e$N(B SSH $B$,(B OpenSSH-5.4 $B$h$j8E$/$F$b(B netcat mode $B$OF0:n$7$^$9$+$i(B,$Bl9g(B,$BCf7Q%5!<%p$g(b netcat $BAjEv$N%3%^%s%I$,MxMQ$G$-$l$P(B,$B0J2<$n$h$&$k@_dj$9$k$h(b netcat mode $B$HF1MM$KF0:n$7$^$9(B.
```
Host relay-server.example.net
 ProxyCommand none
Host *.example.net
 ProxyCommand ssh -C relay-server.example.net connect %h %p
```
$B$3$N@_DjNc$G$O(B,netcat $BAjEv$N%3%^%s%I$H$7$F(B connect $B%3%^%s%I$r;H$C$F$$$^$9(B. Debian GNU/Linux $B$G$O(B connect-proxy $B$H$$$&L>A0$N%Q%C%1!<%8$k$j$c$f$$$^$9$+$i(b,$bcf7q%5!<%p$g(b apt-get install connect-proxy $B$H%3%^%s%I$rl9g$O(B,$B8D?M$N%[!<%`%g%#%l%/%h%j0j2<$k%$%s%9%h!<%k$7$f(b$BE,@Z$K4D6-@_Dj(B$B$9$l$P(B,$BMxMQ$G$-$k$h$&$K$J$j$^$9(B.

$B30It%M%C%H%o!<%/$h(b DMZ $B$N4V$KKI2PJI(B,$B$5$i$K(B DMZ $B$HFbIt%M%C%H%o!<%/$n4v$k$bki2pji$h$$$&$h$&$kki2pji$,b?cj$k$j$c$f$$$k>l9g(B,$B0J2<$n$h$&$k@_dj$9$k$h<+f0e*$kcf7q%5!<%p$r(b2$b$d7pm3$7$f@\b3$7$^$9(b.
```
# local-machine --> firset-relay-server --> second-relay-server --> target-machine $B$H@\B3$9$k(B
Host first-relay-server.example.net
 ProxyCommand none
Host second-relay-server.example.net
 ProxyCommand ssh -C first-relay-server.example.net -W %h:%p
Host *.example.net
 ProxyCommand ssh -C second-relay-server.example.net -W %h:%p
```
$B5U$K(B,$BKI2PJI$NCf$+$iKI2PJI$N30$KDL?.$9$k;~$KCf7Q%5!<%p$r7pm3$9$ki,mw$,$"$k>l9g$O(B,$B0J2<$n$h$&$k@_dj$7$f$/$@$5$$(b.
```
Host *.example.net
 ProxyCommand none
Host *.*
 ProxyCommand ssh -C relay-server.example.net -W %h:%p
```
$BKI2PJIFbIt$H$NDL?.7PO)$r:n$k(B

$BKI2PJI30$K$$$k;~$K(B,$BKI2PJIFb$N(B WWW $B%5!<%p$j$i$kbp$9$kf)2ae*$j@\b3$,i,mw$k$j$c$f$7$^$&>l9g$,$"$j$^$9(B. $BKI2PJIFb$N%^%7%s$G(B root $B$K$J$k$3$H$,$G$-$l$P(B,PPP over SSH $B$J$I$NMM!9$Jl9g$K$O(B,$B$=$&$O$$$-$^$;$s(B. $B$=$N$h$&$J>l9g$K$O(B,
- $BAw?.B&(B(= $BKI2PJI30$N%^%7%s(B)$B$G$O(B,$BDL>o$N(B pppd $B$rMxMQ(B.
- $Bslirp $B$rMxMQ(B.
$B$H$$$&9=@.$G(B PPP over SSH $B$N@_Dj$r9T$&(B$B$3$H$K$h$j(B,$BKI2PJIFb$G$N8"8B$J$7$KDL?.7PO)$r@_CV$9$k$3$H$,$G$-$^$9(B.

slirp $B$O(B,$B%b%G%`$d(B telnet/rsh $B7PM3$NCpJs=hM}%;%s%?!<$ncl9g$K$*@$OC$K$J$j$^$7$?$,(B, $B$3$s$J$H$3$m$G:F$S;H$&$3$H$K$J$k$H$O(B....

$B$J$*(B,$B0J2<$n@bl@$o(b Debian $B$G$N(B pppd $B$N@_Dj%U%!%$%k$NG[CV$K0MB8$7$F$$$^$9$N$G(B, $B$=$l0J30$N4D6-$G$O(B,$B$=$l$>$lE,Ev$KCV$-49$($F$/$@$5$$(B.

($BHf3SE*(B)$B4JC1$JJ}K!(B
1. $BKI2PJIFb$N%^%7%s$G(B slirp $B$r%3%s%Q%$%k$7$F(B,$B%$%s%9%H!<%k$7$f$*$-$^$9(b. root $B$K$J$l$J$$>u67$J$N$G(B, $B%[!<%`%g%#%l%/%h%j0j2<$k%$%s%9%h!<%k$7$f(b$BE,@Z$K4D6-@_Dj(B$B$9$k$3$H$K$J$j$^$9(B.
2. $BKI2PJI30$N%^%7%s$G(B pppd $B$r8F$S=P$9%f!<%68"8b(b($bnc(b:vpn)$B$G(B, $BKI2PJIFb$N%^%7%s(B($BNc(B:in.example.net)$B$K%Q%9%o!<%i$rf~no$;$:$k%m%0%$%s$g$-$k$h$&$k$7$f$*$-$^$9(b.
  1. VPN $BMQ$N8x3+80$r:n$j$^$9(B.
    % ssh-keygen -t dsa -N '' -f ~/.ssh/vpn_dsa
  2. $B:n@.$7$?8x3+80$r(B,$BKI2PJIFb$N%^%7%s$N(B ~/.ssh/authorized_keys $B$KDI2C$7$^$9(B. $B$=$N>e$G(B,$B$=$N8x3+80$N9T$N@hF,$K0J2<$n$h$&$k;xdj$7$f(b, slirp $B0J30$O
    command="slirp -P",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss ...
  3. $B0J2<$n%3%^%s%i$r
    % ssh -C -x -t -e none -i ~/.ssh/vpn_dsa in.example.net slirp -P
3. $B0J2<$n$h$&$jfbmf$n(b /etc/ppp/peers/example $B$rMQ0U$7$^$9(B.
```
hide-password
noauth
pty "ssh -C -x -t -e none -i /home/vpn/.ssh/vpn_dsa in.example.net slirp -P"
10.0.2.15:10.0.2.2
#debug
ipparam example
nodefaultroute
noipdefault 
```
  $BKI2PJI30$N%^%7%sMQ$N(B IP $B%"%I%l%9$H$7$F(B 10.0.2.15, $BKI2PJIFb$N%^%7%sMQ$N(B IP $B%"%I%l%9$H$7$F(B 10.0.2.2 $B$r;XDj$7$F$$$^$9$,(B, $B$3$l$O(B slirp $B$N%G%U%)%k%H@_Dj$K9g$o$;$F$$$^$9(B.$B>\$7$/$O(B slirp(1) $B$r;2>H$7$F$/$@$5$$(B.
4. $B$3$3$^$G$G(B,$B$H$j$"$($:(B pon example $B$H$$$&%3%^%s%I$G@\B3$G$-$k$h$&$K$J$C$F$$$k$O$:$G$9(B. $B@\B3$7$F$_$F(B,10.0.2.2 $B$,8+$($F$$$k$3$H$r3NG'$7$F$/$@$5$$(B.
5. $B/etc/ppp/ip-up.d/example $B$rMQ0U$7$^$9(B.
```
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin
if [ x"6$B%I%k(B" = xexample ]; then
 route add -net `echo "4$B%I%k(B"|sed 's,[0-9][0-9]*,0,$B%I%k(B'` netmask 255.255.255.240 "1$B%I%k(B"
 route add -net x.y.z.0 netmask 255.255.255.0 gw "5$B%I%k(B"
fi
```
  - $B:G=i$N(B route $B%3%^%s%I$O(B,slirp $B$N@)8fMQ(B IP $B%"%I%l%9$KBP$9$k7PO)$r@_Dj$7$F$$$^$9(B.
  - $B $B$3$3$^$G$G(B,$BKI2PJIFb$N%^%7%s$K$D$$$F(B,IP $B%"%I%l%9$rD>@\;XDj$7$?@\B3$,$G$-$k$h$&$K$J$C$F$$$k$O$:$G$9(B. $B$?$@$7(B,slirp $B$N@)8B$+$i(B ping $B$O@5>o$KF0:n$7$^$;$s$+$i(B,$B$=$l0J30$NJ}K!$G3NG'$7$F$/$@$5$$(B.
  - $BKI2PJIFb$N%^%7%s$K$D$$$F$NL>A02r7h$O(B,$BKI2PJIFb$N(B DNS $B%5!<%p$kld$$9g$o$;$k$h$&$k$7$^$9(b. slirp $B$O(B,$BFCDj$N@)8fMQ%"%I%l%9(B(= $B%G%U%)%k%H$O(B 10.0.2.3)$B$KBP$7$FAw$i$l$F$-$?(B DNS query $B$r(B, $BKI2PJIFb$N%^%7%s$N(B /etc/resolv.conf $B$K;XDj$5$l$F$$$k(B DNS $B%5!<%p$ke>Aw$7$F$/$l$^$9(B. $B$=$N$?$a(B,2$BDL$j$NJ}K!$,$"$j$^$9(B.
    $B!&A4$F$NL>A02r7h$r(B,$BKI2PJIFb$N(B DNS $B%5!<%p$k0mmj$g$-$k>l9g(B
    $B/etc/resolv.conf $B$K0J2<$n$h$&$k;xdj$9$l$pni$$$g$9(b.
    
    nameserver 10.0.2.3
    
    $B!&KI2PJI30$NL>A02r7h$OFH<+$k(b,$bki2pjifb$nl>A02r7h$OKI2PJIFb$N(B DNS $B%5!<%p$k0mmj$9$k>l9g(B
    $Bdnsmasq $B$r%$%s%9%H!<%k$7$^$7$g$&(b.$b$=$n>e$G(B,$B0J2<$n;xdj$r(b /etc/dnsmasq.conf $B$K2C$($F$*$-$^$9(B.
    
    server=/.example.net/10.0.2.3
$B$3$N$h$&$K@_Dj$7$F(B,$BKI2PJIFbIt$N%^%7%s$KBP$9$k@\B3$,I,MW$K$J$C$?$i(B pon example, $BITMW$K$J$C$?$i(B poff example $B$H$7$F;H$$$^$9(B.

$BJ#;($JJ}K!(B

$B$3$3$^$G$NJ}K!$O(B,$B@\B3$,I,MW$K$J$k$Ho;~
1. $B@\B37PO)$N:n@.!&Ku>C$r9T$&%9%/%j%W%H(B /home/vpn/connect $B$rMQ0U$7$^$9(B.
```
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin
dir=/home/vpn
file=${dir}/example-ondemand.pid
case "1$B%I%k(B" in
 start)
 echo "$$"> ${file}
 exec ssh -C -x -t -e none -i ${dir}/.ssh/vpn_dsa in.example.net slirp -P
 ;;
 stop)
 if [ -r ${file} ]; then
 pid=`cat ${file}`
 if [ ! -z ${pid} ]; then
 kill ${pid}
 fi
 rm ${file}
 fi
 ;;
esac
```
2. $B0J2<$n$h$&$jfbmf$n(b /etc/ppp/peers/example-ondemand $B$rMQ0U$7$^$9(B.
```
hide-password
noauth
pty "su vpn /home/vpn/connect start"
10.0.2.15:10.0.2.2
#debug
ipparam example-ondemand
nodefaultroute
noipdefault 
demand
idle 90
holdoff 60
```
3. pppd $B$r5/F0$7(B,$B7PO)@_Dj$r9T$&%9%/%j%W%H(B /etc/init.d/example-ondemand $B$rMQ0U$7$F(B,$BE,Ev$J%?%$%_%s%0$G
  /etc/rc3.d/ $B$K%j%s%/$r:n$C$F$*$-$^$9(B.
  #!/bin/sh PATH=/bin:/usr/bin:/sbin:/usr/sbin PEER=example-ondemand INTERFACE=ppp0 start(){ pon ${PEER} for sec in 1 2 3; do if ( grep -q ${INTERFACE}: /proc/net/dev ); then break fi sleep ${sec} done route add -net 10.0.2.0 netmask 255.255.255.240 ${INTERFACE} route add -net x.y.z.0 netmask 255.255.255.0 gw 10.0.2.2 } stop(){ poff ${PEER} } case "1$B%I%k(B" in start) start ;; stop) stop ;; restart|force-reload) stop start ;; esac
4. $B$H$j$"$($:(B,$B$3$3$^$G$GIaDL$K@\B3$G$-$k$h$&$K$J$C$F$$$k$O$:$G$9(B. $B0J2<$n%3%^%s%i$r
```
# /etc/init.d/example-ondemand start
```
5. $B$7$+$7(B,$B$3$l$G$7$P$i$/;H$C$F$$$k$H(B,$BKI2PJIFb$N%^%7%s$K4{$KITMW$K$J$C$?$O$:$N(B slirp $B$N%W%m%;%9$,BgNL$K;D$C$F$$$k>uBV$K$J$k$H;W$$$^$9(B. $B$I$&$d$i(B,pppd $B$N(B pty $B%*%W%7%g%s$G5/F0$7$?;R%W%m%;%9$O(B, pppd $BK\BN$,=*N;$9$k$^$G;D$C$F$7$^$&$h$&$J$N$G(B, $B0J2<$n$h$&$j(b /etc/ppp/ip-down.d/example-ondemand $B$rMQ0U$7$F(B, $BL@<(e*$k;r%w%m%;%9$rdd;_$9$k$h$&$k9)iw$7$^$9(b.
```
#!/bin/sh
if [ x"6$B%I%k(B" = xexample-ondemand ]; then
 su vpn /home/vpn/connect stop
fi
```
Hostbased $BG'>Z(B

Hostbased $BG'>Z$H$O(B,$BEPO?:Q$_$N%/%i%$%"%s%H$+$i@\B3$,$"$C$?>l9g$O(B, $B$=$N%/%i%$%"%s%H>e$G$N%f!<%6!<>pJs$r?.MQ$7$F@\B3$r5v2D$9$kG'>ZJ}<0$g$9(b. $BB?$/$N%/%i%$%"%s%H$H%5!<%p!<$,2tf/$7$f$$$k%5%$%h$ge,@z$kmxmq$9$k$h(b, $B%f!<%6!<$n%q%9%o!<%if~no$n
1. $B%/%i%$%"%s%H$N%[%9%H80$r:n@.$7$F$*$-$^$9(B.
```
[client:~]# ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
```
  Hostbased $BG'>Z$O(B,$B%/%i%$%"%s%H$N%[%9%H80(B,$BFC$KHkL)80$NHkF?@-$K4p$E$$$FG'>Z$r9T$C$F$$$^$9(B. $B$7$?$,$C$F(B,$BHkL)80$N%U%!%$%k(B(/etc/ssh/ssh_host_rsa_key)$B$NFI$_
```
[client:~]$ ls -l /etc/ssh/ssh_host_rsa_key
-rw------- 1 root root 883 2002$BG/(B01$B7n(B01$BF|(B 12:00 /etc/ssh/ssh_host_rsa_key
```
2. $B%/%i%$%"%s%HB&$N(B /etc/ssh/ssh_config $B$K0J2<$n@_dj$rdi2c$7$f(b,server $B$KBP$7$FDL?.$r9T$&;~$O(B Hostbased $BG'>Z$rMxMQ$9$k$h$&$K;XDj$7$^$9(B.
```
Host server
 HostbasedAuthentication yes
```
  OpenSSH-3.8 $B0J8e$O(B,$B0J2<$n;xdj$b2c$($ki,mw$,$"$j$^$9(b.
```
EnableSSHKeysign yes
```
  $B$3$N;XDj$O(B,$BBP>]$H$J$k%[%9%H$,;XDj$5$l$F$$$J$$ItJ,$K=q$/I,MW$,$"$j$^$9(B.
3. $B%5!<%p!
  /etc/ssh/sshd_config $B$K0J2<$n@_dj$rdi2c$7$f(b,hostbased $BG'>Z$r
  HostbasedAuthentication yes
  $B0J2<$o(b Hostbased $BG'>Z$HD>@\$N4X78$O$"$j$^$;$s$,(B,$B0lHL%f!<%6!<$k$h$k(b Hostbased $BG'>Z$NMpMQ$r6X;_$9$k$?$a$K@_Dj$7$F$*$/$Y$-9`L\$G$9(B.
  
  IgnoreRhosts yes IgnoreUserKnownHosts yes RhostsAuthentication no RhostsRSAAuthentication no
4. $B%5!<%p!<$k%/%i%$%"%s%h$n8x3+80$repo?$7$^$9(b. $B$J$*(B,DNS spoofing $B967b$rHr$1$k$?$a(B,$B%/%i%$%"%s%H$N%[%9%HL>$O(B FQDN $B$G;XDj$7(B, $B%/%i%$%"%s%H$N(B IP $B%"%I%l%9$bF1;~$K;XDj$7$F$*$/$HNI$$$G$7$g$&(B.
```
[server:~]# ssh-keyscan -t rsa client,address>> /etc/ssh/ssh_known_hosts
```
5. $B%/%i%$%"%s%H$+$i$N@\B3$r
```
[server:~]# echo client>> /etc/ssh/shosts.equiv
```
$B$3$l$G(B,$B%/%i%$%"%s%H$+$i%5!<%p!<$kbp$7$f%q%9%o!<%if~no$r>JN,$7$F(B ssh $B7PM3$G%m%0%$%s$9$k$3$H$,$G$-$k$h$&$K$J$C$F$$$k$O$:(B....$B$G$7$?$,(B, $B;d$O0J2<$n$h$&$jldbj$g6lo+$7$^$7$?(b.
OpenSSH-3.4p1 $B$N%P%0(B
OpenSSH-3.4p1 $B$O%P%0$N$?$a$K(B,Hostbased $BG'>Z$,@5>o$K5!G=$7$J$$$h$&$G$9(B. $B%Q%C%A(B$B$rE,MQ$9$kI,MW$,$"$j$^$9(B.

ProxyCommand $B$H$N>WFM(B
ProxyCommand $B$H(B Hostbased $BG'>Z$O6&B8$G$-$^$;$s(B. ProxyCommand $B$,(B$B@_Dj$5$l$F$$$k>uBV(B$B$G(B Hostbased $BG'>Z$r9T$*$&$H$9$k$H(B,$B0J2<$n$h$&$j%(%i!<%a%c%;!<%8$,i=<($5$l$^$9(b.
% ssh server userauth_hostbased: cannot get local ipaddr/name
OpenSSH-3.6p1 $B0J9_$O(B ProxyCommand $B$N@_Dj$rL58z2=$9$k$3$H$,$G$-$k(B$B$i$7$$$N$G(B, Hostbased $BG'>Z$r9T$&%[%9%H$rBP>]$H$7$F(B ProxyCommand $B$rL58z2=$9$k$H$$$&@_Dj$r;n$7$F$_$?$N$G$9$,(B,$BProxyCommand $B$rMxMQ$9$k%[%9%H$r>.$^$a$K;XDj$9$k$7$+$J$$$h$&$G$9(B.
$BJd=u%W%m%0%i%`$N
Hostbased $BG'>Z$K$O(B,$B%/%i%$%"%s%H$NHkL)80$N>pJs$,I,MW$G$9(B. $BDL>o(B,$BHkL)80$O(B root $B0J30$OFI$_=P$;$J$$$h$&$K$J$C$F$$$^$9$+$i(B, OpenSSH $B$O(B ssh-keysign $B$H$$$&(B setuid root $B$5$l$?Jd=u%W%m%0%i%`$rMxMQ$7$FG'>Z$r9T$C$F$$$^$9(B.

$BJd=u%W%m%0%i%`$,(B setuid root $B$5$l$F$$$J$$$H(B, $B0J2<$n$h$&$j%(%i!<%a%c%;!<%8$,i=<($5$l$^$7$?(b.

% ssh server could not open any host key ssh_keysign: no reply key_sign failed

Debian $B$N>l9g$O(B,dpkg-recongfigure ssh $B$H$$$&%3%^%s%I$r

# chmod u+s /usr/lib/ssh-keysign
$B>&MQ(B SSH $B$H$NAj8_1?MQ(B

$B5W$7$V$j$K(B,OpenSSH $B$G$O$J$/>&MQ$N(B SSH $B$,%$%s%9%H!<%k$5$l$f$$$k4d6-$r;h$&$3$h$k$j$c$?$n$g$9$,(b, $B8x3+80G'>Z$K$h$k%m%0%$%s$,$&$^$/$$$+$:$K(B,$B$+$J$jG:$_$^$7$?(B.
- OpenSSH $B$H>&MQ(B SSH $B$O8x3+80$NJ]B87A<0$,0[$j$c$f$$$^$9(b.$b$=$n$?$a(b,$b0j2<$n%3%^%s%i$r
  &MQ(B SSH $BMQ$N8x3+80$KJQ49$9$kI,MW$,$"$j$^$9(B.
  ssh-keygen -x -f ~/.ssh/id_rsa.pub> ~/id_rsa.pub
- OpenSSH $B$H>&MQ(B SSH $B$O8x3+80$rEPO?$9$k%U%!%$%k$N7A<0$hj]b8>l=j$,0[$J$C$F$$$^$9(B.
  OpenSSH $B$N>l9g(B
  ~/.ssh/authorized_keys $B$K(B,$BA4$F$N8x3+80$rD>@\=q$-9~$_$^$9(B.
  
  $B>&MQ(B SSH $B$N>l9g(B
  $B8x3+80$OA4$F8DJL$KJ]B8(B($BNc$($P(B,~/.ssh2/id_rsa.pub)$B$7(B, $B$=$N%U%!%$%k$N>l=j$r(B ~/.ssh2/authorization $B$K=q$-9~$_$^$9(B.
  
  key id_rsa.pub
$B$h$j>\$7$$>pJs$O(B, $B!V(BOpenSSH $B$H(B SSH $B$NAj8_1?MQ(B$B!W$d(B $B!V(B$BAj8_1?MQ$N$?$a$N804IM}(B$B!W$r;2>H$7$F$/$@$5$$(B.

$B@_DjFbMF$N%G%P%C%0(B

$B%/%i%$%"%s%HB&$N@_Dj$KLdBj$,$"$k$H9M$($i$l$k>l9g$O(B, -v $B%*%W%7%g%s$r;XDj$7$F%/%i%$%"%s%H$r
```
% ssh -v server
```
$B%5!<%p!l9g$O(B, -d -d -d $B%*%W%7%g%s$r;XDj$7$F%5!<%p!<$r
```
# /etc/init.d/ssh stop
# /usr/sbin/sshd -d -d -d
```
[Top] / [SSH $B$K$D$$$F(B]

SSH $B$K$D$$$F(B

($BHf3SE*(B)$B4JC1$JJ}K!(B

$BJ#;($JJ}K!(B

SSH $B$K$D$$$F(B

($BHf3SE*(B)$B4JC1$JJ}K!(B

$BJ#;($JJ}K!(B