{"id":1194,"date":"2016-05-18T00:10:55","date_gmt":"2016-05-17T15:10:55","guid":{"rendered":"http:\/\/sparkling-software.club\/pekublog\/?p=1194"},"modified":"2016-05-18T00:16:45","modified_gmt":"2016-05-17T15:16:45","slug":"centos67%e3%80%80%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e5%88%9d%e6%9c%9f%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"http:\/\/sparkling-software.club\/pekublog\/?p=1194","title":{"rendered":"CentOS6\/7\u3000\u30b5\u30fc\u30d0\u30fc\u521d\u671f\u8a2d\u5b9a"},"content":{"rendered":"

CentOS6\u53ca\u3073CentOS7\u5bfe\u8c61\u3002\u30ec\u30f3\u30bf\u30eb\u30b5\u30fc\u30d0\u30fc\u7b49\u3001\u5916\u90e8\u306b\u516c\u958b\u3059\u308b\u30b5\u30fc\u30d0\u30fc\u306b\u884c\u3046\u6700\u4f4e\u9650\u306e\u521d\u671f\u8a2d\u5b9a\u3067\u3059\u3002
\n\u8a73\u3057\u3044\u4eba\u306f\u3082\u3063\u3068\u8272\u3005\u8a2d\u5b9a\u3059\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

\u8272\u3005\u306a\u30b5\u30a4\u30c8\u3092\u5de1\u308a\u306a\u304c\u3089\u4f5c\u696d\u3057\u307e\u3057\u305f\u3002\u6700\u521d\u306b\u53c2\u8003\u306b\u3057\u305f\u30b5\u30a4\u30c8\u306f\u4ee5\u4e0b\u3002
\nwheel \u30b0\u30eb\u30fc\u30d7\u3092\u6d3b\u7528\u3059\u308b – \u3044\u307e\u3059\u3050\u5b9f\u8df5! Linux\u30b7\u30b9\u30c6\u30e0\u7ba1\u7406 \/ Vol.104<\/a>
\nCentOS\u3092\u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u6d3b\u7528\u3059\u308b\u305f\u3081\u306e\u57fa\u672c\u7684\u306a\u8a2d\u5b9a<\/a>
\n\u4ed6\u3001\u8272\u3005\u3067\u3059\u3002<\/p>\n

\u4e3b\u306b\u4ee5\u4e0b\u306e\u5bfe\u5fdc\u3092\u884c\u3063\u3066\u3044\u307e\u3059\u3002
\n\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff08IP\u30a2\u30c9\u30ec\u30b9\u3084\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u7b49\uff09\u306e\u8a2d\u5b9a\u306f\u74b0\u5883\u306b\u3088\u3063\u3066\u8a2d\u5b9a\u3059\u3079\u304d\u5185\u5bb9\u304c\u304b\u306a\u308a\u9055\u3046\u306e\u3067\u3001\u4eca\u56de\u7701\u7565\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n\n\n\n\n\n\n
\u2460\u30e6\u30fc\u30b6\u4f5c\u6210<\/td>\n\u7ba1\u7406\u7528\u30e6\u30fc\u30b6\u3092\u4f5c\u6210<\/td>\n<\/tr>\n
\u2461\u30e6\u30fc\u30b6\u7ba1\u7406\u8a2d\u5b9a<\/td>\nwheel\u30b0\u30eb\u30fc\u30d7\u306b\u8ffd\u52a0\u3001visudo\u8a2d\u5b9a\u7b49<\/td>\n<\/tr>\n
\u2462SSH\u8a2d\u5b9a<\/td>\n\u30dd\u30fc\u30c8\u756a\u53f7\u5909\u66f4\u3001root\u30ed\u30b0\u30a4\u30f3\u7981\u6b62<\/td>\n<\/tr>\n
\u2463\u30d1\u30c3\u30b1\u30fc\u30b8\u66f4\u65b0<\/td>\nyum\u30d1\u30c3\u30b1\u30fc\u30b8\u66f4\u65b0<\/td>\n<\/tr>\n
\u2464\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a<\/td>\nHTTP\u3001HTTPS\u3001SSH\u306e\u307f\u8a31\u53ef<\/td>\n<\/tr>\n
\u2465\u9375\u4f5c\u6210<\/td>\n\u79d8\u5bc6\u9375\/\u516c\u958b\u9375\u4f5c\u6210\u3001\u6a29\u9650\u5909\u66f4<\/td>\n<\/tr>\n
\u2466SSH\u8a2d\u5b9a<\/td>\n\u9375\u8a8d\u8a3c\u306e\u307f\u8a31\u53ef<\/td>\n<\/tr>\n
\u2467\u6642\u523b\u8a2d\u5b9a<\/td>\nchrony\u306b\u3088\u308b\u6642\u523b\u540c\u671f<\/td>\n<\/tr>\n<\/table>\n

<\/strong><\/p>\n

\u203b\u6ce8\u610f\u4e8b\u9805<\/font><\/strong>
\nSSH\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8a2d\u5b9a\u3092\u9593\u9055\u3063\u305f\u308a\u3001SSH\u30dd\u30fc\u30c8\u756a\u53f7\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5fd8\u308c\u308b\u3068\u30ea\u30e2\u30fc\u30c8\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u304f\u306a\u308a\u307e\u3059\u3002VPS\u7b49\u3067\u3042\u308c\u3070\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u304b\u3001\u7ba1\u7406\u30b3\u30f3\u30bd\u30fc\u30eb\u7b49\u304c\u306a\u3044\u5834\u5408\u306f\u6700\u60aa\u30b5\u30fc\u30d0\u3092\u521d\u671f\u5316\u3059\u308b\u7fbd\u76ee\u306b\u9665\u308a\u307e\u3059\u3002<\/p>\n

\u79c1\u304c\u3084\u3063\u3066\u3057\u307e\u3063\u305f\u4f8b\u306f\u4ee5\u4e0b\u3002
\n\u30fb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u74b0\u5883\uff08\u793e\u5185\u306e\u30eb\u30fc\u30bf\u7b49\uff09\u3067\u30dd\u30fc\u30c822\u4ee5\u5916\u3067SSH\u901a\u4fe1\u304c\u62d2\u5426\u3055\u308c\u3066\u3044\u3066\u3001\u8a2d\u5b9a\u5f8c\u306bSSH\u63a5\u7d9a\u3067\u304d\u306a\u304f\u306a\u3063\u305f
\n\u30fb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\uff08CentOS6\u306a\u3089ifcfg-eth0\u306eONBOOT=yes\u304c\u306a\u3044\u3001CentOS7\u306a\u3089nmtui\u3067\u8a2d\u5b9a\u3059\u308b\u30c7\u30d0\u30a4\u30b9\u306eAutomaticaly Connect\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u306a\u3044\uff09\u3067\u518d\u8d77\u52d5\u5f8c\u306b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304c\u7e4b\u304c\u3089\u306a\u304f\u306a\u3063\u305f<\/p>\n

\u3055\u3066\u3001\u624b\u9806\u306f\u4ee5\u4e0b\u3067\u3059\u3002
\n\u2460\u30e6\u30fc\u30b6\u4f5c\u6210<\/strong>
\n\u3000\u7ba1\u7406\u7528\u306e\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

adduser \u30e6\u30fc\u30b6\u30fcID\r\npasswd \u30e6\u30fc\u30b6\u30fcID<\/pre>\n
\u203b\u4e00\u5b9a\u4ee5\u4e0a\u96e3\u89e3\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u3068\u3059\u308b\u3053\u3068<\/p>\n
\u2461\u30e6\u30fc\u30b6\u7ba1\u7406\u8a2d\u5b9a<\/strong>
\n\u3000\u7ba1\u7406\u7528\u30e6\u30fc\u30b6\u3092wheel\u30b0\u30eb\u30fc\u30d7\uff08sudo\u5b9f\u884c\u3067\u304d\u308b\u30b0\u30eb\u30fc\u30d7\uff09\u306b\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n
usermod -G wheel \u30e6\u30fc\u30b6\u30fcID<\/pre>\n
\u3000wheel\u30b0\u30eb\u30fc\u30d7\u306e\u307fsudo\u53ef\u80fd\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
visudo<\/pre>\n
\u3000\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u4fdd\u5b58\u3002<\/p>\n
%wheel   ALL=(ALL)      ALL<\/pre>\n
\u3000PAM\uff08\u8a8d\u8a3c\uff09\u3092\u8a2d\u5b9a\u3002<\/p>\n
vi \/etc\/pam.d\/su<\/pre>\n
\u3000\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u4fdd\u5b58\u3002<\/p>\n
auth            required        pam_wheel.so use_uid<\/pre>\n
\u203b\u3053\u306e\u8a2d\u5b9a\u4ee5\u964d\u3001\u4e0a\u8a18\u7ba1\u7406\u7528\u30e6\u30fc\u30b6\u4ee5\u5916sudo\u304c\u4f7f\u3048\u306a\u304f\u306a\u308b<\/p>\n
\u2462SSH\u8a2d\u5b9a<\/strong>
\n\u3000SSH\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n
vi \/etc\/ssh\/sshd_config<\/pre>\n
\u3000\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u4fdd\u5b58\u3002<\/p>\n
PermitRootLogin no\r\n...\r\nPort XXXX\r\n<\/pre>\n
\u203b\u30dd\u30fc\u30c8\u756a\u53f7\uff08XXXX\uff09\u306f\u30c7\u30d5\u30a9\u30eb\u30c822\u3092\u4f7f\u3046\u3068\u653b\u6483\u8005\u306b\u30d0\u30ec\u30d0\u30ec\u306e\u305f\u3081\u3001\u9069\u5f53\u306a\u30a8\u30d5\u30a7\u30e1\u30e9\u30eb\u30dd\u30fc\u30c8\u3092\u5272\u308a\u5f53\u3066\u308b
\n\u203b\u30a8\u30d5\u30a7\u30e1\u30e9\u30eb\u30dd\u30fc\u30c8\u306f\u30d5\u30a1\u30a4\u30eb\u300c\/proc\/sys\/net\/ipv4\/ip_local_port_range\u300d\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\uff08\u79c1\u306e\u74b0\u5883\u3067\u306f32768 – 61000\uff09<\/p>\n
\u3000SSH\u518d\u8d77\u52d5\u3002
\n\u3000(1)CentOS6\u306e\u5834\u5408<\/p>\n
\/etc\/init.d\/sshd restart<\/pre>\n
\u3000(2)CentOS7\u306e\u5834\u5408<\/p>\n
systemctl restart sshd.service<\/pre>\n
\u2463\u30d1\u30c3\u30b1\u30fc\u30b8\u66f4\u65b0<\/strong><\/p>\n
yum update<\/pre>\n
\u2464\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a<\/strong>
\n\u3000\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306fCentOS6\u306a\u3089iptables\u3067\u3001CentOS7\u306a\u3089firewalld\u3067\u884c\u3046\u306e\u3067\u3001\u4ee5\u4e0b2\u30d1\u30bf\u30fc\u30f3\u305d\u308c\u305e\u308c\u5225\u624b\u9806\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002
\n\u3000(1)CentOS6\u306e\u5834\u5408\uff08iptables\uff09
\n\u3000\u3000\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u306fiptables\u3067\u884c\u3044\u307e\u3059\u3002ping(ICMP)\u3001HTTP\u3001HTTPS\u3001SSH\u3092\u8a31\u53ef\u3057\u3001\u4ed6\u306e\u901a\u4fe1\u3092\u62d2\u5426\u3057\u307e\u3059\u3002<\/p>\n
\u3000\u3000localhost\u304b\u3089\u306e\u901a\u4fe1\u3092\u8a31\u53ef\u3002<\/p>\n
iptables -A INPUT -i lo -j ACCEPT <\/pre>\n
\u3000\u3000ping\u8a31\u53ef\u3002<\/p>\n
iptables -A INPUT -p icmp -j ACCEPT<\/pre>\n
\u3000\u3000HTTP\u8a31\u53ef\u3002<\/p>\n
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT<\/pre>\n
\u3000\u3000\u203b”-m tcp”\u306f\u30d1\u30b1\u30c3\u30c8\u30de\u30c3\u30c1\u30f3\u30b0\u30e2\u30b8\u30e5\u30fc\u30eb\u6307\u5b9a
\n\u3000\u3000HTTPS(SSL)\u8a31\u53ef\u3002<\/p>\n
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT<\/pre>\n
\u3000\u3000SSH\u8a31\u53ef\u3002<\/p>\n
iptables -A INPUT -p tcp -m tcp --dport 11831 -j ACCEPT<\/pre>\n
\u3000\u3000ESTABLISHED\uff08\u63a5\u7d9a\u6e08\u307f\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u306e\u30d1\u30b1\u30c3\u30c8\uff09\u3068RELATED\uff08\u63a5\u7d9a\u6e08\u307f\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u9023\u3057\u3066\u767a\u751f\u3057\u305f\u65b0\u305f\u306a\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u30d1\u30b1\u30c3\u30c8\uff09\u3092\u8a31\u53ef\u3002<\/p>\n
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<\/pre>\n
\u3000\u3000\u5185\u5411\u304d\u306e\u901a\u4fe1\u3092\u62d2\u5426\uff08\u4e0a\u8a18\u8a2d\u5b9a\u4ee5\u5916\uff09\u3002<\/p>\n
iptables -P INPUT DROP <\/pre>\n
\u3000\u3000\u5916\u5411\u304d\u306e\u901a\u4fe1\u3092\u8a31\u53ef\u3002<\/p>\n
iptables -P OUTPUT ACCEPT<\/pre>\n
\u3000\u3000\u8a2d\u5b9a\u3092\u4fdd\u5b58\u3002<\/p>\n
service iptables save<\/pre>\n
\u3000\u3000\u8a2d\u5b9a\u3092\u78ba\u8a8d\u3002<\/p>\n
cat \/etc\/sysconfig\/iptables<\/pre>\n
\u3000\u3000\u8a2d\u5b9a\u3092\u78ba\u8a8d\uff08\u4e00\u89a7\uff09\u3002<\/p>\n
iptables -L<\/pre>\n
\u3000(2)CentOS7\u306e\u5834\u5408\uff08firewalld\uff09
\n\u3000\u3000\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u306ffirewalld\u3067\u884c\u3044\u307e\u3059\u3002HTTP\u3001HTTPS\u3001SSH\u3092\u8a31\u53ef\u3057\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306eDHCPv6\u3092\u542b\u307f\u4ed6\u306e\u901a\u4fe1\u3092\u62d2\u5426\u3057\u307e\u3059\u3002firewalld\u306f\u30be\u30fc\u30f3\u3054\u3068\u306b\u30b5\u30fc\u30d3\u30b9\u5358\u4f4d\u3067\u901a\u4fe1\u53ef\u5426\u304c\u6c7a\u307e\u308a\u307e\u3059\u3002<\/p>\n
\u3000\u3000firewalld\u304c\u6709\u52b9\u304b\u78ba\u8a8d\u3002<\/p>\n
systemctl list-unit-files | grep firewalld<\/pre>\n
\u203benabled\u304c\u8868\u793a\u3055\u308c\u308c\u3070\u6709\u52b9\u72b6\u614b\u306a\u306e\u3067\u3001disabled\u306e\u5834\u5408\u306e\u307f\u4ee5\u4e0b\u30b3\u30de\u30f3\u30c9\u3067\u6709\u52b9\u5316
\n\u3000\u300csystemctl enable firewalld.service\u300d\u3001\u300csystemctl start firewalld.service\u300d<\/p>\n
\u3000\u3000\u30be\u30fc\u30f3\uff08\u73fe\u5728\u306e\u8a2d\u5b9a\uff09\u3092\u78ba\u8a8d\u3002<\/p>\n
firewall-cmd --list-all<\/pre>\n
\u203bpublic\u30be\u30fc\u30f3\u306einterfaces\u3068\u3057\u3066\u901a\u4fe1\u306b\u4f7f\u7528\u3059\u308bNIC\u540d\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d<\/p>\n
\u3000\u3000\u5168\u30be\u30fc\u30f3\u306e\u8a2d\u5b9a\u3092\u78ba\u8a8d\u3002<\/p>\n
firewall-cmd --list-all-zones<\/pre>\n
\u203b\u4f7f\u7528\u3057\u3066\u3044\u308bNIC\u540d\u304c\u3069\u306e\u30be\u30fc\u30f3\u306b\u914d\u7f6e\u3055\u308c\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d<\/p>\n
\u3000\u3000\u30b5\u30fc\u30d3\u30b9\u3092\u78ba\u8a8d\u3002<\/p>\n
firewall-cmd --get-services<\/pre>\n
\u203bssh\u304c\u5b58\u5728\u3059\u308b\u304b\u78ba\u8a8d<\/p>\n
\u3000\u3000SSH\u30dd\u30fc\u30c8\u306e\u78ba\u8a8d\u3002<\/p>\n
sudo cat \/usr\/lib\/firewalld\/services\/ssh.xml<\/pre>\n
\u203b\u30dd\u30fc\u30c8\u756a\u53f7\u304c22\uff08\u30c7\u30d5\u30a9\u30eb\u30c8\uff09\u306b\u306a\u3063\u3066\u3044\u308b\u4e8b\u3092\u78ba\u8a8d<\/p>\n
\u3000\u3000SSH\u7528\u306e\u8a2d\u5b9a\u3092\u65e2\u5b58\u306e\u6d41\u7528\u3067\u4f5c\u6210\u3002<\/p>\n
sudo cp -p \/usr\/lib\/firewalld\/services\/ssh.xml \/etc\/firewalld\/services\/ssh-alt.xml\r\nsudo vi \/etc\/firewalld\/services\/ssh-alt.xml<\/pre>\n
\u203bssh-alt\u306e\u65b9\u3067\u3001SSH\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u306f\u5148\u306b\u8a2d\u5b9a\u3057\u305f\u30dd\u30fc\u30c8\u756a\u53f7\u306b\u5909\u66f4\u3057\u3066\u4fdd\u5b58<\/p>\n
\u3000\u3000\u8a2d\u5b9a\uff08ssh-alt\uff09\u306e\u767b\u9332\u3002<\/p>\n
sudo firewall-cmd --reload\r\nfirewall-cmd --get-services<\/pre>\n
\u203bssh-alt\u304c\u5b58\u5728\u3059\u308b\u304b\u78ba\u8a8d<\/p>\n
\u3000\u3000\u30dd\u30fc\u30c8\u5909\u66f4\u7248SSH\u3092public\u30be\u30fc\u30f3\u306b\u8ffd\u52a0\u3002<\/p>\n
sudo firewall-cmd --add-service=ssh-alt\r\nsudo firewall-cmd --permanent --add-service=ssh-alt<\/pre>\n
\u3000\u3000HTTP\u3092public\u30be\u30fc\u30f3\u306b\u8ffd\u52a0\u3002<\/p>\n
sudo firewall-cmd --add-service=http\r\nsudo firewall-cmd --permanent --add-service=http<\/pre>\n
\u3000\u3000HTTPS\u3092public\u30be\u30fc\u30f3\u306b\u8ffd\u52a0\u3002<\/p>\n
sudo firewall-cmd --add-service=https\r\nsudo firewall-cmd --permanent --add-service=https<\/pre>\n
\u3000\u3000SSH(\u5143\u306e\u30c7\u30d5\u30a9\u30dd\u30fc\u30c8\u7248\uff09\u3092\u524a\u9664\u3002<\/p>\n
firewalld-cmd --remove-service=ssh\r\nfirewalld-cmd --permanent --remove-service=ssh<\/pre>\n
\u3000\u3000dhcpv6-client\u524a\u9664\u3002<\/p>\n
firewalld-cmd --permanent --remove-service=dhcpv6-client\r\nsudo firewall-cmd --reload<\/pre>\n
\u3000\u3000\u30ea\u30ed\u30fc\u30c9\u5f8c\u3001\u30b5\u30fc\u30d3\u30b9\u78ba\u8a8d\u3002<\/p>\n
firewall-cmd --list-all<\/pre>\n
\u2465\u9375\u4f5c\u6210<\/strong>
\n\u3000\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5411\u4e0a\u306e\u305f\u3081\u3001SSH\u901a\u4fe1\u6642\u306e\u8a8d\u8a3c\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u306a\u304f\u9375\u3092\u4f7f\u3063\u3066\u884c\u3046\u3088\u3046\u306b\u3057\u307e\u3059\u3002\u3042\u3089\u304b\u3058\u3081WinSCP\u7b49\u306eFTP\u30c4\u30fc\u30eb\u3092\u7528\u610f\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002WinSCP\u306e\u5834\u5408\u3001SCP\u63a5\u7d9a\u3067\u30dd\u30fc\u30c8\u756a\u53f7\u306fSSH\u306e\u3082\u306e\u3092\u4f7f\u3044\u307e\u3059\u3002<\/p>\n
\u3000\u3000\u9375\u3092\u4f5c\u6210\u3002<\/p>\n
ssh-keygen -t rsa -b 2048 -C "\u4efb\u610f\u306e\u30b3\u30e1\u30f3\u30c8"\r\ncd ~\/.ssh\r\ncat id_rsa.pub >> authorized_keys\r\nchmod 600 ~\/.ssh\/authorized_keys<\/pre>\n
\u203b\u30b3\u30e1\u30f3\u30c8\u306f\u9069\u5f53\u3067\u3001\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306f\u3061\u3083\u3093\u3068\u63a7\u3048\u307e\u3057\u3087\u3046
\n\u203b\u4ed6\u306e\u8a2d\u5b9a\u306f\u554f\u984c\u306a\u3051\u308c\u3070\u305d\u306e\u307e\u307e\u3067\u3082OK\u3001\u9375\u306e\u540d\u524d\u3092\u5909\u66f4\u3057\u305f\u5834\u5408\u306f\u4e0a\u8a18id_rsa\u3084id_rsa.pub\u3082\u3042\u308f\u305b\u3066\u5909\u3048\u3066\u5b9f\u884c<\/p>\n
\u3000\u3000\u79d8\u5bc6\u9375\u3092\u30ed\u30fc\u30ab\u30eb\uff08\u64cd\u4f5c\u7528\u30de\u30b7\u30f3\uff09\u306b\u30b3\u30d4\u30fc\u3057\u307e\u3059\u3002FTP\u30c4\u30fc\u30eb\u3092\u4f7f\u3063\u3066\u300c\u8a72\u5f53\u30e6\u30fc\u30b6\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\/.ssh\/id_rsa\u300d\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n
\u3000\u3000\u79d8\u5bc6\u9375\u524a\u9664\u3002<\/p>\n
rm ~\/.ssh\/id_rsa<\/pre>\n
\u2466SSH\u8a2d\u5b9a<\/strong>
\n\u3000\u3000SSH\u63a5\u7d9a\u3092\u9375\u8a8d\u8a3c\u306e\u307f\u8a31\u53ef\u3057\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u8a8d\u8a3c\u3092\u62d2\u5426\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
vi \/etc\/ssh\/sshd_config<\/pre>\n
\u3000\u3000\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u4fdd\u5b58\u3002<\/p>\n
PasswordAuthentication no\r\nRSAAuthentication yes\r\nRhostRSAAuthentication no\r\nAllowUsers \u4f5c\u696d\u30e6\u30fc\u30b6<\/pre>\n
\u3000SSH\u518d\u8d77\u52d5\u3002
\n\u3000(1)CentOS6\u306e\u5834\u5408<\/p>\n
\/etc\/init.d\/sshd restart<\/pre>\n
\u3000(2)CentOS7\u306e\u5834\u5408<\/p>\n
systemctl restart sshd.service<\/pre>\n
\u2467\u6642\u523b\u8a2d\u5b9a<\/strong>
\n\u3000\u3000\u3068\u308a\u3042\u3048\u305aCentOS7\u306e\u8a2d\u5b9a\u306e\u307f\u6b8b\u3057\u307e\u3059\u3002CentOS6\u306e\u5834\u5408\u306fntp\u3092\u8a2d\u5b9a\u3059\u308c\u3070\u3088\u3044\u306e\u3067\u691c\u7d22\u3059\u308b\u3068\u3059\u3050\u8a2d\u5b9a\u5185\u5bb9\u304c\u898b\u3064\u304b\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u3000\u3000chrony\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002<\/p>\n
yum install chrony<\/pre>\n
\u3000\u3000chrony\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u78ba\u8a8d\u3002<\/p>\n
rpm -qa | grep chrony<\/pre>\n
\u3000\u3000ntp\u505c\u6b62\u3001\u30b5\u30fc\u30d3\u30b9\u7121\u52b9\u5316\u3002<\/p>\n
systemctl stop ntpd.service\r\nsystemctl disable ntpd.service<\/pre>\n
\u3000\u3000chrony\u30b5\u30fc\u30d3\u30b9\u767b\u9332\u3001\u8d77\u52d5\u3002<\/p>\n
systemctl enable chronyd.service\r\nsystemctl start chronyd.service<\/pre>\n
\u3000\u3000chrony\u8d77\u52d5\u78ba\u8a8d\u3002<\/p>\n
ps -ef | grep chrony<\/pre>\n
\u3000\u3000\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7de8\u96c6\u3002<\/p>\n
vi \/etc\/chrony.conf<\/pre>\n
\u3000\u3000\u4ee5\u4e0b\u3092\u8a2d\u5b9a\u3057\u3066\u4fdd\u5b58\u3002<\/p>\n
\r\n# \u65e2\u5b58\u306e\u30ea\u30b9\u30c8\u3092\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3001\u53c2\u7167\u3057\u305f\u3044\u30b5\u30fc\u30d0\u3092\u8ffd\u8a18\r\n#server 0.centos.pool.ntp.org iburst\r\n#server 1.centos.pool.ntp.org iburst\r\n#server 2.centos.pool.ntp.org iburst\r\n#server 3.centos.pool.ntp.org iburst\r\n# iburst\u306f\u8d77\u52d5\u76f4\u5f8c\u306b\u30b5\u30fc\u30d0\u306b4\u56de\u9023\u7d9a\u7684\u306b\u554f\u3044\u5408\u308f\u305b\u308b\u3053\u3068\u3067\u6642\u523b\u540c\u671f\u304c\u65e9\u304f\u306a\u308b\r\nserver NTP\u30b5\u30fc\u30d0 iburst<\/pre>\n
\u203bntp\u306f\u597d\u304d\u306a\u5834\u6240\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u3088\u3044\u304b\u3068\u601d\u3044\u307e\u3059\uff08\u691c\u7d22\u3059\u308b\u3068\u8272\u3005\u3042\u308a\u307e\u3059\u304c\u3001\u79c1\u306fNICT\u3001MFEED\u7b49\u30923\u3064\u307b\u3069\u8a2d\u5b9a\u3057\u307e\u3057\u305f\uff09<\/p>\n
\u3000\u3000\u8a2d\u5b9a\u3092\u78ba\u8a8d\u3002<\/p>\n
systemctl status chronyd<\/pre>\n
\u4ee5\u4e0a\u3067\u3059\u3002<\/p>\n
\u304a\u75b2\u308c\u69d8\u3067\u3057\u305f\u3002<\/p>\n
\n\u5e83\u544a<\/strong><\/legend>\n