ファームウェア Ver.1.40 へ ssh
LS-VL
LS-XHL
LinkStationシリーズ ファームウェア アップデーター Ver.1.40
をインストールしたので、1.37 同様 ssh でログインできるか確認する。
何故か標準ファームで sshd が動作しているのだが、
1.40 では止められているかも知れない
sshd は動いている?
まずは、sshd が動いているか確認するために、
標準ファームを起動して ssh でアクセスしてみる。
yasunari@sil:~$ ssh vl
The authenticity of host 'vl (192.168.2.55)' can't be established.
RSA key fingerprint is 17:60:bb:44:2f:36:d8:df:6b:98:fb:63:7f:52:a7:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vl,192.168.2.55' (RSA) to the list of known hosts.
Password:
Password:
Password:
yasunari@sil:~$ ssh -l admin vl
Password:
Connection to vl closed by remote host.
Connection to vl closed.
yasunari@sil:~$
ログインはできなかったが、sshd は動いている
sshd_config の修正
sshd_config を修正して、ログインできるようにする
標準ファームの HDD を LS-QL に USB で接続
root@qube:~# tail -f /var/log/messages
:
:
Mar 8 20:38:00 qube kernel: usb 1-1: new high speed USB device using ehci_marvell and address 2
Mar 8 20:38:00 qube kernel: usb 1-1: configuration #1 chosen from 1 choice
Mar 8 20:38:00 qube kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Mar 8 20:38:05 qube kernel: scsi 2:0:0:0: Direct-Access ViPowER VP-89118(SD1) 2.10 PQ: 0 ANSI: 4
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: [sdc] 488283264 512-byte hardware sectors (250001 MB)
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: [sdc] Write Protect is off
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: [sdc] 488283264 512-byte hardware sectors (250001 MB)
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: [sdc] Write Protect is off
Mar 8 20:38:05 qube kernel: sdc: sdc1 sdc2 sdc3 sdc4 sdc5 sdc6
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: [sdc] Attached SCSI disk
Mar 8 20:38:05 qube kernel: sd 2:0:0:0: Attached scsi generic sg2 type 0
マウントする
root@qube:~# mkdir /tmp/root
root@qube:~# mount /dev/sdc2 /tmp/root
root@qube:~# ls /tmp/root
bin boot dev etc home initrd lib mnt proc root sbin sys tmp usr var www
root@qube:~#
sshd_config の編集
root@qube:/tmp/root/etc# mv sshd_config{,.orig}
root@qube:/tmp/root/etc# cp sshd_config{.orig,}
root@qube:/tmp/root/etc# vi sshd_config
:
:
root@qube:/tmp/root/etc# !cp:s/cp/diff -u/
diff -u sshd_config{.orig,}
--- sshd_config.orig 2010-07-28 20:54:51.000000000 +0900
+++ sshd_config 2011-03-08 20:44:12.025869886 +0900
@@ -20,7 +20,7 @@
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key
-HostKey /etc/apache/server.key
+#HostKey /etc/apache/server.key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
@@ -35,7 +35,7 @@
#LoginGraceTime 2m
#PermitRootLogin yes
-PermitRootLogin no
+PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
@@ -55,6 +55,7 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
+PermitEmptyPasswords yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
@@ -71,7 +72,7 @@
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
-UsePAM yes
+UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
root@qube:/tmp/root/etc#
shadow の確認
念のため、root にパスワードが付いていないことを確認
root@qube:/tmp/root/etc# grep root shadow
root::14895:0:99999:7:::
root@qube:/tmp/root/etc#
アンマウント
root@qube:/tmp/root/etc# cd /
root@qube:/# sync
root@qube:/# sync
root@qube:/# sync
root@qube:/# umount /tmp/root
root@qube:/#
おじさんは sync を必ず3回(笑
HDD を LS-VL に戻す
LS-VL を起動
LS-VL に ssh
yasunari@sil:~$ ssh -l root vl
ssh: connect to host vl port 22: Connection refused
yasunari@sil:~$
なんで?
まだ sshd が起動してないのかも。しばらく待つ。
yasunari@sil:~$ ssh -l root vl
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:df:9d:5a:b6:e1:37:01:a4:ec:75:c8:61:40:7f:13.
Please contact your system administrator.
Add correct host key in /home/yamasita/yasunari/.ssh/known_hosts to get rid of this message.
Offending key in /home/yamasita/yasunari/.ssh/known_hosts:3
RSA host key for vl has changed and you have requested strict checking.
Host key verification failed.
yasunari@sil:~$
ぐへ。
yasunari@sil:~$ mv .ssh/known_hosts{,.orig}
yasunari@sil:~$
良い子はまねをしてはいけません。
yasunari@sil:~$ !ssh
ssh -l root vl
The authenticity of host 'vl (192.168.2.55)' can't be established.
RSA key fingerprint is 96:df:9d:5a:b6:e1:37:01:a4:ec:75:c8:61:40:7f:13.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vl,192.168.2.55' (RSA) to the list of known hosts.
root@LS-VL815:~#
あいごってぃっと!
LS-XHL も
同上!
yasunari@sil:~$ ssh brick
The authenticity of host 'brick (192.168.2.49)' can't be established.
RSA key fingerprint is cf:82:fe:bb:03:2d:00:2d:84:c6:fb:2c:e0:cb:4b:58.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'brick,192.168.2.49' (RSA) to the list of known hosts.
yasunari@brick's password:
yasunari@sil:~$ ssh -l root brick
Last login: Wed Jan 12 22:44:58 2011 from x31l.yamasita.jp
root@LS-XHL8DF:~#
Copyright (C) 2003-2011 Yasunari Yamashita. All Rights Reserved.
yasunari @ yamasita.jp 山下康成@京都府向日市
