1./root/.bashrc プロンプト表示を好みに変更
root@obsa7:~# cd /root
root@obsa7:~# diff .bashrc.org .bashrc
5c5
< # PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
---
> PS1='${debian_chroot:+($debian_chroot)}\u@\h:\W\$ '
root@obsa7:~#
# 変更前のPS1 のパス表示プロンプト
obsa7:~# cd /var/log/samba
obsa7:/var/log/samba#
# 変更後のPS1 のパス表示プロンプト
root@obsa7:~# cd /var/log/samba
root@obsa7:samba#
# ホスト名表示し、パス名はカレントディレクトリだけの表示が好み
2.ログインシェルの変更
$ grep -n a7user /etc/passwd 21:a7user:x:1000:1000::/home/a7user:/bin/sh $ grep zsh /etc/shells /bin/zsh /usr/bin/zsh $ chsh -s /bin/zsh Password: (a7userのパスワード) $ grep -n a7user /etc/passwd 21:a7user:x:1000:1000::/home/a7user:/bin/zsh $
zsh用 .profile
a7user@obsa7:~% cat .zprofile [17] (13-12-28 Sat 07:26:57 AM)
#
# $Id: .zprofile,v 1.1 2013-12-28 07:24:20+09 a7user $
#
echo 'Setting .zprofile '
set -o allexport
umask 002
PATH=.:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/uty
HOSTNAME=`hostname`
ENV=$HOME/.zshrc
HISTSIZE=64
HISTFILE=/tmp/.sh_${LOGNAME}.$$
LD_LIBRARY_PATH=/usr/local/lib
JAVA_HOME='/usr/lib/jre'
MYOSREV=`/bin/uname -a | cut -c-3`
XMODIFIERS="@im=kinput2"
PAGER=jless
CURTTY=`/usr/bin/tty`
if [[ "$CURTTY" = "/dev/tty1" || "$CURTTY" = "/dev/tty2" || \
"$CURTTY" = "/dev/tty3" || "$CURTTY" = "/dev/vc/1" || \
"$CURTTY" = "/dev/vc/2" || "$CURTTY" = "/dev/vc/3" ]]; then
LANG=C
else
LANG=ja_JP.UTF-8
LC_ALL=C
LANGUAGE=C
fi
TZ=JST-9
RSYNC_RSH=ssh
set +o allexport
unset ignoreeof
# end of .zprofile
a7user@obsa7:~% [18] (13-12-28 Sat 07:27:03 AM)
zsh用 .zshrc
a7user@obsa7:~% cat .zshrc [18] (13-12-28 Sat 07:30:11 AM)
#
# $Id: .zshrc,v 1.1 2013-12-28 07:24:20+09 a7user $
#
#echo 'Setting .zshrc'
alias a=alias
alias h=history
alias cls='ls --color'
alias PRO='. ~a7user/.zprofile'
alias cdd='cd `/bin/pwd`'
alias root="ZDOTDIR=$HOME su root -s /bin/zsh"
alias m3='mount /dev/sda3 /dsk/sda3'
alias sss='tail -f /var/log/syslog'
alias t='set -x;tail -30 /var/log/apache2/access.log|cut -c-72;set +x'
alias tt='set -x;tail -6 /var/log/apache2/access.log;set +x'
alias m='set -x;tail -30 /var/log/exim4/mainlog;set +x'
alias r='set -x;tail -30 /var/log/exim4/rejectlog;set +x'
#
# Set up the prompt
PROMPT='%U%(#.%Broot%b.%n)@%m%u:%.%# '
RPROMPT='%B[%(?.%!.ERROR:%?)] (%U%D%u %D{%a %H:%M:%S %p})%b'
# Use emacs keybindings even if our EDITOR is set to vi
bindkey -v
# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=1000
SAVEHIST=1000
HISTFILE=~/.zsh_history
# Use modern completion system
autoload -Uz compinit
compinit
zstyle ':completion:*' auto-description 'specify: %d'
zstyle ':completion:*' completer _expand _complete _correct _approximate
zstyle ':completion:*' format 'Completing %d'
zstyle ':completion:*' group-name ''
zstyle ':completion:*' menu select=2
eval "$(dircolors -b)"
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
zstyle ':completion:*' list-colors ''
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
zstyle ':completion:*' menu select=long
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' use-compctl false
zstyle ':completion:*' verbose true
zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
# end of .zshrc
a7user@obsa7:~% [19] (13-12-28 Sat 07:30:18 AM)
3.Open SSH
SSH プロトコル2 DSA鍵のpassphraseは無しで生成した。# 本当は横着せずpassphraseはセットしたほうが無難。
a7user@obsa7:~% ssh-keygen -t dsa [23] (13-12-28 Sat 09:16:56 AM) Generating public/private dsa key pair. Enter file in which to save the key (/home/a7user/.ssh/id_dsa): Created directory '/home/a7user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/a7user/.ssh/id_dsa. Your public key has been saved in /home/a7user/.ssh/id_dsa.pub. The key fingerprint is: (省略)このままだと、ssh はパスワード認証でログインできてしまう。 昔22番ポートを外向けに開けておいたとき、パスワード攻撃を受けたことがある。 Logwatchに何度もログインしようとした形跡が残っており、PasswordAuthentication noが無難。
# パスワードでログインする様子 a7user@obs:.ssh% ssh a7user@obsa7 [7] (13-12-28 Sat 09:21:19 AM) a7user@obsa7's password: Linux obsa7 3.2.40 #1 Mon Oct 21 14:10:25 JST 2013 armv5telそこで/etc/ssh/sshd_configを変更する
a7user@obsa7:~% diff /etc/ssh/sshd_config.org /etc/ssh/sshd_config 51c51 < #PasswordAuthentication yes --- > PasswordAuthentication no # 変更を反映する root@obsa7:~# ps ax|grep /usr/sbin/sshd|grep -v grep 30782 ? Ss 0:00 /usr/sbin/sshd root@obsa7:~# kill -1 30782 [16] (13-12-28 Sat 09:35:06 AM) root@obsa7:~# tail -3 /var/log/auth.log [17] (13-12-28 Sat 09:35:14 AM) Dec 28 09:35:14 obsa7 sshd[30782]: Received SIGHUP; restarting. Dec 28 09:35:14 obsa7 sshd[30796]: Server listening on 0.0.0.0 port 22. Dec 28 09:35:14 obsa7 sshd[30796]: Server listening on :: port 22. root@obsa7:~# [18] (13-12-28 Sat 09:35:32 AM)# パスワード認証でログインはできない
imacuser@imac2:~% ssh a7user@obsa7 [4] (13-12-28 土 09:45:44 AM) Permission denied (publickey). # PasswordAuthentication変更前にid_dsa.pubを流し込む user@REMOTE:.ssh% cat id_dsa.pub|ssh a7user@obsa7 "cat >> .ssh/authorized_keys2" # これでpassphrase入力もしくは無しでログインが可能 myuser@imac2:.ssh% ssh a7user@obsa7 [20] (13-12-28 土 10:21:42 AM) Linux obsa7 3.2.40 #1 Mon Oct 21 14:10:25 JST 2013 armv5tel
4.タイムゾーンとロケールの設定
root@obsa7:DPKG# dpkg-reconfigure tzdata Current default time zone: 'Asia/Tokyo' Local time is now: Sat Dec 28 10:11:36 JST 2013. Universal Time is now: Sat Dec 28 01:11:36 UTC 2013. root@obsa7:DPKG# aptitude install locales root@obsa7:DPKG# diff /etc/locale.gen.org /etc/locale.gen 269,270c269,270 < # ja_JP.EUC-JP EUC-JP < # ja_JP.UTF-8 UTF-8 --- > ja_JP.EUC-JP EUC-JP > ja_JP.UTF-8 UTF-8 root@obsa7:DPKG# locale-gen Generating locales (this might take a while)... ja_JP.EUC-JP... done ja_JP.UTF-8... done Generation complete. root@obsa7:DPKG#
0 件のコメント:
コメントを投稿