�b�o�ӳ��`�����A�����A�ڭ̭n�����A�Ѥ@�U�A����O�y���ݳs�u���A���z�H�o�ӪF�誺�\�ର��H�ڷQ�A�z���Ӥw�gť�L�A�@�Ө}�n���������ҷ����A�@���}��� Internet �W�������A���A�򥻤W�A�L�i�H���ݭn��ܥd�B�ù��B��L�B�ƹ��������t�ơI�u�n���򥻪��D���O�BCPU�BRAM�B�w�ЦA�[�W�@���n�@�I�������d�A�åB�s�W Internet �I�����I����z�n�ޱ��o���D�����ɭԡA�u�n�z�L�����s�u�i�ӡA�M��i�����ק�Y�i�I�K�I�ҥH�o�A�o�ӮɭԥD���۵M���ݭn�P��]�ưաI
�@
�H�����ӤH���ҡA�ثe�����޲z�j���C�B�K�����k�� Unix-Like �D���A�o�ǥD�������b�P�@�Ӧa��A���G�b�n�x�W�U�B�I��������s���M�󪺺|�}�Q�o�G�A�Ϊ̬O�ݭn�i��@���B�~���]�w���ɭԡA �O�_�������H�@�w�n��{���ܡH���M���ݭn�A �u�n�z�L�����s�u��ӥD���W���A�N�i�H�i�����u�@�F�I�u���N�n���b�ù��e���u�@�@�몺���P�r�֡I^_^�I�o�N�O���ݳs�u���A���աI���ݳs�u���A�����\����M�٤��u�p���I�|�ӨҤl�ӻ��G���z���u�@�ݭn�ϥΨ� Linux ���j�j���sĶ�\��ɡA����z�@�w�ݭn Linux ��a�I�ӥB�̦n�O�B��t�ק֤@�I���D���A�o�ӮɭԱz�i�H�N�z��s�dz̧֪����@���D���}��X�ӡA�]�w�@�U���ݳs�u���A���A���z���ǥͰաA�Ϊ̬O��s�Ǫ��P���աA�i�H�z�L�o���������L�̶i���s���u�@�A�o�ӮɭԡA�z���D���N�i�H���h�H�i����� Linux �B�⪺�\��աI
�@
�b�����������@�ɸ̡A�ѩ�u�� Unix �����A�ӥB�ӤH�q���٤��y�檺�ɭԡA�Q�n�ϥΤj���D���Ӷi��ƭȵ{�����B���(�b�ڭ̤u�{�ɡA����`�ϥ� Fortran �o�@�����{���y���A�ܩ� C �y���h���ָI��)�A�N�ݭn�V�Ǯճ��ӽФu�@�����b���A�åB�H���ݳs�u�{���s�i�D���A�H�ϥ� Unix ���귽�Ӷi��ڭ̪��ƭȼҦ��B��I�ҥH�աA���ӻ��ݳs�u���A�����]�w�A�򥻤W�A���t�κ޲z���O�ܭ��n���I�ר���j�����u�@�������� Unix-Like �D���A�ѩ�ܦh�H���ݭn�ϥΨ�L�� CPU �B��֤ߥ\��A�Ϊ̬O�L���sĶ�{��( compiler )�Ӷi��B��A�o�ɪ����ݳs�u�N��έ��n�աI
�@
����O�_�C�@���s�W Internet �W�����D�������ӭn�}�񻷺ݳs�u���\��O�H���ä��ɵM�A�٬O�ݭn�w��z���D���Ӷi��W�����A�ڭ̩��U�����A���P�u�@���ӻ����G
�@
• ���A������( Server )���s�u�{���G

�b�@��}����ں����A�Ȫ����A�����A�ѩ�}�񪺪A�ȥi��|���������n����T�A�ӻ��ݳs�u�{���s�i�D������A�i�H�i�檺�u�@�S�Ӧh�F(�X�G�N���b�D���e���u�@�@��I)�A�]�����ں��������ݳs�u�{���q�`�Ȱw��ֳ����t�κ��@�̶}��Ӥw�I���D���n�A�_�h Server �������D���ٯu������ij�}��s�u���A�ȩO�I�H�������ҡA�ڪ��D�����ѤF�ڭ̬�s�Ǩϥ� Mail �P Internet �W���� WWW �A�ȡA�p�G�٥D�ʴ��ѻ��ݳs�u���ܡA����U�@���p�߳Q�J�I�A���i�N�˸����F�I�]���A�����ȶ}��y�ܤp����������z���t�κ޲z���s�i�ӡA��L�ӷ��� IP �@�ߩ�סI���\�ϥλ��ݳs�u���\��O�I
�@
• �u�@������( Workstation )���s�u�{���G

�ܩ�u�@�������p�N����A�����Ӥ@�ˤF�I�u�@���`�`�Ȱw�鷺�����X�ӨϥΪ̶}��Ӥw�A�q�`�O���Ʊ�s�W Internet ���աI�ӥB�ҿת��u�@���۵M�N�O�ΨӰ��u���I�Ҧp�������䤤�@�� Linux �N�O�M���ΨӶi��j�����ƭȼҦ��p��������ΡI�o�ӮɭԪ����ݳs�u���A���i��N�o�n��h�H�ҰʤF�I�]���u�@�����j�j�B��\��i�H���ܦh�H�@�P�ϥΥL���p���O�I�ӥB�]�i�H�K���C���q�����o�n�w�� compiler ���~�ҡI�n���D�A�Y�Ǥu�{�Ϊ� compiler �O���Q����
�@
����ثe���ݳs�u���A�����D�n���������ǩO�H�ثe�̱`�������ݳs�u���A���D�n���H�y���X�z�ǰe��ƪ� telnet ���A���A�ΥH�[�K�޳N�i��ʥ]�[�K�Ӷǰe�� SSH ���A���I���M telnet �i�H�䴩�� client �ݪ��n�����h�A���L�ѩ�L�O�ϥΩ��X�Ӷǰe��ơA�ܮe���D�즳�ߤH�h���^���I�ҥH��ӧڭ̳��I�~�j�a�h�ϥ� SSH �o�@�سs�u�覡�A�ӱ˱� telnet �o�Ӥ�����w�����N�N�o�I���U�ڭ̴N���O�ӽͤ@�ͳo��سs�u���A���a�I
�@
�n�F�A���򤰻�O�y���X�z�O�H������ telnet �ϥΩ��X�N������w���H�ҿת����X�N�O�G���ڭ̪���ƫʥ]�b�����W�y«�ɡA�Ӹ�ƫʥ]�����e����ƪ���l�榡�A�Ҧp�ڭ̦b telnet �U�F�����O�P�K�X�����A���|�H���� ASCII ���榡�ǰe��D���ݡA�ӥD���ݴN�ǥѳo�Ǹ�ƨӤU�F���O�C�n�F�A�Q�@�Q�A�p�G�o�Ǹ�ƫʥ]�b�g�L�Y�� broadcast �Ϊ̬O Router �ɡA�Q���ߤH�h���h�A����L�N�|���㪺���o�z����Ƴ�I�ҥH�աA�U�@�z����ƫʥ]�̭��t���H�Υd��ơB�K�X�B�����T�{�����n��T�ɡA�O�_�ܦM�I�o�H�I�]���A�ثe�ڭ̳q�`���Ʊ�ϥΥi�H�N�o�Ǧb�����W���]����ƥ[�K���޳N�A�H�W�[��Ʀb Internet �W���ǰe���w���ʰڡI

���D telnet �O����ܡH�x�I���N�O�s�� BBS ���u��ܡH�I�K�K�I�S���I�L�T��]�O BBS �n�������@�Ӧ��A���աI���L�o�̧ڭ̼Ȥ����� BBS �I telnet �i�H���O���v�۷��y�[�����ݳs�u���A�����I�ӥB�䴩�L���n��]�۷����h�I�Ҧp���W�� netterm �N�����䴩�L�աI�s�u���᪺�ɭ��]�}�G�A�b client �ݪ�����ǿ�P��J�]�S�����D�I�۷��������ΡI���L�A�L�̳·Ъ��a��N�O.....������w���Ӥw�ա�
�@
���U�ڭ̽ͤ@�ͫ��ҰʻP�ϥ� telnet ���A���a�I


---

telnet ���A���G�w�ˡB�ҰʻP�����A��
�@
�w�ˡG
�p��ҥ� Telnet �o�Ӧn�Ϊ����A���O�H�����A���M�@�w�n���w���o�I�ѩ��~�ӥѩ� telnet �O�H���X�b�ǿ骺���D�A�ҥH�b�s�� Linux �����W���A�w�g���N telnet �o�Ӧ��A���ư��b�y���o�W��z���~���A�]�N�O���A�ܦh Linux distributions �w�]�O���w�� telnet ���A���L�A�b�C�ӥD�n�� Linux distributions �٬O������ telnet �M��b���з������I�ҥH�z�n���X�쪩���СA�åB�w�˦n�L�A�N�i�H�աI�p��T�{�O�_�w�g�w�ˤF telnet �O�H��²�檺��k�N�O�ϥγ̼s�x�Q�ϥΪ� RPM �աI
�@

[root@test root]# rpm -qa | grep telnet telnet-server-krb5-1.2.5-1mdk telnet-client-krb5-1.2.5-1mdk # �W���O Mandrake 9.0 ���d�ҡF�Ω��U�O Red Hat 7.2 ���d�� telnet-0.17-20 telnet-server-0.17-20

�@
�ݭn�S�O�d�N���O�A�p�G�n���� telnet �s�u�A�ȡA�q�`�ݭn�w�˨�� RPM ��G
�@
1. �@�ӬO telnet-client (�� telnet)�A�o�ӮM�󴣨Ѫ��O telnet �Τ�ݪ��s�u�{���F
2. �t�@�ӬO telnet-server �M��A�o�Ӥ~�O�u���� Telnet server �n���I
�@
�ҥH�A�p�G�z���t�ΤW���䤣�쵥�@�U�n�]�w�� telnet �]�w�ɡA�֩w�N�O�S���w�� telnet �աI�Ю��X�z�����Ф��A�M�� mount ����A���򪺦w�˥L�a�I�_�h�N�L�k�i��U�@�B���]�w�աI ^_^
�@
�ҰʻP�����G
�ٰO�o�y������ Linux �p�е� -- ��¦�Dz߽g�z�̭����y�{�ѪA�� ( daemon )�z���ӳ��`�a�I�H�n�O�o super daemon ��I�H�S���աA�ڭ̪� telnet �N�O���b super daemon ���U���@��A�ȦӤw�I���өN�N�N�O���W�� xinetd �o�I( ���G�b�Y���ª����M��W���]���ϥ� inetd ���A�Ұʪ��覡���I���Ӥ@�ˡA���L�t�����j�աI�u�n���o�򥻪��`�ѡA����N���|�����D�o�I�ҥH�����~�|�n�j�a��Ū�� Linux ��¦�g �աI ) �Ұʪ��覡�N�O�G
�@
(1)�N xinetd �̭����� telnet �����ض}�ҡA�M��
(2)���s�Ұʤ@�� xinetd �N���\�աI
�@
����p��}�� telnet �����ةO�H��²��A����Ӥ覡�G
�@
1. �ϥ� ntsysv �� chkconfig�G

�ٰO�o�p���U ( Red Hat ) �̭��� ntsysv �o�Ӧn�Ϊ��F��ܡH��F�A�b Red Hat ���U���o��@�Ӧn�Ϊ��]�w�u��A�z�i�H�ϥ� ntsysv �X�{�����������A�N telnet �Ŀ�_�ӡA�M����U OK ���}�Y�i�o�I
�@
2. �ϥ� vi �ק� /etc/xinetd.d/telnet �o���ɮסG

����p�G���O Red Hat �� Linux �t�ΩO�H�򥻤W�A ntsysv �]�u�O�ק� /etc/xinetd.d �o�ӥؿ��U����ƦӤw�A�ҥH�ڭ̷��M�i�H��ʦۤv�ק�L�աI

[root@test root]# vi /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ #       unencrypted username/password pairs for authentication. service telnet {       disable = yes<==�N�O��o�̡A�N yes �令 no �Y�i�I         flags           = REUSE         socket_type     = stream         wait            = no         user            = root         server          = /usr/sbin/in.telnetd         log_on_failure  += USERID }

�ݨ�F�S�I�H�u�n�N disable (�������N��) �ܦ� no �A�]�N�O�������A��Y�O�}�ҰաI
�@
�]�w���}�Ҥ���A�۵M�N�O�n�ҰʰաA��责�� telnet �O���b xinetd ���U���A�ҥH�۵M�u�n���s�Ұ� xinetd �N����N xinetd ���Y���]�w���sŪ�i���A�ҥH���]�w�Ұʪ� telnet �۵M�]�N�i�H�Q�ҰʰաI�ӱҰʪ��覡�]����ؤ覡�A�䤤 service �o�ӫ��O�Ȥ䴩�b Red Hat �P Mandrake ���U�A�ҥH�q�`���٬O�H /etc/rc.d/init.d ���U�� scripts ���Ұʪ��D�n��k�աI
�@

��k�@�G�Ȥ䴩 Red Hat �� Mandrake �t�ΡG [root@test root]# service xinetd restart Stopping xinetd:                                           [  OK  ] Starting xinetd:                                           [  OK  ] ��k�G�G���Ϊ��Ұʤ覡�G [root@test root]# /etc/rc.d/init.d/xinetd restart Stopping xinetd:                                           [  OK  ] Starting xinetd:                                           [  OK  ] # �`�N�G�����Y�Ǫ����èS�� restart ���ﶵ�A�o�ӮɭԴN�ݭn�G # stop �A start �o�I

�@
����n�ݦ��S���ҰʪA�ȩO�H���ݡH���]��²��աA�ٰO�o�ڭ̦b�e�X�����쪺�y ���� Linux port ���s�u �z���@���ܡH�ϥ� netstat �N�i�H�աI
�@

[root@test root]# netstat -tl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State tcp        0      0 *:ssh                   *:*                     LISTEN tcp        0      0 *:telnet                *:*                     LISTEN

�@
�ݨ�F�ܡH�S���A���� telnet �N�O�Ұʪ����ذաI( �o�̦Ҥ@�Ӱ��D�A���� port �������A�ȦW�٦b���@���ɮ׸̭��d�ߨ쪺�O�H�b�C�@�� Linux �t�γ������ɮ���I�ѰO�F�r�I�H�A�^��e���ݬ� ���� Linux port ���s�u �A�M��� vi �h�ݬݨ��@���ɮת����e�a�I ^_^ )����n�p�������O�H�����I���N�u���O��²��աI�N�N��誺�B�J�A���@���A�ӱN�]�w�����ܤ@�U�Y�i�I�B�J�p�U�աI
�@

step 1: �ק�@�U /etc/xinetd.d/telnet �ɮסG [root@test root]# vi /etc/xinetd.d/telnet # default: on # description: The telnet server serves telnet sessions; it uses \ #       unencrypted username/password pairs for authentication. service telnet {       disable = no<==�N�O��o�̡A�N no �令 yes �Y�i�I         flags           = REUSE         socket_type     = stream         wait            = no         user            = root         server          = /usr/sbin/in.telnetd         log_on_failure  += USERID } step 2: ���s�Ұ� xinet �Y�i�G [root@test root]# /etc/rc.d/init.d/xinetd restart

�@
�o�˴N�����աI��²��a�I
�@


---

telnet �Τ�ݡG�n�Ϊ��s�u�n��
�@
���W�����쪺���O�b���A���ݪ��]�w�Ӥw�I����b�Ȥ�ݦ�����n�Ϊ��n��i�H�s�W Server ���O�H�̱`���쪺���ӴN�O netterm �o�ӹ����j�W���s�u�n��F�a�I�ڷQ�A�u�n���L BBS ���j������o�o�ӳn��~��I�ҥH�o�̴N�����F�I�t�~�A�ثe�X�G�Ҧ����@�~�t�γ����ѤF telnet �o�ӵ{���A�o�ӵ{���i�H�����������N�s�W telnet server �O�I�Ҧp�z�n�b Linux �W���s�W�ۤv�� telnet ���A���A�i�H�o�˰��G
�@

[root@test root]# telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Red Hat Linux release 7.2 (Enigma) Kernel 2.4.18 on an i586 login: test <==��J�b�� Password: <==��J�K�X�Ъ`�N�I�K�X�ä��|�b�ù��W����ܥ��󪺦r�� Last login: Thu Oct  3 11:59:29 from test_inside   <==���ܤW���n�J����} You have new mail.  <==�ۤW���n�J�H�ӡA�O�_�H�c�����s�H��I�H [test@test test]$  <==�o�̴N�i�J�F telnet ���s�u�{�Ƿ����F�I [test@test test]$ exit  <==���}�o�� telnet ���n�J�I

�@
�o�˴N�s�u�i�ӰաI��²��a�I����b Windows �����ҩ��U�O�H�P�˪��A�]�O�i�H�ϥ� telnet ���{���s�u�� Linux �� telnet server �̭��ӡI�S�����D���աI�i�H�̧dzo�˰��G
�@
1. ���U Windows ���� �y�}�l�z
2. ��� �y����z
3. �b�X�{����������J �ytelnet your.IP.or.hostname�z
�@
�o�˴N�i�H�i�J Linux �����Ҥ��F�I�ܤ�K�a�I���M�աI�z�]�i�H�ϥ����� netterm �o�ӫܴΪ��s�u�n��ӳs�u���A�o�̧ڭ̴N���ܽd�աI���p�G�Q�n�b Linux ���׺ݾ��ݨ줤��O�H�I�����I�o�N�ݭn JMCCE �o�ӮM�󪺤䴩�F�I�аѦҡGLinux �`�Ϋ��O���Ф��׺ݾ����夶������C
�@


---

telnet �w���ʡGiptables, TCP_Wrappers, �«�ij,
�@
telnet �o�Ӧ��A����K�k��K�A���`�O�@�Ӥ��Ӧn���s�u�ѨM����A�]�������L�O�@�ӥH�y���X�z�ǿ骺��w�A����O�y���X�z�O�H²�檺���A���z�ϥ� telnet ���ɭԡA�z�`�O�|�b�ù��W����J��Ƨa�I�H��²�檺�Ҥl�A�N�O�z�`�O�n�n�J telnet ���D���e���a�I����z�`�O�ݭn��J�b���P�K�X�a�H���D�������z����ƫ�~��i��T�{�I�o�ӮɭԡA�z����ƴN�|�g�L telnet �o�Ө�w�Ӷǿ��D���W���A�o�Ӷǿ�ɭԪ���ư򥻤W�O�S���[�K�L���A�]�N�O���� ASCII �X���N�N�I�p���@�Ӫ��ܡA�u�n���ߤH�h�b�Y�� router �I�h��ť�z���ʥ]�A�ӥB�N�Ӹ�ƫʥ]���U�ӡA�i���Ū���u�@�A�����I����z���b���P�K�X�N�Q�����F�I�ҥH�U�@���A�O�H�N�i�H�Q�αz���b���P�K�X�F��ܦM�I�藍���O�ܦM�I�I�������~�A telnet �ѩ�ӦѵP�F�A�ܦh���b�ȵ{���w�g���g�F�}�Ѫ��覡�A�ҥH�Ұʤ���A���]�ܦM�I���աI�]����b�O��ij���n�ҥ� telnet ���I�L�צp��A���ǪB�ͥѩ��³n�骺���Y�A�٬O�ݭn�ϥΨ� telnet �ӳs�u�A����ڭ̴N���@�ǰ򥻪��`�N�ƶ��n�F�I
�@
• �H�������]�w�ɨӳW�d�s�u�� IP �G

�ƹ�W�A xinetd �o�� super daemon ���Ѫ��dz\���O�@���I�F�A�z�i�H�w��z���D�����h������(���鷺�H�ι�~��I)�Ӵ��Ѥ��P�O�@���Ū����I�I���U�C�X�@�ӽd�ҡA���L�A��h����T�ЦA�^��y������ Linux �p�е� -- ��¦�Dz߽g�z�����h�d�\�@�U�y�{�ѪA�� �z���@���̭����Բӳ]�w�����a�I

[root@test root]# vi /etc/xinetd.d/telnet # This file had been modified by VBird 2002/11/04 # First is about inside the network service telnet {         disable         = no         bind            = 192.168.1.2         only_from       = 192.168.1.0/24          # �W���o��满���ȴ��Ѥ�������I         instance        = UNLIMITED         nice            = 0         flags           = REUSE         socket_type     = stream         wait            = no         user            = root         server          = /usr/sbin/telnetd         server_args     = -a none         log_on_failure  += USERID } # Second is about the outside domain's settings service telnet {         disable         = no         bind            = 140.116.142.196         only_from       = 140.116.0.0/16         no_access       = 140.116.32.{10,26}          # �W���o�T��]�w�~�������Y�檺����         instance        = 10         umask           = 022         nice            = 10         flags           = REUSE         socket_type     = stream         wait            = no         user            = root         server          = /usr/sbin/telnetd         server_args     = -a none         log_on_failure  += USERID }

�@
• root ���ઽ���H telnet �s���W�D���G

�J�M telnet ���O�ܦw���A�۵M�w�]�����p���U�N�O�L�k���\ root �H telnet �n�J Linux �D�����I���O�A�ƹ�W�A telnet �u�O�Q�Τ@�Ǹ����w��������Ө��� root �n�J�Ӥw��ҥH�o�A���p�z�T�w�z�����Ұ��w��(�Ҧp�z���D���èS���s�W Internet )�A�åB�Q�n�}�� root �H telnet �n�J Linux �D�����ܡA�Ъ����N /etc/securetty ����ɦW�Y�i�I

[root@test root]# mv /etc/securetty /etc/securetty.bak

�o�ˤ@�ӡAroot �N�i�H�n�J�աI���L�A�۷�������ij�o�˰���I�������O�ܦw���աI���~�A�z�]�i�H�ǥѭק� pam �ҲըӹF���P�˪��\��I�ק� /etc/pam.d/login �o���ɮת��ĤG��]�w�Y�i�G

[root @test /root]# vi /etc/pam.d/login #%PAM-1.0 #auth       required     /lib/security/pam_securetty.so  # �N�W���o�@��[�W # ���ѱ��I auth       required     /lib/security/pam_stack.so service=system-auth auth       required     /lib/security/pam_nologin.so account    required     /lib/security/pam_stack.so service=system-auth password   required     /lib/security/pam_stack.so service=system-auth session    required     /lib/security/pam_stack.so service=system-auth session    optional     /lib/security/pam_console.so

�p���@�ӡA root �N�i�H�����i�J Linux �D���F�I���L�A�٬O����ij�p�������I
�@
• �[�W������ iptables�G

�w�� telnet �[�]������ iptables �O�@�Ӧn�D�N�I�p�G�z�w�g�ѦҤF�e�����`���쪺�y²��������[�]�z�@��A�åB�ϥθ̭��� scripts ���ܡA���򤣥ξ�� telnet �աI�򥻤W�A�L�쥻�N�ȹ鷺���}�� telnet �A�~���O�L�k�s�W�z�� telnet ���I���O�A�Y�O�z�ۤv�]�w�F�ۤv������������A����Q�n�w�� 192.168.0.0/24 �o�Ӻ���A�� 61.xxx.xxx.xxx �o�� IP �i�� telnet ���}��O�H�i�H�W�[�o�X��b�z�� iptables �W�h����(�Ъ`�N�G�����𪺳W�h���ǬO�ܭ��n���I�ҥH�A�^�Y�ݬ� ²��������[�] �@��O�����n���I)

/sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23 -j ACCEPT /sbin/iptables -A INPUT -p tcp -i eth0 -s 61.xxx.xxx.xxx --dport 23 -j ACCEPT /sbin/iptables -A INPUT -p tcp -i eth0                   --dport 23 -j DROP

�W�����W�h���A�Ĥ@�B�G��O�w��ӷ��� IP �Ӷ}�� port 23 ��Y�O telnet ����w�աI�ӳ̫�@��h�O�N��L���Ҧ��ӷ����A�Q�n�s�W telnet ���s�u�ʥ]���ᱼ���N��I���ˡI��²��a�I
�@
• �[�W������ /etc/hosts.allow(deny) ����G

�����𪺾���O�V�h�V�n�I�û��]�����h���աI�o�̤]�i�H�ϥ� TCP_Wrappers ������O�I���O�}��F 192.168.0.0/24 �o�Ӻ��q�A���O�p�G�z�u�Q�n�䤤�� 192.168.0.1 ~ 192.168.0.5 �i�J�O�H�Ө�L�� IP �u�n�@�g�s�u�A�N�|�Q�O���� IP �A�H���� root �d�ߩO�H�i�H�o�˰��G

[root@test root]# vi /etc/hosts.allow in.telnetd: 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4, 192.168.0.5: allow [root@test root]# vi /etc/hosts.deny in.telnetd : ALL : spawn (/bin/echo Security notice from host `/bin/hostname`; \  /bin/echo; /usr/sbin/safe_finger @%h ) | \  /bin/mail -s "%d -%h security" root@localhost & \  : twist ( /bin/echo -e "\n\nWARNING connectin not allowed. Your attempt has been logged. \n\n\nĵ�i�z�|�����\�n�J�A�z���s�u�N�|�Q�����A�åB�@���H�᪺�Ѧ�\n\n ". )

��ԲӪ� TCP_Wrappers �Ϊk�аѦ� ²��������[�] �@���o�I
�@
• ��ij�ƶ��G

���u���A telnet �u�����O�ܦw�����I²�����ӻ����y�M�I�z���Ū��A�ȡA�ҥH�ɶq���n�ҰʥL�աG
1. �D���n�ɡA���n�Ұ� telnet �A�p�G�u���ݭn�Ұ� telnet �A����]�Цb�ҰʨåB�ϥΧ�������A�ߧY�N�L�����I
2. �p�G�T�w�u���n�Ұ� telnet �ɡA�нT�w�n����s�u�d��A�ϥ� iptables �ӳ]�w�s�u������ϰ�F
3. �[�W TCP_Wrappers �����U�A�[�j�����𪺥\��I
4. �H�ɪ`�N�n���ɮ׸̭����� login ���ƶ��I�åB���n�� root ��H telnet �n�J Linux �D���I

�J�M telnet ���O�ܦw���A����ڤS�ݭn�H���ݳs�u�A�ȨӾޱ��ڪ� Linux �D���A�������ӫ���r�I�H�̦n����k���M�N�O�H�����w�����s�u�����רӸѨM�s�u�����D�o�I����Ӧp��ѨM�o�˪����D�O�H�o�]�����աA�ϥ� SSH �Y�i�C���� SSH �O����O�H�L������S���\��H²�檺�ӻ��ASSH �O Secure SHell protocol ��²�g�A�L�i�H�g�ѱN�s�u���ʥ]�[�K���޳N�A�Ӷi���ƪ��ǻ��A�]���A��Ʒ��M�N����w���o�I�o�� SSH �i�H�ΨӨ��N Internet �W�������w���� finger, R Shell (rcp, rlogin, rsh �����O), talk �� telnet ���s�u�Ҧ��C���U�ڭ̱N��²���@�U SSH ���s�u�Ҧ��A�ӻ��������� SSH �|����w���O�I
�@
�S�O�`�N�G�o�� SSH ��w�A�b�w�]�����A���A�����N���Ѩ�Ӧ��A���\��G
�@
1. �@�ӴN�O���� telnet �����ݳs�u�ϥ� shell �����A���A��Y�O�U�٪� ssh �F
2. �t�@�ӴN�O���� FTP �A�Ȫ� sftp-server �I���ѧ�w���� FTP �A�ȡC
�@


---

�s�u�[�K�޳N²���G
�@
�򥻤W�A�[�K���޳N�q�`�O�ǥѩҿת��y�@�綠�_�P�p�_�z��Y�yPublic and Private keys�z�Ӷi��[�K�P�ѱK���ʧ@�I�p�U�ϩҥܡA�� SSH ���A���D���ҰʸӪA�Ȥ���A�D���ݷ|���ͤ@�䤽�_�A�Ө����ӤH�q�����z ( client �� )�A�b�i��P server ���s�u�ɡA�i�H�ǥ� Client ���H���ۦ沣�ͪ��p�_�Ӵ��� server ���s�u���ΡA�]�i�H�����ǥ� server ���Ѫ��p�_�Ӷi��s�u�I�o�ӻP�i��s�u�ɿ�ܪ��[�K���������A���@�U�ڭ̦A���I �@
�@
�b�W�����ϥܤ��A�ڭ̥i�H���D�A����ƥ� Server �ݶǰe�� Client �ݮɡA�o�Ǹ�Ʒ|���g�L�y���_, Public Key�z�Ӷi��[�K���欰�A�ҥH�A�b�ǿ骺�L�{���A�o�Ǹ�ƥ����O�g�L�[�K���A�]���A�Y�ϳo�Ǹ�Ʀb�~���Q�I���ɡA�n�}�ѳo�ǥ[�K����ơA�٬O�o�n��O�W�n���@�q�ɶ����C���򵥳o�Ǹg�L���_�[�K����ƶǰe�� Client �ݤ���A�N�i�H�ǥѩҿת��y�p�_, Private Key�z�Ӷi��ѱK���ʧ@�C�ݭn�`�N���O�A�o�Ǥ��_�P�p�_�b�C�@���q���W�������@�ˡA�ҥH�A�z�P Server ���s�u���L�H�ӻ��A���O�����h�}�Ѫ��O�I����o�Ǥ��_�P�p�_�O�p�󲣥ͪ��O�H���U�ڭ̨ӽͤ@�ͥثe SSH ����ت������s�u�Ҧ��o�I

• SSH protocol version 1�G

�C�@���D�����i�H�ϥ� RSA �[�K�覡�Ӳ��ͤ@�� 1024-bit �� RSA Key �A�o�� RSA ���[�K�覡�A�D�n�N�O�ΨӲ��ͤ��_�P�p�_���t���k�I�o�� version 1 ����ӳs�u���[�K�B�J�i�H²�檺�o��ݡG
1. ���C�� SSH daemon (sshd) �ҰʮɡA�N�|���ͤ@�� 768-bit �����_(�κ٬� server key)�s��b Server ���F
2. �Y�� client �ݪ��ݨD�ǰe�ӮɡA���� Server �N�|�N�o�@�䤽�_�ǵ� client �A�� Client �ǥѤ�糧���� RSA �[�K�覡�ӽT�{�o�@�䤽�_�F
3. �b Client �����o�� 768-bit �� server key ����AClient �ۤv�]�|�H�����ͤ@�� 256-bit ���p�_(host key)�A�åB�H�[�K���覡�N server key �P host key ��X���@�䧹�㪺 Key �A�åB�N�o�� Key �]�ǰe�� server �F
4. ����AServer �P Client �b�o�����s�u�����A�N�H�o�@�� 1024-bit �� Key �Ӷi���ƪ��ǻ��I
���M�աA�]�� Client �ݨC���� 256-bit �� Key �O�H�������A�ҥH�z�o�����s�u�P�U�����s�u�� Key �i��N�|���@�˰աI
�@
• SSH protocol version 2�G

�P version 1 ���P���O�A�b version 2 �����N���A���� server key �F�A�ҥH�A�� Client �ݳs�u�� Server �ݮɡA��̱N�ǥ� Diffie-Hellman key ���t��覡�Ӳ��ͤ@�Ӥ��ɪ� Key �A�����̱N�ǥ����� Blowfish ���t��覡�i��P�B�ѱK���ʧ@�I
�@
�C�@�� sshd �����ѳo��Ӫ������s�u�A�ӨM�w�o��ؼҦ��s�u���A�N���ݭn�b client �ݳs�u�ɿ�ܳs�u���Ҧ��~��T�{�C�ثe�w�]���p�U�A�|�۰ʨϥ� version 2 ���s�u�Ҧ���I�ӥѩ�ڭ̪��s�u��Ƥ��A�g�L�F�o�� Public �P Private Key ���[�K�B�ѱK�ʧ@�A�ҥH�b�������ǰe�L�{���A���M�N����w�����h�o�I(���G�ثe�ϥ� SSH �ӳs�u�ɡA�����ij�ϥ� version 2 ���t��k��I)
�@


---

�Ұ� ssh �A�ȡG
�@
�ƹ�W�A�b�ڭ̨ϥΪ� Linux �t�η����A�w�]�N�w�g�t�� SSH ���Ҧ��ݭn���M��F�I�o�]�t�F�i�H���ͱK�X����w�� OpenSSL �M��P OpenSSH �M��A�ҥH�O�A�n�Ұ� SSH �u���O��²��F�I�N�������L�ҰʴN�O�F�I���~�A�b�ثe�� Linux Distributions �����A���O�w�]�Ұ� SSH ���A�ҥH�@�I�����·СA�]�����Υh�]�w�A�L�N�w�g�ҰʤF�I�z�I�u�O�n�֡�L�צp��A�ڭ��٬O�o���@���o�ӱҰʪ��覡�a�I�����ҰʴN�O�H SSH daemon �A²�٬� sshd �ӱҰʪ��A�ҥH�A��ʥi�H�o�˱ҰʡG
�@

[root@test root]# /etc/rc.d/init.d/sshd start [root@test root]# service sshd start [root@test root]# netstat -tl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State tcp        0      0 *:ssh                   *:*                     LISTEN

�@
�W����ؤ覡���i�H������ʱҰ� sshd �o�ӪA�ȡI�M��ϥ� netstat -tl �ݬݯण��ݨ� ssh ���A�Ȧb��ť�O�I�H�p�G�X�{�F�W�����@�����r�A�N���ܱz�� SSH �w�g���T���Ұ��o�I�o�u�O��²��F�a�I�S���A���O�L�N�O�o��²���
�@
����ڭn�p��b�}�����ɭԴN�Ұʳo�� sshd �O�H�p�G�O Red Hat ���t�ΡA�i�H�ϥ� ntsysv �o��{���A�� Mandrake �i�H�ϥ� chkconfig �o�ӵ{���I�ܩ� OpenLinux �h�i�H�� /etc/sysconfig/daemons �h�ݬݳ�I
�@
�o�Ӥ覡�ȾA�X�b�w�g�� OpenSSH �� Linux Distributions �����A�p�G�H Red Hat 6.x ���ҡA�L�èS���w�]�ϥ� SSH ����H�O��ߡA�i�H�ѦҤ@�U���U�o�ӳ������e�g�L�������A���ԲӪ������ϥ� tarball �w�˪��B�J�O�I

�ϥ� Tarbal �w�� SSH �H�Τɯ� SSH �i��|�J�쪺���D����
(http://linux.vbird.org/linux_server/0310telnetssh/0310telnetssh-2.php)

�ݭn�`�N���O�A SSH �������ѤF shell ���ڭ̨ϥΡA��Y�O ssh protocol ���D�n�ت��A�P�ɥ紣�ѤF�@�Ӹ����w���� FTP server �A��Y�O ssh-ftp server ���ڭ̷����O FTP �ӨϥΡI�ҥH�A�o�� sshd �i�H�P�ɴ��� shell �P ftp ��I�ӥB���O�[�c�b port 22 �W�����O�I�ҥH�A���U�ڭ̴N�Ӵ��@���A������˥� Client �ݳs���W Server �ݩO�H�P�ɡA�p��H FTP ���A�Ȩӳs���W Server �åB�ϥ� FTP ���\��O�H
�@


---

ssh �Τ�ݳs�u�G
�@
�ѩ� Linux �P Windows �o��ӥΤ�ݪ� Client �s�u�n��ä��@�ˡA�ҥH�ڭ̤�����ӳ����ӻ����G

• Linux �Τ���G ssh

�b Linux �Τ�ݤ譱�A�ڭ̥D�n�H ssh �i��@��s�u�A�ӥH sftp �i�� FTP ���ϥγs�u�I���O²���p�U�G
�@

ssh �@��s�u���ϥΤ覡�G [root@test root]# ssh user@hostname [root@test root]# ssh -l test test.linux.org Connecting to test.linux.org... The authenticity of host 'test.linux.org (192.168.1.100)' can't be established. RSA key fingerprint is 46:cf:06:6a:ad:ba:e2:85:cc:d9:c4:8d:15:bb:f3:ec. Are you sure you want to continue connecting (yes/no)? yes <==�п�J yes �I Warning: Permanently added 'test.linux.org,192.168.1.100' (RSA) to the list of known hosts. test@test.linux.org's password:    <==�п�J test �o�ӨϥΪ̪��K�X�I

�@
�o�̽ЯS�O�d�N���O�A�p�G�����H�y ssh hostname �z�o�ӫ��O�ӳs���i�J hostname �o�ӥD���ɡA�h�i�J hostname �o�ӥD�����y�b���W�١z�N�|�O�ثe�z�Ҧb���o�����ҷ������ϥΪ̱b���I�H�W�����ҡA�]���ڬO�H root �������b����A�ҥH�p�G�ڰ���F�y ssh host.domain.name �z�ɡA������ host.domain.name �o���D���A�N�|�H root �����������ڶi��K�X�T�{���n�J�ʧ@�I�]���A���F�קK�o�˪��·СA�q�`�ڳ��O�H²�檺 e-mail ���g�k�ӵn�J���誺�D���A�Ҧp�yssh user@hostname �z�Y���ܡA�ڬO�H user �o�ӱb���h�n�J hostname �o���D�����N��C���M�A�]�i�H�ϥ� -l username �o�˪��Φ��ӮѼg�I�n�J���D������A��L���Ҧ�����欰����b Linux �D�����S����ˡ�ҥH�A�u���O��²��a�I ^_^ �o�˴N�i�H�F�컷�ݱ��ޥD�����ت��F�I���~�A�b�w�]�����p�U�A SSH �O�y���\�z�H root �������n�J�z���I�����I��O�n�ְաI���~�A�ЯS�O�d�N���O�A���z�n�s�����誺�D���ɡA�p�G�O�����s���A���� Server �|�ݱz�A�z���s�u�� Key �|���Q�إߡA�n���n���� Server �ǨӪ� Key �A�ëإ߰_�s�u�O�H�����I�o�ӮɭԽСy�ȥ��n��J yes �Ӥ��O y �� Y�z�A�o�˵{���~�|������I
�@
�������~�A�]�� ssh �o��{���w�]�|�N�D���ݪ� public key �O���U�ӡA��m�b /home/youraccount/.ssh/known_hosts �����A�H�Q���Ӫ��s�u���ΡC���L�A�ѧڭ̭����s�u�[�K������Q�����A�i�H�o�{�b SSH �D�����s�}������A���� Public Key �|�۰ʪ���s�A�ҥH�A���z�� SSH �D���g�L���s�}���A�ӱz�� Client �A�H ssh �o��{���s�u�ɡA�N�|�o�{�p�U�����~��G
�@

[root@test root]# ssh user@hostname @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 6e:1a:60:d0:ee:d0:7c:91:df:94:de:09:35:7b:08:ba. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:8 RSA host key for hostname has changed and you have requested strict checking. Host key verification failed.

�@
�o�ӿ��~�T���b�i�D�z�A�W���ҵn�������� SSH �D���� Keys �w�g�Q��L�F(�̥i�઺��]�N�O���s�}���աI)�A�ҥH�L�k�~��n�J������I�o�Ӯɭԫ���H��²��ڡI�i�J�z���a�ؿ��� ~/.ssh �̭��A�s��@�U known_hosts �A�N���s�����D���W�٪� Key ���L�����A�N�i�H���s�s�u�աI
�@
����p��ϥ� SSH FTP ���\��O�H�]�O�ܮe���աI�N�O�ϥ� sftp �o��{���Y�i�I�ӵn�J���覡�P ssh �ۦP�A���O�ϥ� sftp -l username hostname �Ϊ̪����H sftp user@hosname �ӮѼg�I���椧��|�����U���ҼˡG
�@

sftp �@��s�u���ϥΤ覡�G [root@test root]# sftp test@test.linux.org test@test.linux.org's password:    <==�п�J test �o�ӨϥΪ̪��K�X�I sftp>  <==���ݱz��J���O�I

�@
�i�J�� sftp ����A���N��b�@�� FTP �Ҧ��U���ާ@��k�S����ˤF�I���U�ڭ̴N�ӽͤ@�͡A sftp �o�Ӥ����U���ϥΫ��O�a�I
�@

�w�ﻷ��D��(Server)���欰
�ܴ��ؿ��� /etc/test �Ψ�L�ؿ�	cd /etc/test cd PATH
�C�X�ثe�Ҧb�ؿ��U���ɮשΥؿ�	ls dir
�إߥؿ�	mkdir directory
�R���ؿ�	rmdir directory
��ܥثe�Ҧb���ؿ�	pwd
����ɮשΥؿ��s��	chgrp groupname PATH
����ɮשΥؿ��֦���	chown username PATH
����ɮשΥؿ����v��	chmod 644 PATH �䤤�A644 �P�v�������I�^�h�ݰ�¦�g�I
�إ߳s����	ln oldname newname
�R���ɮשΥؿ�	rm PATH
����ɮשΥؿ��W��	rename oldname newname
���}���ݥD��	exit bye
�w�糧��(Client)���欰(���[�W l, L ���p�g )
�ܴ��ؿ��쥻���� PATH ����	lcd PATH
�C�X�ثe�����Ҧb�ؿ��U���ɦW	lls
�b�����إߥؿ�	lmkdir
��ܥثe�Ҧb�������ؿ�	lpwd
�ɮ׶ǿ�
�N�ɮץѥ����W�Ǩ컷�ݥD��	put [�����ؿ����ɮ�] [����] put [�����ؿ����ɮ�] �p�G�O�o�خ榡�A�h�ɮ׷|��m��ثe���ݥD�����ؿ��U�I
�N�ɮץѻ��ݥD���U���^��	get [���ݥD���ؿ����ɮ�] [����] get [���ݥD���ؿ����ɮ�] �Y�O�o�خ榡�A�h�ɮ׷|��m�b�ثe�����Ҧb���ؿ������I�i�H�ϥθU�Φr���A�Ҧp�G get * get *.rpm ��O�i�H���榡�I

�@
�N����Ө��A sftp �b Linux ���U�A�p�G���Ҽ{�ϧΤ����A����L�w�g�i�H���N FTP �F�O�I�]���Ҧ����\�ೣ�w�g�[�\�աI�]���A�b���Ҽ{��ϧΤ����� FTP �n��ɡA�i�H�������� FTP ���A�ȡA�ӧ�H sftp-server �Ӵ��� FTP ���A�ȧa�I ^_^

• Windows �Τ���G

�b Linux ���U�w�g�� ssh �F�A����p�G�b Windows ���U�O�H�ӫ���H�����I�o�ӥi�H�����ϥ� putty �o���������s�u�n��O�A�L�]�O�K�O���n���I���o���覡�i�H�Ѧҩ��U�������G

�x������Ghttp://www.chiark.greenend.org.uk/~sgtatham/putty/
��������Ghttp://beta.wsl.sinica.edu.tw/~ylchang/putty/

�n�F�A����n���o���X�ӵ{���O�H���u�n putty.exe �� psftp.exe �o���{���N���F�I���O�Ψӵn�J shell �� FTP ���O�I

• putty�G

�����b Windows ���U����A���檺�ϥܦ��I�����U�o�ˡG

�o�ӮɭԽЪ`�N�A�ѩ�ڭ̤�����w�N�T�w���X�ӥD����IP�O���U�ӡA�ҥH�b�o�̧ڭ̻ݭn���i��@�ǰ򥻪��]�w�~��I�b�W�Ϥ��A�ڭ̻ݭn��g�G
(1)HostName(or IP address) ���@���A��
(2)Saved Sessions ���Ӧn�O���W�r�A
(3)�åB��� SSH ���ӿﶵ�~��I
�H�ڪ��ϰ줺�������ҡA�ڥi�H�g���o�ӼҼˡG

�Фd�U�O�o�A��g��������A�@�w�n���U�k�䪺�ySave�z����A�o�˱z���]�w�~�|�Q�O���U�ӳ�I���ۤU�ӡA�ڭ̭n�]�w���O�C���n�J���ɭԡA���|�i��O�������ءA�ҥH�A�z�i�H�b���䪺�e���W�����U�yLogging�z�M��N�k�䪺�yAlways append to the end of it�z�A�o�ˤ~���|�C���n�J���ɭԡA�t�γ��n�ݱz�@���A�O�_�ݭn�O���I

���ۤU�ӡA�ڭ��٥i�H�վ��� putty ���ù��j�p�O�I�H�U�Ϭ��ҡA�ڳ]�w�ڪ��n�J�e���� 40 ��P 100 �Ӧr���I�o�˪��e����_�DzΪ� 24 * 80 �n�j���h�A�ݰ_�Ӥ]����ΪA�N�O�F�㨺�򨺭� 1000 ���ܧڪ����b�� 1000 �檺�����A�i�H��K�ک��e�d�ߩO�I

�վ㧹�F�ù����j�p����A�A�ӳo�O�̭��n���G�y�z�n�H���@�Ӫ����� SSH �t��k�n�J�H�I�z�e�����L�A�ڭ̹w�]�O�H version2 �ӵn�J���A�ҥH�o�̧ڭ̥i�H�վ㬰 2 ���Ӷ��ءI�o�˨C���n�J���|�H version 2 ���Ҧ��n�J�D���F�I

�n�F�A�w�g���]�w�����F�A�A�ӷ��M�S�O�n�O���o�I�ҥH�Ц^��ySession�z���]�w�̭��A�A���U�@���ySave�z�A�o�ӮɭԦb�������j�خشN�|�X�{�z��J���O���W�١A�M��A�H��n�n�J SSH �D���ɡA�N�������L�I��U test.linux.org ����(�N�O�z���ۦ�]�w�������W��)�A�N�i�H�i�J�z���I�諸�D���o�I

��� putty �j�P�W���y�{�N�O�o�ˡI�p���@�ӡA�z�N�i�H�b Windows �W���H SSH ����w�A�n�J���ݪ� Linux �D���P�I����K�a�I ^_^ �I�p�G�٭n��L���]�w�A����N�����ק� Saved Sessions �P HostName �o��Ӷ��ءA�M��A�����L Save �A�K�K�I�N�S�h�@�ӳ]�w�ȤF�I�ӥB�٬O���誺�]�w�ȬۦP�I�ܮe���]�w���աI����p�G�Q�n����䴩���ܡA�ثe putty �w�g�䴩����աI�z�i�H��J�����I���L�ݭn�ק�@�U�r�����A��ܥ���e�����ywindow�z���ءA�ÿ�ܡyAppearance�z�]�w���e�A�]�w�G

�b�X�{���W���خؤ��A��ܥk��ĤG�Ӷ��ؤ����yChange�z�h�ק�r������ܡG

�N(1)�r���]�w���ө���(2)�r���]�w���yBig5�z�A�p���@�ӡA�z�� putty �N�䴩���媺��J�o�I ^_^

• psftp�G

�o�@��{�������I�h�O�b��H sftp �s�u�W Server �C�s�u���覡�i�H�����I�� psftp �o���ɮסA���L�����ҰʡA�h�|�X�{�U�����ϼˡG

psftp: no hostname specified; use "open host.name" to connect psftp>

�o�Ӯɭԥi�H��J�z�n�s���W�h���D���W�١A�Ҧp�ڪ��ϰ줺���� test.linux.org �o�ӥD���G

psftp: no hostname specified; use "open host.name" to connect psftp> open test.linux.org login as: test Using username "test". test@test.linux.org's password: Remote working directory is /home/test psftp>

�����I�o�˴N�n�J�D���աI��²��a�I�M���L���ϥΤ覡��e�����쪺 sftp �@�˭��I�[�o���ϥΧa�I
�@


---


�Բӳ]�w sshd ���A��
�@
�򥻤W�A�Ҧ��� ssh �����]�w����b /etc/ssh/sshd_config �̭��I���L�A�C�� Linux distribution ���w�]�]�w�����ӬۦP�A�ҥH�ڭ̦����n���A�Ѥ@�U��ӳ]�w�Ȫ��N�q����~�n�I
 

# 1. ���� SSH Server ������]�w�A�]�t�ϥΪ� port �աA�H�ΨϥΪ��K�X�t��覡 Port 22�@�@�@�@�@�@�@�@�@�@# SSH �w�]�ϥ� 22 �o�� port�A�z�]�i�H�ϥΦh�� port �I �@�@�@�@�@�@�@�@�@�@�@�@�@ # ��Y���ƨϥ� port �o�ӳ]�w���اY�i�I Protocol 2,1�@�@�@�@�@�@�@ # ��ܪ� SSH ��w�����A�i�H�O 1 �]�i�H�O 2 �A �@�@�@�@�@�@�@�@�@�@�@�@�@ # �p�G�n�P�ɤ䴩��̡A�N�����n�ϥ� 2,1 �o�Ӥ��j�F�I #ListenAddress 0.0.0.0�@�@ # ��ť���D�������d�I�|�ӨҤl�ӻ��A�p�G�z����� IP�A �@�@�@�@�@�@�@�@�@�@�@�@�@ # ���O�O 192.168.0.100 �� 192.168.2.20 �A����u�Q�n �@�@�@�@�@�@�@�@�@�@�@�@�@ # �}�� 192.168.0.100 �ɡA�N�i�H�g�p�P�U�����˦��G ListenAddress 192.168.0.100          # �u��ť�Ӧ� 192.168.0.100 �o�� IP ��SSH�s�u�C �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �p�G���ϥγ]�w���ܡA�h�w�]�Ҧ����������� SSH PidFile /var/run/sshd.pid�@�@�@�@�@�@# �i�H��m SSHD �o�� PID ���ɮסI���C���w�]�� LoginGraceTime 600�@�@�@�@ # ���ϥΪ̳s�W SSH server ����A�|�X�{��J�K�X���e���A �@�@�@�@�@�@�@�@�@�@�@�@�@ # �b�ӵe�����A�b�h�[�ɶ����S�����\�s�W SSH server �A �@�@�@�@�@�@�@�@�@�@�@�@�@ # �N�_�u�I�ɶ������I Compression yes�@�@�@�@�@�@# �O�_�i�H�ϥ����Y���O�H���M�i�H�o�I �@ # 2. �����D���� Private Key ��m���ɮסA�w�]�ϥΤU�����ɮקY�i�I HostKey /etc/ssh/ssh_host_key�@�@�@�@# SSH version 1 �ϥΪ��p�_ HostKey /etc/ssh/ssh_host_rsa_key�@�@# SSH version 2 �ϥΪ� RSA �p�_ HostKey /etc/ssh/ssh_host_dsa_key�@�@# SSH version 2 �ϥΪ� DSA �p�_ # 2.1 ���� version 1 ���@�dz]�w�I KeyRegenerationInterval 3600�@ �@�@�@# �ѫe���s�u�������i�H���D�A version 1 �|�ϥ�  �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # server �� Public Key �A����p�G�o�� Public  �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # Key �Q�����ܡA�Z�����J�H�ҥH�ݭn�C�j�@�q�ɶ� �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �ӭ��s�إߤ@���I�o�̪��ɶ������I ServerKeyBits 768 �@�@�@�@�@�@�@�@�@ # �S���I�o�ӴN�O Server key �����סI # 3. ����n���ɪ��T����Ʃ�m�P daemon ���W�١I SyslogFacility AUTH�@�@�@�@�@�@�@�@�@# �����H�ϥ� SSH �n�J�t�Ϊ��ɭԡASSH�|�O���� �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �T�A�o�Ӹ�T�n�O���b���� daemon name ���U�H �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �w�]�O�H AUTH �ӳ]�w���A�Y�O /var/log/secure �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �̭��I����H�ѰO�F�I�^�� Linux ��¦�h½�@�U �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # ��L�i�Ϊ� daemon name ���GDAEMON,USER,AUTH, �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # LOCAL0,LOCAL1,LOCAL2,LOCAL3,LOCAL4,LOCAL5, LogLevel INFO�@�@�@�@�@�@�@�@�@�@�@�@# �n���O�������šI�K�K�I����T���I �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �P�˪��A�ѰO�F�N�^�h�ѦҡI # 4. �w���]�w���ءI�����n�I # 4.1 �n�J�]�w���� PermitRootLogin no�@�@ �@�@# �O�_���\ root �n�J�I�w�]�O���\���A���O��ij�]�w�� no�I UserLogin no�@�@�@�@�@�@�@ # �b SSH ���U���ӴN������ login �o�ӵ{�����n�J�I StrictModes yes�@�@�@�@�@�@# ���ϥΪ̪� host key ���ܤ���AServer �N�������s�u�A �@�@�@�@�@�@�@�@�@�@�@�@�@ # �i�H��׳������차�{���I #RSAAuthentication yes�@�@ # �O�_�ϥίª� RSA �{�ҡI�H�Ȱw�� version 1 �I PubkeyAuthentication yes�@ # �O�_���\ Public Key �H���M���\�աI�u�� version 2 AuthorizedKeysFile      .ssh/authorized_keys �@�@�@�@�@�@�@�@�@�@�@�@�@ # �W���o�Ӧb�]�w�Y�n�ϥΤ��ݭn�K�X�n�J���b���ɡA���򨺭� �@�@�@�@�@�@�@�@�@�@�@�@�@ # �b�����s���ɮשҦb�ɦW�I # 4.2 �{�ҳ��� RhostsAuthentication no�@�@# �����t�Τ���ϥ� .rhosts �A�]���Ȩϥ� .rhosts �� �@�@�@�@�@�@�@�@�@�@�@�@�@ # ���w���F�A�ҥH�o�̤@�w�n�]�w�� no �I IgnoreRhosts yes�@�@�@�@�@ # �O�_�����ϥ� ~/.ssh/.rhosts �Ӱ����{�ҡI���M�O�I RhostsRSAAuthentication no # �o�ӿﶵ�O�M���� version 1 �Ϊ��A�ϥ� rhosts �ɮצb �@�@�@�@�@�@�@�@�@�@�@�@�@ # /etc/hosts.equiv�t�X RSA �t��覡�Ӷi��{�ҡI���n�ϥ� HostbasedAuthentication no # �o�Ӷ��ػP�W�������������A���L�O�� version 2 �ϥΪ��I IgnoreUserKnownHosts no�@�@# �O�_�����a�ؿ����� ~/.ssh/known_hosts �o���ɮשҰO�� �@�@�@�@�@�@�@�@�@�@�@�@�@ # ���D�����e�H���M���n�����A�ҥH�o�̴N�O no �աI PasswordAuthentication yes # �K�X���ҷ��M�O�ݭn���I�ҥH�o�̼g yes �o�I PermitEmptyPasswords no�@�@# �Y�W�����@���p�G�]�w�� yes ���ܡA�o�@���N�̦n�]�w �@�@�@�@�@�@�@�@�@�@�@�@�@ # �� no �A�o�Ӷ��ئb�O�_���\�H�Ū��K�X�n�J�I���M���\�I ChallengeResponseAuthentication yes  # �D�ԥ��󪺱K�X�{�ҡI�ҥH�A���� login.conf  �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �W�w���{�Ҥ覡�A���i�A�ΡI #PAMAuthenticationViaKbdInt yes      # �O�_�ҥΨ�L�� PAM �ҲաI�ҥγo�ӼҲձN�| �@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�@ # �ɭP PasswordAuthentication �]�w���ġI �@ # 4.3 �P Kerberos �������ѼƳ]�w�I�]���ڭ̨S�� Kerberos �D���A�ҥH���U���γ]�w�I #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosTgtPassing no �@ # 4.4 ���U�O�����b X-Window ���U�ϥΪ������]�w�I X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes # 4.5 �n�J�᪺���ءG PrintMotd no              # �n�J��O�_��ܥX�@�Ǹ�T�O�H�Ҧp�W���n�J���ɶ��B�a�I�� �@�@�@�@�@�@�@�@�@�@�@�@�@# ���A�w�]�O yes �A���O�A�p�G���F�w���A�i�H�Ҽ{�אּ no �I PrintLastLog yes�@�@�@�@�@# ��ܤW���n�J����T�I�i�H�ڡI�w�]�]�O yes �I KeepAlive yes�@�@�@�@�@�@ # �@��Ө��A�p�G�]�w�o���ت��ܡA���� SSH Server �|�ǰe �@�@�@�@�@�@�@�@�@�@�@�@�@# KeepAlive ���T���� Client �ݡA�H�T�O��̪��s�u���`�I �@�@�@�@�@�@�@�@�@�@�@�@�@# �b�o�ӱ��p�U�A����@�ݦ�����A SSH �i�H�ߨ誾�D�I�Ӥ��| �@�@�@�@�@�@�@�@�@�@�@�@�@# �����͵{�Ǫ��o�͡I UsePrivilegeSeparation yes # �ϥΪ̪��v���]�w���ءI�N�]�w�� yes �a�I MaxStartups 10�@�@�@�@�@�@# �P�ɤ��\�X�ө|���n�J���s�u�e���H���ڭ̳s�W SSH �A �@�@�@�@�@�@�@�@�@�@�@�@�@# ���O�|����J�K�X�ɡA�o�ӮɭԴN�O�ڭ̩ҿת��s�u�e���աI �@�@�@�@�@�@�@�@�@�@�@�@�@# �b�o�ӳs�u�e�����A���F�O�@�D���A�ҥH�ݭn�]�w�̤j�ȡA �@�@�@�@�@�@�@�@�@�@�@�@�@# �w�]�̦h�Q�ӳs�u�e���A�Ӥw�g�إ߳s�u�����p��b�o�Q�ӷ��� # 4.6 ����ϥΪ̩�ת��]�w���ءG DenyUsers *�@�@�@�@�@�@�@ # �]�w����ת��ϥΪ̦W�١A�p�G�O�������ϥΪ̡A���N�O���� �@�@�@�@�@�@�@�@�@�@�@�@�@# �קa�I�Y�O�����ϥΪ̡A�i�H�N�ӱb����J�I�Ҧp�U�C�I DenyUsers test DenyGroups test�@�@�@�@�@ # �P DenyUsers �ۦP�I�ȩ�״X�Ӹs�զӤw�I # 5. ���� SFTP �A�Ȫ��]�w���ءI Subsystem       sftp    /usr/lib/ssh/sftp-server

�@
�򥻤W�A�b�z���t�Τ��A�y���D�����n�A�_�h�Ф��n��� /etc/ssh/sshd_config �o���ɮת��]�w�ȡI�z�]���w�]�����p�U�q�`���O���Y�K�� SSH �O�@�F�A�]���A�i�H���ݭn��ʥL�I�W���������ȬO�b���j�a�A�ѨC�ӲӶ����@�ǰ򥻤��e�Ӥw�I�ݭn�`�N���O�̫�@���A�p�G�z���@�N�}�� SFTP ���ܡA�N�̫�@����ѱ��Y�i�I
�@
�t�~�A�p�G�z�ק�L�W���o���ɮ�(/etc/ssh/sshd_config)�A����N���ݭn���s�Ұʤ@�� sshd �o�� daemon �~��I��Y�O�G
/etc/rc.d/init.d/sshd restart
�@


---

�s�@���αK�X�i�ߧY�n�J�� ssh �Τ�G
�@
�x�I�J�M SSH �i�H�ϥ� Key �Ӥ���ơA�åB���ѨϥΪ̸�ƪ��[�K�\��A����i���i��Q�γo�� Key �N���ѨϥΪ̦ۤv�i�J�D���A�Ӥ��ݭn��J�K�X�O�H�����I�n�D�N�I�ڭ̥i�H�N Client ���ͪ� Key ���L������ Server �����A�ҥH�A�H�� Client �n�J Server �ɡA�ѩ��̦b SSH �n�s�u���T���ǻ����A�N�w�g���L Key �F�A�]���A�i�H�ߧY�i�J��ƶǿ餶�����A�Ӥ��ݭn�A��J�K�X�O�I�b��@�W���B�J�i�H�O�G

1. �����A���b Client �W���إ� Public Key �� Private Key �o����_�͡A�Q�Ϊ����O�� ssh-keygen �o�өR�O�F
2. �A�ӡA�N Private Key ��b Client �W�����a�ؿ��A��Y $HOME/.ssh/ �A�åB�ק��v�����Ȧ��� User �iŪ�����A�F
3. �̫�A�N���� Public Key ��b����@�ӱz�Q�n�Ψӵn�J���D���� Server �ݪ��Y User ���a�ؿ����� .ssh/ �̭����{���ɮקY�i������ӵ{�ǡC

���O�n���ܧx�����ˤl�A���B�J�u����²��A�ڭ̨̧ǨӶi��@�~�n�F�I
���]�e���G
a. Server ������ test.linux.org �o�� 192.168.0.2 ���D���A���ϥΪ� User �� test �o�ӱb���F
b. Client ������ test2.linux.org �o�� 192.168.0.100  PC �� test2 �o�ӱb���A�L�n�Ψӵn�J 192.168.0.2 �o���D���� test �o�ӱb���C
�]�N�O���A�ڦb 192.168.0.100 �o�������������� test2 �A���O�ڷQ�H test �������n�J 192.168.0.2 �o���D���A�åB�Ʊ椣�n�ϥαK�X�I�o�˥i�H�A�Ѥj�e���F�ܡH�n�F�A�ڭ̴N�@�B�@�B�ӧ@�a�I

1. �b Client �ݫإ� Public �P Private Key �G

�إߪ���k�u���O²��줣��I�����b 192.168.0.100 �o�� Client �W���A�H test2 �o�ӱb���A�ϥ� ssh-keygen �o�ӫ��O�Ӷi�� Key �����ͧY�i�I���L�A�ݭn�`�N���O�A version 1 �P version 2 �ϥΪ��K�X�t��覡���P�A���~�A version 2 ���Ѩ�ӱK�X�t�⪺��k�A�ڭ̳o�̶Ȱw�� version 2 �� RSA �o�Ӻt���k�i�满���I

[test2@test2 test2]$ ssh-keygen -t rsa  <==�o�ӨB�J�b���� Keys Generating public/private rsa key pair. Enter file in which to save the key (/home/test2/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <==�o�̫� Enter Enter same passphrase again:            <==�A���@�� Enter Your identification has been saved in /home/test2/.ssh/id_rsa. <==�o�O�p�_ Your public key has been saved in /home/test2/.ssh/id_rsa.pub.<==�o�O���_ The key fingerprint is: c4:ae:d9:02:d1:ba:06:5d:07:e6:92:e6:6a:c8:14:ba test2@test2.linux.org �`�N�G -t �����O�y�ϥΦ�رK�X�t��覡�H�z�ѩ�ڭ̨ϥ� RSA �A �ҥH������J -t rsa �Y�i�إߨ�� Keys �I ���~�A�إߪ���� Keys ����m�b�a�ؿ��U�� .ssh �o�ӥؿ����I ��ݤ@�U�o��� Keys �a�I [test2 @test2 test2]$ ll ~/.ssh total 12 -rw-------    1 test2    test2         887 Nov 12 22:36 id_rsa -rw-r--r--    1 test2    test2         233 Nov 12 22:36 id_rsa.pub -rw-r--r--    1 test2    test2         222 Oct 31 11:20 known_hosts

�Ъ`�N�W����A�ڪ������O test2 �A�ҥH���ڰ��� ssh-keygen �ɡA�~�|�b�ڪ��a�ؿ����U�� .ssh/ �o�ӥؿ��̭����ͩһݭn����� Keys �A���O�O�p�_(id_rsa)�P���_(id_rsa.pub)�C�t�~�@�ӭn�S�O�`�N���N�O���� id_rsa ���ɮ��v���աI�L�����n�O -rw------- �~�n�I�_�h���e�Q�H�a���D�F�A����z�� Keys ���N���i��~���F�H�ҥH�ЯS�O�d�N�L���v����I���򨺭� id_rsa.pub �h�O�y���_�I�z�o���ɮץ����n�Q��m�� Server �ݤ~��I
�@
2. �b Client �ݩ�m�p�_�G

�b�w�]�����󤤡A�ڭ̪��p�_���ݭn��m�b�a�ؿ����U�� .ssh �̭��A����p�G�O version 2 �� RSA �t��k�A�N�ݭn��m�b $HOME/.ssh/id_rsa �����I�x�I��n�ϥ� ssh-keygen �N�O�w�g���ͦb�o�ӥؿ��U�F�A�ҥH�۵M�N���ݭn�h�վ�L�F�I�H�ڪ� test2.linux.org �ӬݡA����ڪ��ɮ״N�|��m�b /home/test2/.ssh/id_rsa �o���ɮ״N�O�p�_�աI
�@
3. �b Server �ݩ�m�i�H�n�J�����_�G

�J�M�ڭ̭n�� test2 �i�H�H test �o�ӱb���n�J test.linux.org �o���D���A����o���D���۵M�ݭn�O�� test2 �� public key �o�I�諸�I�ҥH�ڭ̥��ݭn�N Client �ݫإߪ� id_rsa.pub �ɮ׵��L������ test.linux.org ���Y�� test �o�ӨϥΪ̪��a�ؿ����U�I����p�G�z�ٰO�o�W���� sshd_config �o���ɮת��]�w���ܡA�������ӴN�O�o�yAuthorizedKeysFile�z�o�ӳ]�w�a�I�O���I�b�Q�n�J���D�����Y�ӱb���A�L�����_��m���ɮצW�ٹw�]�N�O�o�Ӷ��ةҰO�����I�ӥL�w�]���ɦW�N�O authorized_keys �o���ɮצW�ٰաI�������ӫ�򰵩O�H

1. ���b Client �ݥH sftp �N���_��� test �W���h�I [test2@test2 test2]$ cd ~/.ssh             <==�����ؿ� [test2@test2 .ssh]$ sftp test@test.linux.org<==�s��D���W�� Connecting to test.linux.org... test@test.linux.org's password:                <==��J test ���K�X sftp> put id_rsa.pub                        <==�N���_��� Server �W���h�I Uploading id_rsa.pub to /home/test/id_rsa.pub sftp> exit 2. �� Server �W���A�N���_��s�� authorized_keys �ɮפ��I [test@test test]$ cd ~/.ssh [test@test .ssh]$ cat ../id_rsa.pub >> authorized_keys

�Ъ`�N�W���������I�ѩ� authorized_keys �i�H�O�s�۷��h�����_���e�A�]���A�i�H�ϥ� >> ���覡�ӱN Client �ݪ����_�s�W����ɮפ��I�����I�����o�@�B�@��A���� test2 �N�i�H�����b test2.linux.org �H

[test2@test2 test2]$ ssh test@test.linux.org

�o�˴N�i�H���ݭn��J�K�X�o�I���O�Ъ`�N�A test ����H test2 �n�J test2.linux.org ��I

��²�檺�B�J�a�I�o�ˤ@�ӡA�N�i�H���ݱK�X������F�I�L�צp��A�z�n�O�o���O�A Server �ݭn�����O Public Keys �A�� Client �ݪ��h�O Private Keys �I�h���ӡA���z�ٷQ�n�n�J��L���D���ɡA�u�n�N�z�� public key ( �N�O id_rsa.pub �o���ɮ� )���L copy ���L�D���W���h�A�åB�s�W��Y�b���� .ssh/authorized_keys �o���ɮפ��I�����I���\�I
�@


---

�w���]�w�G
�@
�n�F�A��������w�����]�w�譱�A���S������ȱo�`�N���O�H���M�O���աI�ڭ̥i�H����ij�X�Ӷ��اa�I���O�i�H�ѡG

• /etc/ssh/sshd_config
• /etc/hosts.allow, /etc/hosts.deny
• iptables

�o�T�譱�ӵۤ�i��I���U�ڭ̴N���@���a�I

• /etc/ssh/sshd_config

�@��Ө��A�o���ɮת��w�]���شN�w�g�ܧ��ƤF�I�ҥH�A�ƹ�W�O���ӻݭn��ʥL���I���O�A�p�G�z���ǨϥΪ̤譱���U�{�A����i�H�o�˭ץ��@�ǰ��D�O�I

• �T�� root ���n�J�G����ɭԡA���\ root �H���ݳs�u���覡�n�J�A���|�O�@�Ӧn�D�N�I�ҥH�o���Z��ij�j�a�����N root ���n�J�v�������a�I�ҥH�A�i�H�ק� /etc/ssh/sshd_config �o���ɮת����e���G

[root@test root]# vi /etc/ssh/sshd_config PermitRootLogin no      <==�N�L�令 no �աI [root@test root]# /etc/rc.d/init.d/sshd restart

�p���@�ӡA�H�� root �N����H ssh �n�J�o�I�o���٬O����n���աI ^_^
�@
• ���\�Y�Ӹs�յn�J�G���ǯS�����p���A�ڭ̷Q�n���ϥΪ̥u��ϥ� sendmail, pop3, ftp ���A���O���Ʊ�L�i�H���ݳs�u�i�ӡA����z�i�H�o�˰��G

1. �N�o�ǨϥΪ̳��k�Ǧb�Y�@�ӯS���s�դ��U�A�Ҧp nossh �o�Ӹs�զn�F�F
2. �b /etc/ssh/sshd_config �����[�J�o�@��G�yDenyGroups   nossh�z
3. ���s�Ұ� sshd �G /etc/rc.d/init.d/sshd restart
�o�˴NOK�աI
�@
• ���\�Y�ӨϥΪ̵n�J�G�� DenyGroups �����A�ϥ� DenyUsers �Y�i�I�Ѧ� sshd_config ���]�w��I

• /etc/hosts.allow �� /etc/hosts.deny �G

�o�F��]�O��²�檺�աI�����ѦҡG ²��������[�] �@���o�I���M�A²�檺��k�N�O�G

[root@test /root]# vi /etc/hosts.allow sshd: 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4, 192.168.0.5: allow [root@test /root]# vi /etc/hosts.deny sshd : ALL : spawn (/bin/echo Security notice from host `/bin/hostname`; \  /bin/echo; /usr/sbin/safe_finger @%h ) | \  /bin/mail -s "%d -%h security" root@localhost & \  : twist ( /bin/echo -e "\n\nWARNING connectin not allowed. Your attempt has been logged. \n\n\nĵ�i�z�|�����\�n�J�A�z���s�u�N�|�Q�����A�åB�@���H�᪺�Ѧ�\n\n ". )

�@
• iptables

�h�X�h�O�@�]�ܦn���I�ҥH�]�i�H�ϥ� iptables ��I�ѦҡG²��������[�] �@���o�I

�򥻤W�A SSH ���Z�w�����A�u�n���� root ���n�J�v���A������D���ӴN�|����p�@�I�աI�ҥH�A���M�i�H���γ]�w iptables �A���O��ij�w��X�Ӻ���]�w�@�U /etc/hosts.allow �P /etc/hosts.deny �I�[�o�o�I

• OpenSSH �x������Ghttp://www.openssh.com/
• OpenSSL �x������Ghttp://www.openssl.org/
• putty �x������Ghttp://www.chiark.greenend.org.uk/~sgtatham/putty/
• putty ��������Ghttp://beta.wsl.sinica.edu.tw/~ylchang/putty/
• pputty ��������Ghttp://www.csie.ntu.edu.tw/~piaip/prjs/pputty/

• Telnet �P SSH ���O���ݳs�u���A���A����ڭ̳��|���˨ϥ� SSH ���קK�ϥ� Telnet �O�H��]��b�H
• �й��ջ��� SSH �b Server �P Client �ݳs�u�ɪ��ʥ]�[�K����F
• �а� SSH ���]�w�ɬO���@�ӡH�p�G�ڭn�ק��� root �L�k�ϥ� SSH �s�u�i�J�ڪ� SSH �D���A���Ӧp��]�w�H�S�A�p�G�n�� badbird �o�ӨϥΪ̵L�k�n�J SSH �D���A�Ӧp��]�w�H
• �b Linux �W�A�w�]�� Telnet �P SSH ���A���ϥΪ���f(port number)�U���h�֡H
• �p�G�o�{�ڵL�k�b Client �ݨϥ� ssh �{���n�J�ڪ� Linux �D���A���O Linux �D���o�@�����`�A�i�઺��]����H(������Bknown_hosts...)
• �J�M ssh �O����w������ƫʥ]�ǰe�覡�A����ڴN�i�H�b Internet �W���}��ڪ� Linux �D���� SSH �A�ȤF�ܡH�I�л����z��ܪ����ת���]�I

�e���ѦҸѵ�