1. OpenSSH 패키지 삭제 # rpm -qa | grep ssh # /etc/init.d/sshd stop # rpm -e openssh-server # rpm -e openssh-clients # rpm -e openssh # rm -rf /etrc/ssh # ln -s /usr/local/openssh/etc /etc/ssh 2. OpenSSL 설치 # wget http://openssl.org/source/openssl-1.0.0d.tar.gz # tar xzf openssl-1.0.0d.tar.gz # cd openssl-1.0.0d # ./config zlib shared threads # make && make test && make install # echo /usr/local/ssl/lib >> /etc/ld.so.conf # ldconfig 3. OpenSSH 5.x 설치 (소스컴파일) # wget ftp://mirror.yongbok.net/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz # tar xzf openssh-5.8p2.tar.gz # cd openssh-5.8p2 # ./configure --prefix=/usr/local/openssh \ > --with-tcp-wrappers \ > --with-pam \ > --with-ssl-dir=/usr/local/ssl \ > --with-privsep-user=sshd \ > --with-md5-passwords # make && make install # cd contrib/redhat # cp sshd.pam /etc/pam.d/sshd # cp sshd.init /etc/init.d/sshd # chkconfig --add sshd # ln -s /usr/local/openssh/bin/* /usr/bin # ln -s /usr/local/openssh/sbin/* /usr/sbin # ln -s /usr/local/openssh/libexec/* /usr/bin # /etc/init.d/sshd start 4. chroot 설정을 위한 설정파일 변경 # vi /etc/ssh/sshd_config ... 112 #Subsystem sftp /usr/local/openssh/libexec/sftp-server 113 Subsystem sftp internal-sftp 114 Match Group users 115 ChrootDirectory /chroot ... # /etc/init.d/sshd restart # mkdir /chroot # cd /chroot # mkdir bin dev etc home lib tmp usr var # mount --bind /home /chroot/home # mount --bind /tmp /chroot/tmp # echo "mount --bind /home /chroot/home" >> /etc/rc.d/rc.local # echo "mount --bind /tmp /chroot/tmp" >> /etc/rc.d/rc.local # # 5. 시스템 바이너리, 라이브러리 및 환경설정 파일 복사 ************ 여기까지 했음 # mknod dev/null c 1 3 # mknod dev/zero c 1 5 # ldd /bin/bash libtermcap.so.2 => /lib/libtermcap.so.2 (0x0076c000) libdl.so.2 => /lib/libdl.so.2 (0x006d7000) libc.so.6 => /lib/tls/libc.so.6 (0x005a5000) /lib/ld-linux.so.2 (0x0058b000) # ls -l /lib/ld-linux.so.2 ********* lrwxrwxrwx 1 root root 11 4월 25 2010 /lib/ld-linux.so.2 -> ld-2.3.4.so # cp -a /lib/ld-linux.so.2 lib # ls -l lib/ 합계 0 lrwxrwxrwx 1 root root 11 6월 15 04:09 ld-linux.so.2 -> ld-2.3.4.so (링크가깨져있음) # cp -a /lib/ld-2.3.4.so lib/ # # cp -a /lib/libdl.so.2 lib # cp -a /lib/libdl-2.3.4.so lib # cp -a /lib/tls/libc.so.6 lib/ # cp -a /lib/libc-2.3.4.so lib/ # ls -l /lib/libtermcap.so.2 # cp -a /lib/libtermcap.so.2 lib # cp -a /lib/libtermcap.so.2.0.8 lib # # useradd -g 100 sshtest # echo 'ssh1234' | passwd --stdin sshtest # ssh sshtest@localhost # -bash-3.00$ <-- 로그인 성공 ( bash 만 있고 다른 명령어는 없음. ) =======> ls 복사 하기 <======= # ldd /bin/ls librt.so.1 => /lib/tls/librt.so.1 (0x00724000) libacl.so.1 => /lib/libacl.so.1 (0x00a31000) libselinux.so.1 => /lib/libselinux.so.1 (0x00714000) libc.so.6 => /lib/tls/libc.so.6 (0x005a5000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x0076c000) /lib/ld-linux.so.2 (0x0058b000) libattr.so.1 => /lib/libattr.so.1 (0x0099b000) #ls -l /lib/librt.so.1 lrwxrwxrwx 1 root root 14 4월 25 2010 /lib/librt.so.1 -> librt-2.3.4.so # cp -a /lib/tls/librt.so.1 lib # cp -a /lib/tls/librt-2.3.4.so lib # ls -l /lib/libacl.so.1 lrwxrwxrwx 1 root root 15 4월 25 2010 /lib/libacl.so.1 -> libacl.so.1.1.0 # cp -a /lib/libacl.so.1 lib # cp -a /lib/libacl.so.1.1.0 lib # ll /lib/libselinux.so.1 -rwxr-xr-x 1 root root 56336 11월 17 2007 /lib/libselinux.so.1 # cp -a /lib/libselinux.so.1 lib # ls -l /lib/tls/libpthread.so.0 # cp -a /lib/tls/libpthread.so.0 lib # cp -a /lib/tls/libpthread-2.3.4.so lib # cp -a /bin/ls bin # mkdir tls # cd tls # ls -l /lib/tls/libc* -rwxr-xr-x 1 root root 1548044 4월 19 2010 /lib/tls/libc-2.3.4.so lrwxrwxrwx 1 root root 13 4월 25 2010 /lib/tls/libc.so.6 -> libc-2.3.4.so # cp -a /lib/tls/libc* . # # ssh sshtest@localhost
'Linux > 기타' 카테고리의 다른 글
| ssh터널링 (0) | 2015.06.19 |
|---|---|
| NFS & SAMBA (0) | 2015.06.18 |
| rsync + ssh + 공개키 + crond 를 이용한 백업시스템 구축하기 (0) | 2015.06.17 |
| 공개키 인증방식으로 접속 (0) | 2015.06.17 |
| ssh란? (0) | 2015.06.17 |