passwd: all authentication tokens updated successfully.
[root@hostname ~]# useradd nori
[root@hostname ~]# passwd nori
Changing password for user nori.
New password: [パスワード]
Retype new password: [パスワード]
passwd: all authentication tokens updated successfully.
[root@hostname ~]# useradd nori
[root@hostname ~]# passwd nori
Changing password for user nori.
New password: [パスワード]
Retype new password: [パスワード]
passwd: all authentication tokens updated successfully.
root化可能ユーザーの限定
作成したユーザのみがrootになれるように設定する。
まず、wheelグループに作成したユーザを追加する。
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
[root@hostname ~]# usermod -aG wheel nori
[root@hostname ~]# usermod -aG wheel nori
[root@hostname ~]# usermod -aG wheel nori
wheelグループに属するユーザのみがrootになれるように設定を変更する。
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
[root@hostname ~]# vi /etc/pam.d/su
[root@hostname ~]# vi /etc/pam.d/su
[root@hostname ~]# vi /etc/pam.d/su
次の行をアンコメントする。
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
他の一般ユーザを作り、sudoが不可能か試してみる。
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
[root@hostname ~]# su abc
[abc@hostname root]$ sudo ls
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for abc:
abc is not in the sudoers file. This incident will be reported.
[root@hostname ~]# su abc
[abc@hostname root]$ sudo ls
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for abc:
abc is not in the sudoers file. This incident will be reported.
[root@hostname ~]# su abc
[abc@hostname root]$ sudo ls
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for abc:
abc is not in the sudoers file. This incident will be reported.
[nori@hostname root]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nori/.ssh/id_rsa):
/home/nori/.ssh/id_rsa already exists.
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/nori/.ssh/id_rsa
Your public key has been saved in /home/nori/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX nori@hostname
The key's randomart image is:
+---[RSA 3072]----+
:
+----[SHA256]-----+
[nori@hostname root]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nori/.ssh/id_rsa):
/home/nori/.ssh/id_rsa already exists.
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/nori/.ssh/id_rsa
Your public key has been saved in /home/nori/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX nori@hostname
The key's randomart image is:
+---[RSA 3072]----+
:
+----[SHA256]-----+
秘密鍵(id_rsa)と公開鍵(id_rsa.pub)ができたことを確認。
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
[nori@hostname root]$ ls ~/.ssh/
id_rsa.pub id_rsa
[nori@hostname root]$ ls ~/.ssh/
id_rsa.pub id_rsa
[nori@hostname root]$ ls ~/.ssh/
id_rsa.pub id_rsa
user@MacBookPro ~ % ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /Users/user/.ssh/id_rsa
Your public key has been saved in /Users/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX user@MacBookPro.local
The key's randomart image is:
+---[RSA 3072]----+
:
+----[SHA256]-----+
user@MacBookPro ~ % ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /Users/user/.ssh/id_rsa
Your public key has been saved in /Users/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX user@MacBookPro.local
The key's randomart image is:
+---[RSA 3072]----+
:
+----[SHA256]-----+
/usr/bin/ssh-copy-id: INFO: Source ofkey(s) to be installed: "/Users/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the newkey(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1key(s) remain to be installed -- if you are prompted now it is to install the new keys
nori@servername.example.com's password: [パスワード]
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'nori@servername.example.com'"
and check to make sure that only the key(s) you wanted were added.
user@MacBookPro ~ % ssh-copy-id -i ~/.ssh/id_rsa nori@servername.example.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
nori@servername.example.com's password: [パスワード]
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'nori@servername.example.com'"
and check to make sure that only the key(s) you wanted were added.
user@MacBookPro ~ % ssh-copy-id -i ~/.ssh/id_rsa nori@servername.example.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
nori@servername.example.com's password: [パスワード]
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'nori@servername.example.com'"
and check to make sure that only the key(s) you wanted were added.