{"id":1492,"date":"2021-06-27T19:00:41","date_gmt":"2021-06-27T18:00:41","guid":{"rendered":"http:\/\/ve2cuy.com\/420-3c3\/?page_id=1492"},"modified":"2024-03-18T15:36:21","modified_gmt":"2024-03-18T15:36:21","slug":"configuration-et-utilisation-de-ssh","status":"publish","type":"page","link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/configuration-et-utilisation-de-ssh\/","title":{"rendered":"Configuration et utilisation de ssh"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><span style=\"color: #808000;\">Contenu<\/span><\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img loading=\"lazy\" decoding=\"async\" width=\"220\" height=\"189\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/220px-Puffy_mascot_openbsd.gif\" alt=\"\" class=\"wp-image-1500\"\/><\/figure><\/div>\n\n\n\n<p><strong><span style=\"color: #ff9900;\"><\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><span style=\"color: #ff9900;\">Acc\u00e8s \u00e0 distance;&nbsp;<\/span><\/strong>telnet,&nbsp;ssh<\/li><li><strong><span style=\"color: #666699;\">Le protocole SSH<br><\/span><\/strong>&#8211; Historique, openSSH, openSSH-server<\/li><li><span style=\"color: #008000;\"><strong>Gestion des cl\u00e9s<br><\/strong><span style=\"color: #000000;\">&#8211; la commande <strong><span style=\"color: #808080;\"><em>ssh-keygen<\/em><\/span><\/strong><\/span><\/span><br>&#8211; cl\u00e9s <span style=\"color: #800080;\">publique\/priv\u00e9e<\/span><br>&#8211; le dossier &nbsp;<strong><span style=\"color: #339966;\">~\/.ssh<\/span><\/strong><br>&#8211; le fichier <strong><span style=\"color: #993366;\">~\/.ssh\/<\/span><\/strong><span style=\"color: #008000;\"><span style=\"color: #008000;\"><strong><span style=\"color: #993366;\">authorized_keys<\/span><br><\/strong><span style=\"color: #ff6600;\">&#8211; Installer une cl\u00e9 \u00e0 distance: <strong><em>ssh-copy-id<\/em><\/strong><\/span><\/span><\/span><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1 &#8211; Historique<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"SSH History with Tatu Ylonen\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/OHBdKM7s5V4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>R\u00e9f\u00e9rence:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"http:\/\/www.openssh.com\/history.html\">http:\/\/www.openssh.com\/history.html<\/a><\/li><li><a href=\"https:\/\/www.ssh.com\/academy\/ssh\">https:\/\/www.ssh.com\/academy\/ssh<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2 &#8211; Gestion des cl\u00e9s<\/h2>\n\n\n\n<p><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.1 &#8211; <\/span><\/strong>G\u00e9n\u00e9rer une paire de cl\u00e9s priv\u00e9e\/publique, utilisation de la commande <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">ssh-keygen<\/span><\/strong>\u00a0<\/p>\n\n\n\n<p>\u00c9tat du dossier de l&rsquo;utilisateur avant de g\u00e9n\u00e9rer la paire:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\n# Avant de g\u00e9n\u00e9rer la paire, pas de dossier .ssh\nalain@srv-test-02:~$ ssh-keygen\nGenerating public\/private rsa key pair.\nEnter file in which to save the key (\/home\/alain\/.ssh\/id_rsa):\nCreated directory '\/home\/alain\/.ssh'.\n# 'Enter' sans passphrase\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\n# R\u00e9sultat:\nYour identification has been saved in \/home\/alain\/.ssh\/id_rsa\nYour public key has been saved in \/home\/alain\/.ssh\/id_rsa.pub\nThe key fingerprint is:\nSHA256:h3cUCymb5knNH1sMlhnlSzqIaE7PNbAeAQBmTfEUBY4 alain@srv-test-02\nThe key's randomart image is:\n+---&#91;RSA 3072]----+\n|  +++o=+. ..o=.  |\n| o  .= .. ..=+   |\n|    E o o* .ooo  |\n|       .=*oo.oo. |\n|      ++S.*.++.  |\n|     + +o= oo.   |\n|      . +        |\n|                 |\n|                 |\n+----&#91;SHA256]-----+\n$ ls .ssh\nalain@srv-test-02:~$ ls -l .ssh\/\ntotal 8\n-rw------- 1 alain alain 2602 Sep  3 20:14 id_rsa\n-rw-r--r-- 1 alain alain  571 Sep  3 20:14 id_rsa.pub\n$\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Il est possible de g\u00e9n\u00e9rer diff\u00e9rents formats de cl\u00e9s:<\/p><p>$ ssh-keygen -t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa<\/p><p>Voir: https:\/\/goteleport.com\/blog\/comparing-ssh-keys\/<\/p><\/blockquote>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Voici comment g\u00e9n\u00e9rer une cl\u00e9 de type EdDSA:\n\n$ ssh-keygen -t ed25519 -C \"Identification unique de la clef\"\n\n# Voici comment g\u00e9n\u00e9rer une cl\u00e9 de type RSA de 4096 bits:\n$ ssh-keygen -b 4096\n<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>La longueur par d\u00e9faut de la cl\u00e9 pour RSA est&nbsp;<strong>2048 bits<\/strong>, <strong>1024 bits<\/strong> pour DSA et <strong>256 bits<\/strong> pour ECDSA.<\/p>\n\n\n\n<p>Note: Le &lsquo;Passphrase&rsquo; permet de prot\u00e9ger la cl\u00e9 priv\u00e9e avec un mot de passe.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p> <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.2 &#8211; <\/span><\/strong>Copier la cl\u00e9 publique vers un autre syst\u00e8me, la commande <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">ssh-copy-id<\/span><\/strong>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>alain@srv-test-02:~$ ssh-copy-id vagrant@192.168.56.102\n\n\n\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: \"\/home\/alain\/.ssh\/id_rsa.pub\"\nThe authenticity of host '192.168.56.102 (192.168.56.102)' can't be established.\nECDSA key fingerprint is SHA256:ORFd\/GQxcF82h6O1BeWSJKlyE1J8VSw4SVERuFbKSA4.\nAre you sure you want to continue connecting (yes\/no\/&#91;fingerprint])?\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\nvagrant@192.168.56.102's password:\n\n# Note: S'il y a plusieurs cl\u00e9s de disponibles il faut alors utiliser \n# le param\u00e8tre -i nom_de_la_cle\n$ ssh-copy-id -i id_rsa vagrant@192.168.56.102\n<\/code><\/pre>\n\n\n\n<p>Il sera maintenant possible d&rsquo;ouvrir une session ssh \u00e0 partir de ce nouveau syst\u00e8me sans avoir \u00e0 fournir de mot de passe.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.3 &#8211;<\/span><\/strong> Utilisation de la cl\u00e9 pour ouvrir une session ssh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Note: aucun mot de passe ne sera demand\u00e9:\nalain@srv-test-02:~\/.ssh$ ssh vagrant@192.168.56.102\nWelcome to Ubuntu 20.04.2 LTS (GNU\/Linux 5.4.0-81-generic x86_64)\n\n# Il n'est plus n\u00e9cessaire de fournir un nom de login, il est dans la cl\u00e9:\n\n$ ssh 192.168.56.102<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.4 &#8211; <\/span><\/strong>D\u00e9sactiver d&rsquo;acc\u00e8s ssh par mot de passe sur le serveur srv02:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\"># Fichier: \/etc\/ssh\/sshd_config\n# To disable tunneled clear text passwords, change to no here!\n# --&gt; Pour d\u00e9sactiver l'acc\u00e8s ssh par mot de passe,\n# placer la ligne suivante en commentaire ou bien, remplacer le 'yes' par 'no'\n#PasswordAuthentication yes\nPasswordAuthentication no\n# placer la ligne suivante en commentaire ou bien, remplacer le 'yes' par 'no'\nChallengeResponseAuthentication no\n<\/pre>\n\n\n\n<p><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.5 &#8211; <\/span><\/strong>Red\u00e9marrer le service sshd:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\">sudo systemctl restart sshd<\/pre>\n\n\n\n<p><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">2.6 &#8211; <\/span><\/strong>Tester la connexion ssh avec un autre compte:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>alain@srv-test-02:~$ ssh toto@192.168.56.102\ntoto@192.168.56.102: Permission denied (publickey).\n<\/code><\/pre>\n\n\n\n<p>Note: srv02 n&rsquo;est plus accessible en session ssh avec mot de passe.  Il faut absolument poss\u00e9der la cl\u00e9 priv\u00e9 pour ouvrir une connexion ssh.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3 &#8211; Le fichier <em><span class=\"has-inline-color has-vivid-red-color\">~\/.ssh\/config<\/span><\/em>, configuration pour ssh<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Au besoin, cr\u00e9er le dossier ~\/.ssh\nmkdir -p ~\/.ssh &amp;&amp; chmod 700 ~\/.ssh\n\n# Cr\u00e9er le fichier de configuration ssh\ntouch ~\/.ssh\/config\n\n# Ajuster les droits d'acc\u00e8s (seul l'utilisateur doit y avoir acc\u00e8s)\nchmod 600 ~\/.ssh\/config\n\n# \u00c9diter le fichier ~\/.ssh\/config\nnano ~\/.ssh\/config\n# ---------------------------------------\n# Host nomHost\nHost srv02\n# Host srv*\n    HostName 192.168.56.102\n    User vagrant\n    Port 22\n# Param \u00e0 utiliser si plus d'une cl\u00e9 priv\u00e9e:\n#   IdentityFile ~\/.ssh\/uneCle.key\n# Renseigner les options du journal de connexion (\/var\/log\/auth.log)\n# https:\/\/en.wikibooks.org\/wiki\/OpenSSH\/Logging_and_Troubleshooting\n#   LogLevel INFO\n# Compresser le stream (pour les liens lents)\n#   Compression yes\n# ---------------------------------------\n# Tester:\n~$ ssh srv02\n# Pour surcharger des options du fichier config:\n$ ssh -o \"User=root\" srv02\n# Pour annuler toutes les options du fichier config:\n$ ssh -F \/dev\/null srv02\n# ----------------------------------------\n# Verbaliser une connexion ssh:\n$ ssh -v srv02\n<\/code><\/pre>\n\n\n\n<p>Ordre de lecture des options de connexion ssh:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Ligne de commande<\/li><li>~\/.ssh\/config<\/li><li>\/etc\/ssh\/ssh_config<\/li><\/ol>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4 &#8211; Publier une cl\u00e9 publique sur gitHub<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"943\" height=\"696\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.05.48.png\" alt=\"\" class=\"wp-image-1497\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.05.48.png 943w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.05.48-300x221.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.05.48-768x567.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"has-text-align-left wp-block-heading\">5 &#8211; Importation de la cl\u00e9.pub lors de l&rsquo;installation d&rsquo;un serveur Ubuntu<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"801\" height=\"269\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.02.45.png\" alt=\"\" class=\"wp-image-1498\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.02.45.png 801w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.02.45-300x101.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.02.45-768x258.png 768w\" sizes=\"auto, (max-width: 801px) 100vw, 801px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"409\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.10.28.png\" alt=\"\" class=\"wp-image-1496\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.10.28.png 800w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.10.28-300x153.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.10.28-768x393.png 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"441\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.11.44-1024x441.png\" alt=\"\" class=\"wp-image-1495\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.11.44-1024x441.png 1024w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.11.44-300x129.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.11.44-768x331.png 768w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/06\/Capture-decran-le-2021-06-27-a-14.11.44.png 1265w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Permette au compte &lsquo;root&rsquo; un acc\u00e8s ssh (tr\u00e8s mauvaise id\u00e9e ?)<\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\"># Fichier: \/etc\/ssh\/sshd_config\nPermitRootLogin yes\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Utilisation d&rsquo;une cl\u00e9 avec une VM de cloud.google<\/h2>\n\n\n\n<p>La cl\u00e9 pour \u00eatre associ\u00e9e \u00e0 une VM lors de la cr\u00e9ation de cette derni\u00e8re:<\/p>\n\n\n\n<p>Note: Il faut cr\u00e9er la cl\u00e9 avec le param\u00e8tre &lsquo;-C votre_compte_google&rsquo;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"910\" height=\"693\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/11\/cloud.google.vm_.cle_.publique.gif\" alt=\"\" class=\"wp-image-1855\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Se connecter \u00e0 la VM via ssh en utilisant la cl\u00e9 priv\u00e9e<\/h2>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ssh -i ~\/.ssh\/id_rsa_pour_google_cloud_projet_test adresse_ip_publique_de_la_VM<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Contenu Acc\u00e8s \u00e0 distance;&nbsp;telnet,&nbsp;ssh Le protocole SSH&#8211; Historique, openSSH, openSSH-server Gestion des cl\u00e9s&#8211; la commande ssh-keygen&#8211; cl\u00e9s publique\/priv\u00e9e&#8211; le dossier &nbsp;~\/.ssh&#8211; le fichier ~\/.ssh\/authorized_keys&#8211; Installer une cl\u00e9 \u00e0 distance: ssh-copy-id 1 &#8211; Historique R\u00e9f\u00e9rence: http:\/\/www.openssh.com\/history.html https:\/\/www.ssh.com\/academy\/ssh 2 &#8211; Gestion des cl\u00e9s 2.1 &#8211; G\u00e9n\u00e9rer une paire de cl\u00e9s priv\u00e9e\/publique, utilisation de la commande ssh-keygen\u00a0 \u00c9tat [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1492","page","type-page","status-publish","hentry"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"Alain","author_link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/author\/alain\/"},"uagb_comment_info":0,"uagb_excerpt":"Contenu Acc\u00e8s \u00e0 distance;&nbsp;telnet,&nbsp;ssh Le protocole SSH&#8211; Historique, openSSH, openSSH-server Gestion des cl\u00e9s&#8211; la commande ssh-keygen&#8211; cl\u00e9s publique\/priv\u00e9e&#8211; le dossier &nbsp;~\/.ssh&#8211; le fichier ~\/.ssh\/authorized_keys&#8211; Installer une cl\u00e9 \u00e0 distance: ssh-copy-id 1 &#8211; Historique R\u00e9f\u00e9rence: http:\/\/www.openssh.com\/history.html https:\/\/www.ssh.com\/academy\/ssh 2 &#8211; Gestion des cl\u00e9s 2.1 &#8211; G\u00e9n\u00e9rer une paire de cl\u00e9s priv\u00e9e\/publique, utilisation de la commande ssh-keygen\u00a0 \u00c9tat&hellip;","_links":{"self":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/1492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/comments?post=1492"}],"version-history":[{"count":7,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/1492\/revisions"}],"predecessor-version":[{"id":2296,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/1492\/revisions\/2296"}],"wp:attachment":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/media?parent=1492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}