{"id":1492,"date":"2021-06-27T19:00:41","date_gmt":"2021-06-27T18:00:41","guid":{"rendered":"http:\/\/ve2cuy.com\/420-3c3\/?page_id=1492"},"modified":"2024-03-18T16:43:46","modified_gmt":"2024-03-18T15:43:46","slug":"configuration-et-utilisation-de-ssh","status":"publish","type":"page","link":"https:\/\/ve2cuy.com\/420-3c3\/?page_id=1492","title":{"rendered":"Configuration et utilisation de ssh"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><span style=\"color: #808000;\">Contenu<\/span><\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft\"><img decoding=\"async\" loading=\"lazy\" width=\"220\" height=\"189\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/220px-Puffy_mascot_openbsd.gif\" alt=\"\" class=\"wp-image-1500\"\/><\/figure><\/div>\n\n\n<p><strong><span style=\"color: #ff9900;\"><\/span><\/strong><\/p>\n\n\n\n<ul>\n<li><strong><span style=\"color: #ff9900;\">Acc\u00e8s \u00e0 distance;&nbsp;<\/span><\/strong>telnet,&nbsp;ssh<\/li>\n\n\n\n<li><strong><span style=\"color: #666699;\">Le protocole SSH<br><\/span><\/strong>&#8211; Historique, openSSH, openSSH-server<\/li>\n\n\n\n<li><span style=\"color: #008000;\"><strong>Gestion des cl\u00e9s<br><\/strong><span style=\"color: #000000;\">&#8211; la commande <strong><span style=\"color: #808080;\"><em>ssh-keygen<\/em><\/span><\/strong><\/span><\/span><br>&#8211; cl\u00e9s <span style=\"color: #800080;\">publique\/priv\u00e9e<\/span><br>&#8211; le dossier &nbsp;<strong><span style=\"color: #339966;\">~\/.ssh<\/span><\/strong><br>&#8211; le fichier <strong><span style=\"color: #993366;\">~\/.ssh\/<\/span><\/strong><span style=\"color: #008000;\"><span style=\"color: #008000;\"><strong><span style=\"color: #993366;\">authorized_keys<\/span><br><\/strong><span style=\"color: #ff6600;\">&#8211; Installer une cl\u00e9 \u00e0 distance: <strong><em>ssh-copy-id<\/em><\/strong><\/span><\/span><\/span><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1 &#8211; Historique<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"SSH History with Tatu Ylonen\" width=\"700\" height=\"394\" src=\"https:\/\/www.youtube.com\/embed\/OHBdKM7s5V4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>R\u00e9f\u00e9rence:<\/p>\n\n\n\n<ul>\n<li><a href=\"http:\/\/www.openssh.com\/history.html\">http:\/\/www.openssh.com\/history.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.ssh.com\/academy\/ssh\">https:\/\/www.ssh.com\/academy\/ssh<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2 &#8211; Gestion des cl\u00e9s<\/h2>\n\n\n\n<p>2.1 &#8211; G\u00e9n\u00e9rer une paire de cl\u00e9s priv\u00e9e\/publique, utilisation de la commande ssh-keygen&nbsp;<\/p>\n\n\n\n<p>\u00c9tat du dossier de l&rsquo;utilisateur avant de g\u00e9n\u00e9rer la paire:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\n# Avant de g\u00e9n\u00e9rer la paire, pas de dossier .ssh\n\nalain@srv-test-02:~$ ssh-keygen\nGenerating public\/private rsa key pair.\nEnter file in which to save the key (\/home\/alain\/.ssh\/id_rsa): \n\nCreated directory '\/home\/alain\/.ssh'.\n# 'Enter' sans passphrase\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again: \n\n# R\u00e9sultat:\n\nYour identification has been saved in \/home\/alain\/.ssh\/id_rsa\nYour public key has been saved in \/home\/alain\/.ssh\/id_rsa.pub\nThe key fingerprint is:\nSHA256:h3cUCymb5knNH1sMlhnlSzqIaE7PNbAeAQBmTfEUBY4 alain@srv-test-02\nThe key's randomart image is:\n+---&#91;RSA 3072]----+\n|  +++o=+. ..o=.  |\n| o  .= .. ..=+   |\n|    E o o* .ooo  |\n|       .=*oo.oo. |\n|      ++S.*.++.  |\n|     + +o= oo.   |\n|      . +        |\n|                 |\n|                 |\n+----&#91;SHA256]-----+\n\n$ ls .ssh\n\nalain@srv-test-02:~$ ls -l .ssh\/\ntotal 8\n-rw------- 1 alain alain 2602 Sep  3 20:14 id_rsa\n-rw-r--r-- 1 alain alain  571 Sep  3 20:14 id_rsa.pub\n\n$\n\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Il est possible de g\u00e9n\u00e9rer diff\u00e9rents formats de cl\u00e9s:<\/p>\n\n\n\n<p>$ ssh-keygen -t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa<\/p>\n\n\n\n<p>Voir: https:\/\/goteleport.com\/blog\/comparing-ssh-keys\/<\/p>\n<\/blockquote>\n\n\n\n<p>Passphrase permet de prot\u00e9ger la cl\u00e9 priv\u00e9e avec un mot de passe.<\/p>\n\n\n\n<p> 2.2 &#8211; Copier la cl\u00e9 publique vers un autre syst\u00e8me, la commande ssh-copy-id:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>alain@srv-test-02:~$ ssh-copy-id alain@192.168.56.100\n\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: \"\/home\/alain\/.ssh\/id_rsa.pub\"\nThe authenticity of host '192.168.56.100 (192.168.56.100)' can't be established.\nECDSA key fingerprint is SHA256:ORFd\/GQxcF82h6O1BeWSJKlyE1J8VSw4SVERuFbKSA4.\nAre you sure you want to continue connecting (yes\/no\/&#91;fingerprint])? \n\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\nalain@192.168.56.100's password: \n\n\n\n<\/code><\/pre>\n\n\n\n<p>Il sera maintenant possible d&rsquo;ouvrir une session ssh \u00e0 partir de ce nouveau syst\u00e8me sans avoir \u00e0 fournir de mot de passe.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>2.3 &#8211; Utilisation de la cl\u00e9 pour ouvrir une session ssh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Note: aucun mot de passe ne sera demand\u00e9:\nalain@srv-test-02:~\/.ssh$ ssh alain@192.168.56.100\nWelcome to Ubuntu 20.04.2 LTS (GNU\/Linux 5.4.0-81-generic x86_64)<\/code><\/pre>\n\n\n\n<p>2.4 &#8211; D\u00e9sactiver d&rsquo;acc\u00e8s ssh par mot de passe sur le serveur srv02:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\"># Fichier: \/etc\/ssh\/sshd_config\n# To disable tunneled clear text passwords, change to no here!\n# --> Pour d\u00e9sactiver l'acc\u00e8s ssh par mot de passe, \n# Ajouter ou placer la ligne suivante en commentaire ou bien, remplacer le 'yes' par 'no'\n#PasswordAuthentication yes\nPasswordAuthentication no\n# NOTE: Selon la version d\u2019Ubuntu, il est possible que le param\u00e8tre soit dans un fichier (50-cloud-init.conf) dans le dossier sshd_confing.d.\n\n\n# Ajouter ou placer la ligne suivante en commentaire ou bien, remplacer le 'yes' par 'no'\nChallengeResponseAuthentication no\n<\/pre>\n\n\n\n<p>2.5 &#8211; Red\u00e9marrer le service sshd:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\">sudo systemctl restart sshd<\/pre>\n\n\n\n<p>2.6 &#8211; Tester la connexion ssh avec un autre compte:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>toto@srv-test-02:~$ ssh alain@192.168.56.100\nalain@192.168.56.100: Permission denied (publickey).\ntoto@srv-test-02:~$ \n<\/code><\/pre>\n\n\n\n<p>Note: srv02 n&rsquo;est plus accessible en session ssh avec mot de passe.  Il faut absolument poss\u00e9der la cl\u00e9 priv\u00e9 pour ouvrir une connexion ssh.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3 &#8211; Le fichier <em><span class=\"has-inline-color has-vivid-red-color\">~\/.ssh\/config<\/span><\/em>, configuration pour ssh<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Au besoin, cr\u00e9er le dossier ~\/.ssh\nmkdir -p ~\/.ssh &amp;&amp; chmod 700 ~\/.ssh\n\n# Cr\u00e9er le fichier de configuration ssh\ntouch ~\/.ssh\/config\n\n# Ajuster les droits d'acc\u00e8s (seul l'utilisateur doit y avoir acc\u00e8s)\nchmod 600 ~\/.ssh\/config\n\n# \u00c9diter le fichier ~\/.ssh\/config\nnano ~\/.ssh\/config\n\n# ---------------------------------------\n# Host nomHost\n\nHost srv02\n# Host srv*\n    HostName 192.168.56.100\n    User alain\n    Port 22\n\n# Param \u00e0 utiliser si plus d'une cl\u00e9 priv\u00e9e:\n#   IdentityFile ~\/.ssh\/uneCle.key\n\n# Renseigner les options du journal de connexion (\/var\/log\/auth.log)\n# https:\/\/en.wikibooks.org\/wiki\/OpenSSH\/Logging_and_Troubleshooting\n#   LogLevel INFO\n\n# Compresser le stream (pour les liens lents)\n#   Compression yes\n\n# ---------------------------------------\n\n# Tester:\n~$ ssh srv02\n\n\n# Pour surcharger des options du fichier config:\n$ ssh -o \"User=root\" srv02\n\n# Pour annuler toutes les options du fichier config:\n$ ssh -F \/dev\/null srv02\n\n# ----------------------------------------\n# Verbaliser une connexion ssh:\n$ ssh -v srv02\n<\/code><\/pre>\n\n\n\n<p>Ordre de lecture des options de connexion ssh:<\/p>\n\n\n\n<ol>\n<li>Ligne de commande<\/li>\n\n\n\n<li>~\/.ssh\/config<\/li>\n\n\n\n<li>\/etc\/ssh\/ssh_config<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4 &#8211; Publier une cl\u00e9 publique sur gitHub<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" loading=\"lazy\" width=\"943\" height=\"696\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.05.48.png\" alt=\"\" class=\"wp-image-1497\" srcset=\"https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.05.48.png 943w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.05.48-300x221.png 300w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.05.48-768x567.png 768w\" sizes=\"(max-width: 943px) 100vw, 943px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left\">5 &#8211; Importation de la cl\u00e9.pub lors de l&rsquo;installation d&rsquo;un serveur Ubuntu<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" loading=\"lazy\" width=\"801\" height=\"269\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.02.45.png\" alt=\"\" class=\"wp-image-1498\" srcset=\"https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.02.45.png 801w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.02.45-300x101.png 300w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.02.45-768x258.png 768w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" loading=\"lazy\" width=\"800\" height=\"409\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.10.28.png\" alt=\"\" class=\"wp-image-1496\" srcset=\"https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.10.28.png 800w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.10.28-300x153.png 300w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.10.28-768x393.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"441\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.11.44-1024x441.png\" alt=\"\" class=\"wp-image-1495\" srcset=\"https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.11.44-1024x441.png 1024w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.11.44-300x129.png 300w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.11.44-768x331.png 768w, https:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/06\/Capture-d\u2019\u00e9cran-le-2021-06-27-\u00e0-14.11.44.png 1265w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Permette au compte &lsquo;root&rsquo; un acc\u00e8s ssh (tr\u00e8s mauvaise id\u00e9e ?)<\/p>\n\n\n\n<pre class=\"wp-block-preformatted lang:default decode:true\"># Fichier: \/etc\/ssh\/sshd_config\nPermitRootLogin yes\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Utilisation d&rsquo;une cl\u00e9 avec une VM de cloud.google<\/h2>\n\n\n\n<p>La cl\u00e9 pour \u00eatre associ\u00e9e \u00e0 une VM lors de la cr\u00e9ation de cette derni\u00e8re:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"910\" height=\"693\" src=\"http:\/\/ve2cuy.com\/420-3c3\/wp-content\/uploads\/2021\/11\/cloud.google.vm_.cle_.publique.gif\" alt=\"\" class=\"wp-image-1855\"\/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Se connecter \u00e0 la VM via ssh en utilisant la cl\u00e9 priv\u00e9e<\/h2>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ssh -i ~\/.ssh\/id_rsa_pour_google_cloud_projet_test adresse_ip_publique_de_la_VM<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Contenu 1 &#8211; Historique R\u00e9f\u00e9rence: 2 &#8211; Gestion des cl\u00e9s 2.1 &#8211; G\u00e9n\u00e9rer une paire de cl\u00e9s priv\u00e9e\/publique, utilisation de la commande ssh-keygen&nbsp; \u00c9tat du dossier de l&rsquo;utilisateur avant de g\u00e9n\u00e9rer la paire: Il est possible de g\u00e9n\u00e9rer diff\u00e9rents formats de cl\u00e9s: $ ssh-keygen -t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"_links":{"self":[{"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/pages\/1492"}],"collection":[{"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1492"}],"version-history":[{"count":31,"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/pages\/1492\/revisions"}],"predecessor-version":[{"id":1996,"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=\/wp\/v2\/pages\/1492\/revisions\/1996"}],"wp:attachment":[{"href":"https:\/\/ve2cuy.com\/420-3c3\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}