svn commit: r51044 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Thu Oct 5 12:11:33 UTC 2017
Author: ryusuke
Date: Thu Oct 5 12:11:32 2017
New Revision: 51044
URL: https://svnweb.freebsd.org/changeset/doc/51044
Log:
- Merge the following from the English version:
r24771 -> r25140 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Wed Oct 4 20:17:56 2017 (r51043)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Oct 5 12:11:32 2017 (r51044)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r24771
+ Original revision: r25140
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -2615,7 +2615,7 @@ kerberos_stash="YES"</programlisting>
_kerberos._tcp IN SRV 01 00 88 kerberos.example.org.
_kpasswd._udp IN SRV 01 00 464 kerberos.example.org.
_kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org.
-_kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
+_kerberos IN TXT EXAMPLE.ORG</programlisting></note>
<note>
<para>¥¯¥é¥¤¥¢¥ó¥È¤¬¡¢
@@ -4616,8 +4616,11 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<secondary>͸ú²½</secondary>
</indexterm>
- <para><filename>rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ë
- °Ê²¼¤Î¹Ô¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
+ <para><application>sshd</application> ¥Ç¡¼¥â¥ó¤Ï¡¢
+ &os; 4.X ¤ª¤è¤Ó &os; 5.X ¤Ë¤ª¤¤¤Æ¥Ç¥Õ¥©¥ë¥È¤Ç͸ú¤Ç¤¹¡£
+ &os; 5.X ¤Ç¤Ï¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë̵¸ú¤Ë¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
+ ͸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤«¤É¤¦¤«¤ò³Îǧ¤¹¤ë¤Ë¤Ï¡¢
+ <filename>rc.conf</filename> ¥Õ¥¡¥¤¥ë¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
<screen>sshd_enable="YES"</screen>
@@ -4659,7 +4662,8 @@ user at example.com's password: <userinput>*******</useri
¤ËÊݸ¤µ¤ì¤Þ¤¹¡£</para>
<para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢<application>OpenSSH</application>
- ¥µ¡¼¥Ð¤Ï SSH v2 ¤Î¤ß¤ÎÀܳ¤ò¼õ¤±ÉÕ¤±¤ë¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¥µ¡¼¥Ð¤Ï¤ÎºÇ¶á¤ÎÈÇ¤Ç¤Ï SSH v2
+ ¤Î¤ß¤ÎÀܳ¤ò¼õ¤±ÉÕ¤±¤ë¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
¥¯¥é¥¤¥¢¥ó¥È¤Ï¥Ð¡¼¥¸¥ç¥ó 1 ¤ª¤è¤Ó 2 ¤Î¤É¤Á¤é¤«¤òÁªÂò¤Ç¤¤Þ¤¹¡£
¥Ð¡¼¥¸¥ç¥ó 2 ¤Ï¡¢µì¥Ð¡¼¥¸¥ç¥ó¤è¤ê¤â·ø¸Ç¤Ç°ÂÁ´¤Ç¤¹¡£</para>
@@ -4721,60 +4725,103 @@ COPYRIGHT 100% |***************************
¤Ë¤è¤ê¡¢¾ÜºÙ¤ÊÀßÄ꤬¹Ô¤¨¤Þ¤¹¡£</para>
</sect2>
- <sect2>
+ <sect2 xml:id="security-ssh-keygen">
<title>ssh-keygen</title>
<para>¥Ñ¥¹¥ï¡¼¥É¤ÎÂå¤ï¤ê¤Ë &man.ssh-keygen.1;
- ¤ò»È¤Ã¤Æ¥æ¡¼¥¶¤Îǧ¾ÚÍѤΠRSA °Å¹æ¸°¤òºî¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+ ¤ò»È¤Ã¤Æ¥æ¡¼¥¶¤Îǧ¾ÚÍѤΠDSA ¤Þ¤¿¤Ï
+ RSA °Å¹æ¸°¤òºî¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
- <screen>&prompt.user; <userinput>ssh-keygen -t <replaceable>rsa1</replaceable></userinput>
-Initializing random number generator...
-Generating p: .++ (distance 66)
-Generating q: ..............................++ (distance 498)
-Computing the keys...
-Key generation complete.
-Enter file in which to save the key (/home/user/.ssh/identity):
-Enter passphrase:
-Enter the same passphrase again:
-Your identification has been saved in /home/user/.ssh/identity.
-...</screen>
+ <screen>&prompt.user; <userinput>ssh-keygen -t <replaceable>dsa</replaceable></userinput>
+Generating public/private dsa key pair.
+Enter file in which to save the key (/home/user/.ssh/id_dsa):
+Created directory '/home/user/.ssh'.
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/user/.ssh/id_dsa.
+Your public key has been saved in /home/user/.ssh/id_dsa.pub.
+The key fingerprint is:
+bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user at host.example.com
+</screen>
<para>&man.ssh-keygen.1; ¤Ïǧ¾Ú¤Ë»È¤¦°Ù¤Î¸ø³«¸°¤ÈÈëÌ©¸°¤Î¥Ú¥¢¤òºî¤ê¤Þ¤¹¡£
- ÈëÌ©¸°¤Ï <filename>~/.ssh/identity</filename> ¤ËÊݸ¤µ¤ì¡¢
- ¸ø³«¸°¤Ï <filename>~/.ssh/identity.pub</filename> ¤ËÊݸ¤µ¤ì¤Þ¤¹¡£
- ¸ø³«¸°¤Ï¥ê¥â¡¼¥È¥Þ¥·¥ó¤Î <filename>~/.ssh/authorized_keys</filename>
- ¤Ë¤âÃÖ¤«¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
+ DSA ¤Þ¤¿¤Ï RSA ¸°¤Ë±þ¤¸¤Æ¡¢
+ ÈëÌ©¸°¤Ï <filename>~/.ssh/id_dsa</filename> ¤Þ¤¿¤Ï
+ <filename>~/.ssh/id_rsa</filename> ¤ËÊݸ¤µ¤ì¡¢
+ ¸ø³«¸°¤Ï <filename>~/.ssh/id_dsa.pub</filename> ¤Þ¤¿¤Ï
+ <filename>~/.ssh/id_rsa.pub</filename> ¤Ë¤½¤ì¤¾¤ìÊݸ¤µ¤ì¤Þ¤¹¡£
+ ¸ø³«¸°¤Ï¥»¥Ã¥È¥¢¥Ã¥×¤Î¤¿¤á¤Ë¡¢
+ ¥ê¥â¡¼¥È¥Þ¥·¥ó¤Î <filename>~/.ssh/authorized_keys</filename>
+ ¤Ë¤âÃÖ¤«¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£RSA ¥Ð¡¼¥¸¥ç¥ó 1
+ ¤Î¸ø³«¸°¤âƱÍͤ˥ê¥â¡¼¥È¥Þ¥·¥ó¤Î
+ <filename>~/.ssh/authorized_keys</filename>
+ Æâ¤ËÃÖ¤«¤ì¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
<para>¤³¤ì¤Ç¥Ñ¥¹¥ï¡¼¥É¤ÎÂå¤ï¤ê
- RSA ǧ¾Ú¤ò»È¤Ã¤Æ¥ê¥â¡¼¥È¥Þ¥·¥ó¤ËÀܳ¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤Ï¤º¤Ç¤¹¡£</para>
+ SSH ¸°¤ò»È¤Ã¤Æ¥ê¥â¡¼¥È¥Þ¥·¥ó¤ËÀܳ¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤Ï¤º¤Ç¤¹¡£</para>
- <note><para>The <option>-t rsa1</option> ¥ª¥×¥·¥ç¥ó¤Ï¡¢
- SSH ¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó 1 ¤ÇÍѤ¤¤é¤ì¤ë RSA ¸°¤òÀ¸À®¤·¤Þ¤¹¡£
- SSH ¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó 2 ¤ÇÍѤ¤¤é¤ì¤ë RSA ¸°¤òÀ¸À®¤¹¤ë¤Ë¤Ï¡¢
- <command>ssh-keygen -t rsa</command> ¤ò¼Â¹Ô¤·¤Æ¤¯¤À¤µ¤¤¡£</para></note>
-
<para>&man.ssh-keygen.1; ¤Ç¥Ñ¥¹¥Õ¥ì¡¼¥º¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
- ¥æ¡¼¥¶¤ÏÈëÌ©¸°¤ò»È¤¦¤¿¤á¤ËËè²ó¥Ñ¥¹¥Õ¥ì¡¼¥º¤ÎÆþÎϤò¹Ô¤Ê¤¦É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ ÈëÌ©¸°¤ò»È¤¦¤¿¤á¤Ë¥æ¡¼¥¶¤ÏËè²ó¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ Ť¤¥Ñ¥¹¥Õ¥ì¡¼¥º¤òËè²óÆþÎϤ·¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤Ééô¤Ï¡¢
+ &man.ssh-agent.1; ¤ò»È¤¦¤È·Ú¸º¤Ç¤¤Þ¤¹¡£
+ ¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ °Ê²¼¤Î <xref linkend="security-ssh-agent"/>
+ ¤ÎÀá¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <para>Ʊ¤¸ÌÜŪ¤Ç¡¢<command>ssh-keygen -t dsa</command>
- ¥³¥Þ¥ó¥É¤ò»È¤Ã¤Æ SSH ¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó 2 ¤Î
- DSA ¸°¤òÀ¸À®¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
- ¤³¤ì¤Ï¡¢SSH ¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó 2 ¥»¥Ã¥·¥ç¥óÀìÍѤΠDSA ¸ø³«/ÈëÌ©¸°¤òÀ¸À®¤·¤Þ¤¹¡£
- ¸ø³«¸°¤Ï <filename>~/.ssh/id_dsa.pub</filename>
- ¤ËÊݸ¤µ¤ì¡¢ÈëÌ©¸°¤Ï <filename>~/.ssh/id_dsa</filename>
- ¤ËÃÖ¤«¤ì¤Þ¤¹¡£</para>
-
- <para>DSA ¸ø³«¸°¤Ë¤Ä¤¤¤Æ¤âƱÍͤ˥ê¥â¡¼¥È¥Þ¥·¥ó¤Î
- <filename>~/.ssh/authorized_keys</filename>
- Æâ¤Ë¤ª¤¤Þ¤¹¡£</para>
-
- <para>&man.ssh-agent.1; ¤È &man.ssh-add.1; ¤Ï
- Ê£¿ô¤Î¥Ñ¥¹¥ï¡¼¥É²½¤µ¤ì¤¿ÈëÌ©¸°¤Î´ÉÍý¤Ë»È¤ï¤ì¤Þ¤¹¡£</para>
-
<warning><para>¥·¥¹¥Æ¥à¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë
<application>OpenSSH</application> ¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢
¥ª¥×¥·¥ç¥ó¤ä¥Õ¥¡¥¤¥ë¤Ë°ã¤¤¤¬½Ð¤Æ¤¯¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
- &man.ssh-keygen.1; ¤ò»²¾È¤·¤Æ¡¢ÌäÂ꤬µ¯¤³¤ë¤³¤È¤òÈò¤±¤Æ¤¯¤À¤µ¤¤¡£</para></warning>
+ &man.ssh-keygen.1; ¤ò»²¾È¤·¤Æ¡¢
+ ÌäÂ꤬µ¯¤³¤ë¤³¤È¤òÈò¤±¤Æ¤¯¤À¤µ¤¤¡£</para></warning>
+ </sect2>
+
+ <sect2 xml:id="security-ssh-agent">
+ <title>ssh-agent ¤ª¤è¤Ó ssh-add</title>
+
+ <para>&man.ssh-agent.1; ¤ª¤è¤Ó &man.ssh-add.1; ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ï¡¢
+ ¥Ñ¥¹¥Õ¥ì¡¼¥º¤òËè²óÆþÎϤ¹¤ë¤³¤È¤Ê¤·¤Ë¡¢
+ <application>SSH</application>
+ ¸°¤òÍøÍѤǤ¤ë¤è¤¦¤Ë¥á¥â¥ê¤ËÆɤ߹þ¤àÊýË¡¤òÄ󶡤·¤Þ¤¹¡£</para>
+
+ <para>&man.ssh-agent.1; ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ï¡¢
+ Æɤ߹þ¤Þ¤ì¤¿ÈëÌ©¸°¤Ë¤è¤ëǧ¾Ú¤ò¼è¤ê°·¤¤¤Þ¤¹¡£
+ &man.ssh-agent.1;
+ ¤Ï¾¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Îµ¯Æ°¤ËÍѤ¤¤é¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ´ðËÜŪ¤Ê¥ì¥Ù¥ë¤Ç¤Ï¥·¥§¥ë¤òµ¯Æ°¤·¡¢
+ ¤è¤ê¹âÅ٤ʥì¥Ù¥ë¤Ç¤Ï¡¢¥¦¥£¥ó¥É¥¦¥Þ¥Í¡¼¥¸¥ã¤âµ¯Æ°¤·¤Þ¤¹¡£</para>
+
+ <para>¥·¥§¥ë¾å¤Ç &man.ssh-agent.1; ¤ò»È¤¦¤Ë¤Ï¡¢
+ ¤Þ¤º°ú¿ô¤È¤·¤Æ¥·¥§¥ë¤òµ¯Æ°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¼¡¤Ë¡¢&man.ssh-add.1; ¤ò¼Â¹Ô¤·¡¢
+ ÈëÌ©¸°¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎϤ¹¤ë¤³¤È¤Ë¤è¤ê¡¢
+ ¸°¤òÄɲ乤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ °ìÅÙ¤³¤Î²áÄø¤ò½ª¤¨¤Æ¤·¤Þ¤¨¤Ð¡¢¥æ¡¼¥¶¤Ï¡¢
+ Âбþ¤¹¤ë¸ø³«¸°¤¬ÃÖ¤«¤ì¤Æ¤¤¤ë¥Û¥¹¥È¤Ë &man.ssh.1;
+ ¤Ç¥í¥°¥¤¥ó¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+ °Ê²¼¤Ï¤½¤ÎÎã¤Ç¤¹¡£</para>
+
+ <screen>&prompt.user; ssh-agent <replaceable>csh</replaceable>
+&prompt.user; ssh-add
+Enter passphrase for /home/user/.ssh/id_dsa:
+Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)
+&prompt.user;</screen>
+
+ <para>X11 ¾å¤Ç &man.ssh-agent.1; ¤ò»È¤¦¤Ë¤Ï¡¢
+ &man.ssh-agent.1; ¤Ø¤Î¸Æ¤Ó½Ð¤·¤¬
+ <filename>~/.xinitrc</filename> ¤ËÃÖ¤«¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ë¤è¤ê¡¢X11 ¾å¤Çµ¯Æ°¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¥×¥í¥°¥é¥à¤Ë¤ª¤¤¤Æ¡¢
+ &man.ssh-agent.1; ¥µ¡¼¥Ó¥¹¤¬Ä󶡤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+ <filename>~/.xinitrc</filename>
+ ¥Õ¥¡¥¤¥ë¤ÎÎã¤Ï°Ê²¼¤È¤Ê¤ê¤Þ¤¹¡£</para>
+
+ <programlisting>exec ssh-agent <replaceable>startxfce4</replaceable></programlisting>
+
+ <para>¤³¤ì¤Ç¡¢X11 ¤ò³«»Ï¤¹¤ë¤È¤¤Ë¤Ï¤¤¤Ä¤Ç¤â
+ &man.ssh-agent.1; ¤¬µ¯Æ°¤µ¤ì¡¢
+ ¤³¤Î¥×¥í¥°¥é¥à¤«¤é <application>XFCE</application> ¤¬µ¯Æ°¤µ¤ì¤Þ¤¹¡£
+ °ìÅÙ¤³¤ÎÀßÄê¤ò¹Ô¤¤¡¢X11 ¤òºÆµ¯Æ°¤·¤¿¸å¤Ï͸ú¤Ë¤Ê¤ê¤Þ¤¹¤Î¤Ç¡¢
+ &man.ssh-add.1; ¤ò°ú¿ô¤Ê¤·¤Ë¼Â¹Ô¤·¡¢
+ ¤¹¤Ù¤Æ¤Î SSH ¸°¤òÆɤ߹þ¤Þ¤»¤Æ¤¯¤À¤µ¤¤¡£</para>
</sect2>
<sect2 xml:id="security-ssh-tunneling">
More information about the svn-doc-head
mailing list