OpenWrtへのssh接続でrootログインを不許可とする

OpenWrt

OpenWrtへのssh接続でrootログインを不許可とし、公開鍵認証を行う。これらをluCiを使わずにコマンドで実行する。

公開鍵の送付

公開鍵をOpenWrt機器へ送付する。

> ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.0.2.42
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/foo/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.0.2.42's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.0.2.42'"
and check to make sure that only the key(s) you wanted were added.

>

公開鍵は /etc/dropbear/authorized_keys に格納される

OpenWrtでのsshサーバ設定

確認

root@openwrt:/etc/config# cat dropbear
config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'on'
        option Port         '22'
#       option BannerFile   '/etc/banner'

root@openwrt:/etc/config# uci show dropbear
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='on'
dropbear.@dropbear[0].Port='22'
root@openwrt:/etc/config# 

設定

root@openwrt:/etc/config# uci set dropbear.@dropbear[0].RootPasswordAuth='off'
root@openwrt:/etc/config# uci commit dropbear
root@openwrt:/etc/config# 

sshdの再起動

root@openwrt:/etc/config# /etc/init.d/dropbear reload
root@openwrt:/etc/config#

再度確認

root@openwrt:/etc/config# cat dropbear

config dropbear
        option PasswordAuth 'on'
        option RootPasswordAuth 'off'
        option Port '22'

root@openwrt:/etc/config# uci show dropbear
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='off'
dropbear.@dropbear[0].Port='22'
root@openwrt:/etc/config# 

コメント

タイトルとURLをコピーしました