Last active
April 2, 2021 05:34
-
-
Save naoaki011/64392d312de9fe3c39023232fe707bac to your computer and use it in GitHub Desktop.
lsyncd で使う同期用ユーザの作成
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#転送元でユーザを作成し、鍵を固める | |
groupadd syncuser | |
useradd -g syncuser syncuser | |
passwd -d syncuser | |
vi /etc/sudoers.d/suncuser | |
syncuser ALL=(ALL) NOPASSWD:ALL | |
su syncuser | |
cd | |
mkdir .ssh | |
chmod 700 .ssh | |
cd .ssh | |
ssh-keygen -t rsa -b 4096 | |
cp -a id_rsa syncuser.pem | |
cp -a id_rsa.pub authorized_keys | |
exit | |
tar -zcvf sshkey.tar.gz /home/syncuser/.ssh | |
#固めたファイルを転送先に送り、転送先でユーザを作成する | |
groupadd syncuser | |
useradd -g syncuser syncuser | |
passwd -d syncuser | |
vi /etc/sudoers.d/suncuser | |
syncuser ALL=(ALL) NOPASSWD:ALL | |
mv sshkey.tar.gz /home/syncuser | |
cd /home/syncuser | |
tar -zxvf sshkey.tar.gz | |
mv home/syncuser/.ssh ./ | |
rm -rf home | |
#サーバーの sshd 設定を確認し、必要な場合は変更する | |
##AllowUsers指定があるか確認し、あった場合は syncuser@<CMSのIP> を追加する | |
cat /etc/ssh/sshd_config | grep AllowUsers | |
##以下の設定が違っていないか確認 | |
cat /etc/ssh/sshd_config | grep RSAAuthentication | |
> RSAAuthentication yes | |
cat /etc/ssh/sshd_config | grep PubkeyAuthentication | |
> PubkeyAuthentication yes | |
cat /etc/ssh/sshd_config | grep AuthorizedKeysFile | |
> AuthorizedKeysFile .ssh/authorized_keys | |
##確認の結果違っていた場合は下記の形で違う箇所のみ追加する | |
Match User syncuser | |
RSAAuthentication yes | |
PubkeyAuthentication yes | |
AuthorizedKeysFile .ssh/authorized_keys | |
#変更した場合は以下を実施 | |
systemctl restart sshd | |
#よりセキュリティに配慮する場合 | |
Match User syncuser Address <<同期元のローカルIPアドレス>> | |
RSAAuthentication yes | |
PubkeyAuthentication yes | |
AuthorizedKeysFile .ssh/authorized_keys |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment