$ ssh root@133.242.129.64 The authenticity of host '133.242.129.64 (133.242.129.64)' can't be established. RSA key fingerprint is 3a:75:43:78:fc:bb:88:46:f6:07:d1:9c:24:d9:12:7f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '133.242.129.64' (RSA) to the list of known hosts. root@133.242.129.64's password: SAKURA Internet [Virtual Private Server SERVICE] [root@www1290ui ~]
# yum update Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile epel/metalink | 5.5 kB 00:00 * base: ftp.iij.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.iij.ad.jp * updates: centosx4.centos.org epel | 4.2 kB 00:00 epel/primary_db | 5.4 MB 00:00 Setting up Update Process No Packages marked for Update
# vim /etc/sysconfig/i18n LANG="ja_JP.UTF-8" SYSFONT="latarcyrheb-sun16" # exit logout Connection to 133.242.129.64 closed. $ ssh root@133.242.129.64 root@133.242.129.64's password: Last login: Thu Aug 8 22:33:28 2013 from 156227014222.ppp-oct.au-hikari.ne.jp SAKURA Internet [Virtual Private Server SERVICE] # date 2013年 8月 8日 木曜日 22:42:58 JST
# useradd yuji # passwd yuji ユーザー yuji のパスワードを変更。 新しいパスワード: 新しいパスワードを再入力してください: passwd: 全ての認証トークンが正しく更新できました。
# usermod -G wheel yuji # visudo
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
$ ssh yuji@133.242.129.64 yuji@133.242.129.64's password: SAKURA Internet [Virtual Private Server SERVICE] [yuji@www1290ui ~]$
[yuji@www1290ui ~]$ pwd /home/yuji $ mkdir ~/.ssh $ chmod 700 ~/.ssh
yuji-macbook:~ yujishimojo$ ssh-keygen -t rsa -v Generating public/private rsa key pair. Enter file in which to save the key (/Users/yujishimojo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/yujishimojo/.ssh/id_rsa. Your public key has been saved in /Users/yujishimojo/.ssh/id_rsa.pub. The key fingerprint is: dc:83:8e:21:58:b5:2b:16:46:1f:0f:3e:ff:e1:bb:ec yujishimojo@yuji-macbook.local The key's randomart image is: +--[ RSA 2048]----+ | . + | | . + = | | + = . | | + . = o | | . + o S + | | . o + o o | | . . o | | . . | | .E. | +-----------------+ $ ls -la .ssh total 32 drwx------ 5 yujishimojo staff 170 Aug 8 23:08 . drwx------+ 54 yujishimojo staff 1904 Aug 8 22:10 .. -rw------- 1 yujishimojo staff 1671 Aug 8 23:08 id_rsa -rw-r--r-- 1 yujishimojo staff 412 Aug 8 23:08 id_rsa.pub $ scp ~/.ssh/id_rsa.pub yuji@133.242.129.64:~/.ssh/authorized_keys yuji@133.242.129.64's password: id_rsa.pub 100% 412 0.4KB/s 00:00
$ ls -la .ssh 合計 12 drwx------ 2 yuji yuji 4096 8月 8 23:12 2013 . drwx------ 3 yuji yuji 4096 8月 8 23:05 2013 .. -rw------- 1 yuji yuji 412 8月 8 23:12 2013 authorized_keys
$ ssh -i ~/.ssh/id_rsa yuji@133.242.129.64 Last login: Thu Aug 8 22:56:50 2013 from 156227014222.ppp-oct.au-hikari.ne.jp SAKURA Internet [Virtual Private Server SERVICE]
[yuji@www1290ui ~]$ sudo -s We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for yuji: [root@www1290ui yuji]#
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.org
Port 61203
PasswordAuthentication no
PermitRootLogin no
# service sshd restart sshd を停止中: [ OK ] sshd を起動中: [ OK ]
$ ssh yuji@133.242.129.64 ssh: connect to host 133.242.129.64 port 22: Connection refused $ ssh -p 61203 yuji@133.242.129.64 Last login: Thu Aug 8 23:22:38 2013 from 156227014222.ppp-oct.au-hikari.ne.jp SAKURA Internet [Virtual Private Server SERVICE]
[root@www1290ui yuji]# vim /etc/sysconfig/iptables
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :SERVICES - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 4 -j ACCEPT -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp -m state --state NEW -j SERVICES -A INPUT -p udp --sport 53 -j ACCEPT -A INPUT -p udp --sport 123 --dport 123 -j ACCEPT -A SERVICES -p tcp --dport 61203 -j ACCEPT -A SERVICES -p tcp --dport 80 -j ACCEPT -A SERVICES -p tcp --dport 443 -j ACCEPT COMMIT
# service iptables start iptables: ファイアウォールルールを適用中: [ OK ]
# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 4 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED SERVICES tcp -- anywhere anywhere state NEW ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain SERVICES (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:61203 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https
# yum install httpd # chkconfig httpd on
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.org[root@www1290ui ~] # vim /etc/httpd/conf/httpd.conf
# service httpd configtest Syntax OK
# service httpd start httpd を起動中: [ OK ]
# vim /etc/httpd/conf/httpd.conf
# chown -R yuji:yuji /var/www/html/
# mkdir -p /var/www/dev.example.com/public_html/ # chown -R yuji:yuji /var/www/dev.example.com/public_html/
# vim /etc/httpd/conf.d/dev.example.com.conf
<VirtualHost *:80> ServerName dev.example.com DocumentRoot "/var/www/dev.example.com/public_html" DirectoryIndex index.html index.php ErrorLog /var/log/httpd/dev.example.com_error_log CustomLog /var/log/httpd/dev.example.com_access_log combined AddDefaultCharset UTF-8 <Directory "/var/www/dev.example.com/public_html"> AllowOverride All </Directory> </VirtualHost>
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
# service httpd configtest Syntax OK # service httpd restart httpd を停止中: [ OK ] httpd を起動中: [ OK ]
$ vim /var/www/dev.example.com/public_html/index.html
<html> hello from dev.example.com </html>
# yum install php php-devel php-mysql php-gd php-mbstring # php -v PHP 5.3.3 (cli) (built: Jul 12 2013 20:35:47)
# cp /etc/php.ini /etc/php.ini.org # vim /etc/php.ini
error_log = /var/log/php_errors.log
mbstring.language = Japanese mbstring.internal_encoding = UTF-8 mbstring.http_input = auto mbstring.detect_order = auto expose_php = Off date.timezone = Asia/Tokyo
# service httpd restart httpd を停止中: [ OK ] httpd を起動中: [ OK ]
# yum install mysql-server
# cp /etc/my.cnf /etc/my.cnf.org # vim /etc/my.cnf
character_set_server=utf8 default-storage-engine=InnoDB innodb_file_per_table [mysql] default-character-set=utf8 [mysqldump] default-character-set=utf8
# service mysqld start
# mysql_secure_installation ... Set root password? [Y/n] Y
New password: Re-enter new password: Password updated successfully! Reloading privilege tables..
... Success! ...
# chkconfig mysqld on
# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 11 Server version: 5.1.69 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> exit Bye