はじめに
PowerShellでSSHアクセス
-
PowerShellの開始 (キー入力):
Win+x>a>はい
※Windows7以降標準搭載
ssh root@192.168.1.1
ssh root@192.168.1.1のショートカット作成(デスクトップ)
powershell
$DESKTOP = ([Environment]::GetFolderPath("Desktop") + "\192.168.1.1.lnk")
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("$DESKTOP")
$Shortcut.TargetPath = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$Shortcut.Arguments = '-windowstyle hidden -ExecutionPolicy RemoteSigned "Start-Process ssh root@192.168.1.1"'
$Shortcut.IconLocation = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe,0"
$Shortcut.WorkingDirectory = "."
$Shortcut.Save()
強制的に貼り付けyes
SSHログイン出来ない場合
known_hostsクリア
-
C:\Users\yourusername\.ssh\known_hosts※Windows隠しファイル
powershell
Clear-Content .ssh\known_hosts -Force
OpenSSHのインストール
※Windows 10 Fall Creators Update(1709)以降標準搭載
- 機能の確認
powershell
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
- 機能のインストール
powershell
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
シナリオ
OpenWRT ルーターの WANイーサネット ポート (通常は通常のイーサネットLANポートとして使用される)を使用して、 別の (サブ) LANを構成したいと考えています。
設定
# ステップ
# br-lan
uci set network.@device[0]=device
uci set network.@device[0].name='br-lan'
uci set network.@device[0].type='bridge'
uci set network.@device[0].ports='lan2' 'lan3' 'lan4'
# br-lan2
uci set network.@device[1]=device
uci set network.@device[1].type='bridge'
uci set network.@device[1].name='br-lan2'
uci set network.@device[1].bridge_empty='1'
uci set network.@device[1].ports='lan1'
# lan
uci set network.lan=interface
uci set network.lan.device='br-lan'
uci set network.lan.proto='static'
uci set network.lan.ipaddr='192.168.1.1'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.ip6assign='60'
# lan2
uci set network.lan2=interface
uci set network.lan2.proto='static'
uci set network.lan2.device='br-lan2'
uci set network.lan2.ipaddr='192.168.2.1'
uci set network.lan2.netmask='255.255.255.0'
uci set network.lan2.ip6assign='60'
# ファイアウォールの設定
# lan zoon
uci set firewall.@zone[0]=zone
uci set firewall.@zone[0].name='lan'
uci set firewall.@zone[0].input='ACCEPT'
uci set firewall.@zone[0].output='ACCEPT'
uci set firewall.@zone[0].forward='ACCEPT'
uci set firewall.@zone[0].network='lan'
# lan2 zoon
uci set firewall.@zone[1]=zone
uci set firewall.@zone[1].name='lan2'
uci set firewall.@zone[1].input='ACCEPT'
uci set firewall.@zone[1].output='ACCEPT'
uci set firewall.@zone[1].forward='ACCEPT'
uci set firewall.@zone[1].network='lan2'
# wan zoon
uci set firewall.@zone[2]=zone
uci set firewall.@zone[2].name='wan'
uci set firewall.@zone[2].input='REJECT'
uci set firewall.@zone[2].output='ACCEPT'
uci set firewall.@zone[2].forward='REJECT'
uci set firewall.@zone[2].masq='1'
uci set firewall.@zone[2].mtu_fix='1'
uci set firewall.@zone[2].network='wan' 'wan6'
# lan forward wan
uci set firewall.@forwarding[0]=forwarding
uci set firewall.@forwarding[0].src='lan'
uci set firewall.@forwarding[0].dest='wan'
# lan2 forward wan
uci set firewall.@forwarding[1]=forwarding
uci set firewall.@forwarding[1].src='lan2'
uci set firewall.@forwarding[1].dest='wan'
# lan forward lan2
# uci set firewall.@forwarding[2]=forwarding
# uci set firewall.@forwarding[2].src='lan'
# uci set firewall.@forwarding[2].dest='lan2'
# Allow-IPSec-ESP2
uci set firewall.@rule[9]=rule
uci set firewall.@rule[9].name='Allow-IPSec-ESP2'
uci set firewall.@rule[9].target='ACCEPT'
uci set firewall.@rule[9].proto='esp'
uci set firewall.@rule[9].src='wan'
uci set firewall.@rule[9].dest='lan2'
# Allow-ISAKMP2
uci set firewall.@rule[10]=rule
uci set firewall.@rule[10].name='Allow-ISAKMP2'
uci set firewall.@rule[10].proto='udp'
uci set firewall.@rule[10].src='wan'
uci set firewall.@rule[10].dest='lan2'
uci set firewall.@rule[10].target='ACCEPT'
uci set firewall.@rule[10].dest_port='500'
# set
uci commit network
uci commit firewall
/etc/init.d/network restart
/etc/init.d/firewall restart