Import translated manuals from JM CVS Repository.

[linuxjm/jm.git] / manual / mirrordir / draft / man1 / secure-mcserv.1

.\" (c) 1998 by James R. Van Zandt <jrv@vanzandt.mv.com>    -*- nroff -*-
.\"
.\" Japanese Version Copyright (c) 2003 NAKANO Takeo all rights reserved.
.\" Translated Wed 29 Jan 2003 by NAKANO Takeo <nakano@apm.seikei.ac.jp>
.\"
.TH mirrordir 1 "1998 November 8" "Linux"
.\"O .SH NAME secure-mcserv
.SH ̾Á°
.\"O secure-mcserv \- secure server for encrypted login, file transfer and socket forwarding.
secure-mcserv \- °Å¹æ²½¥í¥°¥¤¥ó¡¦¥Õ¥¡¥¤¥ëžÁ÷¡¦¥½¥±¥Ã¥È¥Õ¥©¥ï¡¼¥ÉÍѤΰÂÁ´¤Ê¥µ¡¼¥Ð
.\"O .SH SYNOPSIS
.SH ½ñ¼°
.BI secure-mcserv " \fR[\fPoptions\fR] [\fP" -p " portnum\fR]\fP"
.\"O .SH DESCRIPTION
.SH ÀâÌÀ
.\"O .PP
.\"O \fBsecure-mcserv\fP is a server for the Midnight Commander (network)
.\"O filesystem (mcfs) of the Midnight Commander vfs (virtual file system).
.\"O It is part of the \fBmirrordir\fP package. In can operate as a
.\"O substitute to the Midnight Commander's native \fBmcserv\fP daemon,
.\"O although It has several extensions for use with \fBmirrordir\fP.
.B secure-mcserv
¤Ï Midnight Commander vfs (¥Ð¡¼¥Á¥ã¥ë¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à) ¤Î
Midnight Commander (¥Í¥Ã¥È¥ï¡¼¥¯) ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à (mcfs) ¥µ¡¼¥Ð¤Ç¤¢¤ë¡£
.B secure-mcserv
¤Ï
.B mirrordir
¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¡£Midnight Commander ¤Î¥Í¥¤¥Æ¥£¥Ö¤Ê
.B mcserv
¥Ç¡¼¥â¥ó¤ÎÂå¤ï¤ê¤ËÆ°ºî¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¡¢
.B mirrordir
¸þ¤±¤Ë¤¤¤¯¤Ä¤«¤Î³ÈÄ¥¤¬¤Ê¤µ¤ì¤Æ¤¤¤ë¡£
.TP
.\"O \fBsecurity and compression\fP
.B ¥»¥­¥å¥ê¥Æ¥£¤È°µ½Ì
.\"O This is not so much a feature of \fBsecure-mcserv\fP as of the
.\"O transparent secure TCP layer implemented for the whole of
.\"O \fBmirrordir\fP. This layer can operate in normal mode, compressed
.\"O (gzipped) mode, encrypted mode, or compressed and encrypted mode. The
.\"O mode of connection is autodetected from magic numbers at the head of the
.\"O TCP stream. The Midnight Commander can use \fBsecure-mcserv\fP instead
.\"O of its native \fBmcserv\fP. See the \fB-z\fP, \fB--secure\fP and
.\"O \fB-K\fP options of \fBmirrordir\fP(1).
¤³¤ì¤Ï
.B secure-mcserv
¤Îµ¡Ç½¤È¤¤¤¦¤è¤ê¤â¡¢
.B mirrordir
Á´ÂΤËÂФ·¤Æ¼ÂÁõ¤µ¤ì¤¿¡¢Æ©²áŪ¤«¤Ä°ÂÁ´¤Ê TCP ÁؤǤ¢¤ë¡£
¤³¤ÎÁؤϡ¢Ä̾ï¥â¡¼¥É¡¢°µ½Ì (gzipped) ¥â¡¼¥É¡¢°Å¹æ²½¥â¡¼¥É¡¢
°µ½Ì+°Å¹æ²½¥â¡¼¥É¤ÇÆ°ºî¤Ç¤­¤ë¡£
Àܳ¤Î¥â¡¼¥É¤Ï TCP ¥¹¥È¥ê¡¼¥àÀèƬ¤Î¥Þ¥¸¥Ã¥¯¥Ê¥ó¥Ð¡¼¤Ë¤è¤Ã¤Æ¼«Æ°¸¡ÃΤµ¤ì¤ë¡£
Midnight Commander ¤Ï
.B secure-mcserv
¤ò¡¢¼«¤é¤Î¥Í¥¤¥Æ¥£¥Ö¤Ê¥µ¡¼¥Ð¤Ç¤¢¤ë
.B mcserv
¤ÎÂå¤ï¤ê¤ËÍøÍѤǤ­¤ë¡£
.BR mirrordir (1)
¤Î
.BR -z ,
.BR --secure ,
.B -K
³Æ¥ª¥×¥·¥ç¥ó¤ò¸«¤è¡£
.TP
.\"O \fBDenying access from specific hosts\fP
.B ÆÃÄê¤Î¥Û¥¹¥È¤«¤é¤Î¥¢¥¯¥»¥¹¤ÎµñÈÝ
.RS
.\"O You can add to your \fI/etc/hosts.allow\fP file lines like the following:
.I /etc/hosts.allow
¥Õ¥¡¥¤¥ë¤Ë°Ê²¼¤Î¤è¤¦¤Ê¹Ô¤òÄɲ乤롣
.PP
.nf
    secure-mcserv:  <source-ip-address> : ALLOW
    secure-mcserv:  212.89.128.0/255.255.255.0 : ALLOW
    secure-mcserv:  ALL : DENY
.fi
.PP
.\"O (This feature was submitted to me by Juergen Kammer <j.kammer@eurodata.de>
.\"O who claims it works.)
(¤³¤Îµ¡Ç½¤Ï Juergen Kammer <j.kammer@eurodata.de>
¤«¤é´ó¤»¤é¤ì¤Þ¤·¤¿¡£Èà¤Î¤È¤³¤í¤Ç¤ÏÆ°ºî¤·¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¡£)
.RE
.TP
.\"O \fBlogins\fP
.B ¥í¥°¥¤¥ó
.\"O You can securely login to \fBsecure-mcserv\fP with \fBpslogin\fP which
.\"O comes with the \fBmirrordir\fP distribution. This is analogous to
.\"O \fBrlogin\fP(1) working with \fBrlogind\fP(1). See the
.\"O \fB--login-mode\fP option of \fBmirrordir\fP(1).
.B mirrordir
¤ÎÇÛÉۤ˴ޤޤì¤ë
.B pslogin
¤òÍѤ¤¤ë¤È¡¢°ÂÁ´¤Ë
.B secure-mcserv
¤ËÂФ¹¤ë¥í¥°¥¤¥ó¤¬¤Ç¤­¤ë¡£
¤³¤ì¤Ï
.BR rlogin (1)
¤¬
.BR rlogind (8)
¤ËÂФ·¤ÆÆ°ºî¤¹¤ë¤Î¤ÈƱÍͤǤ¢¤ë¡£
.BR mirrordir (1)
¤Î
.B --login-mode
¥ª¥×¥·¥ç¥ó¤ò¸«¤è¡£
.TP
.\"O \fBTCP socket forwarding\fP
.B TCP ¥½¥±¥Ã¥È¤Î¥Õ¥©¥ï¡¼¥É
.\"O Using the \fBforward\fP(1) command of the \fBmirrordir\fP distribution,
.\"O you can forward arbitrary TCP socket connections over a secure and/or
.\"O compressed TCP channel. This is very useful for making encrypted
.\"O services out of ordinary services. \fBforward\fP(1) has an examples
.\"O section.
.B mirrordir
¤ÎÇÛÉۤ˴ޤޤì¤ë
.BR forward (1)
¥³¥Þ¥ó¥É¤òÍѤ¤¤ë¤È¡¢Ç¤°Õ¤Î TCP ¥½¥±¥Ã¥ÈÀܳ¤ò
°ÂÁ´¤Þ¤¿¤Ï°µ½Ì (¤¢¤ë¤¤¤Ï¤½¤ÎξÊý¤Î) TCP ¥Á¥ã¥Í¥ë¤Ë¥Õ¥©¥ï¡¼¥É¤Ç¤­¤ë¡£
¤³¤ì¤ÏÄ̾ï¤Î¥µ¡¼¥Ó¥¹¤ò°Å¹æ²½¥µ¡¼¥Ó¥¹¤Ë¤Ç¤­¡¢¤È¤Æ¤âÊØÍø¤Ç¤¢¤ë¡£
.BR forward (1)
¤ËÎ㤬¤¢¤ë¡£
.\"O .SH OPTIONS
.SH ¥ª¥×¥·¥ç¥ó
.TP 
\fB-d\fP
.\"O Become a daemon (set -q). This option will almost always be used.
.\"O Alternative \fB-d\fP can be omitted and \fB-v\fP (see below) set to
.\"O debug failed connections.
¥Ç¡¼¥â¥ó¤Ë¤Ê¤ë (Ʊ»þ¤Ë -q ¤âÀßÄꤵ¤ì¤ë)¡£
Ä̾ï¤Ï¾ï¤Ë¤³¤Î¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ë¤³¤È¤Ë¤Ê¤ë¤À¤í¤¦¡£
¤³¤ì°Ê³°¤È¤·¤Æ¤Ï¡¢
.B -d
¤ò»ØÄꤻ¤º¤Ë
.B -v
(¸å½Ò) ¤ò»ØÄꤷ¤Æ¡¢¼ºÇÔ¤·¤¿Àܳ¤ò¥Ç¥Ð¥Ã¥°¤¹¤ë¾ì¹ç¤¬¤¢¤êÆÀ¤ë¤À¤í¤¦¡£
.TP
\fB-q\fP
.\"O Quiet mode. This is the default.
²ÉÌۥ⡼¥É¡£¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë¡£
.TP
\fB-f\fP
.\"O Try ftp authentication if normal authentication fails.
Ä̾ï¤Îǧ¾Ú¤¬¼ºÇÔ¤·¤¿¤È¤­¤Ë ftp ǧ¾Ú¤ò»î¤ß¤ë¡£
.TP
\fB-v\fP
.\"O Verbose mode. Print out various debugging information.
ñÁÀå¥â¡¼¥É¡£ÍÍ¡¹¤Ê¥Ç¥Ð¥Ã¥°¾ðÊó¤òɽ¼¨¤¹¤ë¡£
.TP 
\fB-p\fP \fIport\fP
.\"O Specify a port number to listen to. The default is 9876.
ÂÔ¤Á¼õ¤±¤ë¥Ý¡¼¥ÈÈÖ¹æ¤ò»ØÄꤹ¤ë¡£¥Ç¥Õ¥©¥ë¥È¤Ï 9876¡£
.TP
\fB-s\fP \fIserver\fP\fB[\fP\fI:port\fP\fB]\fP
.RS
.\"O Specify a password server to use. The password server is
.\"O just another machine running \fBsecure-mcserv\fP albeit 
.\"O without the \fB-s\fP option.
ÍøÍѤ¹¤ë¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤ò»ØÄꤹ¤ë¡£
¤³¤Î¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤È¤Ï¡¢Ã±¤Ë¾¤Î¥Þ¥·¥ó¤Ç
.B -s
¥ª¥×¥·¥ç¥ó̵¤·¤ÇÆ°ºî¤·¤Æ¤¤¤ë
.B secure-mcserv
¤Î¤³¤È¤Ç¤¢¤ë¡£

.\"O This is a very useful option if you have lots of machines that a
.\"O group of users have to be able to log into. Create accounts for
.\"O all these users on each machine and disable them by editing
.\"O their password fields to \fB*\fP in \fB/etc/password\fP (or
.\"O \fB/etc/shadow\fP).
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¤¿¤¯¤µ¤ó¤Î¥Þ¥·¥ó¤òÍѤ¤¤Æ¤ª¤ê¡¢
¤½¤ì¤é¤ËÂФ·¤Æ°ì·²¤Î¥æ¡¼¥¶Ã£¤¬¥í¥°¥¤¥ó¤¹¤ë¤è¤¦¤Ê¾ì¹ç¤Ë¤È¤Æ¤âÊØÍø¤Ç¤¢¤ë¡£
¤³¤ì¤é¤Î¥æ¡¼¥¶Á´°÷¤ËÂФ¹¤ë¥¢¥«¥¦¥ó¥È¤ò³Æ¥Þ¥·¥ó¤Ë¤Ä¤¯¤ê¡¢
.B /etc/password
(¤¢¤ë¤¤¤Ï
.BR /etc/shadow )
¤òÊÔ½¸¤·¤Æ¥Ñ¥¹¥ï¡¼¥É¥Õ¥£¡¼¥ë¥É¤ò
\fB*\fP ¤Ë¤·¤Æ¥¢¥«¥¦¥ó¥È¤ò̵¸ú¤Ë¤·¤Æ¤ª¤¯¡£

.\"O Select one machine as your password server (say it is called
.\"O \fBpasserv.my.doma.in\fP). This machine will contain proper
.\"O password fields in \fB/etc/password\fP. On this machine run
.\"O \fBsecure-mcserv -d\fP as usual. On all other machines, run
.\"O \fBsecure-mcserv -d -s passerv.my.doma.in\fP
¤Ò¤È¤Ä¤Î¥Þ¥·¥ó¤ò¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤È¤·¤ÆÁªÂò¤¹¤ë (¤³¤Î¥Þ¥·¥ó¤ò²¾¤Ë
.B passerv.my.doma.in
¤È¤·¤è¤¦)¡£¤³¤Î¥Þ¥·¥ó¤Î
.B /etc/password
¤Î¥Ñ¥¹¥ï¡¼¥É¥Õ¥£¡¼¥ë¥É¤Ë¤Ï¡¢Àµ¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÆþ¤ì¤Æ¤ª¤¯¡£
¤³¤Î¥Þ¥·¥ó¤Ç¡¢Ä̾ï¤Î¤è¤¦¤Ë
.B secure-mcserv -d
¤òµ¯Æ°¤¹¤ë¡£Â¾¤ÎÁ´¤Æ¤Î¥Þ¥·¥ó¤Ç¤Ï¡¢
.B secure-mcserv -d -s passerv.my.doma.in
¤òµ¯Æ°¤¹¤ë¡£

.\"O Because all intermediate connections use the same encrypted TCP
.\"O stream, and are all equally secure, you can use this method even
.\"O if \fBpasserv.my.doma.in\fP is across the open internet. In fact
.\"O the very method to authenticate against the password server is
.\"O to check the exit status of the command:
¤³¤ì¤é¤Î´Ö¤ÎÀܳ¤Ï¡¢Á´¤ÆÅù¤·¤¯°Å¹æ²½¤µ¤ì¤¿ TCP ¥¹¥È¥ê¡¼¥à¤È¤Ê¤ë¤Î¤Ç¡¢
¤³¤ì¤é¤Ï¤¹¤Ù¤ÆƱ¤¸¤è¤¦¤Ë°ÂÁ´¤Ç¤¢¤ë¡£¤³¤ÎÊýË¡¤Ï
.B passerv.my.doma.in
¤¬¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Î¸þ¤³¤¦¤Ë¤¢¤ë¤è¤¦¤Ê¾ì¹ç¤Ë¤Ç¤âÍøÍѤǤ­¤ë¡£
¼ÂºÝ¡¢¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤ËÂФ¹¤ëǧ¾Ú¤Ï¡¢
°Ê²¼¤Î¥³¥Þ¥ó¥É¤Î½ªÎ»¥¹¥Æ¡¼¥¿¥¹¤ò¸«¤ë¤³¤È¤Ë¤è¤Ã¤Æ¹Ô¤Ê¤ï¤ì¤Æ¤¤¤ë¡£
.br
.nf
\fBpslogin\fP \fIuser\fP\fB@passerv.my.doma.in --test-login --read-password-from-stdin\fP
.fi
.PP
.\"O I also see no reason why you cannot use cascading password
.\"O servers, although there is no advantage to doing this.
¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤Î¥«¥¹¥±¡¼¥É¤òÍøÍѤ¹¤ë¤³¤È¤âÉÔ²Äǽ¤Ç¤Ï̵¤¤¤Ï¤º¤À¡£
¤³¤¦¤¹¤ë¤³¤È¤Ë¤Ï²¿¤ÎÍøÅÀ¤â̵¤¤¤±¤ì¤É¡£

.\"O Each authentication takes the same time to execute, so using a
.\"O password server takes twice as long as a normal login, because
.\"O of the second connection it has to make to the password server.
.\"O Cascades will take that much time extra for each successive
.\"O password server.
¤½¤ì¤¾¤ì¤Îǧ¾Ú¤Ï¡¢¼Â¹Ô¤ËƱ¤¸»þ´Ö¤òɬÍפȤ¹¤ë¡£
¤è¤Ã¤Æ¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤òÍѤ¤¤ë¤È¡¢
2 ¤Ä¤á¤ÎÀܳ¤¬¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤Ë¤Ê¤µ¤ì¤ë¤¿¤á¡¢
Ä̾ï¤Î¥í¥°¥¤¥ó¤Î 2 Çܤλþ´Ö¤¬¤«¤«¤ë¡£
¥«¥¹¥±¡¼¥É¤Ë¤¹¤ë¤È¡¢³Æ¥Ñ¥¹¥ï¡¼¥É¥µ¡¼¥Ð¤´¤È¤Ë¡¢
¤â¤Ã¤È;·×¤Ê»þ´Ö¤¬¤«¤«¤ë¡£
.RE
.\"O .SH BUGS
.SH ¥Ð¥°
.\"O Does not log to syslog.
syslog ¤Ë¥í¥°½ÐÎϤ·¤Ê¤¤¡£
.PP
.\"O Midnight Commander vfs has a bug that device files are always
.\"O major:minor of 0:0. This bug is fixed in this implementation.
.\"O Don't use the Midnight Commander to transfer device files. By
.\"O the time you read this, the latest Midnight Commander may have
.\"O had this fixed.
Midnight Commander vfs ¤Ë¤Ï¥Ð¥°¤¬¤¢¤ê¡¢
¥Ç¥Ð¥¤¥¹¥Õ¥¡¥¤¥ë¤Ï¾ï¤Ë ¥á¥¸¥ã¡¼ÈÖ¹æ:¥Þ¥¤¥Ê¡¼ÈÖ¹æ ¤¬ 0:0 ¤È¤Ê¤ë¡£
¤³¤Î¥Ð¥°¤Ï¡¢¤³¤Î¼ÂÁõ¤Ç¤Ï½¤Àµ¤µ¤ì¤Æ¤¤¤ë¡£
¥Ç¥Ð¥¤¥¹¥Õ¥¡¥¤¥ë¤ÎžÁ÷¤Ë Midnight Commander ¤òÍѤ¤¤Æ¤Ï¤¤¤±¤Ê¤¤¡£
¤¿¤À¤·¤³¤ì¤ò¤¢¤Ê¤¿¤¬Æɤó¤À»þÅÀ¤ÎºÇ¿·ÈǤΠMidnight Commander ¤Ç¤Ï¡¢
¤³¤ÎÌäÂê¤Ï½¤Àµ¤µ¤ì¤Æ¤¤¤ë¤«¤â¤·¤ì¤Ê¤¤¡£
.PP
.\"O The special escape characters for suspending an \fBrlogin\fP session are
.\"O not recognised. Hence programs like \fBscreen\fP (?) will not work. I
.\"O will add this functionality if users request it. Currently, ^Z etc. do
.\"O not have any effect.
.B rlogin
¥»¥Ã¥·¥ç¥ó¤ò¥µ¥¹¥Ú¥ó¥É¤¹¤ëÆüì¤Ê¥¨¥¹¥±¡¼¥×ʸ»ú¤Ïǧ¼±¤·¤Ê¤¤¡£
¤è¤Ã¤Æ
.B screen
(?) ¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¤ÏÆ°ºî¤·¤Ê¤¤¡£
¤â¤·¥æ¡¼¥¶¤«¤é¤ÎÍ×˾¤¬¤¢¤ì¤Ð¡¢¤³¤Îµ¡Ç½¤ÏÄɲ乤ë¤Ä¤â¤ê¤À¡£
¸½ºß¤Î¤È¤³¤í¡¢^Z ¤Ê¤É¤Ï¸úÎϤò»ý¤¿¤Ê¤¤¡£
.\"O .PP
.\"O .SH FILES
.SH ¥Õ¥¡¥¤¥ë
.\"O See \fBmirrordir\fP(1).
.BR mirrodir (1)
¤ò¸«¤è¡£
.\"O .PP
.\"O .SH STANDARDS
.SH ɸ½à
.\"O None. See \fBBUGS\fP.
¤Ê¤¤¡£
.B ¥Ð¥°
¤ò¸«¤è¡£
.\"O .PP
.\"O .SH AVAILABILITY
.SH Æþ¼êÊýË¡
.\"O The latest version of the program can be found at either
.\"O \fBftp://sunsite.unc.edu/pub/Linux/system/backup\fP, 
.\"O \fBftp://lava.obsidian.co.za/pub/linux/mirrordir\fP, or
.\"O \fBftp://obsidian.co.za/pub/linux/mirrordir\fP.
¤³¤Î¥×¥í¥°¥é¥à¤ÎºÇ¿·ÈǤϡ¢
\fBftp://metalab.unc.edu/pub/Linux/system/backup\fP,
\fBftp://lava.obsidian.co.za/pub/linux/mirrordir\fP,
\fBftp://obsidian.co.za/pub/linux/mirrordir\fP
¤Î¤¤¤º¤ì¤«¤«¤éÆþ¼ê¤Ç¤­¤ë¡£
.\"O .SH AUTHOR
.SH Ãø¼Ô
Paul Sheer  <psheer@obsidian.co.za>  <psheer@icon.co.za>
.\"O .SH "SEE ALSO"
.SH ´ØÏ¢¹àÌÜ
\fBmirrordir\fP(1), \fBssh\fP(1), \fBmcserv\fP(1), \fBmc\fP(1)