diff options
| author | Stefan Kangas <skangas@skangas.se> | 2011-02-26 21:55:32 +0100 |
|---|---|---|
| committer | Stefan Kangas <skangas@skangas.se> | 2011-02-26 21:55:32 +0100 |
| commit | f4d72000dc239b5f90ff067716ba9de38f5d0af0 (patch) | |
| tree | a14d00e63774fec2f78cb3e0673feb9c6414e836 /fripost-docs.org | |
| parent | 9905b82fd0a8ea4e97ccf5bcdfc5eeaef9b8841b (diff) | |
Slightly improve tunnel instructions.
Diffstat (limited to 'fripost-docs.org')
| -rw-r--r-- | fripost-docs.org | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index c9ed888..bd47baa 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -289,7 +289,7 @@ smarthost = the server receiving email from the internet (configured as MX) Begin by setting a few environment variables: - TUNNEL_KEY="my_tunnel_key" + TUNNEL_KEY_FILE="my_tunnel_key" TUNNEL_USER="tunneluser" TUNNEL_HOME="/home/$TUNNEL_USER" DEST_PORT="25" @@ -299,8 +299,8 @@ smarthost = the server receiving email from the internet (configured as MX) 1. Create a key on the originating host: - sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY - sudo cat /root/.ssh/$TUNNEL_KEY.pub + sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE + sudo cat /root/.ssh/$TUNNEL_KEY_FILE.pub **** Prepare destination @@ -322,7 +322,7 @@ smarthost = the server receiving email from the internet (configured as MX) THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" - sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh + sudo -u $TUNNEL_USER mkdir -p $TUNNEL_HOME/.ssh echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh/authorized_keys2 @@ -330,7 +330,7 @@ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh 4. Test the key on the originating host: - sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com + sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com 5. Configure openbsd-inetd on the originating host: @@ -339,10 +339,11 @@ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh sudo aptitude install openbsd-inetd - - /etc/inetd.conf -:HIDDEN: -127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/tunnel_key smtptunnel@example.com -:END: +:: /etc/inetd.conf + + 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE smtptunnel@example.com + + sudo /etc/init.d/openbsd-inetd restart You should now be able to connect through the tunnel from the originating |