aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fripost-docs.org74
1 files changed, 37 insertions, 37 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index c9ed888..afff34a 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -64,9 +64,9 @@ cd /etc && sudo etckeeper init && sudo etckeeper commit "first commit"
** Uninstall a bunch of unnecessary packages
- sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \
- doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \
- openbsd-inetd portmap tasksel tasksel-data w3m
+sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \
+doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \
+openbsd-inetd portmap tasksel tasksel-data w3m
** Packages to install
*** Administrative
@@ -283,72 +283,72 @@ smarthost = the server receiving email from the internet (configured as MX)
*** Configuring an SSH tunnel between two hosts
- Definitions:
- originating host = the host that will be connecting
- destination host = the host that runs some service
+ Definitions:
+ originating host = the host that will be connecting
+ destination host = the host that runs some service
- Begin by setting a few environment variables:
+ Begin by setting a few environment variables:
- TUNNEL_KEY="my_tunnel_key"
- TUNNEL_USER="tunneluser"
- TUNNEL_HOME="/home/$TUNNEL_USER"
- DEST_PORT="25"
- ORIGIN_PORT="1917"
+ TUNNEL_KEY="my_tunnel_key"
+ TUNNEL_USER="tunneluser"
+ TUNNEL_HOME="/home/$TUNNEL_USER"
+ DEST_PORT="25"
+ ORIGIN_PORT="1917"
**** Prepare origin
- 1. Create a key on the originating host:
+1. Create a key on the originating host:
- sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY
- sudo cat /root/.ssh/$TUNNEL_KEY.pub
+ sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY
+ sudo cat /root/.ssh/$TUNNEL_KEY.pub
**** Prepare destination
- 2a. Install necessary software on the destination host:
+2a. Install necessary software on the destination host:
- sudo aptitude install netcat-openbsd
+ sudo aptitude install netcat-openbsd
- 2b. Create a new user on the destination host:
+2b. Create a new user on the destination host:
- sudo adduser --home=$TUNNEL_HOME --shell=`type rbash|cut -d' ' -f3` \
- --disabled-password $TUNNEL_USER
- echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile
+ sudo adduser --home=$TUNNEL_HOME --shell=`type rbash|cut -d' ' -f3` \
+ --disabled-password $TUNNEL_USER
+ echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile
- # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config.
+ # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config.
- # Note: We need bash, so we can not change the shell to something else.
+ # Note: We need bash, so we can not change the shell to something else.
- 2c. Add the public key from above to this user:
+2c. Add the public key from above to this user:
- THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx"
+ THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx"
- sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh
- echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\
+ sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh
+ echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\
no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh/authorized_keys2
**** Set up the tunnel
- 4. Test the key on the originating host:
+4. Test the key on the originating host:
- sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com
+ sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com
- 5. Configure openbsd-inetd on the originating host:
+5. Configure openbsd-inetd on the originating host:
- # Comment: We use inetd instead of ssh -L because, among other things, ssh
- # -L tends to hang.
+ # Comment: We use inetd instead of ssh -L because, among other things, ssh
+ # -L tends to hang.
- sudo aptitude install openbsd-inetd
+ sudo aptitude install openbsd-inetd
- - /etc/inetd.conf
+ - /etc/inetd.conf
:HIDDEN:
127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/tunnel_key smtptunnel@example.com
:END:
sudo /etc/init.d/openbsd-inetd restart
- You should now be able to connect through the tunnel from the originating
- host using something like:
+You should now be able to connect through the tunnel from the originating
+host using something like:
- telnet localhost $ORIGIN_PORT
+telnet localhost $ORIGIN_PORT
*** Installing MySQL
- sudo apt-get install mysql-server