diff options
-rw-r--r-- | fripost-docs.org | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index c9ed888..afff34a 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -64,9 +64,9 @@ cd /etc && sudo etckeeper init && sudo etckeeper commit "first commit" ** Uninstall a bunch of unnecessary packages - sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ - doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \ - openbsd-inetd portmap tasksel tasksel-data w3m +sudo aptitude remove --purge debian-faq dictionaries-common doc-debian \ +doc-linux-text iamerican ibritish ispell laptop-detect nfs-common \ +openbsd-inetd portmap tasksel tasksel-data w3m ** Packages to install *** Administrative @@ -283,72 +283,72 @@ smarthost = the server receiving email from the internet (configured as MX) *** Configuring an SSH tunnel between two hosts - Definitions: - originating host = the host that will be connecting - destination host = the host that runs some service + Definitions: + originating host = the host that will be connecting + destination host = the host that runs some service - Begin by setting a few environment variables: + Begin by setting a few environment variables: - TUNNEL_KEY="my_tunnel_key" - TUNNEL_USER="tunneluser" - TUNNEL_HOME="/home/$TUNNEL_USER" - DEST_PORT="25" - ORIGIN_PORT="1917" + TUNNEL_KEY="my_tunnel_key" + TUNNEL_USER="tunneluser" + TUNNEL_HOME="/home/$TUNNEL_USER" + DEST_PORT="25" + ORIGIN_PORT="1917" **** Prepare origin - 1. Create a key on the originating host: +1. Create a key on the originating host: - sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY - sudo cat /root/.ssh/$TUNNEL_KEY.pub + sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY + sudo cat /root/.ssh/$TUNNEL_KEY.pub **** Prepare destination - 2a. Install necessary software on the destination host: +2a. Install necessary software on the destination host: - sudo aptitude install netcat-openbsd + sudo aptitude install netcat-openbsd - 2b. Create a new user on the destination host: +2b. Create a new user on the destination host: - sudo adduser --home=$TUNNEL_HOME --shell=`type rbash|cut -d' ' -f3` \ - --disabled-password $TUNNEL_USER - echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile + sudo adduser --home=$TUNNEL_HOME --shell=`type rbash|cut -d' ' -f3` \ + --disabled-password $TUNNEL_USER + echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile - # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config. + # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config. - # Note: We need bash, so we can not change the shell to something else. + # Note: We need bash, so we can not change the shell to something else. - 2c. Add the public key from above to this user: +2c. Add the public key from above to this user: - THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" + THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" - sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh - echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\ + sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh + echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh/authorized_keys2 **** Set up the tunnel - 4. Test the key on the originating host: +4. Test the key on the originating host: - sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com + sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com - 5. Configure openbsd-inetd on the originating host: +5. Configure openbsd-inetd on the originating host: - # Comment: We use inetd instead of ssh -L because, among other things, ssh - # -L tends to hang. + # Comment: We use inetd instead of ssh -L because, among other things, ssh + # -L tends to hang. - sudo aptitude install openbsd-inetd + sudo aptitude install openbsd-inetd - - /etc/inetd.conf + - /etc/inetd.conf :HIDDEN: 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/tunnel_key smtptunnel@example.com :END: sudo /etc/init.d/openbsd-inetd restart - You should now be able to connect through the tunnel from the originating - host using something like: +You should now be able to connect through the tunnel from the originating +host using something like: - telnet localhost $ORIGIN_PORT +telnet localhost $ORIGIN_PORT *** Installing MySQL - sudo apt-get install mysql-server |