aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fripost-docs.org68
1 files changed, 23 insertions, 45 deletions
diff --git a/fripost-docs.org b/fripost-docs.org
index 7b53934..23560fd 100644
--- a/fripost-docs.org
+++ b/fripost-docs.org
@@ -228,29 +228,6 @@ openbsd-inetd portmap tasksel tasksel-data w3m
run_daemon="true"
-** Reconfigure exim
-
-# FIXME: fix for squeeze
-
-sudo dpkg-reconfigure exim4-config
-
-# - select "mail sent by smarthost; no local mail"
-# - hostname:
-# host.example.com
-# - listen on:
-# 127.0.0.1
-# - other destinations:
-# [empty]
-# - visible domain name:
-# host.example.com
-# - address of outgoing smarthost
-# smtp.bredband.net [or whatever the ISP uses]
-# - number of DNS queries minimal?
-# no
-# - split configuration?
-# no
-
-
* Next Steps
** Configuring the backup solution
@@ -299,24 +276,23 @@ smarthost = the server receiving email from the internet (configured as MX)
*** Configuring an SSH tunnel between two hosts
- Definitions:
- originating host = the host that will be connecting
- destination host = the host that runs some service
+# Definitions:
+# originating host = the host that will be connecting
+# destination host = the host that runs some service
- Begin by setting a few environment variables:
+# Begin by setting a few environment variables:
- TUNNEL_KEY="my_tunnel_key"
- TUNNEL_USER="tunneluser"
- TUNNEL_HOME="/home/$TUNNEL_USER"
- DEST_PORT="25"
- ORIGIN_PORT="1917"
+TUNNEL_KEY_FILE="my_tunnel_key"
+TUNNEL_USER="tunneluser"
+TUNNEL_HOME="/home/$TUNNEL_USER"
+DEST_PORT="25"
+ORIGIN_PORT="1917"
**** Prepare origin
1. Create a key on the originating host:
sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE
- sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE
sudo cat /root/.ssh/$TUNNEL_KEY_FILE.pub
**** Prepare destination
@@ -331,35 +307,37 @@ smarthost = the server receiving email from the internet (configured as MX)
--disabled-password $TUNNEL_USER
echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile
- # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config.
-
# Note: We need bash, so we can not change the shell to something else.
-2c. Add the public key from above to this user:
+2c. Add $TUNNEL_USER to AllowUsers in /etc/ssh/sshd_config.
- THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx"
+ sudo /etc/init.d/ssh restart
+
+ # make sure the host is still reachable
+
+2d. Add the public key from above to this user:
+
+ THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" # from above
sudo -u $TUNNEL_USER mkdir -p $TUNNEL_HOME/.ssh
- echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\
-no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee -a $TUNNEL_HOME/.ssh/authorized_keys2
+ echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee -a $TUNNEL_HOME/.ssh/authorized_keys2
**** Set up the tunnel
-4. Test the key on the originating host:
+3. Test the key on the originating host:
sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com
-5. Configure openbsd-inetd on the originating host:
+4. Configure openbsd-inetd on the originating host:
# Comment: We use inetd instead of ssh -L because, among other things, ssh
# -L tends to hang.
sudo aptitude install openbsd-inetd
-:: /etc/inetd.conf
-
- 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE smtptunnel@example.com
-
+ :: /etc/inetd.conf
+
+ 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE $TUNNEL_USER@example.com
sudo /etc/init.d/openbsd-inetd restart