diff options
| -rw-r--r-- | fripost-docs.org | 68 |
1 files changed, 23 insertions, 45 deletions
diff --git a/fripost-docs.org b/fripost-docs.org index 7b53934..23560fd 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -228,29 +228,6 @@ openbsd-inetd portmap tasksel tasksel-data w3m run_daemon="true" -** Reconfigure exim - -# FIXME: fix for squeeze - -sudo dpkg-reconfigure exim4-config - -# - select "mail sent by smarthost; no local mail" -# - hostname: -# host.example.com -# - listen on: -# 127.0.0.1 -# - other destinations: -# [empty] -# - visible domain name: -# host.example.com -# - address of outgoing smarthost -# smtp.bredband.net [or whatever the ISP uses] -# - number of DNS queries minimal? -# no -# - split configuration? -# no - - * Next Steps ** Configuring the backup solution @@ -299,24 +276,23 @@ smarthost = the server receiving email from the internet (configured as MX) *** Configuring an SSH tunnel between two hosts - Definitions: - originating host = the host that will be connecting - destination host = the host that runs some service +# Definitions: +# originating host = the host that will be connecting +# destination host = the host that runs some service - Begin by setting a few environment variables: +# Begin by setting a few environment variables: - TUNNEL_KEY="my_tunnel_key" - TUNNEL_USER="tunneluser" - TUNNEL_HOME="/home/$TUNNEL_USER" - DEST_PORT="25" - ORIGIN_PORT="1917" +TUNNEL_KEY_FILE="my_tunnel_key" +TUNNEL_USER="tunneluser" +TUNNEL_HOME="/home/$TUNNEL_USER" +DEST_PORT="25" +ORIGIN_PORT="1917" **** Prepare origin 1. Create a key on the originating host: sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE - sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE sudo cat /root/.ssh/$TUNNEL_KEY_FILE.pub **** Prepare destination @@ -331,35 +307,37 @@ smarthost = the server receiving email from the internet (configured as MX) --disabled-password $TUNNEL_USER echo "exit" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.bash_profile - # Also, make sure to add this user to AllowUsers in /etc/ssh/sshd_config. - # Note: We need bash, so we can not change the shell to something else. -2c. Add the public key from above to this user: +2c. Add $TUNNEL_USER to AllowUsers in /etc/ssh/sshd_config. - THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" + sudo /etc/init.d/ssh restart + + # make sure the host is still reachable + +2d. Add the public key from above to this user: + + THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" # from above sudo -u $TUNNEL_USER mkdir -p $TUNNEL_HOME/.ssh - echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\ -no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee -a $TUNNEL_HOME/.ssh/authorized_keys2 + echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee -a $TUNNEL_HOME/.ssh/authorized_keys2 **** Set up the tunnel -4. Test the key on the originating host: +3. Test the key on the originating host: sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com -5. Configure openbsd-inetd on the originating host: +4. Configure openbsd-inetd on the originating host: # Comment: We use inetd instead of ssh -L because, among other things, ssh # -L tends to hang. sudo aptitude install openbsd-inetd -:: /etc/inetd.conf - - 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE smtptunnel@example.com - + :: /etc/inetd.conf + + 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE $TUNNEL_USER@example.com sudo /etc/init.d/openbsd-inetd restart |