From f4d72000dc239b5f90ff067716ba9de38f5d0af0 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Sat, 26 Feb 2011 21:55:32 +0100 Subject: Slightly improve tunnel instructions. --- fripost-docs.org | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index c9ed888..bd47baa 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -289,7 +289,7 @@ smarthost = the server receiving email from the internet (configured as MX) Begin by setting a few environment variables: - TUNNEL_KEY="my_tunnel_key" + TUNNEL_KEY_FILE="my_tunnel_key" TUNNEL_USER="tunneluser" TUNNEL_HOME="/home/$TUNNEL_USER" DEST_PORT="25" @@ -299,8 +299,8 @@ smarthost = the server receiving email from the internet (configured as MX) 1. Create a key on the originating host: - sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY - sudo cat /root/.ssh/$TUNNEL_KEY.pub + sudo ssh-keygen -N "" -b 4096 -f /root/.ssh/$TUNNEL_KEY_FILE + sudo cat /root/.ssh/$TUNNEL_KEY_FILE.pub **** Prepare destination @@ -322,7 +322,7 @@ smarthost = the server receiving email from the internet (configured as MX) THE_PUBLIC_KEY="ssh-rsa xxxxxxxxxxx" - sudo -u $TUNNEL_USER mkdir $TUNNEL_HOME/.ssh + sudo -u $TUNNEL_USER mkdir -p $TUNNEL_HOME/.ssh echo "command=\"nc localhost $DEST_PORT\",no-X11-forwarding,no-agent-forwarding,\ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh/authorized_keys2 @@ -330,7 +330,7 @@ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh 4. Test the key on the originating host: - sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY destination.example.com + sudo ssh -v -l $TUNNEL_USER -i /root/.ssh/$TUNNEL_KEY_FILE destination.example.com 5. Configure openbsd-inetd on the originating host: @@ -339,10 +339,11 @@ no-port-forwarding $THE_PUBLIC_KEY" | sudo -u $TUNNEL_USER tee $TUNNEL_HOME/.ssh sudo aptitude install openbsd-inetd - - /etc/inetd.conf -:HIDDEN: -127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/tunnel_key smtptunnel@example.com -:END: +:: /etc/inetd.conf + + 127.0.0.1:$ORIGIN_PORT stream tcp nowait root /usr/bin/ssh -q -T -i /root/.ssh/$TUNNEL_KEY_FILE smtptunnel@example.com + + sudo /etc/init.d/openbsd-inetd restart You should now be able to connect through the tunnel from the originating -- cgit v1.2.3