projects / clearscm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Initial add of defaria.com
[clearscm.git] / defaria.com / blogs / Status / archives / 000659.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard">
4 <head>
5    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6    <meta name="generator" content="Movable Type 5.2.3" />
7
8    <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles-site.css" type="text/css" />
9    <link rel="alternate" type="application/atom+xml" title="Atom" href="http://defaria.com/blogs/Status/atom.xml" />
10    <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://defaria.com/blogs/Status/index.xml" />
11
12    <title>Status for Andrew DeFaria: ssh</title>
13
14    <link rel="start" href="http://defaria.com/blogs/Status/" title="Home" />
15    <link rel="prev" href="http://defaria.com/blogs/Status/archives/000658.html" title="ranlin0[2|3] released" />
16    <link rel="next" href="http://defaria.com/blogs/Status/archives/000660.html" title="QT" />
17
18    <!--
19 <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
20          xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"
21          xmlns:dc="http://purl.org/dc/elements/1.1/">
22 <rdf:Description
23     rdf:about="http://defaria.com/blogs/Status/archives/000659.html"
24     trackback:ping="http://defaria.com/mt/mt-tb.cgi/46"
25     dc:title="ssh"
26     dc:identifier="http://defaria.com/blogs/Status/archives/000659.html"
27     dc:subject="General Dynamics"
28     dc:description=" Helped Aaron with ssh..."
29     dc:creator=""
30     dc:date="2007-08-03T17:56:27-06:00" />
31 </rdf:RDF>
32 -->
33
34
35    
36
37    <script type="text/javascript" src="http://defaria.com/blogs/Status/mt-site.js"></script>
38 </head>
39 <body class="layout-one-column" onload="individualArchivesOnLoad(commenter_name)">
40    <div id="container">
41       <div id="container-inner" class="pkg">
42
43          <div id="banner">
44             <div id="banner-inner" class="pkg">
45                <h1 id="banner-header"><a href="http://defaria.com/blogs/Status/" accesskey="1">Status for Andrew DeFaria</a></h1>
46                <h2 id="banner-description">Searchable status reports and work log</h2>
47             </div>
48          </div>
49
50          <div id="pagebody">
51             <div id="pagebody-inner" class="pkg">
52                <div id="alpha">
53                   <div id="alpha-inner" class="pkg">
54
55                      <p class="content-nav">
56                         <a href="http://defaria.com/blogs/Status/archives/000658.html">&laquo; ranlin0[2|3] released</a> |
57                         <a href="http://defaria.com/blogs/Status/">Main</a>
58                         | <a href="http://defaria.com/blogs/Status/archives/000660.html">QT &raquo;</a>
59                      </p>
60
61                      <a id="a000659"></a>
62                      <div class="entry" id="entry-659">
63                         <h3 class="entry-header">ssh</h3>
64                         <div class="entry-content">
65                            <div class="entry-body">
66                               <ul>
67   <li>Helped Aaron with ssh</li>
68 </ul>
69                            </div>
70                            <div id="more" class="entry-more">
71                               <h2>Adding ssh actions to CDE</h2>
72
73 <p>Secure SHell or ssh is a more modern and secure way to access a remote system. You can add ssh actions to CDE by doing the following:</p>
74
75 <p>Add the following to ~/.dt/types:</p>
76
77 <div class=code><pre>
78 ACTION Ssh
79 {
80   LABEL           Secure shell
81   ICON            Dtterm
82   ARG_COUNT       0
83   TYPE            COMMAND
84   WINDOW_TYPE     NO_STDIO
85   EXEC_STRING     ksh -c 'export _title="%"Starbase?"%";          \
86     /usr/dt/bin/dtterm -name $_title                              \
87     -title "Opening hailing frequencies to starbase $_title..."   \
88     -e ksh -c "ssh $_title; sleep 5;";'
89   DESCRIPTION     The Secure shell action prompts the user for    \
90                   the name of a system, opens a dtterm terminal   \
91                   emulator window, and then performs an ssh to    \
92                   that system.
93 }
94
95 ACTION SshUser
96 {
97   LABEL           Secure shell
98   ICON            Dtterm
99   ARG_COUNT       0
100   TYPE            COMMAND
101   WINDOW_TYPE     NO_STDIO
102   EXEC_STRING     ksh -c 'export _title="%"Starbase?"%";          \
103     export _user="%"Username"%";                                  \
104     /usr/dt/bin/dtterm -name $_title                              \
105     -title                                                        \
106       "Opening hailing frequencies to starbase $_user@$_title..." \
107     -e ksh -c "ssh $_user@$_title; sleep 5;";'
108   DESCRIPTION     The Secure shell action prompts the user for    \
109                   the name of a system and a username and opens   \
110                   a dtterm terminal emulator window, and then     \
111                   performs an ssh to that system.
112 }
113 </pre></div>
114
115 <p>Then invoke the actions with:</li>
116
117 <div class=code><pre>
118 $ dtaction Ssh
119 $ dtaction SshUser
120 </pre></div>
121
122 <p>or better yet put it into your Dtwm menus like:</p>
123
124 <div class=code><pre>
125     Menu Terminals
126     {
127       "Terminals"           f.title
128       "Terminal"            f.action Dtterm
129       "Remote Terminal"     f.action Ssh
130       "Remote Terminal (user)"      f.action SshUser
131       "X Terminal"          f.action Xterm
132     }
133 </pre></div>
134
135 <h2>Configuring ssh for passwordless but secure public key authentication</h2>
136
137 <p>In order to do public key authentication you need to first generate a public key. You do this for ssh with ssh-keygen:</p>
138
139 <div class=code><pre>
140 $ ssh-keygen -t rsa
141 </pre></div>
142
143 <p>Note you can also do -t dsa. There are RSA keys and DSA keys. I forget what the prompts are, something about a passphrase, etc. Enter no passphrase.</p>
144
145 <p>This should create a directory ~/.ssh with files in it. For example:</p>
146
147 <div class=code><pre>
148 <b><font color="#3333ff">$</font></b> <u>ssh-keygen -t rsa</u>
149 Enter file in which to save the key(/home/p6258c/.ssh/id_rsa):
150 Generating public/private rsa key pair.
151 Enter passphrase(empty for no passphrase): 
152 <b><font color="#3333ff">$</font></b> <u>ls -l ~/.ssh</u>
153 total 32
154 -rw-------    1 p6258c   ccusers       226 Jun 15 13:28 authorized_keys
155 -rw-------    1 p6258c   ccusers       887 Jun 15 13:27 id_rsa
156 -rw-rw-r--    1 p6258c   ccusers       226 Jun 15 13:27 id_rsa.pub
157 -rw-r--r--    1 p6258c   ccusers      4082 Jul 31 15:05 known_hosts
158 <b><font color="#3333ff">$</font></b> <u>ls -ld .</u>
159 drwxr-xr-x   43 p6258c   ccusers      2048 Aug  3 10:28 ./
160 <b><font color="#3333ff">$</font></b>
161 </pre></div>
162
163 <p>Then the task is to get the ~/.ssh/id_rsa.pub key added to the authorized_keys file (creating it if you need to). Here in GD that is easy. Siimply:</p>
164
165 <div class=code><pre>
166 <b><font color="#3333ff">$</font></b> <u>cat ~/.ssh/id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys</u>
167 </pre></div>
168
169 <p>Now, since all GD machines in the RAN subnet share your same home directory (automounted from the same common location) viola! You now have passwordless ssh access using public key authentication through the RAN (note this does not cross from RAN -&gt; GD network due to firewall issues). Whenever you ssh to a new machine it will bother you about adding it to the known_hosts file but after that it should not prompt again.</p>
170
171 <p>Also note that if this were a different situation you'd have to get the contents of ~/.ssh/id_rsa.pub over to the remote machine. For example, I could generate my keys as described above then email the ~/.ssh/id_rsa.pub from here to my home Linux system, append it to my ~/.ssh/authorized_keys on my home Linux system then I could ssh from here to home. Normally I configure my house to <b>only</b> allow public key authenticated logins from the outside world. I can't do it here from GD because the firewall prohibits it (which is odd)!</p>
172
173 <p>Final note: Sometimes, if ssh is configured to by strict about permissions, you need to change your home directory to be 755 as shown above. Normally I'm a sharing kinda guy so I have my home directory set to 775 but with ssh strict permissions that'll cause passwordless ssh to not work anymore.</p>
174                            </div>
175                         </div>
176                         <p class="entry-footer">
177                            <span class="post-footers">Posted by  on August  3, 2007  5:56 PM</span> <span class="separator">|</span> <a class="permalink" href="http://defaria.com/blogs/Status/archives/000659.html">Permalink</a>
178                         </p>
179                      </div>
180
181                      
182                      <div class="trackbacks">
183                         <h3 id="trackback" class="trackbacks-header">TrackBack</h3>
184                         <div id="trackbacks-info">
185                            <p>TrackBack URL for this entry:<br />http://defaria.com/mt/mt-tb.cgi/46</p>
186                         </div>
187                         <div class="trackbacks-content">
188                            
189                         </div>
190                      </div>
191                      
192
193                      
194                   </div>
195                </div>
196             </div>
197          </div>
198       </div>
199    </div>
200 </body>
201 </html>
ClearSCM Source Repository. Note parts of this repo are under GPL. Other parts are copyright ClearSCM, Inc.