headers
will trillich | 1 Feb 2003 01:08
Favicon
Gravatar

ssh keys from two behind-the-firewall boxes?

this is probably item #2 of the really-obvious-faq that i'm not
yet aware of, so i'll go ahead and ask because i haven't taken
the opportunity to look like a goober in, oh, about half a day,
now...

doing the ssh-keygen thing works like a charm; you copy your
private keys to the remote box and then just slap it into your
~/.ssh/authorized_keys file and poof, no more passwords! so now
you can run ssh-driven scripts without having to worry about the
username/password interruption.

it's ip-based, isn't it?

    workstation     workstation      workstation
    192.168.1.2    192.168.1.100    192.168.1.201
    key xyzpdq     key 1234567      key x0x0x0x0
          |               |                |
          +---------------+----------------+
          |
    192.168.1.5
    firewall
    208.33.90.85
          |
        {web}
          |
    11.22.33.44
    remote box

but the remote just sees all the 192.168.1.* boxes as
208.33.90.85, right? where's the doc on getting ALL the
(Continue reading)

Permalink | Reply | 12 comments |
headers
Marcin Chady | 1 Feb 2003 01:18

Re: System dies after logging out of an X session - SOLVED

> I had a very similar problem with my Radeon 8500 and CVS builds. The only
> thing I found would resolve this was to disable DRI (commented out the
load
> line in the Modules secion of XF86Config-4). You should have a look at the
> dri-devel maillist archives and see whether there are crashes reported
there,
> the radeon driver breaks pretty often for some days.

Thanks Nicos and Michel,

Disabling dri has done the trick. BTW, I'm not that familiar with dri. What
functionality have I lost by disabling it?

Marcin
Permalink | Reply | 1 comment |
headers
nate | 1 Feb 2003 01:34

Re: ssh keys from two behind-the-firewall boxes?

will trillich said:

> it's ip-based, isn't it?

in my experience it is key based. though I think with ssh2 you have
a more extensive set of options available to you to restrict access
further, perhaps to the IP level.

but if you just have the keys themselves in ~/.ssh/authorized_keys it
should be allowed in, doesn't matter what the IP is. Though I still
use SSH v1 RSA keys for my stuff, haven't gotten around to migrating
to SSH v2 yet.

nate
Permalink | Reply | 0 comments |
headers
nate | 1 Feb 2003 01:30

Re: Samba + LDAP

Curtis Vaughan said:

> So, just to make sure I'm doing this right. I am going to install the  sid
> samba package on a woody server. If I temporarily change my
> sources.list for sid, run apt-get install [the samba package], then I
> should also get just those dependencies I need, right? Then I can edit  my
> sources.list back to woody and go forward.
>
> Or is there a better approach?

apt-get source samba and rebuild it on woody. if you get the dependencies
of samba from sid you'll probably get sid's libc6 as well which you probably
don't want.

I reccomend samba-tng over samba for PDC stuff, the -tng branch is much
more advanced, has more features(more PDC-like) then samba(in general)
though it's been a while(march 2002) since I last tried samba as a PDC

nate
Permalink | Reply | 8 comments |
headers
Paul Johnson | 1 Feb 2003 01:30
Picon

Re: Setting up the mail program

On Fri, Jan 31, 2003 at 10:00:48AM -0800, Joris Huizer wrote:
> ----------------------------
>  /etc/fetchmailrc:
> 
> # /etc/fetchmailrc for system-wide daemon mode
> # This file must be chmod 0600, owner fetchmail
> 
> # Daemon configuration
> # These two are set in /etc/default/fetchmail
> set daemon	300		# Pool every 5 minutes

How often, in seconds, to check mail.

> set syslog			# log through syslog facility
> set no bouncemail		# avoid loss on 4xx errors
> 				# on the other hand, 5xx errors get
> 				# more dangerous...
> 
> ##########################################################################
> # Hosts to pool
> ##########################################################################
> 
> # Defaults
> ===============================================================
> # Set antispam to -1, since it is far safer to use
> that together with
> # no bouncemail
> defaults:
>   antispam -1 
>   batchlimit 100
(Continue reading)

Permalink | Reply | 3 comments |
headers
Osamu Aoki | 1 Feb 2003 02:37
Picon
Favicon

Re: ssh keys from two behind-the-firewall boxes?

Hi,

On Fri, Jan 31, 2003 at 06:08:31PM -0600, will trillich wrote:
> this is probably item #2 of the really-obvious-faq that i'm not
> yet aware of, so i'll go ahead and ask because i haven't taken
> the opportunity to look like a goober in, oh, about half a day,
> now...
> 
> doing the ssh-keygen thing works like a charm; you copy your
> private keys to the remote box and then just slap it into your
  ^^^^^^^^^^^^ NO!

  You copy public key to remote machine.  You keep private key in local
  machine in front of you securely :-)  

  This way, even if this key is stolen, all the thief can do is send you
  a e-mail and invite you to log into their machine without key word.

> ~/.ssh/authorized_keys file and poof, no more passwords! so now
> you can run ssh-driven scripts without having to worry about the
> username/password interruption.
> 
> it's ip-based, isn't it?

SSH checks IP as a part of prudence but its core authentication process 
is not IP based.

>     workstation     workstation      workstation
>     192.168.1.2    192.168.1.100    192.168.1.201
>     key xyzpdq     key 1234567      key x0x0x0x0
(Continue reading)

Permalink | Reply | 0 comments |
headers
Donald Spoon | 1 Feb 2003 01:36

Re: pppd on demand trouble

Nathan E Norman wrote:
> On Fri, Jan 31, 2003 at 04:59:13PM -0600, Donald Spoon wrote:
> 
>>John Hasler wrote:
>>
>>>Donald Spoon writes:
>>>
>>>-Snip- <
>>>
>>>>It uses the presence of this file as a "trigger" to decide whether to
>>>>start the pppd program in the demand mode at boot time or not.
>>>
>>>
>>>No.  It uses the presence of this file as a "trigger" to decide whether to
>>>start the pppd program at bootup.  Whether or not it starts in demand mode
>>>depends on how the "provider" peer is configured.
>>
>>I thought that is what I said.  I don't get the "difference"...
> 
> 
> No, you said the file acted as a trigger to start ppp _in demand
> mode_.  It's right there in the quoted section. :-)
> 
> I suspect you meant to say what John said but careless sentence
> construction resulted in something else (no offense meant).
> 
Yeah..you are right.  It is another case of "do what I mean not what I 
say" <grin>.

I suffer from being a Missouri "hick" and living in Texas.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dave Selby | 1 Feb 2003 01:46
Picon
Favicon

broken download ?? help ??

This is a second posting, I'm pulling my hair out .... !!!

I want to update my system, I type the following

apt-get clean
apt-get update
apt-get upgrade --fix-missing

The server at the other end persistently closes the connection before it 
completes the download. Usually while downloading kdebase 4:2.2.2-14.2. I 
have tried downloading at different times, I have shut down my firewall, I 
have logged on and used a different ISP, all to no avail. 

My /etc/apt/sources.list contains ...

deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-1 
(20020720)]/ unstable contrib main non-US/contrib non-US/main

deb http://security.debian.org/ woody/updates main contrib non-free

Any ideas ?
Is the server corrupt ?
Is this happening to anyone else ?

Dave
slightly stressed after the nth failed apt-get upgrade !!
Permalink | Reply | 4 comments |
headers
Matthew Daubenspeck | 1 Feb 2003 01:55

Re: ssh keys from two behind-the-firewall boxes?

On Fri, Jan 31, 2003 at 06:08:31PM -0600, will trillich wrote:
> this is probably item #2 of the really-obvious-faq that i'm not
> yet aware of, so i'll go ahead and ask because i haven't taken
> the opportunity to look like a goober in, oh, about half a day,
> now...
> 
> doing the ssh-keygen thing works like a charm; you copy your
> private keys to the remote box and then just slap it into your
> ~/.ssh/authorized_keys file and poof, no more passwords! so now
> you can run ssh-driven scripts without having to worry about the
> username/password interruption.

Does anyone have a FAQ on how to set this all up?
Permalink | Reply | 9 comments |
headers
Matt Price | 1 Feb 2003 02:26
Picon
Picon
Favicon
Gravatar

twiki installation

Anyone out there use twiki?  how do you do the initial configuration??
(like, setting the webmaster's password, etc)
doesn't seem to be indicated in /usr/share/doc/twiki, and I didn't
notice it in the debconf setup.  

thx for the help...
matt
Permalink | Reply | 3 comments |

Gmane