diff options
Diffstat (limited to 'build_tools/clarch/larch/docs/html/larch_ssh.html')
| -rw-r--r-- | build_tools/clarch/larch/docs/html/larch_ssh.html | 205 |
1 files changed, 0 insertions, 205 deletions
diff --git a/build_tools/clarch/larch/docs/html/larch_ssh.html b/build_tools/clarch/larch/docs/html/larch_ssh.html deleted file mode 100644 index f7db018..0000000 --- a/build_tools/clarch/larch/docs/html/larch_ssh.html +++ /dev/null @@ -1,205 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html> - -<head> - <meta content="text/html;charset=UTF-8" http-equiv="Content-Type" /> - <title>larch ssh access</title> - <meta content="gradgrind" name="author"> -</head> - -<body> - -<table style="text-align: left; width: 100%;" border="1" cellpadding="2" cellspacing="2"> - <tbody> - <tr> - <td><a href="larch_sessionsave.html">Previous: Session saving</a></td> - - <td><a href="larch_docindex.html">Table of Contents</a></td> - - <td><a href="larch_running.html">Next: Running larch</a></td> - </tr> - </tbody> -</table> - -<br /> -<h1><big>larch</big> – a do-it-yourself live <em>Arch Linux</em> CD</h1> - -<img style="border: 0px solid ; width: 320px; height: 320px;" alt="" src="larch1.jpg" - name="graphics1" align="right" hspace="10" vspace="10" /> -<br /><br /> - -<h2>ssh access</h2> -<br /> - -<p>One feature I wanted in my live system was the ability to -access and control it remotely via <em>ssh</em>. <em>ssh</em> is -generally very useful, but here it also gives my installation CD a rare -advantage over most others - using it I can install <em>Arch Linux</em> -to a computer which has no keyboard or monitor. Insert the CD, boot up -the computer (assuming it is configured to boot from CD), and log in -via the network using another computer. Isn't <em>Linux</em> great! -</p> - -<p>Well, it doesn't quite work out of the box, though it could be -tweaked so that - in the right environment - it would. Firstly, there -must be a network connection which gets set up automatically - -the easiest is probably <em>DHCP</em> (so long as -you can then find the address of the live system), -but by tweaking <strong>rc.conf</strong> (via <strong>rcconfx</strong> -in the <em>profile</em> or by using the session saving feature) -a static address is also easy to set up. -Secondly you must provide the live system with your public key, so -that you are allowed access (using public key authentication), or else -set a password for the <em>larch</em> root user (probably easiest using the -session saving feature). -</p> - -<h4>id_rsa.pub & authorized_keys</h4> - -<p><strong>id_rsa.pub</strong> -is a public key, and it can be used to allow the user (on the remote machine) -whose key this is to <em>ssh</em> into the live system. -If you leave passwordless logins disabled (the -default), then so long as no root password is set, -the only way in (to the root account) is via public key authentication. -Of course, if you change the root password, anyone (who knows the -password) can log in via <em>ssh</em> -(if the <em>sshd</em> daemon is running). -</p> - -<p>To generate this key for your user (assuming you don't already -have one, in <strong>~/.ssh</strong>): -</p> - -<pre style="margin-left: 80px;">ssh-keygen -t rsa</pre> - -<p>Use the default destination file and empty passphrase -(normally you wouldn't do that, -but I think it is appropriate in this case). -</p> - -<p>In order to enable <em>ssh</em> to the root account on the live -system, the contents of this file (a single text line) must be placed in -the <em>larch</em> system's <strong>/root/.ssh/authorized_keys</strong> file. -This file will probably not yet -exist, so the 'id_rsa.pub' can be simply copied to it. -If doing this before building the live-CD, copy the file to this -position in the 'overlay' directory in the <em>profile</em>, being -careful to get ownerships (root:root) and permissions (644) correct. -To do this in a running <em>larch</em> system, copy the file to this location - -session saving will then preserve it. -</p> - -<p>If you don't need <em>sshd</em> on the live system, you can -remove it from the daemons in <strong>rc.conf</strong>.</p> -</p> - -<h4>/etc/hosts.allow</h4> - -<p> -This must be edited to allow <i>ssh</i> -access to the live system: -</p> - -<pre style="margin-left: 80px;"> -# To allow ssh in from anywhere -sshd: ALL -</pre> - -<p>If that is too radical for you, you might be able to restrict -it somewhat - that depends on your exact circumstances. For example: -</p> - -<pre style="margin-left: 80px;"> -# To allow ssh in from local net (example) -sshd: 192.168.1. -</pre> - -<h4>ssh host keys</h4> - -<p>The files -<strong>/etc/ssh/ssh_host_dsa_key</strong> -<strong>/etc/ssh/ssh_host_dsa_key.pub</strong>, -<strong>/etc/ssh/ssh_host_rsa_key</strong>, -<strong>/etc/ssh/ssh_host_rsa_key.pub</strong>, -<strong>/etc/ssh/ssh_host_key</strong>, -and -<strong>/etc/ssh/ssh_host_key.pub</strong> -are normally (in a hard-disk based system) generated on the first run of -<strong>/etc/rc.d/sshd</strong>, i.e. during the first boot after a new -installation. This only needs to be done once. However in a live-CD system -changes are generally lost when the system shuts down, so this would need -to be done at every boot, which takes a while, so I prefer to pregenerate them. -At present this is -done during the first phase of the live-CD build (the <em>Arch Linux</em> -installation phase). What this means is that all live-CDs generated from -this base will have the same ssh host keys. If security is important to -you, these should be regenerated, e.g. for the running <em>larch</em> system -as follows: -</p> - -<pre style="margin-left: 80px;"> -rm /etc/ssh/ssh_host_* -/etc/rc.d/sshd restart -</pre> - -<h3><a name="ssh_x11"></a><em>ssh</em> and <em>X11</em></h3> - -<p> -If you have set up 'X11 Forwarding' (see below), you can run X11 applications on the -live system from your remote system. This is very neat! Before <em>xorg</em> reached -version 7 there were complications due to the location of its <em>xauth</em> -program, but since that version this is at the <em>ssh</em> -default position, <strong>/usr/bin/xauth</strong>, so all should now be well. -</p> - -<p> -Bear in mind that this will only work if you use the -Y option to <em>ssh</em>, -or set up its configuration file properly. -</p> - -[ -<p style="margin-left: 40px;"> -If, for some reason you are not using Xorg7(+), you may need to set the <em>xauth</em> -path in <strong>/etc/ssh/sshd_config</strong> -and/or <strong>/etc/ssh/ssh_config</strong> (or set a <em>symlink</em> from <strong>/usr/bin/xauth</strong> to <strong>/usr/X11R6/bin/xauth</strong>): -</p> - -<pre style="margin-left: 80px;">XAuthLocation /usr/X11R6/bin/xauth</pre> -] - -<h4>/etc/ssh/sshd_config</h4> - -<p>This file is changed to allow X applications to run on the -live system but display on another: -</p> - -<pre style="margin-left: 80px;">X11Forwarding yes</pre> - -<p> -This will only work if you use the -Y option to <em>ssh</em> -on the system from which you log in, and on which -you want to display the X windows (e.g. 'ssh -Y -root@192.168.0.201'). Alternatively you can put the -following in <em>its</em> <strong>etc/ssh/ssh_config</strong>: -</p> - -<pre style="margin-left: 80px;"> -ForwardX11 yes -ForwardX11Trusted yes -</pre> - -<table style="text-align: left; width: 100%;" border="1" cellpadding="2" cellspacing="2"> - <tbody> - <tr> - <td><a href="larch_sessionsave.html">Previous: Session saving</a></td> - - <td><a href="larch_docindex.html">Table of Contents</a></td> - - <td><a href="larch_running.html">Next: Running larch</a></td> - </tr> - </tbody> -</table> - -</body> -</html> |