diff options
Diffstat (limited to 'build_tools/larch7/larch0/docs/html/larch_ssh.html')
| -rw-r--r-- | build_tools/larch7/larch0/docs/html/larch_ssh.html | 212 |
1 files changed, 0 insertions, 212 deletions
diff --git a/build_tools/larch7/larch0/docs/html/larch_ssh.html b/build_tools/larch7/larch0/docs/html/larch_ssh.html deleted file mode 100644 index 85bc9e2..0000000 --- a/build_tools/larch7/larch0/docs/html/larch_ssh.html +++ /dev/null @@ -1,212 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - -<html> -<head> -<meta http-equiv="Content-type" content="text/html; charset=utf-8" /> -<title>ssh access</title> -<!-- (en) Add your meta data here --> - -<link href="css/larchdocs.css" rel="stylesheet" type="text/css"/> -<!--[if lte IE 7]> -<link href="css/yaml/core/iehacks.css" rel="stylesheet" type="text/css" /> -<![endif]--> -</head> - -<body> -<!-- skip link navigation --> -<ul id="skiplinks"> - <li><a class="skip" href="#col1">Skip to main content (Press Enter).</a></li> -</ul> - -<div class="page_margins"> - <div class="page"> - <div id="top"><div id="tm"></div></div> - <!-- begin: #col1 --> - <div id="col1" role="main"> - <div id="col1_content"> - <div id="header" role="banner"> - <h1><span><em>live Arch Linux</em> builder</span></h1> - </div> - - <!-- begin: #col3 navigation column --> - <div id="col3" role="complementary"> - <div id="col3_content"> - <img class="indent2" alt="larch logo" src="css/screen/larch150x.png" width="150" height="150" /> - <div class="vlist"> - <ul> - <li><a href="index.html"><h6>Table Of Contents</h6></a></li> - <li><a href="larch_running.html"><h6>Next:</h6> - <div class="indent1">Running a larch live system</div></a></li> - <li><a href="larch_sessionsave.html"><h6>Previous:</h6> - <div class="indent1">Saving a session back to the boot device (or even somewhere else)</div></a></li> - </ul> - </div> - </div> - </div> - <!-- end: #col3 --> - -<div class="larchdocs"> -<h2 id="pagetitle" level="1">ssh access</h2> - -<p>One feature I wanted in my live system was the ability to -access and control it remotely via <em>ssh</em>. <em>ssh</em> is -generally very useful, but in the case of a <em>live</em> CD (etc.) it -allows operations to be carried out on a remote computer, even one -without keyboard or monitor. Insert the CD, boot up -the computer (assuming it is configured to boot from CD), and log in -via the network using another computer. Isn't <em>Linux</em> great! -</p> - -<p>Well, it doesn't quite work out of the box, though it could be -tweaked so that - in the right environment - it would. Firstly, there -must be a network connection which gets set up automatically - -the easiest is probably <em>DHCP</em> (so long as -you can then find the address of the live system), -but by tweaking <strong>rc.conf</strong> in the <em>profile</em> (or by -using the session saving feature) a static address is also easy to set up. -Secondly you must provide the live system with your public key, so -that you are allowed access (using public key authentication), or else -set a password for the <em>larch</em> root user (probably easiest using the -session saving feature). -</p> - -<h4>id_rsa.pub and authorized_keys</h4> - -<p><strong>id_rsa.pub</strong> -is a public key, and it can be used to allow the user (on the remote machine) -whose key this is to <em>ssh</em> into the live system. -If you leave passwordless logins disabled (the -default), then so long as no root password is set, -the only way in (to the root account) is via public key authentication. -Of course, if you change the root password, anyone (who knows the -password) can log in via <em>ssh</em> -(if the <em>sshd</em> daemon is running). -</p> - -<p>To generate this key for your user (assuming you don't already -have one, in <strong>~/.ssh</strong>) do something like: -</p> - -<pre style="margin-left: 80px;">ssh-keygen -t rsa</pre> - -<p>Use the default destination file and empty passphrase -(normally you wouldn't do that, -but I think it is appropriate in this case). See the <em>ssh</em> man-page -for more information. -</p> - -<p>In order to enable <em>ssh</em> to the root account on the live -system, the contents of this file (a single text line) must be placed in -the <em>larch</em> system's <strong>/root/.ssh/authorized_keys</strong> file. -This file will probably not yet -exist, so the 'id_rsa.pub' can be simply copied to it. -If doing this before building the <em>live</em> system, copy the file to this -position in the 'rootoverlay' directory in the <em>profile</em>, being -careful to get the permissions (644) correct. -To do this in a running <em>larch</em> system, copy the file to this location - -session saving will then preserve it. -</p> - -<p>If you don't need <em>sshd</em> on the live system, you can -remove it from the daemons in <strong>rc.conf</strong>. -</p> - -<h4>/etc/hosts.allow</h4> - -<p> -This must be edited to allow <i>ssh</i> -access to the live system: -</p> - -<pre style="margin-left: 80px;"> -# To allow ssh in from anywhere -sshd: ALL -</pre> - -<p>If that is too radical for you, you might be able to restrict -it somewhat - that depends on your exact circumstances. For example: -</p> - -<pre style="margin-left: 80px;"> -# To allow ssh in from local net (example) -sshd: 192.168.1. -</pre> - -<h3><a name="ssh_hostkeys"></a>ssh host keys</h3> - -<p>The files -<strong>/etc/ssh/ssh_host_dsa_key</strong> -<strong>/etc/ssh/ssh_host_dsa_key.pub</strong>, -<strong>/etc/ssh/ssh_host_rsa_key</strong>, -<strong>/etc/ssh/ssh_host_rsa_key.pub</strong>, -<strong>/etc/ssh/ssh_host_key</strong>, -and -<strong>/etc/ssh/ssh_host_key.pub</strong> -are normally (in a hard-disk based system) generated on the first run of -<strong>/etc/rc.d/sshd</strong>, i.e. during the first boot after a new -installation. This only needs to be done once. However in a <em>live</em> -system changes are generally lost when the system shuts down, so this would -need to be done at every boot, which takes a while, so I prefer to -pregenerate them. -The <em>larch</em> gui offers a checkbox to enable this pregeneration on -the 'larchify' page. -To regenerate these manually (while running the <em>live</em> -system) you can do the following: -</p> - -<pre style="margin-left: 80px;"> -rm /etc/ssh/ssh_host_* -/etc/rc.d/sshd restart -</pre> - -<h3><a name="ssh_x11"></a><em>ssh</em> and <em>X11</em></h3> - -<p> -If you have set up 'X11 Forwarding' (see below), you can run X11 applications on the -<em>live</em> system from your remote system. This is very neat! -</p> - -<h4>/etc/ssh/sshd_config</h4> - -<p>This file is changed to allow X applications to run on the -<em>live</em> system but display on another: -</p> - -<pre style="margin-left: 80px;">X11Forwarding yes</pre> - -<p> -This will only work if you use the -Y option to <em>ssh</em> -on the system from which you log in, and on which -you want to display the X windows (e.g. 'ssh -Y -root@192.168.0.201'). Alternatively you can put the -following in <em>its</em> <strong>etc/ssh/ssh_config</strong>: -</p> - -<pre style="margin-left: 80px;"> -ForwardX11 yes -ForwardX11Trusted yes -</pre> - -</div> - - - <div class="topref"><a href="#top">Top</a></div> - </div> - <!-- begin: #footer --> - <div id="footer"> - <div id="footer-content" role="contentinfo">© 2010 Michael Towers<br /> - Page layout assisted by <a href="http://www.yaml.de/">YAML</a> and - <a href="http://www.kuwata-lab.com/tenjin/">pyTenjin</a> - </div> - </div> - <!-- end: #footer --> - </div> - <!-- end: #col1 --> - <div id="bottom"><div id="bl"><div id="bm"></div></div></div> - </div> -</div> -<!-- full skiplink functionality in webkit browsers --> -<script src="css/yaml/core/js/webkit-focusfix.js" type="text/javascript"></script> -</body> -</html> |