diff options
Diffstat (limited to 'build_tools/larch8/larch0/docs/html/larch_ssh.html')
| -rw-r--r-- | build_tools/larch8/larch0/docs/html/larch_ssh.html | 213 |
1 files changed, 213 insertions, 0 deletions
diff --git a/build_tools/larch8/larch0/docs/html/larch_ssh.html b/build_tools/larch8/larch0/docs/html/larch_ssh.html new file mode 100644 index 0000000..06f62d8 --- /dev/null +++ b/build_tools/larch8/larch0/docs/html/larch_ssh.html @@ -0,0 +1,213 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + +<html> +<head> +<meta http-equiv="Content-type" content="text/html; charset=utf-8" /> +<title>ssh access</title> +<!-- (en) Add your meta data here --> + +<link href="css/larchdocs.css" rel="stylesheet" type="text/css"/> +<!--[if lte IE 7]> +<link href="css/yaml/core/iehacks.css" rel="stylesheet" type="text/css" /> +<![endif]--> +</head> + +<body> +<!-- skip link navigation --> +<ul id="skiplinks"> + <li><a class="skip" href="#col1">Skip to main content (Press Enter).</a></li> +</ul> + +<div class="page_margins"> + <div class="page"> + <div id="top"><div id="tm"></div></div> + <!-- begin: #col1 --> + <div id="col1" role="main"> + <div id="col1_content"> + <div id="header" role="banner"> + <h1><span><em>live Arch Linux</em> builder</span></h1> + </div> + + <!-- begin: #col3 navigation column --> + <div id="col3" role="complementary"> + <div id="col3_content"> + <img class="indent2" alt="larch logo" src="css/screen/larch150x.png" width="150" height="150" /> + <div class="vlist"> + <ul> + <li><a href="index.html"><h6>Table Of Contents</h6></a></li> + <li><a href="larch_running.html"><h6>Next:</h6> + <div class="indent1">Running a larch live system</div></a></li> + <li><a href="larch_live_system.html"><h6>Previous:</h6> + <div class="indent1">Structure of a larch live system</div></a></li> + </ul> + </div> + </div> + </div> + <!-- end: #col3 --> + +<div class="larchdocs"> +<h2 id="pagetitle" level="1">ssh access</h2> + +<p>One feature I wanted in my live system was the ability to +access and control it remotely via <em>ssh</em>. <em>ssh</em> is +generally very useful, but in the case of a <em>live</em> CD (etc.) it +allows operations to be carried out on a remote computer, even one +without keyboard or monitor. Insert the CD, boot up +the computer (assuming it is configured to boot from CD), and log in +via the network using another computer. Isn't <em>Linux</em> great! +</p> + +<p>Well, it doesn't quite work out of the box, though it could be +tweaked so that - in the right environment - it would. Firstly, there +must be a network connection which gets set up automatically - +the easiest is probably <em>DHCP</em> (so long as +you can then find the address of the live system), +but by tweaking <strong>rc.conf</strong> in the <em>profile</em> (or +<em>live</em> using the data persistence feature, if available) a +static address is also easy to set up. +Secondly you must provide the live system with your public key, so +that you are allowed access (using public key authentication), or else +set a password for the <em>larch</em> root user (probably easiest using the +data persistence feature, if available). +</p> + +<h4>id_rsa.pub and authorized_keys</h4> + +<p><strong>id_rsa.pub</strong> +is a public key, and it can be used to allow the user (on the remote machine) +whose key this is to <em>ssh</em> into the live system. +If you leave passwordless logins disabled (the +default), then so long as no root password is set, +the only way in (to the root account) is via public key authentication. +Of course, if you change the root password, anyone (who knows the +password) can log in via <em>ssh</em> +(if the <em>sshd</em> daemon is running). +</p> + +<p>To generate this key for your user (assuming you don't already +have one, in <strong>~/.ssh</strong>) do something like: +</p> + +<pre style="margin-left: 80px;">ssh-keygen -t rsa</pre> + +<p>Use the default destination file and empty passphrase +(normally you wouldn't do that, +but I think it is appropriate in this case). See the <em>ssh</em> man-page +for more information. +</p> + +<p>In order to enable <em>ssh</em> to the root account on the live +system, the contents of this file (a single text line) must be placed in +the <em>larch</em> system's <strong>/root/.ssh/authorized_keys</strong> file. +This file will probably not yet +exist, so the 'id_rsa.pub' can be simply copied to it. +If doing this before building the <em>live</em> system, copy the file to this +position in the 'rootoverlay' directory in the <em>profile</em>, being +careful to get the permissions (644) correct. +To do this in a running <em>larch</em> system, copy the file to this location - +session saving will then preserve it. +</p> + +<p>If you don't need <em>sshd</em> on the live system, you can +remove it from the daemons in <strong>rc.conf</strong>. +</p> + +<h4>/etc/hosts.allow</h4> + +<p> +This must be edited to allow <i>ssh</i> +access to the live system: +</p> + +<pre style="margin-left: 80px;"> +# To allow ssh in from anywhere +sshd: ALL +</pre> + +<p>If that is too radical for you, you might be able to restrict +it somewhat - that depends on your exact circumstances. For example: +</p> + +<pre style="margin-left: 80px;"> +# To allow ssh in from local net (example) +sshd: 192.168.1. +</pre> + +<h3><a name="ssh_hostkeys"></a>ssh host keys</h3> + +<p>The files +<strong>/etc/ssh/ssh_host_dsa_key</strong> +<strong>/etc/ssh/ssh_host_dsa_key.pub</strong>, +<strong>/etc/ssh/ssh_host_rsa_key</strong>, +<strong>/etc/ssh/ssh_host_rsa_key.pub</strong>, +<strong>/etc/ssh/ssh_host_key</strong>, +and +<strong>/etc/ssh/ssh_host_key.pub</strong> +are normally (in a hard-disk based system) generated on the first run of +<strong>/etc/rc.d/sshd</strong>, i.e. during the first boot after a new +installation. This only needs to be done once. However in a <em>live</em> +system changes are generally lost when the system shuts down, so this would +need to be done at every boot, which takes a while, so I prefer to +pregenerate them. +The <em>larch</em> gui offers a checkbox to enable this pregeneration on +the 'larchify' page. +To regenerate these manually (while running the <em>live</em> +system) you can do the following: +</p> + +<pre style="margin-left: 80px;"> +rm /etc/ssh/ssh_host_* +/etc/rc.d/sshd restart +</pre> + +<h3><a name="ssh_x11"></a><em>ssh</em> and <em>X11</em></h3> + +<p> +If you have set up 'X11 Forwarding' (see below), you can run X11 applications on the +<em>live</em> system from your remote system. This is very neat! +</p> + +<h4>/etc/ssh/sshd_config</h4> + +<p>This file is changed to allow X applications to run on the +<em>live</em> system but display on another: +</p> + +<pre style="margin-left: 80px;">X11Forwarding yes</pre> + +<p> +This will only work if you use the -Y option to <em>ssh</em> +on the system from which you log in, and on which +you want to display the X windows (e.g. 'ssh -Y +root@192.168.0.201'). Alternatively you can put the +following in <em>its</em> <strong>etc/ssh/ssh_config</strong>: +</p> + +<pre style="margin-left: 80px;"> +ForwardX11 yes +ForwardX11Trusted yes +</pre> + +</div> + + + <div class="topref"><a href="#top">Top</a></div> + </div> + <!-- begin: #footer --> + <div id="footer"> + <div id="footer-content" role="contentinfo">© 2010 Michael Towers<br /> + Page layout assisted by <a href="http://www.yaml.de/">YAML</a> and + <a href="http://www.kuwata-lab.com/tenjin/">pyTenjin</a> + </div> + </div> + <!-- end: #footer --> + </div> + <!-- end: #col1 --> + <div id="bottom"><div id="bl"><div id="bm"></div></div></div> + </div> +</div> +<!-- full skiplink functionality in webkit browsers --> +<script src="css/yaml/core/js/webkit-focusfix.js" type="text/javascript"></script> +</body> +</html> |