[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

discuss: SSH Howto

Previous by date: 25 Jan 2004 22:53:21 -0000 Re: ISBN numbers for LDP docs?, Guylhem Aznar
Next by date: 25 Jan 2004 22:53:21 -0000 tabatha's off-line, Emma Jane Hogbin
Previous in thread: 25 Jan 2004 22:53:21 -0000 Re: SSH Howto, Machtelt Garrels
Next in thread: 25 Jan 2004 22:53:21 -0000 Re: SSH Howto, Jeff M Horsager
Subject: Re: SSH Howto
From: Charles Curley ####@####.####
Date: 25 Jan 2004 22:53:21 -0000
Message-Id: <20040125225119.GL19338@charlescurley.com> 
On Sat, Jan 24, 2004 at 08:36:29PM -0800, Jeff M Horsager wrote:
> Here is a (very rough) outline of the ground I want to cover:
> 
> 1. Introduction
> 
> -Telnet, ftp, and insecure transmission elucidation.  Supporting
> examples: tcpdump packets showing the transparency of unencrytped data.
> Define the problem and propose SSH as a solution.
> 
> -Brief historical summary: SSH1, SSH2 and OpenSSH (which is the focus of
> the document).
> 
> -SSH as a secure replacement for telnet, ftp, rsh, rcp and rlogin.  Also
> hint at the possibilities for tunneling other plain text protocols (to
> be covered in more depth later).
> 
> -Touch on X11 forwarding.

For help on X11 forwarding and other goodies, you might look at
http://www.charlescurley.com/OpenSSH.html. It's old, even decrepit,
but may be useful.


> 
> 2. Installation and key generation
> 
> -As OpenSSH is standard on most distros, the description of the
> installation proper will be somewhat cursory, but will include a nod to
> the necessary ancillary packages (i.e OpenSSL and zlib).
> 
> -A Brief description of RSA/DSA and public key encryption (at least as
> much as my limited mathematical mind can wrap itself around).

The less mathematical the better, for the benefit of the
non-mathematical. Anyway, this is a HOWTO, not a treatise.

> 
> -Key generation (ssh-keygen) and touch upon key management.
> 
> 3. SSH Client Use and Configuration.
> 
> -ssh from the command line and some of the more commonly used options
> (with supporting examples).
> 
> -scp and sftp

Good. I have some scripts that pipe to another computer via SSH in my
"Linux Complete Backup and Recovery HOWTO,"
http://www.tldp.org/HOWTO/Linux-Complete-Backup-and-Recovery-HOWTO/index.html

> 
> -In depth key management including using keys for connecting to remote
> machines without a password. In this section I will cover ssh-add from
> the command line as well as using it at cli login (.bash_profile) and
> GUI (gnome) login.

Excellent. I'd like to see some good step by step examples of how to
use ssh-add.

> 
> -Client side config files (i.e. ~/.ssh/*)

Some folks find the difference between server and client confusing. In
X, the client is the program (e.g. emacs, xclock), and the client is
the display and keyboard displaying output from and taking input to
the client. In ssh, the server is the remote computer into which one
logs, and the client is your local machine. This is more like telnet,
FTP or HTTP than X. So the two terms are reversed, causing, I expect,
some confusion.

> 
> 4. The SSH Server and Configuration
> 
> -The sshd daemon
> 
> -sshd logging
> 
> -Server side config files (i.e. /etc/ssh/*)
> 
> -Server side security (tcp wrappers)
> 
> -Authentication and access control.  Touch here upon kerberos, PAM, and
> S/Key (one time password) authentication options.
> 
> 5. Advanced Topics
> 
> -Port forwarding (X11, TCP, etc.)

Excellent, I'm looking forward to this.

-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
--> -->
 
 
<type 'exceptions.IOError'>		Python 2.5.2: /usr/bin/python
Mon Jul 8 07:44:57 2024

A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred.

 /opt/ezmlm-browse-0.20/<string> in ()
 /opt/ezmlm-browse-0.20/main.py in main()
  424 
  425         if path is not None:
  426                 main_path(path)
  427         else:
  428                 main_form()
global main_form = <function main_form at 0x8facc6c>
 /opt/ezmlm-browse-0.20/main.py in main_form()
  378         except ImportError:
  379                 die(ctxt, "Invalid command")
  380         module.do(ctxt)
  381 
  382 def main():
module = <module 'commands.showmsg' from '/opt/ezmlm-browse-0.20/commands/showmsg.pyc'>, module.do = <function do at 0x8fc172c>, global ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}
 /opt/ezmlm-browse-0.20/commands/showmsg.py in do(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'})
   18         write(html('msg-pager') % ctxt)
   19         write('<hr>')
   20         sub_showmsg(ctxt, ctxt[MSGNUM])
   21         write('<hr>')
   22         write(html('msg-pager') % ctxt)
global sub_showmsg = <function sub_showmsg at 0x8fac1ec>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, global MSGNUM = 'msgnum'
 /opt/ezmlm-browse-0.20/globalfns.py in sub_showmsg(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, msgnum=6553)
  229         format_timestamp(ctxt, ctxt)
  230         write(html('msg-header') % ctxt)
  231         rec_showpart(ctxt, msg, 0)
  232         write(html('msg-footer') % ctxt)
  233         ctxt.pop()
global rec_showpart = <function rec_showpart at 0x8fac1b4>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, msg = <email.message.Message instance at 0x9021dac>
 /opt/ezmlm-browse-0.20/globalfns.py in rec_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x9021dac>, partnum=1)
  205                 else:
  206                         for p in part.get_payload():
  207                                 partnum = rec_showpart(ctxt, p, partnum+1)
  208         else:
  209                 write(html('msg-sep') % ctxt)
partnum = 1, global rec_showpart = <function rec_showpart at 0x8fac1b4>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, p = <email.message.Message instance at 0x90251cc>
 /opt/ezmlm-browse-0.20/globalfns.py in rec_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x90251cc>, partnum=2)
  208         else:
  209                 write(html('msg-sep') % ctxt)
  210                 sub_showpart(ctxt, part)
  211         return partnum
  212 
global sub_showpart = <function sub_showpart at 0x8fac144>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part = <email.message.Message instance at 0x90251cc>
 /opt/ezmlm-browse-0.20/globalfns.py in sub_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x90251cc>)
  164         type = ctxt[TYPE] = part.get_content_type()
  165         ctxt[FILENAME] = part.get_filename()
  166         template = html('msg-' + type.replace('/', '-'))
  167         if not template:
  168                 template = html('msg-' + type[:type.find('/')])
global template = <function template at 0x8fa4e9c>, global html = <function html at 0x8fa4ed4>, type = 'application/pgp-signature', type.replace = <built-in method replace of str object at 0x9023c98>
 /opt/ezmlm-browse-0.20/globalfns.py in html(name='msg-application-pgp-signature')
   40 
   41 def html(name):
   42         return template(name + '.html')
   43 
   44 def xml(name):
global template = <function template at 0x8fa4e9c>, name = 'msg-application-pgp-signature'
 /opt/ezmlm-browse-0.20/globalfns.py in template(filename='msg-application-pgp-signature.html')
   31         except IOError:
   32                 if not _template_zipfile:
   33                         _template_zipfile = zipfile.ZipFile(sys.argv[0])
   34                 try:
   35                         f = _template_zipfile.open(n).read()
global _template_zipfile = None, global zipfile = <module 'zipfile' from '/usr/lib/python2.5/zipfile.pyc'>, zipfile.ZipFile = <class zipfile.ZipFile at 0x8f3da7c>, global sys = <module 'sys' (built-in)>, sys.argv = ['-c', '/opt/ezmlm-browse-0.20']
 /usr/lib/python2.5/zipfile.py in __init__(self=<zipfile.ZipFile instance at 0x8fbc2cc>, file='-c', mode='r', compression=0, allowZip64=False)
  337             self.filename = file
  338             modeDict = {'r' : 'rb', 'w': 'wb', 'a' : 'r+b'}
  339             self.fp = open(file, modeDict[mode])
  340         else:
  341             self._filePassed = 1
self = <zipfile.ZipFile instance at 0x8fbc2cc>, self.fp = None, builtin open = <built-in function open>, file = '-c', modeDict = {'a': 'r+b', 'r': 'rb', 'w': 'wb'}, mode = 'r'

<type 'exceptions.IOError'>: [Errno 2] No such file or directory: '-c'
      args = (2, 'No such file or directory')
      errno = 2
      filename = '-c'
      message = ''
      strerror = 'No such file or directory'