Subject:
Re: SSH Howto
From:
Charles Curley ####@####.####
Date:
25 Jan 2004 22:53:21 -0000
Message-Id: <20040125225119.GL19338@charlescurley.com>
On Sat, Jan 24, 2004 at 08:36:29PM -0800, Jeff M Horsager wrote:
> Here is a (very rough) outline of the ground I want to cover:
>
> 1. Introduction
>
> -Telnet, ftp, and insecure transmission elucidation. Supporting
> examples: tcpdump packets showing the transparency of unencrytped data.
> Define the problem and propose SSH as a solution.
>
> -Brief historical summary: SSH1, SSH2 and OpenSSH (which is the focus of
> the document).
>
> -SSH as a secure replacement for telnet, ftp, rsh, rcp and rlogin. Also
> hint at the possibilities for tunneling other plain text protocols (to
> be covered in more depth later).
>
> -Touch on X11 forwarding.
For help on X11 forwarding and other goodies, you might look at
http://www.charlescurley.com/OpenSSH.html. It's old, even decrepit,
but may be useful.
>
> 2. Installation and key generation
>
> -As OpenSSH is standard on most distros, the description of the
> installation proper will be somewhat cursory, but will include a nod to
> the necessary ancillary packages (i.e OpenSSL and zlib).
>
> -A Brief description of RSA/DSA and public key encryption (at least as
> much as my limited mathematical mind can wrap itself around).
The less mathematical the better, for the benefit of the
non-mathematical. Anyway, this is a HOWTO, not a treatise.
>
> -Key generation (ssh-keygen) and touch upon key management.
>
> 3. SSH Client Use and Configuration.
>
> -ssh from the command line and some of the more commonly used options
> (with supporting examples).
>
> -scp and sftp
Good. I have some scripts that pipe to another computer via SSH in my
"Linux Complete Backup and Recovery HOWTO,"
http://www.tldp.org/HOWTO/Linux-Complete-Backup-and-Recovery-HOWTO/index.html
>
> -In depth key management including using keys for connecting to remote
> machines without a password. In this section I will cover ssh-add from
> the command line as well as using it at cli login (.bash_profile) and
> GUI (gnome) login.
Excellent. I'd like to see some good step by step examples of how to
use ssh-add.
>
> -Client side config files (i.e. ~/.ssh/*)
Some folks find the difference between server and client confusing. In
X, the client is the program (e.g. emacs, xclock), and the client is
the display and keyboard displaying output from and taking input to
the client. In ssh, the server is the remote computer into which one
logs, and the client is your local machine. This is more like telnet,
FTP or HTTP than X. So the two terms are reversed, causing, I expect,
some confusion.
>
> 4. The SSH Server and Configuration
>
> -The sshd daemon
>
> -sshd logging
>
> -Server side config files (i.e. /etc/ssh/*)
>
> -Server side security (tcp wrappers)
>
> -Authentication and access control. Touch here upon kerberos, PAM, and
> S/Key (one time password) authentication options.
>
> 5. Advanced Topics
>
> -Port forwarding (X11, TCP, etc.)
Excellent, I'm looking forward to this.
--
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
--> -->
<type 'exceptions.IOError'> | Python 2.5.2: /usr/bin/python Mon Jul 8 07:44:57 2024 |
A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.
/opt/ezmlm-browse-0.20/main.py in main() |
424
|
425 if path is not None:
|
426 main_path(path)
|
427 else:
|
428 main_form()
|
global main_form = <function main_form at 0x8facc6c> |
/opt/ezmlm-browse-0.20/main.py in main_form() |
378 except ImportError:
|
379 die(ctxt, "Invalid command")
|
380 module.do(ctxt)
|
381
|
382 def main():
|
module = <module 'commands.showmsg' from '/opt/ezmlm-browse-0.20/commands/showmsg.pyc'>, module.do = <function do at 0x8fc172c>, global ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'} |
/opt/ezmlm-browse-0.20/commands/showmsg.py in do(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}) |
18 write(html('msg-pager') % ctxt)
|
19 write('<hr>')
|
20 sub_showmsg(ctxt, ctxt[MSGNUM])
|
21 write('<hr>')
|
22 write(html('msg-pager') % ctxt)
|
global sub_showmsg = <function sub_showmsg at 0x8fac1ec>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, global MSGNUM = 'msgnum' |
/opt/ezmlm-browse-0.20/globalfns.py in sub_showmsg(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, msgnum=6553) |
229 format_timestamp(ctxt, ctxt)
|
230 write(html('msg-header') % ctxt)
|
231 rec_showpart(ctxt, msg, 0)
|
232 write(html('msg-footer') % ctxt)
|
233 ctxt.pop()
|
global rec_showpart = <function rec_showpart at 0x8fac1b4>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, msg = <email.message.Message instance at 0x9021dac> |
/opt/ezmlm-browse-0.20/globalfns.py in rec_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x9021dac>, partnum=1) |
205 else:
|
206 for p in part.get_payload():
|
207 partnum = rec_showpart(ctxt, p, partnum+1)
|
208 else:
|
209 write(html('msg-sep') % ctxt)
|
partnum = 1, global rec_showpart = <function rec_showpart at 0x8fac1b4>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, p = <email.message.Message instance at 0x90251cc> |
/opt/ezmlm-browse-0.20/globalfns.py in rec_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x90251cc>, partnum=2) |
208 else:
|
209 write(html('msg-sep') % ctxt)
|
210 sub_showpart(ctxt, part)
|
211 return partnum
|
212
|
global sub_showpart = <function sub_showpart at 0x8fac144>, ctxt = {'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part = <email.message.Message instance at 0x90251cc> |
/opt/ezmlm-browse-0.20/globalfns.py in sub_showpart(ctxt={'cmd': 'showmsg', 'threadidx': 9, 'HTTP_X_FORWA...HTTP_ACCEPT_ENCODING': 'gzip, br, zstd, deflate'}, part=<email.message.Message instance at 0x90251cc>) |
164 type = ctxt[TYPE] = part.get_content_type()
|
165 ctxt[FILENAME] = part.get_filename()
|
166 template = html('msg-' + type.replace('/', '-'))
|
167 if not template:
|
168 template = html('msg-' + type[:type.find('/')])
|
global template = <function template at 0x8fa4e9c>, global html = <function html at 0x8fa4ed4>, type = 'application/pgp-signature', type.replace = <built-in method replace of str object at 0x9023c98> |
/opt/ezmlm-browse-0.20/globalfns.py in html(name='msg-application-pgp-signature') |
40
|
41 def html(name):
|
42 return template(name + '.html')
|
43
|
44 def xml(name):
|
global template = <function template at 0x8fa4e9c>, name = 'msg-application-pgp-signature' |
/opt/ezmlm-browse-0.20/globalfns.py in template(filename='msg-application-pgp-signature.html') |
31 except IOError:
|
32 if not _template_zipfile:
|
33 _template_zipfile = zipfile.ZipFile(sys.argv[0])
|
34 try:
|
35 f = _template_zipfile.open(n).read()
|
global _template_zipfile = None, global zipfile = <module 'zipfile' from '/usr/lib/python2.5/zipfile.pyc'>, zipfile.ZipFile = <class zipfile.ZipFile at 0x8f3da7c>, global sys = <module 'sys' (built-in)>, sys.argv = ['-c', '/opt/ezmlm-browse-0.20'] |
/usr/lib/python2.5/zipfile.py in __init__(self=<zipfile.ZipFile instance at 0x8fbc2cc>, file='-c', mode='r', compression=0, allowZip64=False) |
337 self.filename = file
|
338 modeDict = {'r' : 'rb', 'w': 'wb', 'a' : 'r+b'}
|
339 self.fp = open(file, modeDict[mode])
|
340 else:
|
341 self._filePassed = 1
|
self = <zipfile.ZipFile instance at 0x8fbc2cc>, self.fp = None, builtin open = <built-in function open>, file = '-c', modeDict = {'a': 'r+b', 'r': 'rb', 'w': 'wb'}, mode = 'r' |
<type 'exceptions.IOError'>: [Errno 2] No such file or directory: '-c'
args =
(2, 'No such file or directory')
errno =
2
filename =
'-c'
message =
''
strerror =
'No such file or directory'