80 lines
2.6 KiB
HTML
80 lines
2.6 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
|
|
<TITLE>Samba Authenticated Gateway HOWTO: SSH setup</TITLE>
|
|
<LINK HREF="Samba-Authenticated-Gateway-HOWTO-6.html" REL=next>
|
|
<LINK HREF="Samba-Authenticated-Gateway-HOWTO-4.html" REL=previous>
|
|
<LINK HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO-6.html">Next</A>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO-4.html">Previous</A>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s5">5.</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">SSH setup</A></H2>
|
|
|
|
<P>You may want to run your PDC on one box and have another box
|
|
as a managed gateway for any reason. If so you must setup your gateway
|
|
to accept rsa authenticated logins without passwords from the PDC.</P>
|
|
|
|
<P>Take a look at
|
|
<A HREF="http://www.openssh.org/manual.html">www.openssh.org</A> for information on how to properly setup your
|
|
ssh server and client for this.</P>
|
|
|
|
<H2><A NAME="ss5.1">5.1</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.1">Important</A>
|
|
</H2>
|
|
|
|
<P>You should read the ssh documentation and make shure that you
|
|
fully understand what you are doing when you setup rsa or any other
|
|
kind of cryptographic authentication.</P>
|
|
|
|
<P>If security isn't an issue, just use my example and go on.</P>
|
|
|
|
<H2><A NAME="ss5.2">5.2</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.2">Key pair generation</A>
|
|
</H2>
|
|
|
|
<P>To create a key pair issue the following commands on the manchine
|
|
meant to be the PDC:</P>
|
|
|
|
<P>
|
|
<PRE>
|
|
pdc:~# ssh-keygen -t rsa
|
|
</PRE>
|
|
</P>
|
|
<P>Answer the questions and copy the resulting public key to the
|
|
gateway it self. Usually the public key goes to "~.ssh/id_rsa.pub"</P>
|
|
|
|
<P>
|
|
<PRE>
|
|
pdc:~# cd .ssh
|
|
pdc:~# scp id_rsa.pub root@gateway:/root/.ssh/authorized_keys2
|
|
</PRE>
|
|
</P>
|
|
<H2><A NAME="ss5.3">5.3</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.3">SSH enabled logon script</A>
|
|
</H2>
|
|
|
|
<P>The following is a standard /etc/smbgate/users/user script modified
|
|
to use the ssh cryptographic authentication.</P>
|
|
|
|
<P>
|
|
<PRE>
|
|
#!/bin/sh
|
|
#
|
|
COMMAND=$1
|
|
ADDRESS=$2
|
|
EXTIF=$3
|
|
IPTABLES='/sbin/iptables'
|
|
ssh root@gateway $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
|
|
</PRE>
|
|
</P>
|
|
<P>Note that the iptables binary in called through ssh at the "gateway".
|
|
Again, make sure that you read the ssh server documentation.</P>
|
|
|
|
<HR>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO-6.html">Next</A>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO-4.html">Previous</A>
|
|
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">Contents</A>
|
|
</BODY>
|
|
</HTML>
|