Next
Previous
Contents
You may want to run your PDC on one box and have another box
as a managed gateway for any reason. If so you must setup your gateway
to accept rsa authenticated logins without passwords from the PDC.
Take a look at
www.openssh.org for information on how to properly setup your
ssh server and client for this.
You should read the ssh documentation and make shure that you
fully understand what you are doing when you setup rsa or any other
kind of cryptographic authentication.
If security isn't an issue, just use my example and go on.
To create a key pair issue the following commands on the manchine
meant to be the PDC:
pdc:~# ssh-keygen -t rsa
Answer the questions and copy the resulting public key to the
gateway it self. Usually the public key goes to "~.ssh/id_rsa.pub"
pdc:~# cd .ssh
pdc:~# scp id_rsa.pub root@gateway:/root/.ssh/authorized_keys2
The following is a standard /etc/smbgate/users/user script modified
to use the ssh cryptographic authentication.
#!/bin/sh
#
COMMAND=$1
ADDRESS=$2
EXTIF=$3
IPTABLES='/sbin/iptables'
ssh root@gateway $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
Note that the iptables binary in called through ssh at the "gateway".
Again, make sure that you read the ssh server documentation.
Next
Previous
Contents
|