Mercurial Mercurial > tips / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Small fix.
authorOleksandr Gavenko <gavenkoa@gmail.com>
Wed, 14 Sep 2011 14:27:10 +0300
changeset 991 c3c2dfe7aa59
parent 990 8b00bb2999f4
child 998 a06d2d92b4fb
Small fix.
ssh.rst file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ssh.rst	Wed Sep 14 14:27:10 2011 +0300
@@ -0,0 +1,114 @@
+-*- coding: utf-8 -*-
+
+===========
+ SSH/sshd.
+===========
+
+Maintaining key pair.
+=====================
+::
+
+  $ ssh-keygen -t dsa     # for DSA
+  $ ssh-keygen -t rsa     # for RSA
+  $ ssh-keygen -t dsa -C comment     # put own comment instead user@host
+  $ ssh-keygen -t dsa -f my_dsa_key  # store priv key under my_dsa_key
+                                     # and pub key under my_dsa_key.pub
+
+  $ ssh-keygen -y -f my_dsa_key      # recover pub key from priv
+
+  $ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa
+                                     # change passphrase of priv key
+
+  $ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub
+                                     # public pub key on remote host
+
+Shell login.
+============
+::
+
+  $ ssh $user@$host
+  $ ssh $user@$host:$port
+
+  $ ssh -i ~/.ssh/my_dsa_key $user@$host
+
+or::
+
+  $ ssh -l $user $host
+  $ ssh -l $user $host:$port
+
+X session.
+==========
+::
+
+  $ ssh -X $user@$host
+
+Multiply private keys.
+======================
+
+ssh try use all listen keys::
+
+  $ ssh -i ./priv1 -i ./priv2 $user@$host
+
+or place in ~/.ssh/config::
+
+  Host *
+  IdentityFile ~/.ssh/identity # standard search path for protocol ver. 1
+  IdentityFile ~/.ssh/id_dsa   # standard search path for RSA key protocol ver. 2
+  IdentityFile ~/.ssh/id_rsa   # standard search path for DSA key protocol ver. 2
+  IdentityFile ~/.ssh/my_dsa
+  IdentityFile ~/.ssh/another_dsa
+
+or per host private key::
+
+  Host host1                   # alias, that user provide at CLI
+  HostName host1.example.com   # real host name to log into
+  User iam
+  IdentifyFile ~/.ssh/iam_priv_dsa
+  Host host2                   # alias, that user provide at CLI
+  HostName 192.168.1.2         # real host IP to log into
+  User admin
+  IdentifyFile ~/.ssh/admin_priv_dsa
+
+Installing sshd on Cygwin.
+==========================
+
+ * Install base packages and openssh.
+ * Set CYGWIN env var to 'binmode tty ntsec'.
+ * Create Windows user.
+ * Recreate /etc/passwd:
+     $ mkpasswd -l -u user >>/etc/passwd
+   or
+     $ mkpasswd -l >/etc/passwd
+  * Register sshd:
+     $ mkdir -p /home/user
+     $ ssh-host-config -y
+  * Start:
+     $ net start sshd
+   or
+     $ cygrunsrv -S sshd
+ * Check from remote host:
+     $ ssh $gygwin_host -l user
+
+To stop service use::
+
+  $ net stop sshd
+
+or::
+
+  $ cygrunsrv -E sshd
+
+Запускаем SSH server на правах произвольного пользователя.
+----------------------------------------------------------
+
+ * Создаем пользователя, например с именем user, задаем ему пароль,
+   права (т.е. в какие группы будет входить) и т.д., пользователя не блокируем.
+ * В консоле MMC добавляем оснастку "Параметры безопасности.". Модифицируем параметры:
+
+     "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
+     ->"Вход в качестве службы."->добавить 'user'.
+
+     "Параметры безопасности."->"Локальные политики."->"Назначение прав пользователя."
+     ->"Отклонить локальный вход."->удалить 'user' (если был установлен).
+
+     XXX "Принудительное удаленнон завершение."
+
tips