/srv/irclogs.ubuntu.com/2006/04/03/#ubuntu-server.txt

=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== ubijtsa2 [n=anders@213.208.70.150] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== yves [n=yves@unaffiliated/nictuku] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== yves [n=yves@unaffiliated/nictuku] has joined #ubuntu-server
=== pab1 [n=peter@c-68-61-247-219.hsd1.mi.comcast.net] has joined #ubuntu-server
pab1	can some one here help explain a couple things about ssh	05:45
pab1	?	05:46
infinity	?	05:46
pab1	Well im having trouble grasping onto where exactly I should be storing my pub and priv keys	05:46
infinity	private keys go in .ssh on the machine you generated them on (which is going to be the "client" machine)	05:47
pab1	ok that helps a lot	05:47
infinity	public keys get copied into .ssh/autorized_keys on the target ("server") machine.	05:47
pab1	in the home directory? ~/.ssh/authorized_keys ?	05:48
infinity	Yes, ~/.ssh/authorized_keys is just a text file, with one public key per line.	05:48
infinity	(Well, it's more complext than that, you can limit what commands can be run by that key, etc, but by default, it's just "one key per line to allow access")	05:48
pab1	ok cool	05:49
pab1	so i just create the auth_key path in any accounts home directory on the server?	05:49
pab1	then copy my pub key in auth_keys	05:50
pab1	and im good?	05:50
infinity	It's a text file, not a directory. :)	05:50
infinity	But otherwise, yeah.	05:50
pab1	o ok	05:50
infinity	(And make sure the permissions are right on the directory...)	05:50
infinity	~/.ssh must be owned by the user, and must be 0700	05:50
pab1	MUST be 700? or is that best practice?	05:51
infinity	MUST.	05:51
pab1	:o	05:51
infinity	sshd will tell you where to go and how to get there if it isn't.	05:51
pab1	haha	05:51
infinity	(And won't let you log in)	05:51
pab1	ok one more thing... if I put multiple pub keys in the auth_key FILE ( :) ) then each of those clients can login as that user	05:52
infinity	Yup.	05:52
pab1	if that is the case, how would I login from the client? with the server account (ssh severacct@host) or with client account (ssh clientacct@host)	05:53
infinity	serveracct.	05:54
pab1	ok	05:54
pab1	thanks a lot man, uve been a huge help!	05:54
infinity	When you do "ssh foo@host", it authenticates on the remote end as "foo".	05:54
infinity	What user you are locally is irrelevant.	05:54
pab1	got it	05:54
infinity	No different from "ftp user@host" or "http://user:pass@host/" :)	05:54
pab1	ya i see now, just the fact that the client will have a different priv key confused me a bit	05:55
infinity	The name on the key (for instance, mine say "adconrad@cthulhu") is just a comment so you can have a vague idea of where it came from. it's meaningless to sshd.	05:56
infinity	It's only the long hex string that matters.	05:56
infinity	Or, ASCII, in the case of DSA and RSA keys for SSH2.	05:56
infinity	But, yeah. That long string (and the tag before it that says what sort of key it is, ssh-dss, etc) is what's important.	05:57
pab1	gotcha	05:57
infinity	sshd completely ignores the "user@host" comment on the end of the pub key, it's just a helpful comment for you to remember that you generated that key on host "foo" with user "bar". :)	05:57
pab1	so I could tecnically edit that last comment with no real change to the keys function?	05:58
infinity	Also handy if you're setting up a semi-insecure shared account, and dave@domain.com send you an urgent (signed with GPG, I hope) email saying that he needs his public key changed... You'll know which one to delete. :)	05:59
pab1	not that I really have a reason	05:59
infinity	Editing the comment to be more informative can be done, yes.	05:59
pab1	haha	06:00
pab1	welp i'm gonna try all this out	06:00
pab1	thanks again!	06:00
infinity	Have fun.	06:00
infinity	Don't forget to save the backscroll until you're sure how it all works.	06:01
infinity	No one likes people asking the same questions twice. ;)	06:01
pab1	im logging this :D	06:01
pab1	very helpful	06:01
pab1	are you a unix admin? if you don't mind me asking	06:03
infinity	By trade?.. Probably... I currently work on Ubuntu fulltime, though.	06:04
pab1	awesome	06:05
pab1	i like your OS :-P	06:05
infinity	Thanks. I'm rather fond of it too. :)	06:05
pab1	or distro i should say	06:05
pab1	let me pick your brain on this... is there a way to use samba as a central login for win and linux? Linux mainly being the one that I'm not sure on	06:09
yves	use	06:12
yves	pab1, a very nice, but not really simple, way is to use samba+ldap	06:12
pab1	hmm. is there a straight forward way to do it or is that really the only route?	06:13
yves	you can use smbpasswd as your auth backend	06:14
pab1	i prolly should learn ldap anyways	06:14
pab1	maybe ill just do that	06:14
pab1	i use smbpasswd currently	06:14
pab1	just for file and print sharing tho	06:15
yves	you'd better first setup a domain using smbpasswd, then move on to ldap	06:15
yves	then it's just a matter of setting your samba server as a login server	06:15
yves	one line change :-D	06:15
pab1	hmmm	06:15
yves	that would'nt work for linux local accounts, though	06:15
yves	only windows logons and file sharing auth	06:15
pab1	ya thats the thing	06:16
pab1	I actually did that before then run into the no linux login thing and the no admin group thing	06:16
pab1	ldap will allow for at least an admin group right?	06:16
yves	yes, it will solve both problems	06:17
pab1	bah	06:17
yves	its learning curve is high, i think	06:17
pab1	im gonna have to wait till after finals i think	06:17
=== fabbione [i=fabbione@gordian.fabbione.net] has joined #ubuntu-server
=== fabbione [i=fabbione@gordian.fabbione.net] has joined #ubuntu-server
=== pab1 [n=peter@c-68-61-247-219.hsd1.mi.comcast.net] has left #ubuntu-server []
=== thefish [n=thefish@unaffiliated/thefish] has joined #ubuntu-server
=== maswan [i=maswan@kennedy.acc.umu.se] has joined #ubuntu-server
=== lbm [n=lbm@x1-6-00-13-10-7a-d1-e4.k233.webspeed.dk] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== Pygi [n=mario@83-131-242-196.adsl.net.t-com.hr] has joined #ubuntu-server
=== Pygi [n=mario@83-131-250-82.adsl.net.t-com.hr] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server
=== lionelp [n=lionel@ip-128.net-82-216-65.rev.numericable.fr] has joined #ubuntu-server
=== zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server
=== lionelp [n=lionel@ip-128.net-82-216-65.rev.numericable.fr] has joined #ubuntu-server
=== evilmonkey [n=evilmonk@host-84-9-144-77.bulldogdsl.com] has joined #ubuntu-server
evilmonkey	hi	06:14
Pygi	hi evilmonkey	06:16
evilmonkey	is this the place to ask question about installing java sun sdk	06:16
Pygi	dapper, breezy? you want java sdk on server??	06:17
evilmonkey	brezzy, no, local for development with eclipse	06:18
Pygi	#ubuntu	06:20
evilmonkey	ok	06:20
evilmonkey	thankyou	06:20
Pygi	yw	06:20
=== Jeeves_ [i=mark@net.prevented.net] has joined #ubuntu-server
Jeeves_	Hi there	07:40
=== ubijtsa2 [n=anders@213.208.70.150] has joined #ubuntu-server
=== hunger [n=tobias@p54A608EA.dip0.t-ipconnect.de] has joined #ubuntu-server
=== Pazzo [n=thomas@host130-250.pool8172.interbusiness.it] has joined #ubuntu-server
=== Pygi [n=mario@83-131-238-224.adsl.net.t-com.hr] has joined #ubuntu-server

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!