[05:45] <pab1> can some one here help explain a couple things about ssh
[05:46] <pab1> ?
[05:46] <infinity> ?
[05:46] <pab1> Well im having trouble grasping onto where exactly I should be storing my pub and priv keys
[05:47] <infinity> private keys go in .ssh on the machine you generated them on (which is going to be the "client" machine)
[05:47] <pab1> ok that helps a lot
[05:47] <infinity> public keys get copied into .ssh/autorized_keys on the target ("server") machine.
[05:48] <pab1> in the home directory?   ~/.ssh/authorized_keys ?
[05:48] <infinity> Yes, ~/.ssh/authorized_keys is just a text file, with one public key per line.
[05:48] <infinity> (Well, it's more complext than that, you can limit what commands can be run by that key, etc, but by default, it's just "one key per line to allow access")
[05:49] <pab1> ok cool
[05:49] <pab1> so i just create the auth_key path in any accounts home directory on the server?
[05:50] <pab1> then copy my pub key in auth_keys
[05:50] <pab1> and im good?
[05:50] <infinity> It's a text file, not a directory. :)
[05:50] <infinity> But otherwise, yeah.
[05:50] <pab1> o ok
[05:50] <infinity> (And make sure the permissions are right on the directory...)
[05:50] <infinity> ~/.ssh must be owned by the user, and must be 0700
[05:51] <pab1> MUST be 700?  or is that best practice?
[05:51] <infinity> MUST.
[05:51] <pab1> :o
[05:51] <infinity> sshd will tell you where to go and how to get there if it isn't.
[05:51] <pab1> haha
[05:51] <infinity> (And won't let you log in)
[05:52] <pab1> ok one more thing... if I put multiple pub keys in the auth_key FILE ( :) ) then each of those clients can login as that user
[05:52] <infinity> Yup.
[05:53] <pab1> if that is the case, how would I login from the client?  with the server account (ssh severacct@host)  or with client account (ssh clientacct@host)
[05:54] <infinity> serveracct.
[05:54] <pab1> ok
[05:54] <pab1> thanks a lot man, uve been a huge help!
[05:54] <infinity> When you do "ssh foo@host", it authenticates on the remote end as "foo".
[05:54] <infinity> What user you are locally is irrelevant.
[05:54] <pab1> got it
[05:54] <infinity> No different from "ftp user@host" or "http://user:pass@host/" :)
[05:55] <pab1> ya i see now, just the fact that the client will have a different priv key confused me a bit
[05:56] <infinity> The name on the key (for instance, mine say "adconrad@cthulhu") is just a comment so you can have a vague idea of where it came from.  it's meaningless to sshd.
[05:56] <infinity> It's only the long hex string that matters.
[05:56] <infinity> Or, ASCII, in the case of DSA and RSA keys for SSH2.
[05:57] <infinity> But, yeah.  That long string (and the tag before it that says what sort of key it is, ssh-dss, etc) is what's important.
[05:57] <pab1> gotcha
[05:57] <infinity> sshd completely ignores the "user@host" comment on the end of the pub key, it's just a helpful comment for you to remember that you generated that key on host "foo" with user "bar". :)
[05:58] <pab1> so I could tecnically edit that last comment with no real change to the keys function?
[05:59] <infinity> Also handy if you're setting up a semi-insecure shared account, and dave@domain.com send you an urgent (signed with GPG, I hope) email saying that he needs his public key changed... You'll know which one to delete. :)
[05:59] <pab1> not that I really have a reason
[05:59] <infinity> Editing the comment to be more informative can be done, yes.
[06:00] <pab1> haha
[06:00] <pab1> welp i'm gonna try all this out
[06:00] <pab1> thanks again!
[06:00] <infinity> Have fun.
[06:01] <infinity> Don't forget to save the backscroll until you're sure how it all works.
[06:01] <infinity> No one likes people asking the same questions twice. ;)
[06:01] <pab1> im logging this :D
[06:01] <pab1> very helpful
[06:03] <pab1> are you a unix admin?  if you don't mind me asking
[06:04] <infinity> By trade?.. Probably... I currently work on Ubuntu fulltime, though.
[06:05] <pab1> awesome
[06:05] <pab1> i like your OS :-P
[06:05] <infinity> Thanks.  I'm rather fond of it too. :)
[06:05] <pab1> or distro i should say
[06:09] <pab1> let me pick your brain on this...  is there a way to use samba as a central login for win and linux?   Linux mainly being the one that I'm not sure on
[06:12] <yves> use
[06:12] <yves> pab1, a very nice, but not really simple, way is to use samba+ldap
[06:13] <pab1> hmm.  is there a straight forward way to do it or is that really the only route?
[06:14] <yves> you can use smbpasswd as your auth backend
[06:14] <pab1> i prolly should learn ldap anyways
[06:14] <pab1> maybe ill just do that
[06:14] <pab1> i use smbpasswd currently
[06:15] <pab1> just for file and print sharing tho
[06:15] <yves> you'd better first setup a domain using smbpasswd, then move on to ldap
[06:15] <yves> then it's just a matter of setting your samba server as a login server
[06:15] <yves> one line change :-D
[06:15] <pab1> hmmm
[06:15] <yves> that would'nt work for linux local accounts, though
[06:15] <yves> only windows logons and file sharing auth
[06:16] <pab1> ya thats the thing
[06:16] <pab1> I actually did that before then run into the no linux login thing and the no admin group thing
[06:16] <pab1> ldap will allow for at least an admin group right?
[06:17] <yves> yes, it will solve both problems
[06:17] <pab1> bah
[06:17] <yves> its learning curve is high, i think
[06:17] <pab1> im gonna have to wait till after finals i think
[06:14] <evilmonkey> hi
[06:16] <Pygi> hi evilmonkey
[06:16] <evilmonkey> is this the place to ask question about installing java sun sdk
[06:17] <Pygi> dapper, breezy? you want java sdk on server??
[06:18] <evilmonkey> brezzy, no, local for development with eclipse
[06:20] <Pygi> #ubuntu
[06:20] <evilmonkey> ok
[06:20] <evilmonkey> thankyou
[06:20] <Pygi> yw
[07:40] <Jeeves_> Hi there