|
You may want to run your PDC on one box and have another box as a managed gateway for any reason. If so you must setup your gateway to accept rsa authenticated logins without passwords from the PDC.
Take a look at www.openssh.org for information on how to properly setup your ssh server and client for this.
You should read the ssh documentation and make shure that you fully understand what you are doing when you setup rsa or any other kind of cryptographic authentication.
If security isn't an issue, just use my example and go on.
To create a key pair issue the following commands on the manchine meant to be the PDC:
pdc:~# ssh-keygen -t rsa
Answer the questions and copy the resulting public key to the gateway it self. Usually the public key goes to "~.ssh/id_rsa.pub"
pdc:~# cd .ssh pdc:~# scp id_rsa.pub root@gateway:/root/.ssh/authorized_keys2
The following is a standard /etc/smbgate/users/user script modified to use the ssh cryptographic authentication.
#!/bin/sh # COMMAND=$1 ADDRESS=$2 EXTIF=$3 IPTABLES='/sbin/iptables' ssh root@gateway $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
Note that the iptables binary in called through ssh at the "gateway". Again, make sure that you read the ssh server documentation.
Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:58:24