<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21"> <TITLE>Samba Authenticated Gateway HOWTO: SSH setup</TITLE> <LINK HREF="Samba-Authenticated-Gateway-HOWTO-6.html" REL=next> <LINK HREF="Samba-Authenticated-Gateway-HOWTO-4.html" REL=previous> <LINK HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5" REL=contents> </HEAD> <BODY> <A HREF="Samba-Authenticated-Gateway-HOWTO-6.html">Next</A> <A HREF="Samba-Authenticated-Gateway-HOWTO-4.html">Previous</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">Contents</A> <HR> <H2><A NAME="s5">5.</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">SSH setup</A></H2> <P>You may want to run your PDC on one box and have another box as a managed gateway for any reason. If so you must setup your gateway to accept rsa authenticated logins without passwords from the PDC.</P> <P>Take a look at <A HREF="http://www.openssh.org/manual.html">www.openssh.org</A> for information on how to properly setup your ssh server and client for this.</P> <H2><A NAME="ss5.1">5.1</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.1">Important</A> </H2> <P>You should read the ssh documentation and make shure that you fully understand what you are doing when you setup rsa or any other kind of cryptographic authentication.</P> <P>If security isn't an issue, just use my example and go on.</P> <H2><A NAME="ss5.2">5.2</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.2">Key pair generation</A> </H2> <P>To create a key pair issue the following commands on the manchine meant to be the PDC:</P> <P> <PRE> pdc:~# ssh-keygen -t rsa </PRE> </P> <P>Answer the questions and copy the resulting public key to the gateway it self. Usually the public key goes to "~.ssh/id_rsa.pub"</P> <P> <PRE> pdc:~# cd .ssh pdc:~# scp id_rsa.pub root@gateway:/root/.ssh/authorized_keys2 </PRE> </P> <H2><A NAME="ss5.3">5.3</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5.3">SSH enabled logon script</A> </H2> <P>The following is a standard /etc/smbgate/users/user script modified to use the ssh cryptographic authentication.</P> <P> <PRE> #!/bin/sh # COMMAND=$1 ADDRESS=$2 EXTIF=$3 IPTABLES='/sbin/iptables' ssh root@gateway $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE </PRE> </P> <P>Note that the iptables binary in called through ssh at the "gateway". Again, make sure that you read the ssh server documentation.</P> <HR> <A HREF="Samba-Authenticated-Gateway-HOWTO-6.html">Next</A> <A HREF="Samba-Authenticated-Gateway-HOWTO-4.html">Previous</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc5">Contents</A> </BODY> </HTML>