Repository servers & mirrors

Old stuff that should not bother anyone anymore
User avatar
thenktor
Salix Wizard
Posts: 2426
Joined: 6. Jun 2009, 14:47
Location: Franconia
Contact:

Repository servers & mirrors

Post by thenktor »

Thanks to JRD we could create a first repository at his server: http://alcoholix.enialis.net/ 8-)
Image
burnCDDA (burns audio CDs)
geBIERt (German beer blog)
User avatar
JRD
Salix Warrior
Posts: 950
Joined: 7. Jun 2009, 22:52
Location: Lyon, France

Re: Repository servers & mirrors

Post by JRD »

I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...

Easier for now, isn't it ?
Image
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: Repository servers & mirrors

Post by gapan »

Yes!
Image
Image
User avatar
thenktor
Salix Wizard
Posts: 2426
Joined: 6. Jun 2009, 14:47
Location: Franconia
Contact:

Re: Repository servers & mirrors

Post by thenktor »

JRD wrote:I will make a ssh account to this directory and generate a private key.
I will post it here, so trusted users could use it to upload stuff on it with filezilla/gftp/scp, ...

Easier for now, isn't it ?
Please don't post it to the forum. Use private messages or e-mail. Maybe users will join here, that are not really trusted yet. ;)
Image
burnCDDA (burns audio CDs)
geBIERt (German beer blog)
User avatar
JRD
Salix Warrior
Posts: 950
Joined: 7. Jun 2009, 22:52
Location: Lyon, France

Re: Repository servers & mirrors

Post by JRD »

Hum...it's the invert in fact I think. Trusted users must provide me their public key and I will add this to .ssh/authorized_keys file.

Is there a way to use a certificate to authenticate instead of a password ? How doing such a thing ?
Image
Shador
Posts: 1295
Joined: 11. Jun 2009, 14:04
Location: Bavaria

Re: Repository servers & mirrors

Post by Shador »

What about this as a starting point:

Code: Select all

PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
I'm using it myself in my public sshd config.
Image
User avatar
JRD
Salix Warrior
Posts: 950
Joined: 7. Jun 2009, 22:52
Location: Lyon, France

Re: Repository servers & mirrors

Post by JRD »

Hum ok, but I just need to remove the password in /etc/passwd when everybody has add his own public key in authorized_keys. And I like to login as root on that machine :)
Image
User avatar
Sparky
Posts: 30
Joined: 11. Jun 2009, 16:26
Location: Terra
Contact:

Re: Repository servers & mirrors

Post by Sparky »

If you need root access you can always just SSH into the computer and then su. Of course that's an extra step, but if it improves security it might be worth it. I probably still wouldn't do it though, as I'm pretty lazy like that. :)
Shador
Posts: 1295
Joined: 11. Jun 2009, 14:04
Location: Bavaria

Re: Repository servers & mirrors

Post by Shador »

I like to avoid the su step because it breaks X Forwarding. But for outside public SSH access the connection is anyway to slow for X Forwarding.
I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies. :)
Image
User avatar
gapan
Salix Wizard
Posts: 6238
Joined: 6. Jun 2009, 17:40

Re: Repository servers & mirrors

Post by gapan »

Shador wrote:I think the PermitRoot no thing is more like security by obscurity. Something that blocks of those generic script kiddies. :)
By permitting root, you give those kiddies a valid username and the only thing they have to discover is the password. Makes their job a lot easier.
Image
Image
Locked