On Fri, Jan 20, 2006 at 01:01:03PM +0000, Gavin Seddon wrote: > I am really sorry for this, I am following fwbuilder instructions from > tp://www.fwbuilder.org/archives/cat_howtos.html#000095 > it recommends ssh to [EMAIL PROTECTED], which lost me. Correctly someone > pointed out about allowing root access with ssh, I had forgotten I > stopped this in the absence of a firewall, all I need to do is install > the fwall I have built. However, this needs a user and pass. I > generated the password but I can't activate the inst procedure. The > sshing was just a recommended test. Do I need to allow ssh root login > to install my firewall? > Thanks.
>From what I remeber about using FWBuilder; First, the "name" you give your server when you create it in fwbuilder is the machine name fwbuilder is going to try to ssh to. In my case, I orginally named my firewall "Disco-stu" in fwbuilder, and when I tried to install the script, it failed as it could not resolve Disco-stu. I had to rename my the entry in fwbuilder to "disco-stu" for the automatic install to work. Secondly, it is recommened to use ssh keys instead of tunneled clear text. This is how I setup my server (in fact, all my servers don't accept tunneled clear text passwords). The basic idea is on your workstation, create a key (I use dsa) with ssh-keygen. This will generate two files, id_dsa and id_dsa.pub. Then copy the .pub file to the remote server you want access to, and put the contents of the file in ~/.ssh/authorized_keys of the user you want to ssh in as. In this case, I put my .pub file in /root/.ssh/authorized.keys. Now, you can ssh from your normal user account on your workstation to the firewall server as root (assuming you lift the don't allow root logins from sshd.conf) Lastly, fwbuilder just builds a shell script for you when you compile, and then just copys the shell script to the firewall server and runs it when you install. If you are having problems with the automated install, you can always just manually copy the file over. If you look in the directory where you saved the firewall configuration, you will find two files, <firewall-server-name>.fwb and <firewall-server-name>.fw. The .fwb file is the config file used by fwbuilder (and is just xml), and the .fw file is the script it generated when you compiled. All you need to do is copy the .fw file somewhere on the firewall box, and run it as root. I usually stored it in /etc/firewall and then I wrote a custom init script to start the firewall scipt. Once you have manually copied the file over and ran it as run, you can then write a simple script to so just that: #!/bin/sh scp ~/etc/disco-stu.fw [EMAIL PROTECTED]:/etc/firewall ssh [EMAIL PROTECTED] /etc/firewall/disco-stu.fw That is basically all the auto install is going to do, but I believe it uses ssh-agent (at least it used to), which is why you may be having problems. Brett -- [email protected] mailing list
