I was sent email by somebody asking about doing server to server communication with encryption. On the way in to the office this morning I realized that there is another way to do this.
See: http://www.linuxjournal.com/article.php?sid=5462 I also tried the following: First, set up a 'trusteduser' account on the system, and set up an SSH private/public key for this account. If you are using OpenSSH, then copy the public key to the authorized keys file: ssh-keygen (set up an empty passphrase) cd .ssh cp identity.pub authorized_keys Now, on all of the remote systems, create the same account, and copy the .ssh/authorized_keys file to the .ssh/authorized_keys file in the new account home directory. Make sure that the permissions and ownership of the .ssh directory and .ssh/authorized_keys file are appropriate. drwx------ 2 trusteduser trusteduser 512 Apr 9 07:21 .ssh -rw------- 1 trusteduser trusteduser 346 Jul 31 2001 .ssh/authorized_keys You an check this by using: su - trusteduser -c 'ssh trusteduser@remotehost ls' and you should have ssh execute the ls command. Now you need to set up a set of ports that you will want to be forwarded to the remote host: ssh -n -f -L XXX:remotehost:515 trusteduser@remotehost /bin/sleep 10000000 & You can test that this works by using: lpq -Plp@remotehost%XXX Note: if 'remotehost' is 'localhost', then the current version of LPRng tries to use the 'unix socket' for connections. You need to edit /etc/lpd.conf and set: unix_socket_path= Sigh... But it will work fine for connections to non-localhost hosts. And now you set up the printcap: lp:server:lp=lp@remotehost%XXX And your jobs will be forwarded over the SSH socket. The exercise of setting up the ssh stuff so that it gets retried if the remote host is not up or the sshd on the remote host dies is left as an exercise for the Unix Wizard... Patrick Powell ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
