Brian and Dann,
What timeframe are you looking at for incorporating
the info in the manual so I can plan for time?
Thanks,
Denise
> -----Original Message-----
> From: Brian Elliott Finley [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2003 9:11 AM
> To: dann frazier
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Anton Smith;
> SISuite Users
> Subject: [Sisuite-docs] Re: [Sisuite-users] Re: getting an
> image through
> SSH
>
>
> Thus spake dann frazier ([EMAIL PROTECTED]):
> > There is definitely a lacking of ssh information in the manual, so
> > how about I add this in the Usage chapter, in its own section?
>
> Yes, yes, yes!
>
> I really like going in the direction similar to the Flamethrower
> chapter. Something like "HOWTO Use SSH for Secure Installs".
>
> > Brian: is what Anton describes currently the recommended procedure?
> >
> > On Thu, Jul 17, 2003 at 11:22:41PM +1200, Anton Smith wrote:
> > > Solved this for myself, and thought I'd post it here for
> everyone else.
> > >
> > > (just a reminder, this is for pulling images across to
> your server via ssh).
> > >
> > > 1) run prepareclient on your goldenclient as you usually do.
>
> Yes.
>
>
> > Immediately after it starts, ps -ef | grep for rsync and
> kill the daemon it started. Take note of the config file it
> used, most likely it will be in /tmp.
> > > 2) edit the rsync config file from above, and under
> [root], change it so it looks like this:
> > >
> > > auth users root
> > > path = /
> > > hosts allow = clientsiphere
> > > hosts deny = *
> > >
> > > This locks it down so that only root can log in and so
> that the only host that can connect is the client itself (we
> will be ssh tunneling so the packets will appear to come from
> the client itself, which is why this works).
> > >
> > > 3) run "rsync --daemon --config-file
> /tmp/rsyncd.conf.xxxxx". Tail /var/log/syslog to make sure
> the daemon came up okay and didn't complain about any of your
> new config changes (if it ignores any of your security lines
> then it will be listening for any host, which is a bad [tm] thing).
>
> This is not the intended use, but certainly you could do it this way.
> It is assumed that the client is firewalling everything but ssh to
> itself. Running the rsync daemon wide open is ok in this
> case, assuming
> that there are no malicious local users on the golden client.
>
> When you rung getimage, use the --ssh-user option, and the
> image will be
> retrieved using rsync over ssh.
>
> > > All of the following is on your image server:
> > >
> > > 4) Bring up the ssh tunnel: ssh -C -L
> localport:goldenclients_ip:873 [EMAIL PROTECTED] and
> enter the root password.
> > > 5) Switch to another terminal on your imageserver (make
> sure you leave the ssh session you opened in step 4 open),
> and run getimage -golden-client localhost:localport -image
> imagename (make sure you use the same value for localport
> here as you did in step 4. It can be any port but ideally
> should be an ephemereal and not already in use. As an example
> I use 15000 but you could use whatever you like).
> > > 6) From here, it should be just like a normal getimage.
> When its all finished you can log out of your ssh
> session/tunnel, and you can also kill the rsync daemon on
> your golden client.
>
> All of the above is handled for you by getimage if you use the
> --ssh-user option. Also look at the details at the bottom of the
> local.cfg file for autoinstall related details.
>
> Anton,
>
> This was a clever way to figure out how to do this, and I
> wonder if the
> hosts allow and hosts deny options are something we should consider
> adding to prepareclient.
>
> Dann, what do you think? prepareclient --server HOSTNAME (option to
> add the host allow/deny params)?
>
> Also, Anton, can we put you down as an OFFICIAL_TESTER? And
> have you do
> the ssh testing when we do new releases?
>
> Cheers, -Brian
>
>
> > >
> > > Voila :)
> > >
> > > Regards,
> > > Anton
> > >
> > >
>
> --
> ---------------------------------------------------------
> Brian Elliott Finley Phone: 630.803.8183
> GPG: 3FF8 D096 0E0C D3F3 29B7 6518 D20B 1931 10F8 EE52
> ---------------------------------------------------------
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet
_072303_01/01
_______________________________________________
Sisuite-docs mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/sisuite-docs
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Sisuite-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/sisuite-users
