Difference between revisions of "Ubuntu notes"

From Jon's Wiki
(ssh auth)
Line 38: Line 38:
  
 
  sudo apt-get install network-manager-pptp network-manager-kde
 
  sudo apt-get install network-manager-pptp network-manager-kde
 +
 +
== SSH Authentication With Keys  ==
 +
 +
Turn off ssh login prompts and do everything with keys. This will reduce the attack surface on port 22. First, create a key using the following command:
 +
 +
ssh-keygen -t dsa -f ~/.ssh/mykey
 +
 +
This will ask for a pass-phrase and create a pair in your .ssh directory as two files, mykey containing the private key and mykey.pub containing the public key. Then for each host you log in to, scp your public key to your home folder and append it to the ~/.ssh/authorized_keys file, thus:
 +
 +
scp ~/.ssh/mykey.pub me@host:~
 +
cat ~/mykey.pub >> ~/.ssh/authorized_keys
 +
 +
Then, in your Gnome Sessions configuration under Startup Programs, add this:
 +
 +
ssh-add /home/me/.ssh/mykey
 +
 +
Note that you will need your full home path, not the ~ shortcut. Now, you can enter your pass-phrase once at the start of every session, and log in to your hosts without prompting for passwords. Once you have it working, you can then disable ssh password prompts.

Revision as of 04:33, 5 January 2007

Enable Sensible Repositories

A vaguely useful apt sources.list:

 deb     http://nz.archive.ubuntu.com/ubuntu/ edgy          main restricted universe multiverse 
 deb-src http://nz.archive.ubuntu.com/ubuntu/ edgy          main restricted universe multiverse 

 deb     http://nz.archive.ubuntu.com/ubuntu/ edgy-updates  main restricted universe multiverse 
 deb-src http://nz.archive.ubuntu.com/ubuntu/ edgy-updates  main restricted universe multiverse 

 deb     http://security.ubuntu.com/ubuntu    edgy-security main restricted universe multiverse 
 deb-src http://security.ubuntu.com/ubuntu    edgy-security main restricted universe multiverse 

 deb http://archive.canonical.com/ubuntu   edgy-commercial  main 

 deb     http://packages.freecontrib.org/plf  edgy-plf      free non-free 
 deb-src http://packages.freecontrib.org/plf  edgy-plf      free non-free 

Note: Can replace security.ubuntu.com with nz.archive.ubuntu.com for faster transfers, with slightly less up-to-date-ness.

Crazy Wireless Drivers

If you are lucky enough to have bought a HP or Compaq laptop recently, you've probably got a Broadcom wireless chipset. Broadcom are lazy wankers and don't release their driver code.

Solution: Use ndiswrapper 1.8. Blacklist the built-in bcm43xx and download these Win32 Broadcom 4318 drivers.

sudo apt-get install ndiswrapper-utils-1.8 ndiswrapper-common

Google Earth Permission

Permission denied running googleearth?

sudo chown -R username ~/.googleearth ~/.local/share/applications/googleearth.desktop

Connect to a Windows VPN

Finally, some clever Ubuntu Gnome folks have written a network manager plugin for doing Windows VPN connections over PPTP. The extremely cool network manager is also available for KDE:

sudo apt-get install network-manager-pptp network-manager-kde

SSH Authentication With Keys

Turn off ssh login prompts and do everything with keys. This will reduce the attack surface on port 22. First, create a key using the following command:

ssh-keygen -t dsa -f ~/.ssh/mykey

This will ask for a pass-phrase and create a pair in your .ssh directory as two files, mykey containing the private key and mykey.pub containing the public key. Then for each host you log in to, scp your public key to your home folder and append it to the ~/.ssh/authorized_keys file, thus:

scp ~/.ssh/mykey.pub me@host:~
cat ~/mykey.pub >> ~/.ssh/authorized_keys

Then, in your Gnome Sessions configuration under Startup Programs, add this:

ssh-add /home/me/.ssh/mykey 

Note that you will need your full home path, not the ~ shortcut. Now, you can enter your pass-phrase once at the start of every session, and log in to your hosts without prompting for passwords. Once you have it working, you can then disable ssh password prompts.