[gentoo-doc-cvs] cvs commit: shb-services.xml

[gentoo-doc-cvs] cvs commit: shb-services.xml

[swift]

swift       06/03/11 16:44:44

  Modified:             shb-services.xml
  Log:
  Explain how to add a key to the authorized_keys file, noted by Nathan L. Adams

Revision  Changes    Path
1.3                  xml/htdocs/doc/en/security/shb-services.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-services.xml?rev=1.3&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-services.xml?rev=1.3&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/security/shb-services.xml.diff?r1=1.2&r2=1.3&cvsroot=gentoo

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- shb-services.xml	1 Jun 2005 17:42:46 -0000	1.2
+++ shb-services.xml	11 Mar 2006 16:44:44 -0000	1.3
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.2 2005/06/01 17:42:46 neysx Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.3 2006/03/11 16:44:44 swift Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
 
 <sections>
 
-<version>1.0</version>
-<date>2005-05-31</date>
+<version>1.1</version>
+<date>2006-03-11</date>
 
 <section>
 <title>Apache</title>
@@ -438,9 +438,16 @@
 <path>id_dsa</path> is your private key and should be kept from other people
 than yourself. The other file <path>id_dsa.pub</path> is to be distributed to
 every server that you have access to. Add the key to the users home directory
-in <path>~/.ssh/authorized_keys</path> and the user should be able to login.
+in <path>~/.ssh/authorized_keys</path> and the user should be able to login:
 </p>
 
+<pre caption="Adding the id_dsa.pub file to the authorized_keys file">
+$ <i>scp id_dsa.pub other-host:/var/tmp/currenthostname.pub</i>
+$ <i>ssh other-host</i>
+password: 
+$ <i>cat /var/tmp/currenthostname.pub >> ~/.ssh/authorized_keys</i>
+</pre>
+
 <p>
 Now your users should guard this private key well. Put it on a media that they
 always carry with them or keep it on their workstation (put this in the <uri



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: shb-services.xml

[Josh Saddler]

nightmorph    06/12/02 00:36:04

  Modified:             shb-services.xml
  Log:
  updated SHB for new openssh rhostsauthentication syntax, bug 156851

Revision  Changes    Path
1.5                  xml/htdocs/doc/en/security/shb-services.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.4&r2=1.5

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- shb-services.xml	18 Sep 2006 09:22:48 -0000	1.4
+++ shb-services.xml	2 Dec 2006 00:36:03 -0000	1.5
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.4 2006/09/18 09:22:48 neysx Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.5 2006/12/02 00:36:03 nightmorph Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
 
 <sections>
 
-<version>1.1</version>
-<date>2006-03-11</date>
+<version>1.2</version>
+<date>2006-12-01</date>
 
 <section>
 <title>Apache</title>
@@ -383,7 +383,7 @@
 AuthorizedKeysFile      .ssh/authorized_keys
 
 #Disable .rhost and normal password authentication
-RhostsAuthentication no
+HostbasedAuthentication no
 PasswordAuthentication no
 PermitEmptyPasswords no
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: shb-services.xml

[Josh Saddler]

nightmorph    07/03/07 02:24:17

  Modified:             shb-services.xml
  Log:
  s/qmail/netqmail for all official translations, no revbump, bug 165874

Revision  Changes    Path
1.6                  xml/htdocs/doc/en/security/shb-services.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.6&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.6&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.5&r2=1.6

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- shb-services.xml	2 Dec 2006 00:36:03 -0000	1.5
+++ shb-services.xml	7 Mar 2007 02:24:17 -0000	1.6
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.5 2006/12/02 00:36:03 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.6 2007/03/07 02:24:17 nightmorph Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -295,13 +295,13 @@
 </body>
 </section>
 <section>
-<title>Qmail</title>
+<title>Netqmail</title>
 <body>
 
 <p>
-Qmail is often considered to be a very secure mail server. It is written with
+Netqmail is often considered to be a very secure mail server. It is written with
 security (and paranoia) in mind. It does not allow relaying by default and has
-not had a security hole since 1996. Simply <c>emerge qmail</c> and go configure!
+not had a security hole since 1996. Simply <c>emerge netqmail</c> and go configure!
 </p>
 </body>
 </section>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: shb-services.xml

[Josh Saddler]

nightmorph    07/06/21 03:31:26

  Modified:             shb-services.xml
  Log:
  cleanups for emerge --config and apache

Revision  Changes    Path
1.7                  xml/htdocs/doc/en/security/shb-services.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.7&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.7&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.6&r2=1.7

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- shb-services.xml	7 Mar 2007 02:24:17 -0000	1.6
+++ shb-services.xml	21 Jun 2007 03:31:26 -0000	1.7
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.6 2007/03/07 02:24:17 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.7 2007/06/21 03:31:26 nightmorph Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,17 +7,17 @@
 
 <sections>
 
-<version>1.2</version>
-<date>2006-12-01</date>
+<version>1.3</version>
+<date>2007-06-20</date>
 
 <section>
 <title>Apache</title>
 <body>
 
 <p>
-Apache (1.3.26) comes with a pretty decent configuration file but again, we need
-to improve some things, like binding Apache to one address and preventing it
-from leaking information. Below are the options that you should apply the
+Apache comes with a pretty decent configuration file but again, we need to
+improve some things, like binding Apache to one address and preventing it from
+leaking information. Below are the options that you should apply the
 configuration file.
 </p>
 
@@ -77,10 +77,10 @@
 </p>
 
 <pre caption="Chrooting BIND">
-ebuild /var/db/pkg/net-dns/bind-9.2.2-r2/bind-9.2.2-r2.ebuild config\`"
+# <i>emerge --config bind</i>
 <comment>(Before running the above command you might want to change the chroot
 directory in /etc/conf.d/named. Otherwise /chroot/dns will be used.)</comment>
-<comment>(You might need to substitute the version number with the current version number )</comment>
+
 </pre>
 </body>
 </section>



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: shb-services.xml

[Josh Saddler]

nightmorph    07/07/08 21:31:31

  Modified:             shb-services.xml
  Log:
  cleanups for bug 182574

Revision  Changes    Path
1.8                  xml/htdocs/doc/en/security/shb-services.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.8&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.8&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.7&r2=1.8

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- shb-services.xml	21 Jun 2007 03:31:26 -0000	1.7
+++ shb-services.xml	8 Jul 2007 21:31:31 -0000	1.8
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.7 2007/06/21 03:31:26 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.8 2007/07/08 21:31:31 nightmorph Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
 
 <sections>
 
-<version>1.3</version>
-<date>2007-06-20</date>
+<version>1.4</version>
+<date>2007-07-08</date>
 
 <section>
 <title>Apache</title>
@@ -399,6 +399,7 @@
 SyslogFacility AUTH
 LogLevel INFO
 
+<comment>(Change this to your address)</comment>
 ListenAddress 127.0.0.1
 </pre>
 



-- 
gentoo-doc-cvs@gentoo.org mailing list

[gentoo-doc-cvs] cvs commit: shb-services.xml

[Sven Vermeulen]

swift       08/06/13 20:02:26

  Modified:             shb-services.xml
  Log:
  #223843 - Updates on ssh and apache configurations

Revision  Changes    Path
1.9                  xml/htdocs/doc/en/security/shb-services.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.9&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?rev=1.9&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/security/shb-services.xml?r1=1.8&r2=1.9

Index: shb-services.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- shb-services.xml	8 Jul 2007 21:31:31 -0000	1.8
+++ shb-services.xml	13 Jun 2008 20:02:26 -0000	1.9
@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.8 2007/07/08 21:31:31 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-services.xml,v 1.9 2008/06/13 20:02:26 swift Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
 
 <!-- The content of this document is licensed under the CC-BY-SA license -->
@@ -7,8 +7,8 @@
 
 <sections>
 
-<version>1.4</version>
-<date>2007-07-08</date>
+<version>1.5</version>
+<date>2008-06-13</date>
 
 <section>
 <title>Apache</title>
@@ -23,34 +23,40 @@
 
 <p>
 If you did not disable <c>ssl</c> in your <path>/etc/make.conf</path> before
-installing Apache, you should have access to an ssl enabled server. Just add the
-following line to enable it.
+installing Apache, you should have access to an ssl enabled server. Inside
+<path>/etc/apache2/vhosts.d</path> example configuration files can be found.
+These are working examples and it is best to verify those or disable them.
 </p>
 
-<pre caption="/etc/conf.d/apache">
-HTTPD_OPTS="-D SSL"
-</pre>
+<p>
+It is important to define your configuration(s) to listen to a particular IP
+address (rather than all available IP addresses on your system). For instance,
+for the <path>00_default_vhost.conf</path> file:
+</p>
 
-<pre caption="/etc/apache/conf/apache.conf">
-#Make it listen on your ip
+<pre caption="/etc/apache2/vhosts.d/00_default_vhost.conf">
+<comment># Make it listen on your ip</comment>
 Listen 127.0.0.1
-BindAddress 127.0.0.1
-#It is not a good idea to use nobody or nogroup -
-#for every service not running as root
-#(just add the user apache with group apache)
-User apache
-Group apache
-#Will keep apache from telling about the version
+</pre>
+
+<p>
+We also recommend you to disable showing any information about your Apache
+installation to the world. By default, the configuration will add server version
+and virtual host name to server-generated pages. To disable this, change the
+<c>ServerSignature</c> variable to <c>Off</c>:
+</p>
+
+<pre caption="/etc/apache2/modules.d/00_default_settings.conf">
 ServerSignature Off
-ServerTokens Prod
 </pre>
 
 <p>
 Apache is compiled with <c>--enable-shared=max</c> and
 <c>--enable-module=all</c>. This will by default enable all modules, so you
 should comment out all modules in the <c>LoadModule</c> section
-(<c>LoadModule</c> and <c>AddModule</c>) that you do not use. Restart the
-service by executing <c>/etc/init.d/apache restart</c>.
+(<c>LoadModule</c> and <c>AddModule</c>) that you do not use in the main
+<path>/etc/apache2/httpd.conf</path> configuration file. Restart the
+service by executing <c>/etc/init.d/apache2 restart</c>.
 </p>
 
 <p>
@@ -301,7 +307,8 @@
 <p>
 Netqmail is often considered to be a very secure mail server. It is written with
 security (and paranoia) in mind. It does not allow relaying by default and has
-not had a security hole since 1996. Simply <c>emerge netqmail</c> and go configure!
+not had a security hole since 1996. Simply <c>emerge netqmail</c> and go
+configure!
 </p>
 </body>
 </section>
@@ -405,7 +412,10 @@
 
 <p>
 Also verify that you don't have <c>UsePAM yes</c> in your configuration file as
-it overrides the public key authentication mechanism.
+it overrides the public key authentication mechanism, or you can disable either
+<c>PasswordAuthentication</c> or <c>ChallengeResponseAuthentication</c>. More
+information about these options can be found in the <path>sshd_config</path>
+manual page.
 </p>
 
 <p>



-- 
gentoo-doc-cvs@lists.gentoo.org mailing list