diff options
| author | Guillaume Mazoyer <gmazoyer@gravitons.in> | 2014-08-05 23:37:59 +0200 |
|---|---|---|
| committer | Guillaume Mazoyer <gmazoyer@gravitons.in> | 2014-08-05 23:37:59 +0200 |
| commit | 2bce2bcbaecbf8c2cd01ff3d64f39318085a1f5d (patch) | |
| tree | b4310c01fda5d9ffe5e33f388efcd0a63c2dc1b9 | |
| parent | 0ae4963250755e1d2b8967c783a163a073b1dc92 (diff) | |
| parent | ca6d7e0db0a098d72bcd6b8bcd1433cedebbf6da (diff) | |
Merge pull request #9 from rboissat/master
Fixing typos.
| -rw-r--r-- | docs/cisco.md | 2 | ||||
| -rw-r--r-- | docs/quagga.md | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/docs/cisco.md b/docs/cisco.md index 17d33ea..af13911 100644 --- a/docs/cisco.md +++ b/docs/cisco.md @@ -84,7 +84,7 @@ router(config)# end router# ``` -Test the ssh/telnet connexion from the server where the looking glass is installed. +Test the ssh/telnet connection from the server where the looking glass is installed. Display the resulting logs during your tests: diff --git a/docs/quagga.md b/docs/quagga.md index 946c9d5..1e835bd 100644 --- a/docs/quagga.md +++ b/docs/quagga.md @@ -1,7 +1,7 @@ # Looking Glass: Quagga/Zebra configuration and tips. Only Quagga on Debian GNU/Linux and how to (merely) secure an restricted ssh user will -be detailed. Other OS were not tested. +be detailed. Other OSes were not tested. Quagga is average concerning code and security QA, thus security will be mainly based on shell, path and ssh access restriction. Password authentication will @@ -17,7 +17,7 @@ not even be presented here, only key based authentication. Looking Glass directly calls `vtysh -c "quaggavty command"`. Thus, the `lg` user only needs to run `vtysh`, `ping` and `traceroute`. To achieve this, we -recommend the use of `rbash`[1] (restricted bash), ssh key based authentication +recommend the use of `rbash` (restricted bash, see [1]), ssh key based authentication and a bit of dark magic. ## Configuration @@ -34,7 +34,8 @@ root@quagga-router ~# root@quagga-router ~# su -l lg # create ssh userdir and authorized the looking glass RSA pubkey with limited access and features. -lg@quagga-router ~# mkdir ~/.ssh/ lg@quagga-router ~# echo 'from="lg.example.com,$IP4-OF-YOUR-LG",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-rsa $RSA-PUBKEY-HERE lg@looking-glass' >| ~/.ssh/authorized_keys +lg@quagga-router ~# mkdir ~/.ssh/ +lg@quagga-router ~# echo 'from="lg.example.com,$IP4-OF-YOUR-LG",no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-rsa $RSA-PUBKEY-HERE lg@looking-glass' >| ~/.ssh/authorized_keys # truncate the profile dotfile lg@quagga-router ~# echo >| ~/.profile @@ -68,7 +69,7 @@ and reload sshd: ## Debug -Test the ssh connexion from the server where the looking glass is installed: +Test the ssh connection from the server where the looking glass is installed: `ssh -i lg-user-id_rsa.key lg@quagga-router.example.com` |