Difference between revisions of "Damme's linux stuff"
From World Wide Wiegert Wiki - WWWW
(→SSH) |
(→Docker) |
||
Line 24: | Line 24: | ||
== Docker == | == Docker == | ||
Generate rsa | Generate rsa keys for encrypted communication between | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
export HOST=$HOSTNAME | export HOST=$HOSTNAME | ||
Line 49: | Line 49: | ||
-CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS | -CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Other stuff == | == Other stuff == |
Revision as of 10:45, 27 September 2020
SSH
ssh-keygen -N '' -f ~/.ssh/id_rsa #generate all keys - don't ask for passkey, save in ~/.ssh/id_rsa
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub # if ~/.ssh/id_rsa.pub is missing!
ssh-copy-id user@host # copy id_rsa.pub to host ~/.ssh/authorized_keys
sshpiper auth process:
(client)[id_rsa.pub] -> (sshpiper)[authorized_keys] [id_rsa.pub] -> (target) [authorized_keys]
pacman
pacman -F $filename # Search package including $filename:
pacman -Ss $package # Search $package
pacman -S $package # Install $package
pacman -R $package # Remove $package
Docker
Generate rsa keys for encrypted communication between
export HOST=$HOSTNAME
export PASS=SuperSecret
export SUBJ='/C=SE/L=Skällinge/O=Unimatrix'
export DAYS=3650
openssl genrsa -aes256 -out ca-key.pem -passout pass:$PASS 4096
openssl req -new -x509 -days $DAYS -key ca-key.pem -sha256 -out ca.pem -passin pass:$PASS -subj $SUBJ
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = DNS:$HOST,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf -passin pass:$PASS
#client:
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days $DAYS -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS
Other stuff
Fixperm on files (600) and folders (700):
find . -type d -exec chmod 700 {} \;
find . -type f -exec chmod 600 {} \;
docker + kvm + networking = :( https://serverfault.com/questions/963759/docker-breaks-libvirt-bridge-network
pfsense port forwarding while not being default gw: https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat.html#figure-manual-outbound-nat-local-device
smtprelay via gmail with postfix mailutils, s-nail https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/
Nut sending mails: https://freekode.org/nut-sending-emails/