Read the $$%&@$ manual!

Thursday, September 4, 2008

Stop using passwords

Create your own RSA keys on the client :

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/philippe/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/philippe/.ssh/id_rsa.
Your public key has been saved in /Users/philippe/.ssh/id_rsa.pub.
The key fingerprint is: (snip)

Copy the new public key in your server:

$ scp .ssh/id_rsa.pub philippe@server.tld:/
Password:
id_rsa.pub 100% 430 0.4KB/s 00:00
$ ssh philippe@server.tld
Password:
Last login: Thu Sep 4 22:52:06 2008 from xxxxxxxxxxxxxxxx
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD STABLE (f5iyj) #0: Tue Mar 20 16:05:42 CET 2007
server$ cat id_rsa.pub >> .ssh/authorized_keys2
server$ exit

Then connect without password:

$ ssh philippe@server.tld
Last login: Thu Sep 4 23:10:23 2008 from xxxxxxxxxxxxxxxx
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD STABLE (f5iyj) #0: Tue Mar 20 16:05:42 CET 2007

So simple!

Limitations...

Thursday, May 15, 2008

Setting up a VPN server on FreeBSD in 10 minutes

install pptpd server:


#cd /usr/ports/net/poptop ; make install clean

that's all folks !

Configure pptpd server

in /usr/local/etc/pptpd.conf add :

 localip 192.168.100.1 # server local address
remoteip 192.168.100.100-200 # remote adresses (clients)

in /etc/ppp/ppp.conf :

pptp:
    set ifaddr 192.168.100.1 \
\ 192.168.100.100-192.168.100.200 255.255.255.255
   set dns 192.168.100.1
    set nbns 192.168.100.1
   disable pap
   disable utmp
   disable passwdauth
   enable MSChapV2
   enable mppe
   set log Phase Chat LCP IPCP CCP tun command 
   set timeout 0
   set mppe 128 stateless
   disable deflate pred1
   deny deflate pred1
   set server /var/run/pptp_ppp_%d "" 0700
   accept dns             
   disable ipv6cp       
   enable proxy

edit /etc/ppp/ppp.secret like that :


username    userpass     ipaddress
# ipaddress isn't mandatory

then check you have in /etc/rc.conf :


gateway_enable="YES"
arpproxy_all="YES"

start PPTPD server :


#  /usr/local/etc/rc.d/pptpd start

then check it is running :


# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN

DONE.