Posts Tagged ‘debian’

Comment Postfix and Aliases - 02/3/09

Just a quite post on a simple Postfix installation and some steps that tripped me up a little recently.

I installed a basic version of Postfix on Debian and didn’t want to go through the hassles of configuring a MySQL database for managing users etc… I decided to just use the simple aliases file to manage users. To do this I needed to specify the following in my main.cf file:

 Bash |  copy |? 
myhostname = example.co.uk
mydomain = example.co.uk
myorigin = example.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, $mydomain, localhost.$mydomain, mail.example.co.uk


and this in my /etc/aliases file:


 Bash |  copy |? 
postmaster: root
root: example@gmail.com
example: example@gmail.com


I also ran into two more issues with the aliases file:


1. Dictionary issue with /etc/aliases


 Bash |  copy |? 
postfix/smtpd[19065]: fatal: open dictionary: expecting "type:name" form instead of...


The issue here was that Postfix couldn’t read the aliases file.  It just needed to convert the /etc/aliases file into the /etc/aliases.db file.  The question was how, the answer, like this:


 Bash |  copy |? 
sudo newaliases; sudo postfix reload 




2. Aliases database out of sync


 Bash |  copy |? 
database /etc/aliases.db is older than source file /etc/aliases


The aliases database was not up to date with the aliases file.  To fix this I ran the commands above.




		

			
					
		
	


	 			

		
Comment Funplug and Passwordless SSH - 10/12/08


		
Gargh, passwordless SSH… it’s pretty straightforward, maybe it’s just knowing where to look when things aren’t quite going to plan.


Basically I want to setup passwordless SSH from:


My client (in this case my D-Link DNS-323 nasbox) … to …

My server (running Debian Etch 4.0).


The following steps are required:


1. Generate a set of keys (private and public) on the client.  To do this go into your home directory, change to the .ssh folder and run the ssh-keygen command as follows


 Bash |  copy |? 
cd ~/.ssh
ssh-keygen -t rsa


This will give you the following prompt:

Enter file in which to save the key (/root/.ssh/id_rsa):


If you hit enter it will create the following files:


 Bash |  copy |? 
id_rsa - our private key which will remain on the client
id_rsa.pub - our public key which we need to copy to the server


2. Copy the public key (id_rsa.pub) to the server as follows:


 Bash |  copy |? 
scp id_rsa.pub root@server:/root


3. Login to your server and copy the contents of the public key into the .ssh/authorized_keys file


 Bash |  copy |? 
ssh root@server
cat id_rsa.pub >> ~/.ssh/authorized_keys


That’s about if although there are a fwe caveats:


4. Make sure that the server SSH daemon is setup to allow RSA, public key authentication and  it is setup to read the correct authorized keys file.  Check the:


 Bash |  copy |? 
/etc/ssh/sshd_config


It should contain the following entries:


 Bash |  copy |? 
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys


If you have to make changes then ensure you restart the SSH daemon:


 Bash |  copy |? 
/etc/init.d/ssh restart


Also make sure the permissions on the authorized_keys file is set, it should be as follows:


 Bash |  copy |? 
-rw------- 1 root root  393 Oct 11 21:45 authorized_keys


if not then issue the following command:


 Bash |  copy |? 
chmod 600 authorized_keys


6. Test the SSH connection works from the client via:


 Bash |  copy |? 
ssh -v root@server


The -v flag will ensure verbose logging is turned on, this will tell you which keys it is reading and where it is reading them from.  You can debug the whole thing on the server by tailing the auth.log as follows:


 Bash |  copy |? 
tail -f /var/log/auth.log


Finally for the Funplug users make sure you use the default filenames (id_rsa and id_rsa.pub) and that they are saved in the following directory:


 Bash |  copy |? 
/mnt/HD_a2/.ssh




		

			
					
		
	


	 
	 

	  
 |