31
contributi
Nessun oggetto della modifica |
|||
Riga 26: | Riga 26: | ||
</pre> | </pre> | ||
====Install layman, monkeysphere and bind 9==== | ====Install layman, monkeysphere, sudo and bind 9==== | ||
Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | Depending on your useflag configuration it will ask you other things, don't panic just read and try to understand | ||
<pre> | <pre> | ||
Riga 32: | Riga 32: | ||
layman -S | layman -S | ||
layman -a eigenlay | layman -a eigenlay | ||
emerge -avq app-crypt/monkeysphere net-dns/bind | emerge -avq app-crypt/monkeysphere net-dns/bind app-admin/sudo | ||
</pre> | </pre> | ||
===Setup eigendns user=== | |||
<pre> | |||
useradd eigendns | |||
# This password isn't be important as ssh password should be disabled on your server, at least for this eigendns and root users | |||
passwd eigendns | |||
mkdir /home/eigendns | |||
usermod -a -G named eigendns | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Set correct permission on bind config=== | |||
<pre> | |||
chown -R named:named /etc/bind | |||
chmod -R 771 /etc/bind | |||
</pre> | |||
===Add Some trusted identity certifier=== | |||
<pre> | |||
monkeysphere-authentication add-identity-certifier YOUR_PGP_FINGERPRINT | |||
monkeysphere-authentication add-identity-certifier PHOENIX_MAINTAINER_PGP_FINGERPRINT | |||
</pre> | |||
===Setup monkeysphere autorized ids for eigendns=== | |||
<pre> | |||
mkdir /home/eigendns/.monkeysphere | |||
echo 'EigenLab DNS Updater <info@eigenlab.org>' > /home/eigendns/.monkeysphere/authorized_user_ids | |||
chmod -R 755 /home/eigendns | |||
chown -R eigendns:eigendns /home/eigendns | |||
</pre> | |||
===Change autorized_keys location for sshd=== | |||
/etc/ssh/sshd_config | |||
<pre> | |||
#AuthorizedKeysFile .ssh/authorized_keys | |||
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u | |||
</pre> | |||
restart sshd | |||
<pre> | |||
/etc/init.d/sshd restart | |||
</pre> | |||
===Update monkeysphere authorized users=== | |||
<pre> | |||
monkeysphere-authentication update-users | |||
</pre> | |||
It is suggested to do this operation periodical for example adding this line to your crontab | |||
<pre> | |||
0 * * * * root monkeysphere-authentication update-users | |||
</pre> | |||
===Autorize eigendns to restart bind=== | |||
<pre> | |||
echo 'eigendns ALL= (root) NOPASSWD: /etc/init.d/named restart' >> /etc/sudoers | |||
<pre> |
contributi