Some convinience stuff
pacman -S vim screen pacman -Rs vi ln -s /usr/bin/vim /usr/bin/vi
Add the following line to ~/.screenrc to allow scrolling:
termcapinfo xterm|xterms|xs|rxvt ti@:te@
Make the server more secure
Use fwbuilder to create a firewall. On the server side, following packages are required:
pacman -S iptables iproute
Might be overkill, http://wiki.archlinux.org/index.php/Simple_stateful_firewall is also interesting.
Allow acces only with public key, not password uncomment line in /etc/ssh/sshd_config:
Install small weave server
Activate following configurations in /etc/php/php.ini:
extension=json.so extension=pdo_sqlite.so extension=sqlite.so extension=pdo.so
pacman -S deluge python-mako
Run once to get standard configuration files:
/etc/rc.d/deluged start /etc/rc.d/deluged stop
Configure Apache reverse proxy to access deluge web ui:
<VirtualHost *:80> ServerName deluge.mydomain.org ProxyPass / http://localhost:8112/ </VirtualHost>
pacman -S git
Make package from aur: https://aur.archlinux.org/packages.php?ID=23419 and install.
Copy local ssh public key to server
scp .ssh/id_rsa.pub myserver:/tmp/
On the server, execute as git user:
gitosis-init < /tmp/id_rsa.pub
If you get following error:
Authentication refused: bad ownership or modes for directory /srv/gitosis
chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
Using the Crypto Stick is very easy. First of all, install pcsclite.
The stick can be tested with:
GPG detected the stick and it can be used as described in the GnuPG Smartcard Howto.
However, I had the problem that I already have a key and it is not a RSA key. Thus, it can not be imported to the stick. Therefore, a solution with subkeys is shown in the following section.
Using subkey with the Crypto Stick
Let's assume that the primary (DSA) key has the ID 0x1234ABCD. Furthermore, an ElGamal subkey exists for encryption. Now, we want to add two RSA subkeys: one for encryption and one for signing. So we start the gpg shell with the primary key
gpg --edit-key 0x1234ABCD
With addkey we can add a new subkey and select its type ( 5 - RSA (sign only), 6 - RSA (encrypt only) ). Select a keysize of 1024, so three keys fit on the Crypto Stick.
See section Add subkey for encryption in Ana's blog for more details.
These subkeys have to be copied to the stick as follows:
gpg --edit-key 0x1234ABCD toggle
Select the appropriate subkey and copy it to the stick:
key 1 keytocard
See the smartcard howto for additional information.
An interesting article on subkeys can be found here.
$ gpg -v --card-status gpg: enabled debug flags: memstat gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error
Solution: Kill scdaemon