User:Avanc

From ArchWiki
Jump to: navigation, search

Some convinience stuff

pacman -S vim screen
pacman -Rs vi
ln -s /usr/bin/vim /usr/bin/vi

Add the following line to ~/.screenrc to allow scrolling:

termcapinfo xterm|xterms|xs|rxvt ti@:te@


Make the server more secure

Use fwbuilder to create a firewall. On the server side, following packages are required:

pacman -S iptables iproute

Might be overkill, http://wiki.archlinux.org/index.php/Simple_stateful_firewall is also interesting.


Allow acces only with public key, not password uncomment line in /etc/ssh/sshd_config:

PasswordAuthentication yes


LAMP

http://wiki.archlinux.org/index.php/LAMP

Install small weave server

http://tobyelliott.wordpress.com/2009/09/11/weave-minimal-server/

Activate following configurations in /etc/php/php.ini:

extension=json.so
extension=pdo_sqlite.so
extension=sqlite.so
extension=pdo.so

install php-sqlite


Deluge

pacman -S deluge python-mako

Run once to get standard configuration files:

 /etc/rc.d/deluged start
 /etc/rc.d/deluged stop

Configure Apache reverse proxy to access deluge web ui:

<VirtualHost *:80>
 ServerName deluge.mydomain.org
 ProxyPass / http://localhost:8112/
</VirtualHost>

Gitosis

pacman -S git

Make package from aur: https://aur.archlinux.org/packages.php?ID=23419 and install.

Copy local ssh public key to server

scp .ssh/id_rsa.pub myserver:/tmp/

On the server, execute as git user:

gitosis-init < /tmp/id_rsa.pub

If you get following error:

Authentication refused: bad ownership or modes for directory /srv/gitosis

Change modes:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

rotate logs

http://wiki.archlinux.org/index.php/Logrotate

Crypto Stick

Using the Crypto Stick is very easy. First of all, install pcsclite.

The stick can be tested with:

gpg --card-status

GPG detected the stick and it can be used as described in the GnuPG Smartcard Howto.

However, I had the problem that I already have a key and it is not a RSA key. Thus, it can not be imported to the stick. Therefore, a solution with subkeys is shown in the following section.


Using subkey with the Crypto Stick

Let's assume that the primary (DSA) key has the ID 0x1234ABCD. Furthermore, an ElGamal subkey exists for encryption. Now, we want to add two RSA subkeys: one for encryption and one for signing. So we start the gpg shell with the primary key

gpg --edit-key 0x1234ABCD

With addkey we can add a new subkey and select its type ( 5 - RSA (sign only), 6 - RSA (encrypt only) ). Select a keysize of 1024, so three keys fit on the Crypto Stick.

See section Add subkey for encryption in Ana's blog for more details.

These subkeys have to be copied to the stick as follows:

gpg --edit-key 0x1234ABCD
toggle

Select the appropriate subkey and copy it to the stick:

key 1
keytocard

See the smartcard howto for additional information.

An interesting article on subkeys can be found here.



http://www.linux-magazin.de/Heft-Abo/Ausgaben/2010/12/Magisches-Leuchten

Propblems

$ gpg -v --card-status
gpg: enabled debug flags: memstat
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error

Solution: Kill scdaemon