diff options
author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-06 09:21:49 +0000 |
---|---|---|
committer | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2009-01-06 09:21:49 +0000 |
commit | 95c44908d416a6e4f19383bbbe76ed267065a2e4 (patch) | |
tree | 53287aee1721762fed3b2df7e3d990eaa24cb247 | |
parent | 563cdc2241c914f3d31421bbc81d5dd70ee15bb0 (diff) |
A few more README notes.
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@6553 283159da-0705-0410-b60c-f2062b4bb6ad
-rw-r--r-- | README | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -111,12 +111,27 @@ TODO: document it. For starters, its help message: # Generate an OpenPGP key for signing tarballs (interactive) "Enabled" connection is a connection that can start a new tunnel. -Disabling it does not Disconnect an existing connection. +Disabling it does not Disconnect an existing connection. It essentially +rems-out the respective line in .ssh/authorized_keys . Server Troubleshooting ~~~~~~~~~~~~~~~~~~~~~~ -All the log files and such... +The client connects with (essentially) + + ssh -i key support@server <ra-params.tar.gz + +It uses the ssh key that the server generated in the support request and +sent over in the tarball. It connects and sends a tarball as its +standard input. + +This is answered by the dedicated sshd. As per the command directive in +the authorized_keys file, /usr/share/rapid-tunneling/bin/rt-from-remote +will be run to handle this. Output from this goes to the file 'log' in +the support home directory. Errors go to 'err'. Malformed tarballs go to +the 'bad/' subdirectory. Tarballs used by active connections are in 'ra/' +and ones belonging to deleted connections: in 'ra/old/'. + Client Operation @@ -160,6 +175,9 @@ The authorized_keys line is: no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",command="/usr/share/rapid-tunneling/bin/rt-from-remote 4567" ssh-rsa <snip lengthy key> ra-4567-clint-20090105180013 +A key can also be used to flood the server's disk, which means that the +support user's quota should be limited. + The client only allows requests that are signed by someone hopefully trusted by the client, as implied from the gpg ring of the rapid-tunneling account on the client. |