aiko/dotTiddlywiki
1
0
Fork 0
mirror of /repos/dotTiddlywiki.git synced 2025-12-30 07:31:33 +01:00
Code Issues Releases Wiki Activity

update

Browse Source
This commit is contained in:
Aiko Mastboom 2015-07-08 07:37:40 +02:00
parent 34436b913e
commit 79d23fbd4f
2 changed files with 98 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
mywiki/tiddlers/SSH agent forwarding and screen.tid Normal file
View File

@ -0,0 +1,65 @@
created: 20150626150315424
creator: user
modified: 20150626150415353
modifier: user
tags: ssh
title: SSH agent forwarding and screen
type: text/x-markdown
SSH agent forwarding and screen
===============================
When connecting to a remote server via SSH it is often convenient to use SSH agent forwarding so that you don't need a separate keypair on that server for connecting to further servers.
This is enabled by adding the
ForwardAgent yes
option to any of your `Host` entries in `~/.ssh/config` (or alternatively with the `-A` option). Don't set this option in a wildcard `Host *` section since any user on the remote server that can bypass file permissions can now als use keys loaded in your SSH agent. So only use this with hosts you trust.
The problem with screen
-----------------------
Unfortunately, this doesn't work as-is with GNU screen. On every new SSH connection, agent forwarding is setup via a socket specified in the `SSH_AUTH_SOCK` environment variable (usually somewhere in `/tmp`). So the socket location will be different on each connection. However, your typical screen session will live over several SSH connections and the shells in your screen session won't know where to find the current socket (their environments are not updated).
Fixing agent forwarding with screen
-----------------------------------
A simple fix is to symlink to the current socket from a fixed location on each new connection and have SSH look for the socket in that fixed location (specified by the `SSH_AUTH_SOCK` environment variable). We'll use `~/.ssh/ssh_auth_sock` for the symlink location.
To have SSH within a screen session use the symlink, add the following line to `~/.screenrc`:
setenv SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock
To update the symlink we'll use the `~/.ssh/rc` file which is executed by SSH on each connection. This can be any executable file, so something like the following script will do:
if test "$SSH_AUTH_SOCK" ; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
Unfortunately, this will break X11 forwarding because SSH runs `xauth` on each connection, except when there is a `~/.ssh/rc` file. We can fix this by running `xauth` from our `~/.ssh/rc` as suggested in the `sshd(8)` manual page.
This is our complete `~/.ssh/rc` file:
#!/bin/bash
# Fix SSH auth socket location so agent forwarding works with screen.
if test "$SSH_AUTH_SOCK" ; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
# Taken from the sshd(8) manpage.
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | xauth -q -
fi
Credits go to this blog post: [Managing SSH Sockets in GNU Screen](http://techblog.appnexus.com/2011/managing-ssh-sockets-in-gnu-screen/)

33
mywiki/tiddlers/docker-compose.tid Normal file
View File

@ -0,0 +1,33 @@
created: 20150706134157211
creator: user
modified: 20150706134701187
modifier: user
tags: docker
title: docker-compose
type: text/vnd.tiddlywiki
http://stackoverflow.com/questions/29289785/how-to-install-docker-compose-on-windows
To install docker-compose from PyPI, run this from inside boot2docker:
```bash
docker@boot2docker:~$
tce-load -wi python && curl https://bootstrap.pypa.io/get-pip.py | \
sudo python - && sudo pip install -U docker-compose
```
To save having to run the above every time the boot2docker VM is restarted (since changes don't persist), you can use `bootlocal.sh` like so:
```bash
docker@boot2docker:~$
echo 'su docker -c "tce-load -wi python" && \
curl https://bootstrap.pypa.io/get-pip.py | \
python - && pip install -U docker-compose' | \
sudo tee /var/lib/boot2docker/bootlocal.sh > /dev/null && \
sudo chmod +x /var/lib/boot2docker/bootlocal.sh
```
(The `su docker -c` gymnastics are required since `tce-load` cannot be run as root, and `bootlocal.sh` is run as root. The `chmod` of `bootlocal.sh` should be unnecessary once #915 is fixed.
Add -a to the `tee` command if you need to append, rather than overwrite `bootlocal.sh`.)
If you wish to use a pre-release version of docker-compose, then replace `pip install -U docker-compose` with `pip install -U docker-compose>=1.3.0rc1` or equivalent.