OpenSSH client configuration
add to /etc/ssh/ssh_config or ~/.ssh/config:
ProxyCommand /opt/curveprotect/bin/nettunnel -u -c %h %p
or from commandline (replace user@host with your user and your host):
ssh -o "ProxyCommand /opt/curveprotect/bin/nettunnel -u -c %h %p" user@host
OpenSSH server configuration
Replace domain, IP, extension, CurveCP key directory with Your domain, IP, extension, CurveCP key directory.
domain z1.mojzis.com
IP 85.118.128.55, port 22
extension 00000000000000000000000000000000
CurveCP key in directory /etc/ssh/key
prerequisites:
install daemontools
install curveprotect
as a root create CurveCP key directory:
/opt/curveprotect/bin/curvecpmakekey /etc/ssh/key
as a root create a run script like this and run it under daemontools:
#!/bin/sh
exec 2>&1
PATH="/opt/curveprotect/bin:${PATH}"; export PATH
NAME=z1.mojzis.com; export NAME
KEYDIR=/etc/ssh/key; export KEYDIR
IP=85.118.128.55; export IP
PORT=22; export PORT
EXTENSION=00000000000000000000000000000000; export EXTENSION
exec curvecpserver "${NAME}" "${KEYDIR}" "${IP}" "${PORT}" "${EXTENSION}" curvecpmessage sshd -i -e -D
insert the key and the extension into the DNS record:
how-to do is found here
check it:
ssh -o "ProxyCommand /opt/curveprotect/bin/nettunnel -u -c %h %p" z1.mojzis.com
Linux z1.mojzis.com 2.6.32-5-amd64 #1 SMP Sun May 6 04:00:17 UTC 2012 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Aug 24 22:19:34 2012 from UNKNOWN
apache@z1:~$