--- /dev/null
+# $Id$
+# Main page of 'My::Project::ssht'
+# Copyright (C) 2003-2005 Jan Kratochvil <project-www.jankratochvil.net@jankratochvil.net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; exactly version 2 of June 1991 is required
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+package project::ssht::Index;
+require 5.6.0; # at least 'use warnings;' but we need some 5.6.0+ modules anyway
+our $VERSION=do { my @r=(q$Revision$=~/\d+/g); sprintf "%d.".("%03d"x$#r),@r; };
+our $CVS_ID=q$Id$;
+use strict;
+use warnings;
+
+use My::Web;
+Wuse 'project::Lib';
+
+
+our @ListItem=(
+ "name"=>"ssht",
+ "platform"=>"unixuser",
+ "priority"=>90,
+ "cvs"=>"ssht",
+ "summary"=>sub {
+ return 'Unattended intranet host accessibility by '.a_href('http://www.openssh.org/','SSH').' tunnel';
+ },
+ "license"=>"PD",
+ "maintenance"=>"ready",
+ "sponsorship"=>sub { return a_href('http://www.jklabs.cz/','JKLabs'); },
+ "language"=>"bash",
+ "description"=>sub { return <<"HERE"; },
+<p>Do you need to admin remote host placed in the intranet behind firewall out of your control?
+If the firewall performat NAT (masquerade) where you can connect from
+the intranet to the outer world by @{[ a_href 'http://www.openssh.org/','SSH' ]}
+you can use these security safe scripts.</p>
+<p>If you are able to set up port forwarding on the firewall you do not need any such scripts.
+In the case of HTTP-only proxy you cannot use these scripts - look elsewhere.</p>
+HERE
+ );
+
+sub handler
+{
+project::Lib->init();
+
+
+my $cvsfile=sub ($) {
+my($file)=@_;
+
+ return a_href $W->{"project_viewcvs"}.'/*checkout*/ssht/hostintranet/etc-inittab?rev=HEAD',
+ escapeHTML($file);
+};
+
+print <<"HERE";
+
+<ul>
+ <li>
+ <p>Replace all strings <b>hostintranet</b> by the name of your firewalled
+ intranet machine (without any dots - it must be valid string token).</p>
+ </li>
+ <li>
+ <p>Replace all strings <b>public.internet.com</b> by the hostname of your
+ server in public Internet. Replace <b>1.2.3.4-IP-of-public.internet.com</b>
+ with IP address of this host</p>
+ </li>
+ <li>
+ <p>Generate new keypair by '<b>ssh-keygen -t dsa</b>'.</p>
+ <p>Place its public key part to
+ @{[ &{$cvsfile}('public.internet.com/home-hostintranet-ssht/.ssh/authorized_keys') ]}.</p>
+ <p>Place its private key part to
+ @{[ &{$cvsfile}('hostintranet/public.internet.com--hostintranet-ssht--identity') ]}.
+ Protect this file by '<i>chmod 600 hostintranet/public.internet.com--hostintranet-ssht--identity</i>'.</p>
+ </li>
+ <li>
+ <p>Append line from @{[ &{$cvsfile}('public.internet.com/etc-passwd') ]}
+ to the file <b>/etc/passwd</b> on your server in public Internet.</p>
+ </li>
+ <li>
+ <p>Append line from @{[ &{$cvsfile}('hostintranet/etc-inittab') ]} to
+ the file <b>/etc/inittab</b> on your firewalled intranet machine.</p>
+ <p>Execute '<i>init q</i>' command there.</p>
+ </li>
+</ul>
+HERE
+
+
+exit;
+}
+1;